How do I eliminate the EXTREMELY annoying Weak Password warning?

@K49 - there's currently no mechanism to disable this feature. We're looking into ways to allow more experienced users like yourself to disable warnings, without making it too easy for less-experienced users to defeat the entire purpose of the feature. Thanks for letting us know you'd be in favor of such a feature. :)

@K49 - we're definitely familiar with the revised NIST standards; they echo what we had been waging a somewhat-lonely battle over for several years. Ironically, the battle was with the previous set of recommendations drafted by Burr, back in...2003, I think(?), which suggested passwords be changed frequently, and recommended the use of substitution of special characters like 0 for O and $ for S, etc. Did you get your 1Password for iOS question answered to your satisfaction?

@K49

Thank you for your excellent support. You're very good at your job, and an asset to all humanity.

Wow, thanks for the kind words! You made my day.

I don't know how much you enjoy digging into the nitty-gritty of things like encryption details, but we have a very comprehensive 1password.com security white paper that goes probably deeper than most people are interested in. We don't actually publish our source code, but we use public crypto libraries wherever possible and we publish our own security models so you can inspect them if you like. :)

@K49 - it's certainly a topic on which people can have different legitimate views. If you're using Apple devices, there is the WLAN server for local sync, and if you've got an Android device, the latest version of the operating system allows for local file sync, so you can use that to stay "off-cloud." The only configuration that currently has no local sync option is someone with Windows and iOS.

Understood. Thanks for the feedback @joebinis. To be clear though: that doesn't make the warning "bogus." It may make it superfluous for your case, but it isn't bogus or inaccurate. One way I've suggested handling such situations until a better solution is agreed upon and implemented is to just have one login item for all of the services that use that SSO authentication. You can achieve this by adding multiple URLs into separate website fields on the item. That way you won't get the duplicate password warning, as there is only one item with that password, but you'll likely still be able to fill all of those services using that one login item. This approach has the added advantage of only having to update one record when you change your SSO password.

Ben

Thanks again for the feedback @joebinis. Have a good holiday. :)

Ben

Hey, if that works for you, that's great. :)

I do think it's worth considering that storing a text list of passwords has some downsides:

1. Passwords in a list of notes can't be checked for vulnerability. If you save separate Login items for each account, you can easily see with Watchtower what passwords need to be changed, and improve your security -- and avoid leaving yourself open to attack. I guess you're doing what you're doing to avoid getting notified about passwords that need changing...but given that's sort of the point of 1Password from the security angle, it's worth mentioning. :)
2. From the convenience angle, passwords in a list of notes can't be filled in your browser. If you save separate Login items for each account, you can use the 1Password extension to fill them on websites. That's only possible with a Login item, and only if you have the username and password saved in the appropriate fields there. Saving the login using the browser extension allows 1Password to better understand the webpage to fill it later.
3. Also worth noting, having 1Password fill passwords is not only more convenient, but also avoids putting passwords on the clipboard where other software can access it.

Again, maybe you're okay with that tradeoff. But really you could accomplish the same thing with a text file in an encrypted disk image, and I wanted to clarify for everyone who may want to use 1Password for what it's been designed for. Cheers! :)

@leonid26

Thanks for taking the time to share your perspective. That is certainly an interesting use case, but I hope you understand why we would consider that an 'edge case.' Most people aren't using 1Password in that way / for that purpose. When considering changes like this we have to consider what will have the greatest impact for the most users. That said, we do certainly appreciate the feedback, and will take it into consideration as we determine what features get implemented and at what priority.

Ben

I never use password managers with closed code for storing really important passwords

We're getting a bit off topic here, but open source does not necessarily mean more secure.

such passwords must be remembered (and it's the only secure case).

Perhaps that would be the ideal situation, but if people could remember their passwords there wouldn't be a market for password managers. ;)

Any way, allowing to set warning level per vault would be a great feature.

Thanks for the feedback. :+1:

Ben

@leonid26: Likewise, thanks for clarifying. I'm sorry if I gave you the impression I was offended, or that you'd said anything wrong in the first place. That's not the case. I was just confused that you said "I never use password managers with closed code for storing really important passwords", if you use 1Password. I think there are good reasons to use 1Password, some of which have been mentioned above. But if closed-source is a dealbreaker, 1Password would not meet your criteria. Cheers!