Unsecure website warning for local sites

The 1Password Watchtower reports that two of my saved logins are using an unsecure URL.

These two logins are for sites on my local home network, one being my router and the other being my Freenas Web GUI. The address' would look something like http://192.168.1.123/ui/login/ for example. Seeing as these are local sites that I'm not accessing over the internet, I don't need to use https with them (and I don't even think I can use https on my router).

Is there a way to flag these logins to not be scanned by Watchtower as an unsecure URL?


1Password Version: 7.3.684
Extension Version: 1.15.7
OS Version: Windows 10 Pro
Sync Type: Not Provided

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @MattClegg,

    At the moment there isn't a way. Ultimately even routers should want to only connect over a secure connection even on a home network - there's just no downside for using https but I'm sure a number of us have something that refuses to do so. I apologise I don't have anything more promising just now but it could mean when we're next refining Watchtower that there are things we can consider.

  • Yvo
    Yvo
    Community Member
    edited August 2019

    Could you please add an exception to 1Password WatchTower so that local URLs aren't marked as unsafe?

    A home network is a secure environment and web requests to local web servers aren't going to use HTTPS anytime soon. For HTTPS you need a valid certificate and that just isn't feasible in a LAN environment. For local addresses you can only use self-signed certificates and those will cause warnings with browsers (and there is no device support for it).

    It would be reasonable to exclude the following patterns from the Unsecured Website reporter:

    • 192.168.x.x
    • 10.x.x.x
    • 172.16.x.x - 172.31.x.x (although hardly ever used)
    • x.local

    All that is needed is 2 slices of pizza and 10min time of a dev who can do regular expressions :)

  • Henry
    Henry
    1Password Alumni

    @Yvo Thank you for your suggestion—I've passed it onto our developers to consider for the future. I'd love the behavior changed for the Login for my router's config page as well. :)

  • slowgreenturtle
    slowgreenturtle
    Community Member

    I totally agree with the need for an exception option. As a developer who works with multiple websites locally having to click through "helpful" popups is frustrating and a waste of time. I have to do this dozens of times a day, and I now have to consider a different tool--I need the tool to work for me, not tell me how to work.

  • ag_ana
    ag_ana
    1Password Alumni

    @slowgreenturtle:

    Thank you for the feedback! For now, you can add the http tag to these items, and Watchtower will ignore them ;)

This discussion has been closed.