Ignore 'Unsecured Website' for local sites

ctwise
ctwise
Community Member

Is there any way to stop displaying the 'Unsecured Website' warning for local sites, e.g., '*.mycompany.local' and sites w/o any domain extensions?


1Password Version: 7.0.7
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    @ctwise - not currently. We've got some ideas on how to make Watchtower warnings user-selectable, but it needs to be done in a way that works cross-platform as well as ensuring that we don't enable less-sophisticated users to simply shut off the feature or hide warnings they really ought to be seeing. I've nothing to share in terms of a timeline for that feature, but it's something we'll be looking at for a future update. Keep an eye on release notes/updates, and thanks for the request! :)

  • Lars
    Lars
    1Password Alumni

    @ctwise - my apologies. We did have a workaround feature for a while of adding the tag http to such records in 1Password 7, which removed them from the Unsecured Website section of Watchtower, but I thought it had been disabled in later releases, pending a more-comprehensive solution that also addresses ability to change/hide/dismiss other warnings as well. It seems the http tag workaround IS still working, however -- give it a try!

  • BLD
    BLD
    Community Member
    edited January 2019

    +1 Thanks for this tip, @Lars

    I'm all for giving the user maximum information and warnings by default on things like this -- but then allow me to dismiss them. I'd like to be able to dismiss unused 2FA and vulnerable password warnings too, for example. Dismissing those on the surface may not sound like good ideas, but there are use cases where it makes sense. For example, I use a customer service portal based on ZenDesk. ZenDesk in general shows up on the twofactorauth.org list, but 2FA on that portal is only available to the company's agents, not their end users. And for vulnerable passwords -- I have few strictly intranet sites for which 1Password is is a convenience only, and it's a shared password to a system I can't change.

    Bottomline -- Watchtower is really useful, but I need to be able to explicitly turn off its warnings on a per item basis.

  • danco
    danco
    Volunteer Moderator

    There's one warning you can dismiss - the unused 2FA. Just add the tag 2FA to such an item.

  • Lars
    Lars
    1Password Alumni

    @BLD - without digging too deep into this one, our issue right now is a way - across four platforms plus the web client - to retain the benefits of this feature while still allowing users to suppress the warnings on per-item basis. I trust power users like yourself to be able to do this without difficulty, but the problem with the tag-based approach is that, especially for less-sophisticated users, it can be out of sight, out of mind. And that's what we're looking for a more-resilient solution for. Stay tuned, we're evaluating it. :)

  • BLD
    BLD
    Community Member

    @danco @Lars Thank you!

  • Lars
    Lars
    1Password Alumni

    @BLD - you're quite welcome. :)

  • mattcoady
    mattcoady
    Community Member

    Not sure but it seems like the http tag workaround doesn't apply anymore :(

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @mattcoady! Welcome to the forum!

    I have just tested this and the warning disappeared for me when I added the http tag to the item, so this should definitely still work for you.

    What version of 1Password are you running, and on which macOS version?

  • mattcoady
    mattcoady
    Community Member

    Oh I checked again and they're gone now. Maybe it just took some time to update. All good :)

  • Lars
    Lars
    1Password Alumni

    @mattcoady - glad to know things seem to have straightened out and are acting as you expect, but keep an eye on things and let us know if you experience any further issues. Have a great weekend! :)

  • TristanBerger
    TristanBerger
    Community Member

    The tag workaround fixed this for me, but I'd still like to suggest 1Password by default not show the HTTP warning for local sites, including local IP addresses. This would fix the problem for everybody, with less work, while further discouraging the use of the easily misused tag workaround.

  • mbierman
    mbierman
    Community Member

    the http tag still works.

    I appreciate the challenge you described @Lars. But in the notification there could be some text that says,

    If you don't want to see this notice in the future add, "http" to the tag field.

    Of course there are more elegant solutions, but this would work.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the feedback @mbierman!

This discussion has been closed.