Disable "duplicate password" feature for some logins or a tag

13

Comments

  • Wizzrobe
    Wizzrobe
    Community Member

    I'm here to again upvote this issue. I'm a power user, I understand exactly the risks I'm incurring, and I want to remove that annoying banner ASAP by whatever means necessary. Either grouping logins or an advanced disable setting. I upgraded and am seriously considering downgrading / leaving because of this. There has to be a solution to an issue that affects so many people.

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @Wizzrobe! Thanks for sharing your wishes with the team.

  • 1PassRhino
    1PassRhino
    Community Member

    +1 as well. Just being able to maybe disable the duplicate warning between vaults would be a big thing. I use one vault as a duplicate live backup, vs the live one that is shared with different people. The nag really feels like it could ignore itself between vaults via a user opted preference. That way if you have duplicates, it isn't a big deal. That or maybe use item linking between vaults so that the notification assumes that you know.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for your feedback as well @1PassRhino! :+1:

  • rjbloom
    rjbloom
    Community Member

    I just started using 1password and find the "duplicate password" warning quite annoying. At least you allow me to make it smaller. Of course I have duplicate passwords for less important sites. I find it so annoying I'm going to see if your competitors products are any less annoying.

  • Sebastian Rasch
    Sebastian Rasch
    Community Member

    They're not gonna change it. Like the last time when they removed functionality from the lifetime version, they'll only listen if there's a huge outcry and this thread is obviously not enough for them to care.

  • This is still a problem we're trying to find a way to solve. Don't give up hope quite yet. :)

    Ben

  • rahul286
    rahul286
    Community Member
    edited June 2020

    Why don't we have a dup tag to ignore this like we have 2FA to ignore 2FA warning?

  • ag_ana
    ag_ana
    1Password Alumni

    @rahul:

    Ideally, we would find a way to do this so we don't have to rely on tags to do it. I believe that is part of the discussion we are having.

  • XNetman
    XNetman
    Community Member

    I wish you would find 'a way' soon. 1Password have had almost two years to think about it. It's annoying, and does make the duplicate password feature quite useless for some users with all the false positives. Just give us a way. Doesn't need to be perfect, you can refine the process later if you want it to be more integrated. A tag we can use would do. Perhaps the Link Existing could suppress it? Or a new 'Shared Account' item (kind of handy for AD items if you want to update a whole bunch of logins at once)

  • Ben
    Ben
    edited June 2020

    I totally understand the frustration. It is frustrating for us too. We're not unaware or ignoring the problem, and we generally agree with the philosophy of not allowing perfection to get in the way of progress. In this instance once we put something out there it could be difficult to change. In this case we want to build something that will be flexible moving forward.

    Ben

  • GoodBits
    GoodBits
    Community Member

    How about an option or tag that identifies something as a "Known Duplicate" or "Duplicate by Choice" and toggle to "Show all Duplicates" or "Hide Known Duplicates"?

  • Thank you for the suggestion, @GoodBits.

    Ben

  • mr_q
    mr_q
    Community Member

    Yeah, there should be definitely a solution for this. In my case a Google account is attached to Bitbucket. Obviously this is the same login as the Google account and also creates the duplicates warning.
    Hopefully there will be a solution for this anytime soon.

  • Hey @mr_q,

    When you log into BitBucket using your Google account... does the URL in the address bar show google.com? It seems that should be the case, and if so then a separate (duplicate) Login item for BitBucket itself wouldn't be necessary?

    Ben

  • mr_q
    mr_q
    Community Member

    Hi Ben, no the URL stays at bitbucket.org and is different from google.com and therefore the duplicate warning is shown.

  • @mr_q

    I don't believe that is a case that we would address. It seems that setup would cause your Google credentials to be shared with BitBucket, which is exactly what Watchtower is designed to warn about? The warning seems valid in that situation.

    Ben

  • mr_q
    mr_q
    Community Member

    Hi Ben, I won’t agree with you on this one. On the backend of Bitbucket there is a link to Google, but in Bitbucket you can’t manage that account (from Google). This way you can’t change your password, because it is the same as your Google account.
    It is maybe a ‘valid’ warning for 1Password, but from the users perspective it is something you can’t do anything to improve.
    Therefore a ‘ignore duplicate’ tag or whatever solution would be a perfect solution for this.

  • @mr_q To clarify: you have no choice but to have your Google account be linked with your BitBucket account? It isn't possible in your situation to have independent accounts for these services?

    Ben

  • mr_q
    mr_q
    Community Member

    Hi Ben, yes of course this is possible. In fact, I have multiple Bitbucket accounts for several contracters. One of them is linked to a G-Suite (Google).
    Actually this was just an example how the same account can/must be used on different URLs that triggers the duplicate warning.

  • I think we have to agree to disagree here, then. Reusing the same password for multiple services is fundamentally bad. It means that if either is compromised, it is safe to assume the other is as well. Our position is that a strong unique password should be used for each.

    That said, you can work around this by deleting the duplicate item in 1Password and instead adding Bitbucket's URL to a website field on your Google account item. We really wouldn't recommend sharing your Google password with Bitbucket, but if we can't convince you otherwise that would be the way to address this. :+1:

    Ben

  • wehurlbert
    wehurlbert
    Community Member
    edited November 2020

    Hi 1Password - I think this has been going on for about two years now, no? It's clearly something people want, and in fact something some people may need. It makes sense that you would urge users to not re-use passwords. But to refuse to make this adjustment so that the beauty of the interface isn't marred :) - that's a bit much. There are probably legit reasons people want this. So why won't you listen to your users and provide this feature?

    Thanks,
    -Wayne

  • ag_ana
    ag_ana
    1Password Alumni
    edited November 2020

    Thank you for chiming in on this too @wehurlbert! I have passed your feedback to the developers as well :)

    ref: dev/projects/customer-feature-requests#130

  • lammerding
    lammerding
    Community Member

    Just tying out 1Password for our business and all our consultants. I came across this exact problem, and see that it's been requested on multiple forum threads and has been around for a LONG time.

    I guess your way of ignoring user feedback and requests makes it easy for me to decide that 1Password is not a good service provider for a business.

    Thanks for the heads-up, and thanks for all the engaged users in this and other threads to still try and get this done.

  • ag_ana
    ag_ana
    1Password Alumni

    @lammerding:

    Sorry to hear that you got the feeling that requests are being ignore, but we appreciate the honest feedback. In the meantime, I have passed your feedback to the developers too :+1:

  • lammerding
    lammerding
    Community Member
    edited November 2020

    @lammerding: Sorry to hear that you got the feeling that requests are being ignore, but we appreciate the honest feedback. In the meantime, I have passed your feedback to the developers too

    I've read that sentence from you in several threads, some of the comments are over a year old. Not much (as in: nothing) has happened so far, and my impression from especially @Ben 's comments is that nothing IS going to happen because you seem to believe that it is your duty to educate your clients with regard to password security.

    @Ben said

    I would be curious to hear what the desire to keep passwords for separate services the same is, though. The main point of using a password manager is to use secure unique passwords for each service. It is sort of a square peg, round hole situation to use 1Password to store duplicate passwords with no intention of making them better. You'd be defeating at least half the purpose, and as such likely aren't going to be getting the value you'd be paying for.

    I strongly believe that you are not in a position to stipulate what "the main point of using a password manager" is - you could say that "x,y is how we intended for our clients to use 1Password", but anything else seems rather arrogant if you are not all-knowing about all different use-cases. In terms of value-per-money, that is also a decision that I believe is best made client-side.

    Anyway. If you are not able to confirm that an opt-out feature for (hopefully all) watchtower options (is the reference to the infamous Jehovah's Witnesses magazine intentional?) is under development and will be released soon, I'd rather spend my time with services from your competitors who offer that kind of functionality.

  • lammerding
    lammerding
    Community Member

    @lammerding: Sorry to hear that you got the feeling that requests are being ignore, but we appreciate the honest feedback. In the meantime, I have passed your feedback to the developers too

    I've read that sentence from you in several threads, some of the comments are over a year old. Not much (as in: nothing) has happened so far, and my impression from especially @Ben 's comments is that nothing IS going to happen because you seem to believe that it is your duty to educate your clients with regard to password security.

    @Ben said

    I would be curious to hear what the desire to keep passwords for separate services the same is, though. The main point of using a password manager is to use secure unique passwords for each service. It is sort of a square peg, round hole situation to use 1Password to store duplicate passwords with no intention of making them better. You'd be defeating at least half the purpose, and as such likely aren't going to be getting the value you'd be paying for.

    I strongly believe that you are not in a position to stipulate what "the main point of using a password manager" is - you could say that "x,y is how we intended for our clients to use 1Password", but anything else seems rather arrogant if you are not all-knowing about all different use-cases. In terms of value-per-money, that is also a decision that I believe is best made client-side.

    Anyway. If you are not able to confirm that an opt-out feature for (hopefully all) watchtower options (is the reference to the infamous Jehovah's Witnesses magazine intentional?) is under development and will be released soon, I'd rather spend my time with services from your competitors who offer that kind of functionality.

  • lammerding
    lammerding
    Community Member
    edited November 2020

    @lammerding: Sorry to hear that you got the feeling that requests are being ignore, but we appreciate the honest feedback. In the meantime, I have passed your feedback to the developers too

    I've read that sentence from you in several threads, some of the comments are over a year old. Not much (as in: nothing) has happened so far, and my impression from especially @Ben 's comments is that nothing IS going to happen because you seem to believe that it is your duty to educate your clients with regard to password security.

    @Ben said

    I would be curious to hear what the desire to keep passwords for separate services the same is, though. The main point of using a password manager is to use secure unique passwords for each service. It is sort of a square peg, round hole situation to use 1Password to store duplicate passwords with no intention of making them better. You'd be defeating at least half the purpose, and as such likely aren't going to be getting the value you'd be paying for.

    I strongly believe that you are not in a position to stipulate what "the main point of using a password manager" is - you could say that "x,y is how we intended for our clients to use 1Password", but anything else seems rather arrogant if you are not all-knowing about all different use-cases. In terms of value-per-money, that is also a decision that I believe is best made client-side.

  • ag_ana
    ag_ana
    1Password Alumni
    edited November 2020

    @lammerding:

    I've read that sentence from you in several threads, some of the comments are over a year old.

    Indeed, part of my job is to collect feedback and pass it to the developers, so you will see me do that everywhere where there are suggestions for new features, or feedback on how to improve existing features. How these are then considered or prioritized will obviously change on a case by case basis at that point, as I am sure you understand.

    But if f there is anything else I can do to help, other than passing your feedback to the team for further consideration, please let me know.

  • lammerding
    lammerding
    Community Member

    There is, indeed: What is the ETA of the discussed feature (opt-out or similar solution)? Since this is not a case-by-case situation anymore, but a long-known and rather widely requested feature, I'm sure your development team will have a pipeline set up, or any kind of executive decision on whether that feature will be implemented or not.

    I do not believe people are willing to be fobbed off with "maybe in the future" or "we're still discussing this" answers - you've had over a year to come up with either a solution that works, or a decision that you won't be implementing it.

This discussion has been closed.