Feature: Weak Passwords

Hi @xotan ,

This is an interesting idea, and it raises questions we care a lot about!

Regarding the network: should you be able to exclude items that fall within a private IP space? What if an organization that uses similar private IP ranges has high security requirements, or operates on a zero-trust model? My feeling is that delineating that kind of thing in Watchtower specifically might do more harm than good.

However, I can see an argument for being able to disable Watchtower alerts for certain passwords you choose, though. For example, some websites actually (sigh) require weak passwords, and some devices require short PINs, which in all other contexts would be considered weak and something you want to change ASAP. What to do about this?

This is very much an ongoing conversation here. Maybe the best long-term answer is to allow a user to manually specify which alerts they want to disable, and for how long. Or maybe it's better not to allow that kind of option at all, because if someone's bank requires a weak password, 1Password can help by at least reminding you that that's a point of vulnerability.

Ultimately, we want the Watchtower alerts to be accurate, actionable, and salient - and we 100% welcome your input (and the community's) on what that might look like as we go forward.

Thanks for opening up this discussion. I'll be very interested to hear what more you and others here have to say on the topic!