Watchtower Alerts But Info Says No Breach
With several password items on my iPad I see the red Watchtower bar indicating a compromised site. However when I tap on that and check for additional information the page that then appears says there have been no breaches and the site is secure. Do I need to change passwords on those sites or ignore the warning? If I ignore it is there a way to eliminate the red warning?
Also is there any way in the iOS app to see all Watchtower site alerts rather than having to open every single log in field? I’m able to do that in macOS but not on my iOS devices.
1Password Version: 7.3.1
Extension Version: Not Provided
OS Version: iOS 12.3.1
Sync Type: account
Comments
-
Several saved password items on 1Password on my iPad show the red compromised site alert but when I check the details the page shown indicates no breach. Do I need to change passwords on those sites or can the red alert be ignored? If they can be ignored is there a way to eliminate the alert from showing?
Also is there a way to see Watchtower alerts for all entries without opening every log in item separately? This can be done on the Mac version but I see no way to do this on an iOS device.
If this topic appears twice I apologize, I tried to edit the original post but then it disappeared so I thought I must have deleted it somehow.
1Password Version: 7.3.1
Extension Version: Not Provided
OS Version: 12.3.1
Sync Type: Not Provided0 -
@pappjo: Thanks for reaching out. I’m sorry for the confusion! Watchtower is not (and never has been) just about website breaches. It covers those of course, but also password compromise, weak or reused passwords, etc. Without knowing the specifics, it's hard to tell you for sure what you should do, other than to follow the advice given in the notice and change your password if necessary:
Change your passwords and make them stronger
Put another way, if the website hasn't been breached, your password was not stolen, and it is strong and not used anywhere else, then you don't need to change it. :)
It isn't possible to view all of those in one place on mobile devices yet, but it's something we'd like to add in the future. In the mean time, both the desktop apps and 1Password.com web interface have that. There isn't currently a way to dismiss Watchtower notices (other than addressing the issue they're reporting), but it's something we're looking into.
0 -
This is still very confusing. The warning appearing on the password entry says the site has been affected by a security breach since I last changed my password. Yet when I tap on “learn more” the page that comes up says there have been no breaches. Either there has or there hasn’t. Which do I believe? And how do I get rid of the red warning if the page showing no breaches is correct? The password used is unique and complex and I have no desire to change it for no valid reason.
0 -
Here is the warning on the password field and the Watchtower page that comes up when I tap on learn more.
0 -
@pappjo: Ahaaa. Yeah that makes perfect sense. That is a special case, and I actually know the answer to that one off the top of my head. While Facebook has not announced that they were breached, they did announce that they had been storing "millions" of users' passwords in plaintext:. From Wired, back in March:
On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform. This means that thousands of Facebook employees could have searched for and found them. - Wired
So it is recommended that Facebook users change their passwords. I hope that helps.
0 -
Ok, if there are any others like that with conflicting messages should I just assume something similar and go ahead and change the password?
0 -
@pappjo: I believe this is a unique case (I cannot think of others), as generally we reserve that kind of a notice for a confirmed website breach. In this case, we're treating it as one since Facebook even came out and said that these passwords were stored in plaintext, and that users should change their passwords, just to be on the safe side.
Generally it will be much more straightforward that then: a website breach will be announced, and we'll add the notice to Watchtower to tell users with passwords older than the date of the breach to change their passwords. So, much simpler.
In this instance, since there is no confirmed breach and therefor no date, everyone is advised to change their passwords, just to be sure -- especially with such a significant site as Facebook.
0