Feature request: Notifications for Watchtower issues
If I understand correctly, the only sense in which the Watchtower service produces an "alert" is that it displays that red banner at the top of passwords/logins that have been compromised. That means that in order to even notice that there is an "alert", I have to manually open either the 1Password main app and expand the Watchtower section in the sidebar (and then click on "Compromised Websites" and/or "Vulnerable Passwords" to see which items are actually at risk), or open the Mini window and happen to stumble across the very login that's been compromised. That's not much of an alert! I rarely open the main app window, and though I will see the red banner if I try to fill in credentials on a compromised site, it may have been days, weeks, months, potentially even years since the breach actually happened! I don't have to tell you what could have happened with my compromised credentials in the meantime.
So my suggestion is simple: whenever Watchtower updates and recognizes an issue, immediately give me a notification that makes me aware of the problem, so I can take care of it on the spot. Make it optional so users can turn it off if they think it's sufficient to deal with issues only when they try to use the compromised site/password again, but I think by default everybody should be made aware right away if something is critically unsecure!
If this used the native macOS/iOS notification system, people could configure those in the way they prefer—alert, banner, Notification Center or not etc. The notification could be completely generic so as not to accidentally leak information, e. g. saying "Watchtower has detected a vulnerable password. Click here to open 1Password and see details." (Or, if that's still not secure enough, it could use the same custom alert style as, I believe, the 1Password updater does.)
Honestly, I'm a little shocked this functionality doesn't exist yet. Your website says "Watchtower alerts you about password breaches and other security problems with your 1Password items". Well, yeah, but only if either I explicitly ask it to or if I actually try to login with the compromised password! I'd have expected it to actually alert me, immediately!
Or did I overlook something? Notifications for 1Password are set to "Alert" style in System Preferences and configured to appear in Notification Center, but I only discovered the recent issue with this very forum when I happened to visit it and tried to login.
Also, I'd suggest that the Watchtower section in the main app's sidebar, when not expanded, should have a catchy icon to indicate when there is an issue with either a compromised website or a vulnerable password. (Not for the other, milder issues like reused passwords and such, those are fine as they are.) Maybe a yellow triangle with an exclamation mark. And that should only go away if all issues in those two critical sections have been dealt with.
1Password Version: 7.4.1
Extension Version: Not Provided
OS Version: 10.13.6
Sync Type: None
Comments
-
We are always looking at ways to improve 1Password and Watchtower, and your feedback is very useful. Thank you for taking the time to share it!
0 -
+1. I am using Firefox Monitor because they send email alerts if one of my logins are compromised, but I would prefer to use 1Password.
0 -
Thank you for letting us know about this! :+1:
0 -
This feature would be great.
0 -
Thank you :+1: :)
0 -
Yes! This! Having to go in and check watchtower is not a great user experience, I would like a push notification on my mobile devices and Mac to tell me there's action I need to go and take please - this would in my mind complete watchtower as a product, and I wouldn't need to use the firefox service :)
0 -
@sp20kfs We do understand that a remote notification would be a great feature for our users, but that would need our 1Password servers to know the contents of your items - so we can check email addresses and websites against known breaches.
However, 1Password is specifically designed to keep your data private, and only you have the keys to decrypt your data. (We don't have those keys, and we don't want them either!) This means that our servers have no way of knowing which websites you visit, or which email addresses you use.
I'm trying to avoid the word "never", but remote push notifications would certainly be "a difficult challenge".
0 -
@ag_matthew I understand why remote notifications are difficult and likely not possible, but local notifications (simply based on what Watchtower already does) shouldn't be hard at all, should they? Just emit a generic notification whenever Watchtower encounters a critical issue, prompting the user to take a look at that section of the local 1Password client, whatever it is.
0 -
@sandy_suppleweed You are correct, any Watchtower notifications would need to be generated by the app itself. Thank-you for the feedback! 8-)
0 -
It appears this is now in beta. https://app-updates.agilebits.com/product_history/OPI4#beta
0