Watchtower announces duplicate passwords on IOS but not on Windows

DanielW
DanielW
Community Member
edited August 2020 in iOS

Hello, I tried to search and see if anyone else has come up with this question, but I couldn't find anything.
I'm a 1password member and have the latest version on my Iphone as well as on my computer (Windows).

When I open a certain item on my Iphone, I get a red banner from watchtower, Vulnerability: Duplicate passwords (or whatever the exact translation is (i have swedish as default languange).
When I open the same item on my computer, no warning is shown.

The reason for this different behaviour (I think) is that on IOS watchtower also scans the "previous used passwords", while watchtower doesn't do that on the Windows version?

Is this correct? If so, how come it works differently on IOS and Windows?

It's a bit annoying to get reminded of duplicate passwords after I have changed this and do NOT have duplicate passwords anymore.

Regards
Daniel


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @DanielW

    I'm doing some asking around for you to try and get an answer on this. Thanks for your patience!

    Ben

  • In speaking with our Windows team it seems iOS is using a newer spec with regard to Watchtower than Windows is.

    Unfortunately there are some some discrepancies in how various apps consider what is a 'reused' password. This will be more consistent in the next generation of 1Password apps, as we're moving to a model where we are able to have more shared code, and thus things will behave more similarly.

    I'm sorry there isn't a more immediate solution here.

    Ben

  • DanielW
    DanielW
    Community Member

    Thanks for the answer @Ben

    But that suggests that the "correct" way Watchtower looks at this is to give a warning if an active password matches a previous used one elsewhere?

    I can see a point in this, but then there is a lot of work for people going the right way, i.e. change duplicate passwords not only by actually changing them but to copy the item to a new one and then move the old one to the thrash in order to get rid of the history (which is not what I really want).
    This is of course if you want to act on the warnings from the Watchtower.

    Maybe a setting would be handy, "Let Watchtower ignore passwords from the history!".

    Regards
    Daniel

  • @DanielW

    Are you certain that is the source of the warning? I just created two items:

    • Test A
    • Test B

    On both of these items I set the password field to "TestPass for DanielW." I then changed the password on the Test B item and I do not have a reused password warning on either item.

    As best I can tell based on these results Watchtower is not checking the password history.

    Ben

  • DanielW
    DanielW
    Community Member

    Thank you @Ben for looking into this further.

    I've also examined this a bit more and have some more info on this discrepancy (between IOS and Windows). First of all, you are correct and I was wrong, it seems like Watchtower doesn't look through history which I first thought.

    However, it seems like Watchtower on IOS looks through Secure Notes and the Windows version does not! (Is this something you can verify or am I missing something else (again)). It happened that I had a Secure Note (created back in 2015) with the very same password in it as in one other newer item. I removed the Secure note and now Watchtower is happy!

    If that is the case, that Secure Notes are included in the examination it's of course an improvement.

    So no bugs around regarding this I suppose, sorry about that.

    Best Regards
    Daniel

  • @DanielW

    No apologies necessary! I'd much rather find that something is actually working as expected vs have a bug go unreported. :)

    However, it seems like Watchtower on IOS looks through Secure Notes and the Windows version does not!

    That does appear to be the case based on my testing as well. Glad to hear we were able to get to the bottom of it and by deleting the old Secure Note things have been sorted out. :+1: If there is anything else we can do, please don't hesitate to contact us.

    Ben

This discussion has been closed.