Watchtower duplicate password problem

kwaegel
kwaegel
Community Member

I have a weird issues with Watchtower's password strength meter and duplicate password detection. I have many duplicate accounts, due to importing some from another password manager, and some that were saved in a browser. For example, I have "MyWebsite" imported with a nice name but no website, and https://www.mywebsite.com with the website field filled in but no nice name.

  • Two accounts that have the same password may have different "strength" labels. One will be "good", and the other "Very Good" despite being the exact same password.
  • Watchtower detects that the accounts use the same password despite the disagreement of the strength meter...until I edit the website field of the entry that didn't have it set originally. Now the two aren't listed as having duplicate passwords anymore, even though the password field hasn't changed.

The latter problem, in particular, makes it difficult to find & remove duplicate accounts.

This happened with 1Password desktop 7 & 8, and Windows 10 & 11.

Any ideas what's going on here? Is there some way to force a Watchtower resync to see if that fixes anything?


1Password Version: 8.4.1
Extension Version: Not Provided
OS Version: Windows 11

Comments

  • PeterG_1P
    edited November 2021

    Hi @kwaegel , thanks for raising this issue! 🙏

    I've taken some time to reproduce the tasks you've mentioned here and found that I did see some unexpected weirdness with Watchtower's results (particularly around re-used passwords). This seemed to be independent of the app's sync, so unfortunately I don't have much in the way of advice on that right now.

    However, I have reported the issue to our developers, with links to both this conversation and my own testing, and we'll be sure to look into this further. 👍

    I should note quickly that Watchtower will sometimes display different strength ratings for the same password depending on whether that password was created by the app's password generator or entered manually. This is because we have the ability to reliably rate the strength of passwords generated by the app, whereas it is much more difficult to do so for human-created passwords entered by the user.

    Thank you again for letting us know, and we'll make sure to dig into this one!

    ref: dev/core/core#11538

  • kwaegel
    kwaegel
    Community Member

    Glad someone is looking into it!

    I should note that the Watchtower password strength meter sometimes differs for two copies of the same account, with the same password, both of which were imported from another manager program. This seems like a case where they should have identical results, but they don't. Not a big deal, but still strange.

  • Hi @kwaegel, my pleasure!

    This seems like a case where they should have identical results, but they don't. Not a big deal, but still strange.

    Interesting. I'd be very curious to learn more about this! Would you be able to send a very quick email to support+windows@1Password.com? There, we could discuss a few details and I can then pass the findings on to our developers. The collaboration is always appreciated!

  • kwaegel
    kwaegel
    Community Member

    Sure. Sent.

  • Awesome! We'll follow up with you there 👍

This discussion has been closed.