What is the meaning of the number in the upper-right corner of the Watchtower screen?
What is the meaning of the number in the upper-right corner of the Watchtower screen? It appears to be a score of some sort, but there is no information about what the scale is or what determines the number.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hey @JetLaw69
So good to see you using Watchtower! It’s always nice to see customers using it to strengthen their personal security (that’s why we built it, after all!).
The Watchtower score is our secret sauce – we use proprietary algorithms to calculate your score, so we don’t publish specific information on how that score is calculated on your device. It takes a pretty wide number of variables into account, but the gist is: to improve your Watchtower score, address the security alerts it provides, and watch your score rise! It looks like you're incredibly close to a perfect score. 🎉Ben
0 -
Thanks, Ben!
0 -
You're very welcome. Thanks for trying out the Early Access. Enjoy! 😃
Ben
0 -
What is a "perfect score"
0 -
I’m guessing that it’s 1200.
0 -
I'm wonderig how to interpret the number and color. Watchtower shows a score of 1141, the color ranges from green to blue and the 'arrow' is at 12 o'clock. I could only guess that colors like orange and red are some kind of warning and green or blue are good.
Just a suggestion. Switching back and forth in Watchtower the score is animated every time even if nothing has changed. I would prefer some kind of caching, i. e. animate only if something has changed or after some time has passed.
0 -
Watchtower shows a score of 1141, the color ranges from green to blue and the 'arrow' is at 12 o'clock.
My score is higher, but the arrow is still at 12:00...
0 -
Just a suggestion. Switching back and forth in Watchtower the score is animated every time even if nothing has changed. I would prefer some kind of caching, i. e. animate only if something has changed or after some time has passed.
I prefer no animation at all; it adds no value (for me) and is distracting/annoying.
I'm using a professional App, not playing a slot machine...
0 -
I prefer no animation at all; it adds no value (for me) and is distracting/annoying.
I love this animation. 😁
0 -
What arrow are you guys referring to?
0 -
The triangle within the circle…
In this example at 12 o‘clock position.
0 -
Whoa! That looks totally different than what I have (check the screenshot I posted in the first post)
0 -
It‘s probably using a different design on an iPad compared to an iPhone.
Edit: I‘ve just checked my iPhone 13. It‘s using exactly the same design as in my iPad example above, i.e. colored circle with number and triangle.
0 -
Weird. I also don’t get any animation (and I verified that I don’t have “Reduce Motion” turned on). Maybe they are doing some A/B testing among the beta group.
0 -
after the update I have the arrow and the animation. It is a bit unclear what the animation is trying to show. I suspect that it isn’t finished.
0 -
I'm still wondering what this score is all about. Without some form of scale or legend, the values are hard to understand or to interpret.
0 -
The values also seem very suspect. All my logins have long, complex. and unique password and my rating is “fantastic,” which seems reasonable. But…I put the beta on my wife’s phone and she (despite me trying to help her) has passwords that are all weak, short, and frequently duplicates, and her rating is “Very Good.” - So now she thinks her password practices are fine, which clearly they aren’t. It seems to me that this is the exact opposite of what the people at 1PW would want to accomplish with this feature.
0 -
I agree with the comment above, it is not clear what the scale is…a score of 1xxx out of? 1500? 2000? And how did you get to that number? 1 to 10 or A to E would have been more intuitive in my opinion.
Also, as pointed in this thread: is the gauge accurate? Why is the arrow in the middle for a “Fantastic” score? And why this choice of colors rather than red/amber/green which is intuitively recognized?
Finally, the animation feels a bit unnecessary, nice to see the first time, but not every single time.
0 -
Yeah. It definitely seems like this feature needs more time in the oven. I’m hoping that as the beta progresses that it matures into a useful tool that will help encourage non-geeks to improve their password practices. As it sits right now it seems mostly like a gimmick.
0 -
I'm still wondering what this score is all about. Without some form of scale or legend, the values are hard to understand or to interpret.
Higher is better 🚀 As long as there are items flagged by Watchtower, there is further work that could be done to improve the score.
But…I put the beta on my wife’s phone and she (despite me trying to help her) has passwords that are all weak, short, and frequently duplicates, and her rating is “Very Good.”
This might be a bit of Canadian kindness showing through. 😅 I agree, some of the value judgements we're currently using may be misleading. We had a similar story shared internally as well. I hope we can take another look at this. 😊
Thanks for sharing your thoughts on this, folks.
Ben
0 -
Thanks, Ben. I’ll tell my wife that our friends to the north are planning to knock her down a peg!
0 -
Thanks, Ben. I’ll tell my wife that our friends to the north are planning to knock her down a peg!
😂😳
Ben
0 -
I am trying to understand whether the score takes into the account total number of passwords.
Let me take an example
User A : Has total 10 logins, all of them have the best possible passwords. He has no re-used passwords nor any site with missing 2FA. his score is 100
User B : Has a total of 10,000 logins, all of them have the best possible passwords. He has no re-used passwords nor any site with missing 2FA. Now my question is whether User B will have a higher score than user A ?0 -
Login/site count alone I doubt would influence the score. Just because User A has 10 passwords at all their best rating and User B has 20 passwords all at their best rating, it doesn't make User B any better than User A security wise. Arguably you could say User B has more exposure with their information being in 10 more accounts, but in the context of 1Password rating security aspects, the calculation is more likely to involve:
- Password strength being the highest possible rating for each site
- 2FA being enabled (if matched against watchtower 2FA lookup)
- Not a re-used password
My additional thoughts:
- Sites enabled for two-factor authentication that don't match against Watchtower might not influence the score, but obviously still worth enabling. It is important to go through all sites as Watchtower does not always know 2FA is available for lesser known sites or discussion boards
- Changing passwords that are rated lower like Weak/Good or possibly Very Good will increase the score quicker than compared to going from Excellent to Fantastic as a password rating.
Ultimately, it's just a visual indication of your password health and 2FA coverage and the number itself is meaningless, much like your credit score represented as a number. The number is a representation, the actual detail that credit agencies look at is the history and markers. For watchtower, it's password strength, 2FA and any weak password identified in one place.
Aiming for unique passwords with a strength of excellent/fantastic with 2FA enabled where possible, you'll be well covered. Even having fantastic on all password is probably overkill for realistic brute forcing.
0 -
Ultimately, it's just a visual indication of your password health and 2FA coverage and the number itself is meaningless, much like your credit score represented as a number.
That's certainly one perspective. I'd say it is a good visual indicator to use for the relative health of the data in your account. If the number is going up, you're making improvements. If it is going down, it may be time to evaluate your practices.
That is really what it is there for: a benchmark that you can work toward improving.
Ben
0 -
Personally I think the number score is useless for a number of reasons. I think it would make way more sense to use an A-F with +/- for each letter (e.g. A+, B-, etc.). People understand that. And like other said, if someone has rampant password re-use or weak passwords, that should SERIOUSLY drag down the score. Misleading people with false high scores can jeopardize their security.
0 -
I like the idea of a simple metric to get an overview of account security. But in its current form I really don't know what to do with this score. I can't compare it to anything else and even worse last time I compared the score of exactly the same account on iOS and macOS the score differed.
What really surprises me is the sharing feature. Isn't it a bad idea to share information about what kind of password manager you use in social media? It's an important piece of information that might be used in a targeted phishing attack.0 -
And I would also add that the relationship between the number, the arrow on the dial, and the color makes little sense. Right now my arrow is straight up at "noon", rating is "fantastic" with a score of 1090. What's confusing to me is why my arrow is "only" pointing straight up at noon? Given there's NO scale range, the arrow location would imply to me that I have a long ways to go to be more secure. If I'm "fantastic" why isn't my arrow at say at 3 o'clock? Why can't the tool show a score range? How am I supposed to know what 1090 relates to? I find the watchtowner function in the lower half of the screen (need more 2FA, dupe passwords, etc.) fantastic. But the entire score/color/arrow location is utterly confusing and useless.
0 -
That's certainly one perspective. I'd say it is a good visual indicator to use for the relative health of the data in your account. If the number is going up, you're making improvements. If it is going down, it may be time to evaluate your practices.
That is really what it is there for: a benchmark that you can work toward improving.
Ben
To clarify, I don't think the Watchtower score itself is useless, but the number is rather subjective based on factors that aren't public, so I guess the user can decide how valuable it is to them specifically. The comparison against a credit score is the best analogy I could relate to it to. Credit providers aren't looking at the score you see, they are looking at the markers on your history. So in this case, the markers like no re-used passwords, strong passwords, 2FA etc are all the factors you should focus in on directly and less around the number.
Here's one example of why that number could be somewhat subjective. Watchtower uses 2fa.directory to match sites with 2FA support, however they have a hard rule of only sites that are globally ranked as 200,000 or better i.e. lower. That means by extension, Watchtower won't match on some sites which have 2FA available because 2FA directory won't ever list them. Now without knowing the various criteria, if the 2FA scoring relates to 2FA.directory data, then that's been somewhat constrained by that project's rules.
I personally think the password strength indicator is possibly better than a score, as it immediately identifies less complex passwords vs the stronger and shows where you might want to improve, simply by regenerating a new password. It does break these down into categories, which again could be argued subjective i.e. what makes a "Fantastic" password vs "Excellent", length, characters used, symbols most likely, but it does show you where weaker categories like Weak, Fair, Good or even Very Good are hiding without individually going through each vault item manually.
My point, look at the markers, i.e. password strength coverage across all sites, no weak/reused passwords, 2FA enabled on every site where possible (including one's what Watchtower won't ever be able to notify you directly about), don't get fixated on score which despite it's good intentions and purpose, is subjective at the end of the day.
I do like Watchtower, its intentions are good but it does have a potential risk of false sense of security in some places if not carefully understood.
0