Login item with no password flagged by Watchtower as "Vulnerable Password"

Options
nosepickinglawyer
nosepickinglawyer
Community Member
in Mac

I have two items that use a PIN number system and the account provider offers no way to make a long than 6 digit number for a password. To stop Watchtower from flagging these as insecure, I added the PIN info to a custom section in the login item, and deleted the password field entirely. However, after doing that, Watchtower flagged both entries as having a "Vulnerable Password", and said that the "password appears in a list of compromised data".

I believe that not having a password field does not equal having a vulnerable password, and how can "nothing" show up in a list of compromised data? Both of these flags need to be reworked to reflect the actual situation.

This happened on both MacOS and iOS, both using the latest OS releases as of today, and the latest 1Password 8 versions.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:Blank password flagged as Vulnerable Password that shows up in database.

Comments

  • Dave_1P
    Dave_1P
    Options

    Hello @nosepickinglawyer! 👋

    Using 1Password 8, you can choose to have Watchtower ignore certain items if you don't want to see warnings for those items:

    image

    I hope that helps! 🙂

    -Dave

  • nosepickinglawyer
    nosepickinglawyer
    Community Member
    Options

    Thanks, but that doesn't help. The issue isn't the warning itself, it's that the warning is incorrect. When there is no password, it, by definition, cannot be vulnerable, let alone listed on a compromised list.

  • Dave_1P
    Dave_1P
    Options

    @nosepickinglawyer

    Thank you for clarifying. I've done some testing and I can confirm that I can reproduce the issue: if a password in the default password field is flagged as vulnerable and then is deleted (rather than replaced) then the Watchtower banner will remain until that default field is updated with a new secure password.

    I've opened a work item so that our developers can investigate further.

    As a temporary workaround, can you try the following steps:

    1. Open and unlock 1Password for Mac.
    2. Click on 1Password next to the  in the menu bar.
    3. Click on Preferences.
    4. Click Privacy.
    5. Uncheck "Check for vulnerable passwords".
    6. Wait ten seconds.
    7. Check "Check for vulnerable passwords".

    Do you still see the banner?

    -Dave

    ref: dev/core/core#18641

  • nosepickinglawyer
    nosepickinglawyer
    Community Member
    Options

    I've already taken care of the items through other means, but I'll keep this in mind if it happens again. Thanks!

  • Dave_1P
    Dave_1P
    Options

    @nosepickinglawyer

    Thank you again for reporting the issue. 🙂

    -Dave

This discussion has been closed.