Login item with no password flagged by Watchtower as "Vulnerable Password"
I have two items that use a PIN number system and the account provider offers no way to make a long than 6 digit number for a password. To stop Watchtower from flagging these as insecure, I added the PIN info to a custom section in the login item, and deleted the password field entirely. However, after doing that, Watchtower flagged both entries as having a "Vulnerable Password", and said that the "password appears in a list of compromised data".
I believe that not having a password field does not equal having a vulnerable password, and how can "nothing" show up in a list of compromised data? Both of these flags need to be reworked to reflect the actual situation.
This happened on both MacOS and iOS, both using the latest OS releases as of today, and the latest 1Password 8 versions.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:Blank password flagged as Vulnerable Password that shows up in database.
Comments
-
Hello @nosepickinglawyer! 👋
Using 1Password 8, you can choose to have Watchtower ignore certain items if you don't want to see warnings for those items:
I hope that helps! 🙂
-Dave
0 -
Thanks, but that doesn't help. The issue isn't the warning itself, it's that the warning is incorrect. When there is no password, it, by definition, cannot be vulnerable, let alone listed on a compromised list.
0 -
Thank you for clarifying. I've done some testing and I can confirm that I can reproduce the issue: if a password in the default password field is flagged as vulnerable and then is deleted (rather than replaced) then the Watchtower banner will remain until that default field is updated with a new secure password.
I've opened a work item so that our developers can investigate further.
As a temporary workaround, can you try the following steps:
- Open and unlock 1Password for Mac.
- Click on 1Password next to the in the menu bar.
- Click on Preferences.
- Click Privacy.
- Uncheck "Check for vulnerable passwords".
- Wait ten seconds.
- Check "Check for vulnerable passwords".
Do you still see the banner?
-Dave
ref: dev/core/core#18641
0 -
I've already taken care of the items through other means, but I'll keep this in mind if it happens again. Thanks!
0 -
0