Bug Report: Watchtower only checks first "password' field of default Item Categories

Options
YellowVista
YellowVista
Community Member
edited April 2023 in Business and Teams

It appears that (1) for the default item types (e.g., Login, Password, Server, etc.), Watchtower only checks the first pre-defined field of the "password" type and does NOT check any additional fields of the "password" type, and (2) for custom templates (which I realize is a beta feature only available to Business subscribers), Watchtower does not appear to check ANY of the fields of the "password" type.

I assume it is related, but at 1Password only displays a password strength indicator for the same fields (i.e., ONLY the first pre-defined "password" field of the pre-defined item types.

A few questions and a request:

1. Is that intentional behavior? If so, that should be clearly indicated in some way to users, because I had assumed until I stumbled across this issue that Watchtower was checking all of the password fields.

2. Can you please change 1Password so that, by default, it displays a password strength meter for, and Watchtower checks, ALL fields of the "password" field type in ALL items?
I have many items saved in 1Password that have multiple passwords (e.g., online services where I have a password and have an encryption key or the like).

3. Can you please add an option, on a per field basis (not a per item basis), provide a checkbox or option for Watchtower NOT to check certain fields of the "password" field type?
There are various items for which I save passwords that I know Watchtower will flag for reasons that don't matter. For example, any time that I save a PIN (e.g., usually a four or six digit number), I know that PIN is not a good password because it will be weak, be included in data breaches, and is likely to be reused. But that doesn't really matter (most of the time), because you can't really do anything with my debit card PIN without getting your hands on my debit card (and it doesn't matter if a bunch of people use the same PIN for their debit card and the number is included in data breaches). Another example would be the PIN or security code for an alarm system or PIN for a garage door opener, which are also typically relatively short numbers. ... I know I could save PINs like that as a "text" item type, but I would prefer for them to be obscured as a "password" field type in case of shoulder surfers, etc. ... Another option would be to create a field type of "PIN" that only accepts numbers and isn't checked by Watchtower and doesn't display a strength meter.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • ag_max
    ag_max
    edited May 2023
    Options

    Hi @YellowVista,

    . Is that intentional behavior? If so, that should be clearly indicated in some way to users, because I had assumed until I stumbled across this issue that Watchtower was checking all of the password fields.

    This is correct and I can confirm this is the expected behavior for how Watchtower covers items. I'll be happy to bring this up with the team to see if we can point this out in a prominent location.

    Can you please change 1Password so that, by default, it displays a password strength meter for, and Watchtower checks, ALL fields of the "password" field type in ALL items?

    This is a feature request that we've seen a few times before, so I'll go ahead and pass this along as well.

    Can you please add an option, on a per field basis (not a per item basis), provide a checkbox or option for Watchtower NOT to check certain fields of the "password" field type?

    Absolutely. Thanks for going into great detail for your request. Although I cannot promise this will be implemented, I'll pass this along as well for future consideration.

    ref: pb-33127209

This discussion has been closed.