Watchtower Not Finding Duplicate Passwords
I'm not sure if this is working as designed, or a bug, but it was a bit confusing until I figured it out:
My spouse and I often create his (my email) and hers (her email) logons on various web sites. When I'm in a hurry, and if it doesn't really matter security-wise, I'll create my logon item, then duplicate it and change the duplicate item's title and email address to my spouse's. So now I have two logon items that have different titles and email addresses but that share a password.
Watchtower (on macOS and iOS) does not report these items when I ask it to show reused passwords. Apparently reusing the same password on a single site is OK with Watchtower, it's reusing a password across multiple sites that it will flag.
I find this odd behaviour, but maybe it's WAD. I noticed it because I went back to change my spouse's duplicate passwords to something different, but Watchtower wasn't reporting the duplicates, so I had to rely on my memory for which items I needed to change.
So ... bug or feature? :-)
Dave Ings
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hello @ings! 👋
Thanks for the question. Watchtower only considers a password to be reused if it appears on more than one website. In your case, since the two items share the same website address Watchtower would not consider that to be a case of a reused password.
My spouse and I often create his (my email) and hers (her email) logons on various web sites. When I'm in a hurry, and if it doesn't really matter security-wise, I'll create my logon item, then duplicate it and change the duplicate item's title and email address to my spouse's. So now I have two logon items that have different titles and email addresses but that share a password.
Can you tell me a little more about this process and why you sometimes create logins like this? Wouldn't you still need to go to the website itself and create your wife's account on that website separately? It seems like it would be faster to save your wife's login, with a unique securely generated password, using the browser extension rather than duplicating an existing item: Save and fill passwords in your browser
I look forward to hearing from you.
-Dave
ref: dev/core/core#18467
0 -
Hi @Dave_1P,
Good question. Not sure I have a crisp answer for you!
(What I didn't mention is that) I create the duplicate items on macOS only when I'm actually creating accounts for iOS apps that don't have a strong web presence. I find it easier to use the 1Password logon item creation screens on macOS, then switch to my iPhone to complete the account creation process, using the new items that will have already shown up there (1Password syncing is fast!)
So perhaps the crisp answer is sometimes I find 1Password easier to use on macOS on a big screen than iOS on a small screen. But I might be showing my age - I've been using desktop operating systems for literally decades. :-)
Cheers!
Dave Ings
0 -
Thanks for the additional details. Have you tried 1Password's extension for Safari on iOS? It provides a similar experience as the browser extension on the desktop and you might find it more intuitive:
-Dave
0
