Mark Watchtower Vulnerability Alert as Clear [Under consideration]

Options
qazwart
qazwart
Community Member
edited May 2014 in Mac

I like the new Watchtower alert, and how it shuts off when I do change a password. However, in many of the sites, I've already updated the password when that site told me to. For example, Dropbox. Is there a way I can tell Watchtower Alert that I've already handled this issue?

Comments

  • MikeT
    MikeT
    edited May 2014
    Options

    Hi @qazwart,

    Watchtower does know if you change your password after the site fixed its vulnerability by updating its SSL certificate. 1Password compares your password change date against the date of the SSL certificate change that's stored in the Watchtower database.

    If you change your password before the SSL certificate was updated, you have to change your password again. There are two phases to fixing Heartbleed, changing your password right away and then again when SSL certificate is updated.

    In the case of Dropbox, you have to change your password for Dropbox after April 10th. Can you check your Login item for Dropbox and see what's the last modified date is? If you click on Previously used passwords, it'll show the last date it was changed.

    I checked my Dropbox item, I changed it a few days after the 10th and it is not showing up in Watchtower.

    As for the request to mark certain Logins as clear, that's on our list to improve in a future update. Thanks for suggesting this!

  • qazwart
    qazwart
    Community Member
    Options

    Yes, I now see that Watchtower is taking account of the last time my password was updated, and the date the certificate was changed.

    I changed my password on gmail when Google asked me to do so somewhere around April 11, but according to Watchtower, their certificate wasn't changed until April 23. I've updated my gmail passwords again.

    have two accounts and four devices with the accounts on them, so I was hoping I didn't have to do this again.

  • qazwart
    qazwart
    Community Member
    Options

    Actually, there are about a dozen accounts that I haven't used in a while, or may not even be active anymore. I'm not even sure what to do with those. Most are bulletin boards and forums, so there's nothing too bad if someone hacks those. I'll just delete the accounts out of 1Password.

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @qazwart‌

    I'm glad to hear that @MikeT has helped you to get your Watchtower passwords sorted out. As for those accounts that you haven't used in ages, deleting them from 1Password is certainly an option. I have collected a lot of these myself, but I'm a bit too paranoid to delete them. (Just some personal OCD, I think). I created an 'Archive' vault in 1Password and moved all old Logins there. That way I don't have to see them in my primary vault, but they're around if for some odd reason I need them one day. :)

    I hope this helps, but we're here if you have any further questions!

This discussion has been closed.