Going granular with the security audit features (Mac & Windows)

So I'm doing a little year end house keeping and tidying up all the security issues found in the Heartbleed, Watchtower security audits and I noticed something strange about Watchtower. On my Mac, Watchtower shows only 3 logins pending password update however on my Windows machine I had 14 items listed this morning. Any idea what's causing the difference?

Another question about how the security audits work on logins where more than one URL is included. My local library has a number of different features with different URLs that all share the same user and ID and password. In order to avoid password mismatch errors between all the different logins, I have been adding websites on 1Password (Mac) to a single login record. So I have 4 websites nested under 1 login record. Is Heartbleed / Watchtower able to parse & evaluate all 4 URLs for security issues? Regrettably, my habit of keeping multiple URLs under a single login does not explain why the Mac and Windows versions don't show the same info.

(Okaaaay, this is really weird... I'm typing this post on my Windows machine and I went back to check my Mac machine. The Mac machine still shows 3 logins under Watchtower. But while typing this message the Watchtower items on my Windows machine went to zero. So the Mac and Windows 1Password software versions still don't agree, but the lists are weirdly fluctuating on the Windows machine. I sync through Dropbox and both machines are fully in sync.)

Comments

  • Yikes! Ignore the entire last paragraph above ^^, complete pembok. I had the view filtered by my library's name to check how many URLs were in the login record. The mismatch between my Mac and Windows apps outlined in paragraph #1 still exists despite me being a wee idiot.

  • MeganMegan

    Team Member

    Hi @Superfandominatrix‌

    It's great to hear that you're making use of the Security Audit features in 1Password! Could you please do me a favour: Check in Preferences > Watchtower (in 1Password for Mac) and see what the last updated date is. If you use the 'Update now' button, does this get your Watchtower items synced up between Mac and Windows?

  • Regrettably, I've done a lot of work to clean up security audit findings between the time I posted and now. Whatever I saw listed on either machine got fixed. I did check the Mac's preferences, and the update function appeared to be working and recently updated within the last hour. I manually updated and that also appeared to function. As of this moment, this is what I'm seeing for each security audit section on each machine:

    Mac

    Watchtower (1)
    Weak Passwords (6)
    Duplicate Passwords (9)
    3+ years old (12)
    1-3 years old (12)
    6-12 months old (79)

    Windows

    Weak Passwords (16)
    Duplicate Passwords (7)
    Heartbleed (0)
    Watchtower (1)

    The sections and the counts aren't in perfect alignment as I'd expect, but fortunately, the Watchtower section count is. If I see this behavior again, I will report it again with screen shots.

    How about my question in the 2nd paragraph regarding multiple login URLs nested inside a single login record?

  • MeganMegan

    Team Member

    Hi @Superfandominatrix‌

    I've done some searching, and it seems that our developers are currently tracking a bug in 1Password for Mac where password strength will be improperly indicated. This could lead to situations where the item count of your weak passwords is different. You can force the strength to be calculated by editing and saving the item - does doing so affect your Security Audit numbers?

    ref: OPM-818

    So I have 4 websites nested under 1 login record. Is Heartbleed / Watchtower able to parse & evaluate all 4 URLs for security issues?

    Watchtower will scan all item URLs. :)

  • Thanks! Great support.... :)

    I can't test that bug with the logins I have currently featured on 1PW for Mac. I currently have 6 logins included and they are there because the weak password security audit is turning up 4-5 digit pincodes and CCV numbers. Yesterday I raised a feature request specifically to address those items:

    https://discussions.agilebits.com/discussion/33897/feature-request-differentiate-between-passwords-pincodes-ccvs#latest

  • MeganMegan

    Team Member

    Hi @Superfandominatrix‌

    It just so happens you're not the first person to notice that glitch, and our developers are already working to get that bugger squashed. I'll be sure to add a vote for you to that issue in our internal tracker. :)

    ref: OPM-1004

This discussion has been closed.