Every login is showing a vulnerable -change password alert. What should I do?
My online banking site came up with a warning saying 'Vulnerable - believe compromised, change password immediately. I changed the password and then looked it up on the internet, whereupon I found out about Watchtower. I don't think I have switched on Watchtower, but when I click on it in the 1Password site, every login is showing the same problem. Has my computer been hacked?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @primmybdh,
Thanks for taking the time to ask us about this, I'm glad you're thinking strongly about the security of your data!
First, I'd like to explain that Watchtower has nothing to do with whether or not your computer has been hacked. Watchtower identifies website vulnerabilities and alerts you when one is found. It allows the 1Password app to let you know that there are some security concerns about particular sites, and suggests changing your login passwords on those sites. You can find more information about the Watchtower feature in our user guide here: 1Password Watchtower
For help to change login passwords, please see the steps in this knowledgebase article.
Hopefully that helps to answer your questions, but please let us know if you need anything else. :)
0 -
Thank you for that , but I think there must be some other problem. I haven't enabled Watchtower (indeed I didn't realise it existed before), however I have just updated 1Password, and perhaps this has caused it to become enabled. It is now telling me that every single one of my logins (around 30) are vulnerable and may have been compromised. They can't all be vulnerable - they include banking and share trading sites, which presumably are up to speed on security.
0 -
Hi @primmybdh,
Could you please share a few of the websites that are showing up as vulnerable so we can investigate a bit further?
Thanks in advance!
0 -
Hi Jasper
Lloyds Bank, Santander, iii, avacardprotection, ocado, bt, ee, avios, mysky are a few of them.
Thanks.0 -
Hi @primmybdh,
We are aware of a bug in 1Password for Mac (actually two that interacted) where the database was updating regardless of the enabled state and displaying banners as a result. These should be fixed in the current beta and assuming nothing goes wrong it means the fixes should be in the next stable.
So that explains part of it, the other aspect is why so many sites? The Heartbleed bug affected a lot of sites but that isn't the only vulnerability covered by Watchtower, basically anything where your password might be at risk
is detailed in there but because Heartbleed was in OpenSSL it meant a lot of sites were at risk all in one blow.What makes it a little trickier to tell is that many sites use lots of subdomains and each is independent. We can't say say if a site was vulnerable if it wasn't checked at the time, merely it isn't vulnerable now. As a precaution we might recommend you change your password anyway as we can tell it does run OpenSSL now which means it could have been running one of the vulnerable versions back then.
So in the browser you would see this.
Where clicking on the red banner brings up the information bubble and then clicking on the Learn more... link would open a tab to our Watchtower site, having set the full domain for this Login item as a parameter e.g. https://watchtower.agilebits.com/check?h=www.ocado.com&port=443
So you might find we're merely recommending a password change because we can't say with confidence there wasn't a breach. It might seem annoying but it would seem better that such a feature is overly cautious rather than optimistic.
Hopefully that helps explain what you're experiencing and why.
Now if you find some sites are showing a banner but Watchtower isn't showing any issue and isn't recommending you change your password then we're looking at something else. So the trick is to discover which is the case, is it we're reporting that many of these sites are using OpenSSL (if it's Heartbleed and not something else of course) or has something gone amok and caused incorrect warnings to appear. I can't think of an easy, automated way to check I'm afraid. Please do let us know if you find anything that suggests we've got a bug as of course we'll want to address that.
ref: OPM-2996
ref: OPM-30320
