Suggestion - Mark entries as "Safe" in Watchtower

OLLI_S
OLLI_S
Community Member
edited August 2016 in 1Password 4 for Windows

I started using 1Pasword some days ago, so I still have all my passwords in my old password manager.
Today I created a demo password vault and I saw that in the category "Watchtower" there is a warning for "Ars Technica".

When I this warning be removed?
When I change my password in 1Password?
Suggestion: let me manually remove this message.

When I add a new entry for "Ars Technica" the this message is not shown.
When I have an 5 years old password in my old password manager and add it today in 1Password, then my password is not safe (I created it before Ars Technica get compromised).
Did you know this?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @OLLI_S: We can certainly consider allowing the user to dismiss the Watchtower warning. Thanks for the suggestion! :)

  • OLLI_S
    OLLI_S
    Community Member
    edited August 2016

    @brenty
    For this suggestion here and also for my suggestion to add a new view "Older Passwords" (https://discussions.agilebits.com/discussion/68263/suggestion-suggest-to-change-old-passwords#latest) it is required that I can edit the "last modification date" of the password.

    When I manually import my passwords from KeePass (I decided to use the manual way, so 1Password also has the password field information) then they are in 1Password with an actual date.
    But in reality they are some years old and might be affected by Watchtower (see above) or should be shown as "old" (see suggestion to add a new view "Older Passwords").
    So editing the last modification date is very important here.

  • Hi @OLLI_S,

    Yes, 1Password currently checks the last modification timestamp of that item against its local Watchtower database. Unfortunately, if you've imported your data from elsewhere or create that new Login today, that data is not going to be accurate because we have no way of knowing how old that password is, we can only base it on the item's modification timestamp.

  • OLLI_S
    OLLI_S
    Community Member

    @MikeT: I know how this mechanism works and this is the reason why I suggested to modify the timestamp manually.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited August 2016

    While it sounds like it would be very useful to you, I'd be interested to hear if others have a similar need. I actually modified some dates manually in some exported data a while back (long story: old vault) before importing, but I don't imagine that you and I are a typical case. And rather than adding this functionality to the app itself, maybe if we do something like this it would make more sense to have it as part of the import process. Food for thought. :)

  • OLLI_S
    OLLI_S
    Community Member

    Meantime I also read that also for Dropbox and for Opera a password change is recommented.
    And here I am also affected.

    So since I am using 1Password, I must change the Password of some websites:

    All these passwords are in my old password Manager and I am importing them step by step.
    To Import I log in at the website and let 1Password store the login, so I have the Name of the Login fields stored in 1Password.
    So in 1Password they are not listed in Watchtower.

    I know that this suggestion (to modify the modification date) is just useful for users, that have imported data from other password managers.
    Modifying the modification date is indeed not an excellent option.
    I am still seraching for a better solution for this problem.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Meantime I also read that also for Dropbox and for Opera a password change is recommended. And here I am also affected.

    @OLLI_S: Indeed. As mentioned previously, Opera and Dropbox were already added.

    Unfortunately the only method 1Password has for determining the status of a login is by comparing the item's modified date to the date of a breach. Hopefully we'll be able to find a better solution in the future.

  • OLLI_S
    OLLI_S
    Community Member
    edited August 2016

    Maybe the best solution for me is that I change the password on the website and then add the new entry to 1Password.
    So all passwords that are added in 1PW have the correct "Modification" timestamp.

    One additional question:
    I know that you compare the modification date with the Watchtower database.
    Do you compare the modification date of the password or the modification date of the entry?
    When I have not changed my passwords for years but updated the comments or the tags last week, do I get a earning in Watchtower for this entry?

  • AGAlumB
    AGAlumB
    1Password Alumni

    Maybe the best solution for me is that I change the password on the website and then add the new entry to 1Password. So all passwords that are added in 1PW have the correct "Modification" timestamp.

    @OLLI_S: Wow. Yeah, that does sound like a good idea. You are correct. If you save a login in 1Password when changing the password on the site, 1Password will have the correct modification date and be able to give you reliable information in regard to breaches.

    One additional question: I know that you compare the modification date with the Watchtower database. Do you compare the modification date of the password or the modification date of the entry? When I have not changed my passwords for years but updated the comments or the tags last week, do I get a earning in Watchtower for this entry?

    Great question! The "password history" has its own timestamp, so it will only be modified when you either create the item in the first place or update the password. Other changes to the item will not have any bearing on Watchtower notifications. Cheers! :)

  • OLLI_S
    OLLI_S
    Community Member

    Great question! The "password history" has its own timestamp, so it will only be modified when you either create the item in the first place or update the password.

    @brenty: What do you mean by "the item in the first place"?

  • Hi @OLLI_S,

    Brenty meant that when a login or password item is created, the timestamp will be set and the only other time it's changed, is when you actually change the password.

    I hope this helps.

    Cheers,

    Alex

  • OLLI_S
    OLLI_S
    Community Member

    @AlexHoffmann Yes, this helped.

  • Cheers @OLLI_S!

    Please don't hesitate to send us more feedback; it's awesome and we truly appreciate it.

    Cheers!

  • OLLI_S
    OLLI_S
    Community Member

    @brenty :
    I wrote above that I want to import my passwords from KeePass manually.
    Today I searched with an RegEx all entries in KeePass that have a password.
    Unfortunately KeePass returned 736 entries :angry:
    Sp this is really a lot of work (especially manually adding the software licenses).

  • If I may ask: why would you want to do it manually when we have a community supported converter available.

  • OLLI_S
    OLLI_S
    Community Member

    @AlexHoffmann:
    The answer is easy: when I import the data manually (I plan to visit the website and log me in via KeePass, so 1Password asks if a new login should be created) then in 1Password I also have the field-names stored.

  • Ah, I understand.

    That makes sense for updating potentially out of date items but if that's not a concern, I'd suggest the conversion tools, still.
    They create a .1pif file with all available fields intact, including the form details.

    It might not be a bad idea to check it out.

  • OLLI_S
    OLLI_S
    Community Member
    edited September 2016

    In KeePass I don't have field names stored.
    When I press the AutoType hotkey then KeePass fills {USERNAME}{TAB}{PASSWORD}{ENTER} no matter how the fields are called.
    I am able to adjust the AutoType Sequence in KeePass (for the Google login I have
    {USERNAME}{TAB}{ENTER}{DELAY 2000}{PASSWORD}{ENTER}).

    But this is the benefit of 1Password:
    When Google split up the username and password in two different pages some months ago, I had to adjust the AutoType Sequence in KeePass.
    With 1Password it just works, because here the field names (of the web page) are stored.

    This is the reason why I want to let 1Password create the login-information for me: the field names of the website are also stored in 1Password.

  • Ah, see, I completely forgot that about KeePass. I thought that was the way PasswordSafe operated.

    Well @OLLI_S, I certainly don't envy you for your task to manually migrate your data to 1Password.

    If we can be of any further assistance, please let us know. We always appreciate your contributions to the forum and your feedback.

    Cheers,

    Alex

  • OLLI_S
    OLLI_S
    Community Member

    @AlexHoffmann
    Never mind, I will browse normally and when I need KeePass to log in at any site, then 1Password will save the login for me. This will work for 30 to 50 most used websites.
    Later I will create a copy of my KeePass database and delete every entry in that copy, where I have added an entry in 1Password.
    So I see what entries re left in KeePass.

  • Smart move, @OLLI_S.

    Don't forget that you can always contact us if you have questions.

    Cheers!

This discussion has been closed.