Suggestion--CloudFlare issue and password changing
With the recent CloudFlare leak issue, news sites are putting out dire warnings to change our passwords everywhere.
I think there's a list of the many affected sites, is there not?
Wouldn't it be interesting if 1P knew about that list and warned me when I logged in, "you might want to change your password here".
Alternately, maybe just generically 1P knows how long it's had that password on file and warns me when I use it, "it's been 90 days, dude, whaddya think?"
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @adam1991
Thank you for getting in touch with us and letting us know what you'd like to see in 1Password. It sounds like you're looking for Watchtower ;) Whenever a site has been officially compromised watchtower will alert you and let you know they need to be changed. To activate it just go to 1Password Preferences then ** Watchtower** and make sure it's enabled. You can then go to the left column, hover over Security audit and click "Show". The first option will be Watchtower and it will show you all the sites that have been confirmed to be compromised of those you have accounts for.
Please let us know how Watchtower works for you and what you think of it :chuffed:
0 -
Hey, @pilar - I was wondering whether the Watchtower service has been bulk-updated using the existing public data about sites/domains using CloudFlare or whether this will happen one-by-one. Given the magnitude my personal approach would prefer a pre-emptive bulk-update if a domain is known to have been using Cloud Flare (in addition to possible individual warnings issued by the site).
Would love if you could clarify that!
Cheers,
Christian0 -
suggest anyone interested look at article in MacWorld--http://www.macworld.com/article/3174226/security/cloudflare-data-leakage-doesnt-reveal-1password-secrets.html---explaine 1 Passwords security features--Triple H
0 -
@TripleHjr The link you posted seems broken; maybe this will work?
0 -
I want to say thanks for 1Password for their excellent products and services. After receiving the email announcement about Cloudflare from Dave Teare, I opened 1Password, opened "All Vaults", updated the 1Password Watchtower manually in the Preferences pane, and am now going through the websites it recommends me updating. How easy and comforting is that! The 1Password team is on top of everything. Thanks everyone at 1Password!
0 -
Why should I change passwords for sites that I haven't used for years? Could those usernames and passwords been compromised in the Cloudfare incident?
0 -
Why should I change passwords for sites that I haven't used for years? Could those usernames and passwords been compromised in the Cloudfare incident?
@dagge: If you don't have sensitive information stored in those long-dormant accounts, then it probably is less of a concern for you. But in my case, I have to be honest: in cases like that I have no idea what's in those accounts, and it's easier for me to update them with long, strong, unique passwords than figure out which ones have personal or payment information, or are linked in to other accounts in such a way that would allow a compromise there to have a greater impact. I think the best way to proceed in general is for each of us to start with the most important accounts and then decide where to stop — whether that means going through all of them, or ignoring some that are deemed insignificant.
0 -
So you mean that Cloudfare could have leaked my information even if no-one has used that info during the short time the leak was open? I wish that someone from agile bits could comment on this.
0 -
I was wondering whether the Watchtower service has been bulk-updated using the existing public data about sites/domains using CloudFlare or whether this will happen one-by-one. Given the magnitude my personal approach would prefer a pre-emptive bulk-update if a domain is known to have been using Cloud Flare (in addition to possible individual warnings issued by the site). Would love if you could clarify that!
@dagge: We're not doing a "bulk-update" of sites that use CloudFlare. That's effectively most of the internet, and many sites (like 1Password.com) are unaffected. Instead, we're adding sites where user accounts are affected, since that actually necessitates a password change. Changing passwords for thousands of sites you don't have to will mean it takes you longer to change them on the most important ones. However, some enterprising users have created scripts to check against the full CloudFlare list, and this one by MrC has some good additions and step-by-step instructions. That should at least help if you really want to go that route. Cheers! :)
0 -
@TripleHjr, @XIII: Thanks for the link! :)
I want to say thanks for 1Password for their excellent products and services. After receiving the email announcement about Cloudflare from Dave Teare, I opened 1Password, opened "All Vaults", updated the 1Password Watchtower manually in the Preferences pane, and am now going through the websites it recommends me updating. How easy and comforting is that! The 1Password team is on top of everything. Thanks everyone at 1Password!
@metamorphic: Thank you so much for the kind words, and your support! I'm glad that Watchtower is helping you take control of your online life, in this case, helping you identify at-risk accounts. :blush:
0
