Watchtower problems

Roanoke

I think that the Watchtower is a great idea to further security consciousness but when I log into 1Password.com and start it there are two issues that make it less useful than it could be.

1. Logins in the trashcan get checked and are part of the report. I don't think it is a good idea to clutter the report with no longer existing logins.
2. Some (not all) generated passwords are seen as independent logins within "Reused passwords" and therefore I have over 100 reused passwords where in reality I have maybe about 10.

Sorry if these issues have been posted before (I couldn't find them).

---

1Password Version: 7.0.543 (beta)
Extension Version: 4.7.0.90 (Firefox)
OS Version: Win10 Pro 64bit
Sync Type: 1Password.com

AGAlumB

@Roanoke: We agree. We're making some improvements in this area in an upcoming beta, and we'll continue to make more based on feedback. Thank you!

P.S: I've moved this discussion to the Windows beta category. I was confused about the "Watchtower" reference until I saw the version number. :lol:

Roanoke

The problem is at 1password.com website. Isn‘t this different from the windows beta?

bundtkate

@Roanoke: You're absolutely right that the website is separate, but it just so happens that the Windows app shares some of these issues in its current implementation of Watchtower, so depending on the category you originally posted your discussion, it may have caused some confusion. Sorry!

I can see cause for including Password items (those generated passwords) as some folks do use Password items as Logins. The answer here may be to exclude those items from Watchtower, but one improvement we do want to make is for the apps to clean up Password items better once a Login has been properly updated. So the better answer may be to address that underlying problem. Either way, I'll be sure to pass your feedback along to the team. :chuffed:

AlwaysSortaCurious

I would love to be able to flag a vault as outside of scope. I have an archive vault and those are effectively immutable to me. Being checked just would make them show up. Just my two cents

MikeT

Hi @AlwaysSortaCurious,

We'll look into it in the future. One problem is that you won't be able to prevent the reuse of the password you had in the past. Deleting an account does not mean that a past breach won't have your password. Now, I suspect you're already making sure no passwords are reused but not everyone do this right away.

Here's what I mean, imagine this scenario:

1. You create an account with Facebook, save it in 1Password
2. You don't like Facebook anymore, deleted the account and moved it to Archive. That sounds like you're safe right?
3. You create a new account on Twitter and somehow created a password that originally was used for Facebook
4. A few years later, it turns out Facebook was breached and it was before you deleted your Facebook account. Someone can still try it on your Twitter account since it's a social media network, one might guess you'd reuse it.
5. 1Password would never show you that you'd reused the password elsewhere because Archive was marked out of scope.

The odd of that happening is very slim but it is still a slim chance.

AlwaysSortaCurious

Yeah, was more a throw at the wall, I agree, but for me the archive is historical, but at the same time, I can see where lots of folks would reuse and reuse and reuse and reuse....

MikeT

There's no easy solution for everything. If there was, 1Password wouldn't need to exist in the first place. We'll keep coming up with some ideas to try.