Question or remark about Watchover

Dahu
Dahu
Community Member
edited April 2023 in 1Password 7 for Windows

Hi. Just started using 7.1 (562) Beta on Windows, with French localization.
In Watchover,

  • In the "Identifiants compromis" section, a message says "Aucun élément vulnérable n'a été trouvé"
  • In the "Mots de passe vulnérables" section, a message says "This password has been compromised in a data breach (...)"

I suspect the sections titles, content and/or messages have been swapped. "Compromis" and "Vulnérable" have the same meaning in French and in English, thus I suppose you have the same issue in the English version.
Regards,
Rodolphe


1Password Version: 7.1.562
Extension Version: Not Provided
OS Version: Win 10
Sync Type: Not Provided

Comments

  • Hi @Dahu,

    Thanks for reporting this. I'll ask our French translators to review these areas again.

  • Dahu
    Dahu
    Community Member

    Well… I just switched language, and I see the same issue in English (see highlighted areas below). Compromised passwords are reported in the Vulnerable section, and reverse. Or am I misunderstanding something?

  • Hi @Dahu,

    That is correct phrasing as given to us by our documentations team.

    I'll ask if they want to consider changing it to compromised items.

  • Dahu
    Dahu
    Community Member

    Ok. My suggestion would indeed be

    • that the section Compromised logins displays "... compromised login items..." (which is what you see on my.1password, by the way)
    • but also that the section Vulnerable Passwords displays "... vulnerable items…"

    I find it very confusing that "compromised" and "vulnerable" are both used together on both sides. This makes the meaning of each word very unclear. If "compromised" means something like "stolen", then items "compromised in a data breach" should be in a section called "comprised", not "vulnerable". Shouldn't it?

    My understanding of "Vulnerable" is "weak", whereas a "compromised" password could be strong… but inefficient, because of a breach.

    Well… I can live with it, I thought it was not intentional to use both words indifferently, and that consistent terminology would help users.

    Regards,
    Rodolphe

  • Hi @Dahu,

    We've just released a minor update to fix some of the wordings.


    They both do mean the same thing, the account is compromised and you need to update the password for it. The difference is how the account was compromised:

    1. Compromised Logins is when your specific account was definitely compromised as in the site itself was breached.
    2. Vulnerable Logins mean that your account is not compromised because it is not the site that was breached but it is vulnerable because your password has been used elsewhere.
  • Dahu
    Dahu
    Community Member

    OK, thank you for the clarification.
    Since they seem to be exact synonyms, it might be a good idea to find some differentiating word in the titles of both sections… Besides, I am still confused, since you say

    "Vulnerable Logins mean that your account is not compromised because it is not the site that was breached but it is vulnerable because your password has been used elsewhere."

    … and the Watchtower message for vulnerable passwords is precisely:

    "This password has been compromised in a data breach"

    But I will stop arguing, I think you got my point. And if not, we both did our best. My intent was to contribute with a proposal for a potential improvement of the wording, and I do not want you to waste more efforts in explanations for me if the messages are clear to everyone else.
    I think your own wording "the site was breached" and "your password has been used elsewhere" are possibly better than the current messages.

    Another proposal, more a feature request this time, would be that some weak passwords can be "cleared" by the user (with a checkbox) and no longer be reported as such. We are constrained to use 6 digits for example on some sites. There is no added value for the user to be informed that this is weak, and being able to hide these diagnostics in the future would help remove some noise and make valuable warnings more visible.
    I think I read this proposal already, and I vote for it.

    Regards,
    Rodolphe

  • Dahu
    Dahu
    Community Member

    … alternatively, 1Password could provide a new PIN type, consisting of digits only, with all other characteristics of passwords (can be generated and filled automatically, etc.), but excluded from weakness checks and some watchtower checks (except site being breached, thus justifying an invitation to change PIN).

  • Hi @Dahu,

    Another proposal, more a feature request this time, would be that some weak passwords can be "cleared" by the user (with a checkbox) and no longer be reported as such. We are constrained to use 6 digits for example on some sites.

    6-digits or less are considered as PIN and are not checked but we haven't applied that rule just yet to all Watchtower sections, we'll look into Weak Passwords, Reused Password definitely shouldn't show them and will be fixed in a future update.

This discussion has been closed.