Watchtower Weak Passwords - different between Mac and Windows
In Watchtower on Windows, I have 4 weak passwords. On Mac, I have 1 weak password. Just wanted to point this one out in case it wasn't logged yet.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: 1Password.com Families
Comments
-
@btownguy - without taking a closer look at your data, it's hard for me to say with certainty what might be causing the discrepancy. It could be something as simple as passwords having been created in different vaults, and not all vaults being available on both installations of 1Password. Or it could be a few other issues. None of them are critical in terms of your use of 1Password; if you are comfortable with a password's strength, there's no need to change it. If you want to change it, you can. The strength indicator is there as a guide, not absolute law. In general, anything over 23 characters generated in a truly random fashion gets you to approximately 128 bits of entropy, which is very, very good for today's needs -- and tomorrows, as well.
0 -
These are all in my personal vault available to both installations (Mac and Windows). They are all of the "password" category. They're just being flagged as weak on Windows but not on MacOS. These are actually expected to be weak (4-digit PIN for a piece of hardware). Just adding more info in case you guys want to use it for troubleshooting. It doesn't bother me too much. I pretty much ignore Watchtower on all devices other than MacOS.
0 -
Any way to get parity in Watchtower across Windows and Mac? As of right now, I have 0 "Weak Passwords" on my Mac but I have several "Weak Passwords" in Windows. Both are running the latest version of 1Password 7 and both are a subscription only (no offline vaults) and both are viewing "All Vaults". The "Reused Passwords" is identical between Mac and Windows, so I'm not sure about the discrepancy for "Weak Passwords".
0 -
I guess I'm asking, is the Mac version of 1PW7 ignoring items of the category "Password" when testing for "Weak Passwords" in Watchtower?
0 -
Ah now it makes sense. Thanks!
0 -
:) :+1:
0 -
if they're PINs then that would explain the discrepancy. We got requests for many years to exclude PINs from the weak password section of watchtower.
This is nice behavior and I used to get annoyed with Watchtower complaining about PINs. But...
It appears you are interpreting 4 numeric digits as a PIN when it could have been a case of stupidity/laziness on my part (maybe I just typed a few numbers into an account creation screen and thought, "I'll fix that later").
An improvement I'd like to see would be for Watchtower Weak Passwords to tell me a PIN is a "Terrible" password and then force me to add a "PIN" tag to that item if it really is a PIN and I can't do anything about it (much like the Inactive 2FA approach).
0 -
Good point. That's certainly another approach we can consider. Cheers! :)
0 -
I like the "pin" tag!
In fact, I might apply it now, even if that won't do anything for weak passwords in the future...
0 -
It feels a bit like a misuse of tags, but we're already doing this with
2FA, and unless there's a better solution this could work. It would be nice to have a more generic term to use instead of "PIN" since there's probably a lot of non-PIN stuff that people will want to exclude. Something to think about.0 -
I agree that both of these feel like tag abuse. But the "correct" alternative would be some dedicated checkbox or something for each case ("Ignore this password" and "Two-factor enabled outside 1Password") that you would select for each item. This seems potentially unwieldy (from both the development and user angles).
The nice side-benefit about the tag approach is I can quickly see all my 2FA or PIN tags and do an audit periodically so these items don't become forgotten security blindspots.
0
