Conflicting info in Watchtower
I'm a little confused about information presented in Watchtower. I have a site that is listed in watchtower and there is a red banner above the login info when I select this login that says "Vulnerability Alert - Change Password." The login in question is for Comcast. When I click on the red banner, it says "We believe that passwords stored by this site or transmitted to this site may have been compromised. Please update your password right away."
However, when I click the "Learn More" link in the popup box that has that message, I am taken to https://watchtower.1password.com/report/login.comcast.net where I see a message "Good news! No password breaches for login.comcast.net have been found." So, my obvious question is, why am I getting a vulnerability alert?
1Password Version: 6.8.9
Extension Version: 4.7.2
OS Version: 10.13.6
Sync Type: Dropbox
Comments
-
@BasilFawlty: Thanks for reaching out! Sorry for the confusion there. Watchtower is doing the right thing by warning you about the site:
https://watchtower.1password.com/report/comcast.net
But I agree it's a bit confusing because you've got a slightly different URL saved for that login. Suffice to say, if you haven't changed your password since 2015, you should. I'm not sure what the solution is regarding the website since there can be differences with subdomains, but I'll bring it up with the team.
0 -
Thanks for the fast response, Brenty. As it turns out, I had changed my password back in Feb 2018, so should be ok.
However, just to add to the confusion, when I would go to login.comcast.net page via 1password, I saw that I was actually re-directed to login.xfinity.com/login. Now, what I have done in 1Password is changed that password login entry to reflect login.xfinity.com/login and now I find that this login no longer shows up in watchtower as a vulnerability? I find it odd that comcast.net shows a vulnerability but the actual login page login.xfinity.com/login does not show a vulnerability in watchtower. (and by the way, if you go to www.comcast.net and click login link it takes you to login.xfinity.com. Strange. Don't know if this information is useful but thought I should let you know just in case.
0 -
@BasilFawlty: Yep. Super confusing, as I know well from being a customer myself in the past. At some point they moved pretty much everything to the new site, hence the redirect. I'm not aware of any breaches since the one in 2015, so it wouldn't show for their new site if you'd saved your login there:
https://watchtower.1password.com/report/xfinity.com
It's definitely an interesting case. And if you changed your password as recently as this year, you're all set — provided there aren't any further breaches. :dizzy:
ref: apple-2083
0