Need to easily cancel watchtower alert, and have more detailed alerts inside 1P
First of all, watchtower is really a great feature, especially with the recent heartbleed. However, there is currently some annoying drawbacks that may defeat the whole purpose.
I have noticed that sites marked as "Not Vulnerable" but that have not recently change their certificate, are still listed as vulnerable in 1Password. So you are entitle to change your password, while the site is probably safe. Morevover, there is not way to cancel the alert. Editing the password twice is not really a convenient way to clear the alert.
So, please, add some improvement about the reporting in the application, and a simple way to cancel warnings done by watchtower.
Thanks,
Comments
-
I am getting puzzled now, since sometimes, only certain account get listed, depending on the associated URL. The matching does not seems to be the same as the matching done for proposing logins for autocompletion. Its means that you may miss important alert, just because the associated URL has not been properly match !
0 -
Thanks for the feedback!
I have noticed that sites marked as "Not Vulnerable" but that have not recently change their certificate, are still listed as vulnerable in 1Password.
Even though a site may not currently be vulnerable, you should still change your password if they were vulnerable at one time but have since fixed it.
Morevover, there is not way to cancel the alert.
We hope to add the ability to remove an alert in a future update. :)
I am getting puzzled now, since sometimes, only certain account get listed, depending on the associated URL.
I'm not quite sure what you mean here. The vulnerability alert is based on the login's URL. Could you please provide a few more details?
0 -
Hi Jasper,
Thanks for your answers and sorry for this late reply.
Even though a site may not currently be vulnerable, you should still change your password if they were vulnerable at one time but have since fixed it.
I was not talking about those site, but about site that has never been detected vulnerable, and that may be considered to have never been affected. Would be nice to have an intermediate, cancelable alert, like an orange light.
We hope to add the ability to remove an alert in a future update.
Great news, I am looking forward for it !
I'm not quite sure what you mean here. The vulnerability alert is based on the login's URL. Could you please provide a few more details?
What I am trying to explains is that the way Watchtower match URLs differs from the way 1P propose them for completion in the browser. Sorry, it was a bit long now, and I have no precise example in mind, but one example is probably Google Apps for Domains, which is not a google domain, but is obviously Google managed.
I have also noticed that Watchtower use the first URL for the "Read more" link, and it is sometime not the one that have been matched. For example, I had the issue with a Google account, where the first URL was a chrome-signin: one. It fails when I reach the watchtower site, saying "unknown domain", but the reason Watchtower has alerted was the second URL, which was an account.google.com one.
Hope this helps improving the feature.
0 -
Hi @stec,
Thanks for following up here!
Would be nice to have an intermediate, cancelable alert, like an orange light.
This does sound like a handy idea, and you're not the first person to suggest it. In honour of Star Trek, I suggest we call these the 'Red Alert' banner and the 'Yellow Alert' banner. :)
the way Watchtower match URLs differs from the way 1P propose them for completion in the browser.
Watchtower alerts are matched by domain and subdomain. If you notice any sites that aren't displaying the way you think they should, please let us know!
0
