WatchTower - unexpected warnings for certain items
I recently started using WatchTower and almost immediately it told me about a site that had been compromised advising me to change the account password which I did. So far so good.
But then it told me to change the password I use to access my WiFi admin page. I find this a bit odd since I only access the WiFi admin from one machine and anyway it's all on the local network. It's also warning me about a password that has nothing whatever to do with the internet - it's one I use for Knox. ClamX hasn't warned me about any infection so I'm wondering what's going on.
I thought the idea of WatchTower was to create a list of websites that it felt were compromised - possibly via Hearbleed - and let you know so you can change any passwords, but maybe it's also checking age of password, strength and whatever.
Can someone tell me what might be happening?
1-PW 4.4.1 OSX 10.9.4
Comments
-
Hi @Tacitus99
I'm sorry to hear that you're having trouble with Watchtower. You're right, Watchtower shouldn't be checking password strength. Could you check something for me? When is the last time that Watchtower updated? Please go to Preferences > Watchtower > Update Now - does that change anything?
0 -
HI Megan:
Thanks for the reply.
Not having any real trouble, just peculiar behaviour. However, I've now updated - previous was 2 days ago - and gone through a random selection of 'Pure' passwords (= no website attached) with no probs.
The only site (so far) it's flagged up is: http://www.clamxav.com/BB/ucp.php?mode=register The password is mixed but only 12 characters. Not sure why, but I'm guessing that as it's a PhBB site, it may well have been compromised. I'll change the password anyway.
0 -
Hi @Tacitus99,
An item's actual password isn't a factor in whether or not that item is flagged with a Watchtower Vulnerability Alert.
I'm not sure why your item with a http://www.clamxav.com/BB/ucp.php?mode=register URL is being flagged. When was its password last changed?
0 -
It's not a forum I use much and only then if I have a problem running ClamX. The password was last changed mid-February 2014 so a fair while ago. TBH I doubt many of us change our passwords as often as we should. I know the only time I change my work password is when they force it on me.
0 -
Hi @Tacitus99
It is hard to remember to change passwords as often as we 'should' sometimes. That's why 1Password's Security Audit is so handy. Beyond the WatchTower service, we keep track of your weak, duplicate and old passwords so that you can see at a glance where your security might need to be increased. One user offered a helpful tip that I've been working on getting myself into the habit of using as well: change your password every time you change your clocks. That means you'll take a look at Security Audit twice a year and you can update anything that is due for a change.
I hope this helps, but please let us know if you have any further questions!
0 -
HI Megan, Thanks again for the reply and I take the point about security audit.
I wonder though whether what I'm seeing is related to security audit rather than Watchtoer but since I'm having to go through all my passwords I'm finding several other examples. However it's possibly more a problem of my atypical usage than 1PW. It concerns 'logins' v 'Passwords' - perhaps more semantics than anything.
So, if I save a admin login to my Airport as a "login" the web site remains as http://www.example.com since it is just a single password. I then find 1PW reports this as a vulnerability alert which is wrong since there is no website attached. Unless of course it's doing it as a result of 1PW doing a security audit in the background rather than Watchtower.
Now if I transfer the same information to the "Passwords" section, all is well since all we have is a password. It's still effectively a 'login' but I think you'll get the point.
This is down to my usage and perhaps a slight difference as our common language travels across the pond, but I wonder whether 1PW should check that if the web site in the 'login' section remains as example.com then it shouldn't flag it up as a vulnerability. Or, if it does, it's not on grounds of Heartbleed or similar.
0 -
Hi @Tacitus99,
So, if I save a admin login to my Airport as a "login" the web site remains as http://www.example.com since it is just a single password.
Can you describe the specific steps you're using to save that item? What fields in it have values (e.g. username, password, website)?
I then find 1PW reports this as a vulnerability alert which is wrong since there is no website attached.
Is your newly-saved admin login item flagged with a Watchtower Vulnerability Alert (and listed in the Watchtower group)?
In the first quoted text above you said "… the web site remains as http://www.example.com …" and then "… there is no website attached" in the second quoted text. I'm not sure what you mean. :)
Unless of course it's doing it as a result of 1PW doing a security audit in the background rather than Watchtower.
The Watchtower service is separate from other Security Audit functions.
… I wonder whether 1PW should check that if the web site in the 'login' section remains as example.com then it shouldn't flag it up as a vulnerability. Or, if it does, it's not on grounds of Heartbleed or similar.
I'm trying to understand how you're creating an item like that and what it looks to help with reproducing the issue here. Thanks!
0 -
OK I'll do my best :)
I use the Apple airport utility to login to the airport for admin purposes. In practice this only requires the password in order to gain access. So in the case of this login, only the password field is occupied. There is something in the note field but I assume we can discount that. The way I created it would be: File -> new item -> login then use the password generator and paste the password in the field. Then when I setup the Airport, I copy/pasted that password in the Airport utility password field.
The web address remains as http://www.example.com I presume this is purely a placeholder and the site doesn't actually exist - hence 'no site attached'.
Since I altered my Airport Utility password, there is no longer a vulnerability warning. However the same problem exists for my Airport Xpress which is done in a similar manner and shows up in the Watchtower list as a vulnerability. I thought WatchTower was separate and only related to vulnerable websites which is why I can't understand what is happening. I do have another issue with WT but I'll start a new thread for that.
I've sent a screen grab to support with a link to this thread since I'm finding the same thing happening with other non-web related logins which WatchTower flags as vulnerable.
0 -
Hmm. Feel a complete idiot now as I've just solved the problem.......
If I create a login item and only fill in the password field, but leave http://www.example.com in the WebSite field, WatchTower sees it as a genuine and relevant site. It then flags it as a vulnerability - I don't understand the mechanism behind it unless example.com is a genuine domain. I was assuming it was just a placeholder and therefore ignored.
Answer, delete http://www.example.com and leave the website field completely blank. WatchTower now ignores it and does not indicate a vulnerability.
The moral is, if you insert a usename and password in a login item that is not for a website, then make sure the WebSite field is completely blank. Pretty obvious when you think about it........ :-)
Still I have to say that despite its quirks which have tripped me up a few times, and its insistence on making me change lots of passwords something which can get tedious, 1PW just gets better.
0 -
Hi @Tacitus99
For passwords that do not require URLs, have you considered storing them in the 'Passwords' category? This would ensure that items do not get incorrectly flagged as a Watchtower vulnerability.
In any case, I'm glad to hear that you've found a solution! Please do let us know if you have any further questions or concerns. :)
0
