Aren't vulnerability alerts supposed to be brought to a user's attention?

Options
paul_guertin
paul_guertin
Community Member
in iOS

I received an email alert from a forum I subscribe to that indicated they had a breach and that users were being required to reset their passwords. When I went into my 1PW vault to take care of the change, I found a red banner visible on the item's vault entry that stated there was a vulnerability concern, that 1PW was aware of a possible breach and that I should change my password.

My concern is...why wasn't this brought to my attention by 1PW in some way? As it stands, if I had not received an email from the affected site, I could have gone weeks or months without opening that item in my vault and seeing the very helpful/useful warning.

Have I done something wrong or set something up incorrectly not to have been informed of the vulnerability concern? (I do have 1PW Watchtower enabled in my settings.)

Thank you,

Paul

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: iOS 10, Public Beta 4
Sync Type: 1PW for Families

Comments

  • Ben
    Ben
    Options

    Hi Paul,

    Thanks for taking the time to write in.

    On iOS the only notification, currently, that a site has been flagged in Watchtower is the red bar that you noted. On Mac we have a section in the sidebar where you can view all items that have been so flagged. Hopefully in a future update we can bring something like that to iOS. :)

    Thanks for the feedback!

    Ben

  • bpiwowar
    bpiwowar
    Community Member
    Options

    Hi,

    I would like to suggest to make the alert (on Mac) more apparent: I use keyboard shortcuts to fill in passwords, and in this case no alert is shown in any way - the only solution is to either use the toolbar button or 1password mini, or to look at the security audit (which I should do more often, I agree).

    What about an option to display a notification when filling a password form associated with a vulnerability (and that would be on by default)?

    Thanks for considering this,
    Benjamin

  • Ben
    Ben
    Options

    Thanks for the suggestion, Benjamin. It is certainly something we can consider. I'd think if we went that route we'd need some way to ignore a particular site as well.

    Ben

This discussion has been closed.