Registered a new account and the new password is "vulnerable"

This discussion was created from comments split from: Watchtower --> Vulnerable passwords doesn't refresh when password changed?.

Comments

  • jinwithrye
    jinwithrye
    Community Member

    Hi, just adding to this,
    i just registered for a new website and it suddenly says my password is 'compromised' or is 'vulnerable'
    How is this possible when it was just created

    Am curious to know

    • is there a feature to remove the notice - i don't believe this is valid.?

    Yes the password is quite generic as it is a 'test' website, however the website is a very secure global application used in many of the corporate world.

  • Hi @jinwithrye,

    Thanks for writing in. I've split your post from the Windows beta forum as your issue is a general one, not a beta issue and it looks like you're using the macOS version of 1Password.

    The vulnerable warning is not a sign of your account itself being vulnerable but the password itself. Basically, you've created a password that has already been marked as breached in other sites in the past. It is not a good idea to reuse passwords that were used in public breaches regardless of how secure the app may be, that's how they generally get in. They take the top common reused passwords and get in.

    We'd advise that you generate another password for that account.

  • jinwithrye
    jinwithrye
    Community Member

    thanks for the confirmation. MikeT.
    Understand the logic behind it. i'll check my other pwds and see any inconsistencies.

    is there any feature in 1password to 'ignore' or get rid of the message and not appear in the vulnerabilities list so it makes it easier to manage?

  • Lars
    Lars
    1Password Alumni

    @jinwithrye - at present, no. We're looking into ways to make such a feature available. The problem (for us, not you) is that we need to make sure it works cross-platform, and also that it doesn't allow users to inadvertently turn off or hide these warnings at times when they should be displayed. After all, such a system isn't much good if you can turn it off without realizing it, when you wanted it on. We've nothing to announce on this currently, but keep an eye on updates and release notes.

This discussion has been closed.