7.3.602: pins of less than 6 characters still reported as a weak password [Fixed in 612 Beta 2]

XIIIXIII
edited December 2018 in Windows Beta

Watchtower's Reused and Weak Passwords categories now exclude items with PINs that contain 6 digits or fewer and do not contain a saved website address. {OPW-3393}

Not on my system; 4 and 6 digit pins are still reported as terrible (4) and weak (6).


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @XIII,

    Thanks for reporting this.

    We'll investigate to see what happened, it was working last week but we may have removed that fix and forgot to remove that line from the changelog.

    We'll follow up as soon as we can.

  • If I understand the release notes for the latest beta, WatchTower should be able to ignore certain password items?
    I have a Password item, 6 digit pin nothing else (no website) ... but it's still showing up in WatchTower.


    1Password Version: 7.3.602
    Extension Version: Not Provided
    OS Version: Windows 10 (latest)
    Sync Type: 1Password.com

  • @mtissington sorry for the trouble, this is being fixed right now. PINs should not be included into Watchtower analysis.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @mtissington,

    I've merged your post into this thread that reported this before. It'll be fixed in the next beta update, we had some other Watchtower changes that impacted how this rule was working.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @mtissington,

    1Password 7.3 Beta 2 should address this now.

  • confirmed fixed :)

  • MikeTMikeT Agile Samurai

    Team Member

    Awesome, thanks for testing it for us.

  • pbryanwpbryanw Junior Member

    Hi, hope this isn't slightly off-topic. I have two logins that still use 6-pin passwords. They both show up in vulnerable and weak passwords, because they contain saved web-site addresses. However, I can't change them to something stronger, as the respective sites only allow you to create (and use) 6-pin passwords (one's for a gambling web-site, the other is for a VOIP company).

    I wonder if there's a way I can exclude both from weak, and vulnerable, passwords in Watchtower?

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @pbryanw,

    Unfortunately, not at the moment. We have something else in mind for that specific edge case.

    We're addressing and figuring out the best solution for every use case. The more we knock them out like this beta 2 update, the less you have to manually adjust Watchtower to fit your edge cases. We're trying to make 1Password do more work for you.

  • Thanks for solving it!

    Finally 0 items in all Watchtower categories... :)

  • MikeTMikeT Agile Samurai

    Team Member

    👍nothing like zeros for Watchtower.

This discussion has been closed.