How do I clear the Compromised Login banner message for a given site?.

bjkeefebjkeefe
edited December 2018 in Windows

[UPDATE: The banner has cleared itself. Apparently, I should learn a little patience? Original post follows.]

I changed the password for the site and 1Password has the new password stored (by way of 1PW recognizing my activity of changing the password on that site through my browser). It seems to me that the warning message should be cleared automatically upon 1PW storing a new password for the site. Failing that, it seems to me there should be a way to clear the warning message, so I don't see it, say, a month from now, and wonder about it. Apologies if I'm missing something obvious in the interface or on this support forum.


1Password Version: 7.2.617
Extension Version: Not Provided
OS Version: Windows 7 Home Premium
Sync Type: Not Provided
Referrer: forum-search:How do I clear the Compromised Login banner message for a given site?.

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @bjkeefe,

    Thanks for reporting this.

    This is a known bug (it doesn't remove the banner after you save) that has been addressed in the upcoming 1Password 7.3 update. For now, it should be removed when you restart the app or lock/unlock. Please do give that a try to let us know for sure it is gone.

  • Hi, @MikeT,

    Please see the update on my post. I thought I had closed 1PW to see if that would clear the message. Either it took closing it a couple of times, or I was mistaken about having closed it the first time. In any case, thanks for your rapid response.

    Brendan

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @bjkeefe,

    Thanks for the update. One thing I forgot to mention is that there can be a delay where we have to check to make sure it is not compromised still and then we remove it.

  • I had the thought that might be it, too, which is why I added the note about needing to learn some patience. ;)

  • MikeTMikeT Agile Samurai

    Team Member

    👍Hopefully, with improved performance and a lot of fixes in the upcoming 7.3 update, it shouldn't require you to do anything.

  • Here's an update: I just noticed, over in the left side of the 1PW screen, a Compromised Login. I clicked on that, saw it was for the 1PW Forum. I visited the forum site, got prompted to reset my password, and did so. I then edited the entry in the 1PW app to reflect the changed password. A couple of issues:

    1. The "Compromised Login" banner did not clear after I changed the password. It has not cleared in the thirty minutes or so since I made the change. I have closed the app and reopened it, and locked and re-unlocked the app, and the banner is still there.
    2. A UI glitch: After making the edit to the entry for the 1PW Forum and clicking "Save," the display changes away from viewing what I just edited to a new Login entry: the first one in the (alphabetically sorted) list of saved Logins. This was momentarily puzzling, not least because the first entry on my list happens to be for my main 1PW account -- for a moment, I thought I had inadvertently changed a password I did not want to change.

    Neither of these things is hugely important, but they do seem like minor bugs worth reporting, so, here I am.

    I am running 1PW version 7.3.712 on Windows 7 Home Premium.

    P.S. I don't recall receiving any notification about the compromised login issue. Granted, had I visited the forum any time after the compromise happened, I expect I would have seen the password reset required page. And also granted: the 1PW app reflected the compromise. But still, it seems like sending out an email when the problem occurred would have been a good thing to do.

  • bundtkatebundtkate

    Team Member

    Thanks for taking the time to report these, @bjkeefe. Both are known issues and while I can't say for certain they'll be resolved in the next version, I can say that the next version will mark the culmination of a large project we've been working on and hopefully a return to our preferred release schedule where we can start fixing some of these smaller issues more quickly.

    Specifically regarding the notifications, those have always been a bit contentious. There's definitely value there and one of my favorite things about Watchtower is that it saves me from having to keep up with all of this stuff – a seemingly impossible task – and notifications would only make keeping up that much easier in my opinion. On the other hand, so much spams our notifications on our devices these days, it's tough to accept becoming part of that noise and it's inevitable that there will be folks out there that view these as just more notification spam. We know there are also folks who really really want it and we'd love to be able to implement a system for providing more proactive notifications about Watchtower issues, but we also want to do so thoughtfully. We need to ensure we're properly walking that line and not crossing over into spam territory. This might mean we take a bit longer to put something together or that it may not happen at all in the foreseeable future, but it's something that's very much on a radar to be sure. :+1:

  • Thanks for your reply, @bundtkate.

    I look forward to the non-clearing banner issue and the UI glitch being addressed, but I do agree the two items I mentioned are minor, especially if you've got big new things in the works.

    On the email notification thing: I certainly take your point that some people would treat it as spam. I would say, however, that not all of us would. I suspect that I am not alone in having set up Gmail to flag anything from you folks as Not Spam, and as Important, and more generally (say, if Vanilla Forums had sent something), I would rather receive a notification and make my own judgment as to whether it seems credible and merits attention. Dismissing something from my inbox does not seem an especially onerous task, even if the notification strikes me as fake or irrelevant. However, you did do everything else right -- you flagged the login in the 1PW app, and even if I hadn't seen that, my next visit to the forum would have let me know. So, my own two cents on this matter may not even be worth that! ;)

    Thanks again.

  • brentybrenty

    Team Member

    I tend to agree with you. But we get a lot of feedback from users already that Watchtower produces too much "noise", and many do feel that it is too much already even without generating emails or push notifications. So as Kate mentioned above while it's something we're evaluating, we do want to be conscientious in anything we end up doing. On the other hand, if there had been some sort of breach in the forum, I do think it would be worth sending an email to everyone here. Fortunately that was not the case, so it seemed like a good fit for Watchtower, since a notice could be attached to the login easily without disturbing anyone for an issue that is already resolved; if you'd waited a year to come here and setup a new password, you'd not have been adversely affected in any way, unlike some other website issues. Anyway, thanks for you comments on this. It helps a lot to get different perspectives on this stuff so we can take it into account as we move forward. Happy holidays! :)

This discussion has been closed.