Watchtower does not report duplicate passwords

1Passerby
1Passerby
Community Member

Hi there,

I know I have login entries using the same password, as I do not have a choice for them to be different. For example all Microsoft Online accounts (Skype, One Drive) or Amazon (Prime, Prime Now, Prime video) use the same credentials (password and OTP) and it is not possible, as far as I know, to do otherwise.

Nevertheless, Watchtower does not show those items under the duplicate password section. Only one duplicate is shown and it is not one of the above.

How do you explain this behavior? Is it a bug or is it due to the way the data is entered?

Thank you,
1Passerby


1Password Version: 80700105
Extension Version: Not Provided
OS Version: iOS 15.4.1

Comments

  • EggsAndAvo
    EggsAndAvo
    Community Member

    Did you hide the watchtower alerts? Check the hidden section

  • 1Passerby
    1Passerby
    Community Member

    I haven’t hidden any alerts and I cannot find any “hidden section”, can you guide me through? Thanks

  • 1Passerby
    1Passerby
    Community Member

    Hello,

    I still have this issue on 80800094 on iPad and iPhone. Can anyone reproduce this?

    Thank you.

  • Digital05
    Digital05
    Community Member

    I'm not able to duplicate...I'm using the 80800094 beta and it shows reused passwords (even groups them by the password). Have you checked a non-beta version of 1Password, like the 1password.com site? The watchtower counts would be different, but it would help to troubleshoot and determine if the issue is the beta or something with your 1password account/database.

  • ag_tommy
    edited May 2022

    @Passerby

    Do the two logins for Amazon for example share the same base URL as in https://amazon.com ? I suspect so as mine do. If so, that may be the issue. I experience the same behavior while my two logins share the URL. If I change one login to a different URL, then Watchtower flags it as a duplicate. I am not sure if this is by design or not. I suspect so as 1Password 8 for Mac behaves the same. I'll try to find out more when the development staff is in next week.

  • 1Passerby
    1Passerby
    Community Member

    @Digital05, in 1Password 7 on iOS, if I click on any of the entries sharing the same password, I have an alert telling me that it is indeed reused…so it works as it is supposed to.

    I tested Watchtower on 1Password.com with a specific password shared among 3 accounts (Microsoft Online, Skype and OneDrive) and it does report correctly the duplicates so it’s also working there.

    @ag_tommy, if I take the example above, the three items DO NOT share the same base URL, they’re completely different:

    login.skype.com
    onedrive.live.com
    login.microsoftonline.com

    The passwords and the OTP are exactly the same for the three.

    In the case of Amazon, Prime Now and Prime Video, which also share the same password and OTP, the URL is a variation of the same for 2 items, but a different one for another:

    Amazon.com
    Amazon.sg
    Amazon.com/Prime-Video/

    I confirm that 1Password 8 for Mac also behave this way and does not report the duplicates for Microsoft and Amazon.

    FYI, the only reported duplicate password in Watchtower is a Login entry VS a Password entry (lacking a URL field).

    Thanks a lot for checking with the team!

    1Passerby

  • Digital05
    Digital05
    Community Member
    edited May 2022

    @1Passerby , thanks. Confirmed I see the same results. It appears this is a bug in the 1password8 core code.

    I created two new test entries, based on your examples (login.skype.com & onedrive.live.com) and copy/pasted the same password into both
    1password IOS (early access) 80800094 - doesn't show as a duplicate password
    1password 8 Windows 80800094 - doesn't show as a duplicate password
    1password 7 IOS 7.9.5 (70905000) - each one shows as reused password when opening
    1password.com (build 1251?) - each one shows as reused password when opening.

  • 1Passerby
    1Passerby
    Community Member

    Hi @Digital05,

    Thanks for taking the time to test. Glad to know that you were able to reproduce the issue. I hope the development team will be able to look into this too.

    1Passerby

  • Digital05
    Digital05
    Community Member
    edited May 2022

    @1Passerby and @ag_tommy

    Sharing something else I noticed today regarding this issue. If I change the login.skype.com website to say pizza.com. The watchtower summary page increased the reused password count by 2, so it identifies them both as reused. Opening the individual entries however doesn't show at the top it is a reused password.

    Changing the pizza.com entry back to login.skype.com results in the watchtower summary decreasing by two (even though password is still reused).

    I don't see an IOS early release update yet (latest showing is 80800094), but I get the same results using the latest Windows 8 beta (80800104)

  • 1Passerby
    1Passerby
    Community Member

    I still have this issue on 8.8.0 (80800183).

  • Hello all! I was able to reproduce this on the latest iOS build and am looking into it. Thank you for letting us know about this!

  • Hello everyone! I was able to figure out the reason for this:

    1Password 8 now maintains a list of domains that share login systems as you described. When you reuse a password across these domains, no warnings are generated because 1Password is aware that they are on the same system.

This discussion has been closed.