What can we expect from Watchtower?


I open this thread because I would like to know more about Watchtower service after reading this on The Inquirer: http://www.theinquirer.net/inquirer/news/2456948/huge-data-breach-sees-millions-of-gmail-hotmail-and-yahoo-mail-account-details-stolen

Accordingly to what I read on your blogs, forums and knowledge bases (and if I'm not wrong), Watchtower service was created to confront the Heartbleed bug that appeared two years ago. It analyzed our login items and told us if any of them belonged to compromised website.

But, what does it do now? What does it analyze? Does it detect more vulnerabilities than Heartbleed one? Do you have any example?

I thought you could automatically tell Watchtower to warn users about leaks and steals like the one The Inquirer talks about, even when it seems to be awaiting for confirmation.

Maybe you could "manually" send Watchtower alerts when you read this kind of news and Watchtower would automatically show an alert banner on those items related to the compromised sites (Yahoo, Microsoft, Google, etc. in this case).

I understand maybe you want to read this kind of information from a reliable and trustworthy source (for example, Google team confirming this) but prevention could be better.

It would be like: "Ey, I'm an employee at AgileBits in charge of Watchtower and have just read that millions of Google accounts have been compromised. It's not officially confirmed by Google but I will push Watchtower to show a warning to all of our users who have items related to Google, suggesting them to change their passwords".

As I said before, this could be a false alarm and nothing were stolen or leaked but, in my opinion, better safe than sorry, and I would really appreciate if Watchtower make know this kind of issues: "Hello, we have received and read that some accounts from this service could have been compromised. We recommend you changing your password as soon as possible. As you know: better safe than sorry".


1Password Version: 6.2.1
Extension Version: 4.5.5
OS Version: OS X 10.11.4
Sync Type: Families


  • Vee_AGVee_AG 1Password Alumni

    Hi @alvaro87,

    Great questions! We do continue to update Watchtower to notify you of verified data breaches and vulnerabilities (not just Heartbleed). But this sort of thing is very serious, and we have to be careful not to spread unsubstantiated rumors. Yes, better safe than sorry, but if we alert millions of users about a certain website that we heard was hacked, and it turns out not to be true? Well then we've done some permanent damage to that website's reputation for no reason, and our own as well, and probably caused our users some unnecessary panic and extra work. If we do this too many times, folks won't know when to believe us anymore. Basically, we don't want to cry wolf until we're sure there's a wolf.

    Regarding the particular issue you've posted about, we learned of this yesterday but as far as I know, our Watchtower team is still awaiting acknowledgement of a breach from the services in question. If and when that happens, we'll add it to Watchtower and affected logins will be flagged in the apps.

  • Thank you, @Vee for your answer.

    I wanted to know when Watchtower is activated and I perfectly understand to wait until you receive verified information.


  • alvaro87alvaro87
    edited May 2016

    Just one more question: what happens if a company don't say the truth because want to keep their reputation?

    Microsoft said they would investigate and be in touch with the affected people (of any).

    I know it's hard because you in AgileBits have to choose the perfect timing to start a watchtower alert. That's what I said better safe than sorry.

    Maybe companies don't want you o assume leaks or breaches. And that's when you decide if a media is verified and trustworthy enough to activate watchtower.

    Blogs usually recommend to change password in this situations (just in case...) and in some way I agree with them (and also agree with you).

    But, aren't Microsot an Google statements' saying they will investigate the issue strong enough for Wachtower to recommend users changing their passwords?: "These companies are investigating if some user data have been leaked. It's not verified yet but we recommend you changing your password".

    I think watchtower shouldn't wait until a confirmation for the companies because it could be then late.

    Maybe it shouldn't warn when just some websites talk about it. But maybe if the involved companies say they will investigate it...


  • Andrew_AGAndrew_AG

    Team Member
    edited May 2016

    I do most of the Watchtower monitoring and updating around here, so I wanted to jump in to say that Vee is absolutely right. In addition to what she wrote, there are also legal aspects to consider when stating that a site has been hacked when it hasn't, so one must be careful. Another reason not to just add an unsubstantiated website breach, at least in my experience doing this for a while now, is that the majority of these supposed breaches turn out to not be breaches at all. Most of the time it turns out to just be lists of reused passwords or lists of people who were successfully phished. So while we understand wanting to be cautious with potential security threats, we also have to be equally cautious about not making false accusations.

    As for whether a company stating they're investigating an alleged breach is sufficient reason to add a warning to Watchtower, right now Watchtower is only designed for actual breaches. Since it leaves a warning up in the app until a password is changed, we can't do that right now, but it's certainly something for us to consider for the future. That said, a company stating they're investigating a breach isn't really sufficient cause even for a warning, in my experience. Most of the time these things turn out to just be false allegations (this latest one is looking more and more like it too - see http://www.engadget.com/2016/05/05/russian-email-provider-hack-update/ for instance), and wasting people's time isn't something we take lightly.

  • Hi @Andrew_AG

    Differnet points of views, that's all :+1:

  • Andrew_AGAndrew_AG

    Team Member

    Fair enough. :)

This discussion has been closed.