Please support searching for multiple compromised email addresses

2»

Comments

  • @Ben Ah I see. Sorry, I had interpreted your comment slightly differently.

    You could probably cover a high percentage by allowing gmail, hotmail/outlook (I couldn't find the offical support document about it with a quick search) and protonmail domains though.

  • BenBen AWS Team

    Team Member

    Indeed. :) Hopefully that is something we can consider as we continue to build out Watchtower.

    Ben

  • If you do, please add FastMail to that mix.

  • BenBen AWS Team

    Team Member

    :+1:

    Ben

  • You could always allow users to add additional email addresses for Watchtower checking, ensuring that ownership is correctly verified for each email address. Of course, you would still want to allow 1Password login with only the Primary email address.

  • You could always allow users to add additional email addresses for Watchtower checking, ensuring that ownership is correctly verified for each email address. Of course, you would still want to allow 1Password login with only the Primary email address.

  • brentybrenty

    Team Member

    It's certainly a possibility. :)

  • Hi, any update on this? I have over 100 unique emails (~127 with some false positives) and it's quite a pain to manually copy them to the website once let alone check it every few months. I'd be perfectly willing to click on a hundred(/hundreds of) confirm links in my inboxes.

    I'd even be happy with a boolean telling me if I should manually check a certain email with no additional information. Just a list with "bad" addresses and then I can go investigate for myself.

  • BenBen AWS Team

    Team Member

    Hi @Syphdias

    It isn't something that is currently on the radar, but we'll continue to gather feedback on the subject.

    Ben

  • Agreed that this feature is needed badly. Dashlane has it, you just need to verify each email you add. You could make it nice and easy by pooling emails from logins and allowing users to verify unique ones. Lack of support for multiple email addresses renders this feature that can be insanely useful almost useless for many people. 98% of my logins are using a different email to my 1Password account.

  • ag_anaag_ana

    Team Member

    Thank you for your feedback on this as well @Smigit, noted :+1:

  • SmigitSmigit
    edited July 19

    Thanks @ag_ana

    Shortly after my last comment I came across https://monitor.firefox.com. It actually 100% does what I'm after so that's a bonus as I can use that to get the coverage I'm after. It's Mozillas take on this offering and also uses the HaveIBeenPwnd database, but allows multiple email accounts to be enrolled which once verified (via email link to the account) can be tracked ongoing. Also allows per account 'resolving' of breaches, including managing each account individually if multiple enrolled accounts were exposed in the same breach. Awesome. Not sure it it helps the people using heavy +SOMETHING aliasing in email addresses on a per service basis given HaveIBeenPwned doesn't seem to support that, but for me where I have half a dozen email addresses I want to track it's great. Hopefully it can help others who use a different email address in 1Password to what they use to track those addresses, as well as give a bit of a template as to how WatchTower could manage it in a future update.

    I know the rational for how it is right now may be that the majority of customers use a single email address. I just want to throw out two use cases that accounts for some of my different email addresses that I think would impact many customers

    1) I have a work issued email that I don't use for personal activities, but none the less in 8+ years of having that address it has accumulated usage with other work related services be it supplier billing systems or accreditation sites and the like. In many cases a lot of that informations just business info, but in some cases there will be personal information tied to those accounts that are linked to the email address. I definitely like to know if that work email account was caught up in any breaches even if its not my day to day personal one.

    Some businesses will have IT teams managing this, but not all businesses will be and they may not be as responsive as would be ideal, or perhaps less attentive to issues that don't impact the company itself.

    2) I'm guessing many peoples current email address is not their first, and they have an old @hotmail or whatever laying around. Being able to add old accounts (although they may need to be active still if you want to mandate verification), can potentially surface a bunch or services people haven't used in a decade plus and weren't across any breaches, especially if the old email address isn't monitored any more. Chances are payment details etc have expired if we're talking services people haven't used in ages, but again there may be forgotten accounts with personal information that can be an identity risk people will want to try and secure. Using the https://monitor.firefox.com brought in 2 or 3 results I'd completely forgotten about for example for accounts I didn't even have in 1Password because they predate my use of password managers.

    Just throwing that all out there as something that works for me, and two scenarios I think would apply to many that fuels my own desire or need to track multiple addresses, besides the fact I'm in that fringe group that doesn't use their primary email for a lot of e-commerce sites which also creates an issue with Watchtower.

  • ag_anaag_ana

    Team Member

    @Smigit:

    Thank you for the additional information! This will certainly be useful while we continue to evaluate how to move forward :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file