Vulnerable Password Problems
Hello
I have a problem with vulnerable password. In Norway where I live we have a password to log into most public websites (with 2 factor autentication also). As the password is the same for several sites I wanted to save them for each site so i din not have to open the app for every different site and copy the password from there. When I had saved my password for the second site, I realised that there was a waring on the password that it was reported to be used in a breach according to haveibeenpwned.com. Something that I now for a fact that it has not as this is a password I have chosen and the service is the biggest "login" service for public sites in Norway and if there had been a security breach it would be in every newpaper and on the TV. I had no problem before I saved the password for my second site. But notherless I went and changed my password and generated a new strong password from 1password. It worked fine. I got to change it. But when I opened the 1passwod app after saving the new password I see the same message on my new password and 1password automaticly changed to "void". I tried to change it agan, saved the new one, but same problem.
To get arround the problem I have to do the following. When I have generated the new password everything is fine. I can use it no problem. No warnings on the password. But i when I am going to log into one of the seites that use this password I have to copy it from the 1Password app every time (from the generated password). If I let 1Password save it, it saves it no problem, but nex time I log in to the site 1password has automaticly changed it to "void" and the warning is there.
Best regards
andkan7917
1Password Version: 7.2.576
Extension Version: 4.7.3.90
OS Version: Windows 10 64bit
Sync Type: 1password account
Comments
-
Hi @andkan7917,
Thanks for writing in.
As the password is the same for several sites I wanted to save them for each site so i din not have to open the app for every different site and copy the password from there.
Do you mean they use the same single sign-on system for multiple domains? If yes, it would be better to add the other domains to the existing Login item, so you don't need to change passwords manually for multiple sites. You do this by editing that said Login item and add the extra domains there.
It may help if you can tell us which site, we may be able to add it to a public list so that everyone see the same Login on multiple domains, we do this for a few popular sites like Apple.com/iCloud.com, Live.com/Outlook.com, etc.
Something that I now for a fact that it has not as this is a password I have chosen and the service is the biggest "login" service for public sites in Norway and if there had been a security breach it would be in every newpaper and on the TV.
That is not what Vulnerable Password warning means; it means the password you've used has been compromised in a security breach somewhere, not this specific site or your account.
The biggest security risk with passwords on the internet is password reuse, people reuse the same password on several dozens of sites and when one site has been breached, it basically means a compromise of all sites with the same password. That's why criminal buy access to the stolen databases all over, they try to reuse the stolen passwords on all sites to see if they can get in.
What you're thinking of is the Compromised Logins warning, that means specifically the site has been breached. It'd look like this:
You can learn about the differences here: https://support.1password.com/watchtower/
But when I opened the 1passwod app after saving the new password I see the same message on my new password and 1password automaticly changed to "void". I tried to change it agan, saved the new one, but same problem.
There's nothing in our code that has anything to do with "void". Is that the actual password or what do you mean by "void"?
0 -
Hello.
I think I have miss expleined me. I use this password to log into multiple domains. I changed the password i use to loginto this domanes. I used 1password to generate a new password. When I log into one of the actual domaines I enter the password that I have generated and choose that 1password saves the login. But when I check the login in the 1Password app 1Password automaticly changes it to "void" and the message appears. I tried several times but the same problem. 1Password changes my password automaticly to "void", if I save the login. Did not have problem with this before today when I tried to save several logins an different domains with the same password. I tried deleting them all and just use one but now I have the same problem. I cant save the login, because then 1password auto changes the password to "void". I have to save the password as a standalone password in the 1password app and then manualy copy it when I log into sites and choose not to save the login to avoid 1password change it to "void"..So if i I understand you correct it is the password "void" that is breached.
It is a password I use to loginto different norwegian public sites.
0 -
Hi @andkan7917,
That's odd, we don't fill or change passwords without your intervention. The first thing that pops up in my head is, could it be your browser's password manager auto-filling
voidfor you and 1Password prompts to save it? Try to disable the built-in password manager with this guide: https://support.1password.com/disable-browser-password-manager/Make sure you don't have other managers enabled either, only use 1Password. If you don't have the browser's password manager or other managers enabled, can you confirm the following for me?
- If you open the main 1Password program and locate your Login item, reveal the password for it, it has the right password?
- On the same item, scroll down and click on Web form details to expand it, reveal all the password fields, do you see anything that's saved with
vold?
0 -
Hello
No I do not use other Password managers. I have disabled the default in my browser.When I enter the 1Password progam,go to the login, reveal the password, it has saved the password "void" and the warning appears. 1Password eather changes my password automaticly or it does not save the password i enter when I first login, but instead saves the password "void".,.,
I do not have a problem login in to the site the first time right before I save the login, because I enter the right password. But if I want to login a second time i cant because the login has been saved with the worng password "void".I tried once again to delete the entire login and start again. When I check the "web form details" 1Password first saved the right password, then changed it to "bid", then changed it to "void" in one go automaticly..
First stands the right password, then bid, then void
0 -
Hi @andkan7917,
Could you please share the URL of that website in question, so we could check it on our side? Thanks! :+1:
Cheers,
Greg0 -
As I tried to explane with my bad english:), it is a password used on almost every public site in Norway that use this service. But I can share the url for my bank connection that uses this service. Am not sure on what els I can send you. Sorry if I do not understand very well what you want.
This is the url for loggin into my bank, after this I have to enter my one time code and my password.
Then when I have entered that 1Password asks me to save the password. If i press yes 1Password saves the password according to "webform details" first as the right password, then automaticly as "bid" and then "void"..
0 -
Hi @andkan7917,
We'd like to move this to private email support, could you email us at support+windows@1Password.com and in in the email, include the link to this thread along with your forum username, so that we can connect the email to this thread.
Let us know here when you've sent it, so we can confirm we got the email.
0 -
I have sent the email. I was not sure on how to include the link to the thread so I just copied the url link from the top. Hope this was correct
0 -
That is the right URL, we got your email and will reply as soon as possible.
ref: ZIL-13862-675
0
