7.3.602: pins of less than 6 characters still reported as a weak password [Fixed in 612 Beta 2]

XIII
XIII
Community Member
edited April 2023 in 1Password 7 for Windows

Watchtower's Reused and Weak Passwords categories now exclude items with PINs that contain 6 digits or fewer and do not contain a saved website address. {OPW-3393}

Not on my system; 4 and 6 digit pins are still reported as terrible (4) and weak (6).


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @XIII,

    Thanks for reporting this.

    We'll investigate to see what happened, it was working last week but we may have removed that fix and forgot to remove that line from the changelog.

    We'll follow up as soon as we can.

  • mtissington
    mtissington
    Community Member

    If I understand the release notes for the latest beta, WatchTower should be able to ignore certain password items?
    I have a Password item, 6 digit pin nothing else (no website) ... but it's still showing up in WatchTower.


    1Password Version: 7.3.602
    Extension Version: Not Provided
    OS Version: Windows 10 (latest)
    Sync Type: 1Password.com

  • @mtissington sorry for the trouble, this is being fixed right now. PINs should not be included into Watchtower analysis.

  • Hi @mtissington,

    I've merged your post into this thread that reported this before. It'll be fixed in the next beta update, we had some other Watchtower changes that impacted how this rule was working.

  • Hi @mtissington,

    1Password 7.3 Beta 2 should address this now.

  • mtissington
    mtissington
    Community Member

    confirmed fixed :)

  • Awesome, thanks for testing it for us.

  • pbryanw
    pbryanw
    Community Member

    Hi, hope this isn't slightly off-topic. I have two logins that still use 6-pin passwords. They both show up in vulnerable and weak passwords, because they contain saved web-site addresses. However, I can't change them to something stronger, as the respective sites only allow you to create (and use) 6-pin passwords (one's for a gambling web-site, the other is for a VOIP company).

    I wonder if there's a way I can exclude both from weak, and vulnerable, passwords in Watchtower?

  • Hi @pbryanw,

    Unfortunately, not at the moment. We have something else in mind for that specific edge case.

    We're addressing and figuring out the best solution for every use case. The more we knock them out like this beta 2 update, the less you have to manually adjust Watchtower to fit your edge cases. We're trying to make 1Password do more work for you.

  • XIII
    XIII
    Community Member

    Thanks for solving it!

    Finally 0 items in all Watchtower categories... :)

  • 👍nothing like zeros for Watchtower.

This discussion has been closed.