Watchtower

I thought Watchtower was supposed to monitor logins to make sure they aren't part of some breach or leaked info. Several of my accounts have been at places with leaked user data and 1Password hasn't notified me at all. I've read I don't need to submit URLS or any info. Is Watchtower not working or is my specific login data not leaked?


1Password Version: 6.3.1
Extension Version: 4.5.6
OS Version: OS X 10.11.5
Sync Type: Dropbox

Comments

  • nmottnmott 1Password Alumni

    @andveg38 1Password for Mac does not share any information about your logins. Watchtower keeps a running, manually-updated list of data breaches that might have affected 1Password users. 1Password for Mac then fetches this list and checks your logins against it on your machine. We don't need or want to know anything about what you have saved to your vaults to help protect your information.

    That being said, we are humans, which means we might miss some breaches. Do you know how your information might have been compromised or from where? Maybe there's something that has slipped through the cracks.

  • Yes thank you, I've read that. Recently LinkedIn, Twitter, Carbonite logins I have been notified by them directly to change my login. I haven't been notified but also TeamViewer is part of this. They haven't sent info about it to me to make a change. Shouldn't we get some some of notification these logins should be changed?

  • Andrew_AGAndrew_AG

    Team Member
    edited June 2016

    Hi @andveg38,

    I'm the guy who does most of the Watchtower stuff around here so I wanted to jump in to reply. We generally only add actual hacks to Watchtower, not cases of password reuse (although there have been a couple exceptions to that rule - the Carbonite case for example). For legal reasons, we also generally only add a site to Watchtower if the site owners acknowledge that passwords were taken from their servers or if they do suggest a customer-base-wide password reset (again, such as in the Carbonite case).

    So you should have received notifications for LinkedIn and Carbonite (presuming you didn't already change your password before we added them to Watchtower), but only after they acknowledged the breaches (see http://watchtower.agilebits.com/check?h=linkedin.com&port=443 and http://watchtower.agilebits.com/check?h=carbonite.com&port=443 if you want to see the updates in a web browser). Since Twitter wasn't hacked, though, and didn't ask all their users to reset their passwords, we haven't added it to Watchtower. Likewise with TeamViewer. They say they weren't hacked and no passwords were leaked, so for now we haven't added anything for them (although I'm keeping an eye on the situation).

    I hope that explains how we handle Watchtower a little better, but let me know if you have any other questions.

  • That does give some clarity, thank you. Carbonite sent me the email yesterday asking me to change my password. I read about LinkedIn's problems after being affected by TeamViewer's problems. LinkedIn never sent anything to me. This is a problem I thought your feature resolved but I still have yet to get anything from 1Password about any of them. I just assumed it would cover all things like this and inform users to take precaution before finding out later, in the news. If out of fear of legal ramifications, the company can't notify us about these things due to possible slander then maybe just remove the feature. From my perspective, it is useless when it seemed like someone figuratively "had my back". Maybe I misunderstood though what it did to begin with. I appreciate both of your responses. Thanks!

  • Andrew_AGAndrew_AG

    Team Member

    Watchtower does require you to check for updates (in the "Security Audit > Watchtower" section in 1Password for Mac, for instance). It doesn't pop up with a warning automatically in the app itself if you don't check the Security Audit section.

  • Hi,
    I think this as good a thread as any to ask this question...
    Today Dropbox began sending out notifications regarding passwords. And generally I tend to rely on 1Password to remind me to update my passwords, so I was surprised that I received this message from Dropbox. I really thought that an issue like this one would have been present in Watchtower, and (in my install) it wasn't.
    So the question is: was the error on my side? Or have you somehow missed this obvious one in Watchtower?

    https://goo.gl/ik7HMF

  • Andrew_AGAndrew_AG

    Team Member

    Watchtower already has an alert for Dropbox from 2014. Since that's after the 2012 date that the new Dropbox alert is from, there's no need to add the new (but older) potential vulnerability. In fact, it would be worse if we did, since people who have changed or setup a password in 2013 wouldn't know to change their password again.

  • Hello,

    What about the incident with Opera server? http://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/

    Opera sent me an e-mail to change the password I was using with Opera Sync.

    Have you added this to Watchtower? Because I haven't received any alert from 1P.

    Anyway I changed my password some minutes ago.

    Regards.

  • Andrew_AGAndrew_AG

    Team Member

    Looks like that one came out after I finished my sweeps yesterday, so I wasn't aware of it yet. I've just updated Watchtower with that information. Thank you for the heads up.

  • Thanks, @Andrew_AG

    I've updated Watchtower and there is no alert. How does Watchtower work? I mean, when you update Watchtower, what do you do? Do you tell it something like: "There has been a breach in Opera server in August 26th at 21:00, show an alert to any 1P user whose Opera password has not been changed since that date"?

  • Andrew_AGAndrew_AG

    Team Member
    edited August 2016

    Exactly. I update the database with the relevant URL(s) and date (not the time, though). It is immediately visible on our website (see http://watchtower.agilebits.com/check?h=opera.com&port=443 for this one). It takes a bit of time to make it to our apps, though (sometimes 24 hours or so). And, of course, if you've already changed your password the apps won't alert you for that specific entry because the password date stamp is now later than the date in the alert.

  • Ok, thanks!!

  • Andrew_AGAndrew_AG

    Team Member

    No problem. :)

  • I posted in the Lounge a topic that "Opera and Dropbox require a password change"
    https://discussions.agilebits.com/discussion/68483/watchtower-opera-and-dropbox-require-a-password-change
    I have chosen the "Lounge" because Watchtower is available for Windows and also for Mac.
    So should this topic here not better be moved into the "Lounge"?

    In my opinion you should create at "1Passowrd" a new category "Watchtower" (like you have Saving and Filling Browsers".
    There each issue (like "Opera" or "Dropbox" should be a separate topic.
    So I see at one if an issue I have read about is already reported.

  • MeganMegan

    Team Member

    Hi @OLLI_S,

    Thanks so much for the suggestion! We’re currently discussing ways to reorganize the forums that will make it easier for everyone to find the answers that they’re looking for. I can’t promise anything, but I’ll pass your thoughts along.

    In the meantime, our team is monitoring each of the categories of this forum, so don’t be too concerned about posting in the wrong category. We’ll see it and respond no matter what. :)

This discussion has been closed.