Watchtower: Discrepancy between red banner warning and AgileBits description

I turned on the Watchtower feature, and I have multiple logins that show a red banner telling me to change my password. When I click on the red banner and then on the "more information" link on the pop-up window, it takes me to the AgileBits website page for the site that uses that login. However, many of those say that no action needs to be taken. For example, my zdnet login has the red banner, but when I click on it, the AgileBits page says this:

Status

Unknown - The vulnerability status could not be determined.

Recommended Action

No recommended action at this time as we currently have no vulnerability information for downloads.zdnet.com. You can continue to check back here for updates in the future.

This is true for multiple logins. Should I ignore what the AgileBits webpages say and change the passwords anyway?

Thanks in advance for your help!


1Password Version: 6.6.1
Extension Version: Not Provided
OS Version: OS X 10.12.3
Sync Type: Not Provided

Comments

  • Drew_AGDrew_AG 1Password Alumni

    Hi @Julie_S,

    If you compare the website from one of those Login items to the website shown in the information on the Watchtower site, do they have different subdomains? (For example, downloads.zdnet.com versus www.zdnet.com.) If so, this is an issue our developers are aware of, and I apologize for the inconvenience. Basically, the 1Password app checks for other subdomains (or the naked domain) of the website in a Login item, but when you click the "Learn more..." link, it takes you to a page specifically about the subdomain that is stored in the app. Hopefully we'll be able to clear up the confusion in a future version.

    If that's not the problem or if you're not sure, let us know. Thanks! :)

    ref: OPM-1764

  • Thanks! Yes, you hit the nail on the head. But let me make sure I've got this right -- I should go ahead and change it since all subdomains would be included in a breach of the naked domain, correct? I'm checking because yeah, there are an awful lot of passwords that have gotten flagged....

  • Drew_AGDrew_AG 1Password Alumni

    Hi @Julie_S,

    I'm terribly sorry it took so long to reply!

    I should go ahead and change it since all subdomains would be included in a breach of the naked domain, correct?

    Not necessarily - each site is different. However, it doesn’t hurt to change your password on a site, so you might want to go ahead and do that anyway, just to be safe.

    Sorry again for the delayed response! Please don't hesitate to let us know if you need anything else. Cheers! :)

This discussion has been closed.