Question or remark about Watchover

Hi. Just started using 7.1 (562) Beta on Windows, with French localization.
In Watchover,

  • In the "Identifiants compromis" section, a message says "Aucun élément vulnérable n'a été trouvé"
  • In the "Mots de passe vulnérables" section, a message says "This password has been compromised in a data breach (...)"

I suspect the sections titles, content and/or messages have been swapped. "Compromis" and "Vulnérable" have the same meaning in French and in English, thus I suppose you have the same issue in the English version.
Regards,
Rodolphe


1Password Version: 7.1.562
Extension Version: Not Provided
OS Version: Win 10
Sync Type: Not Provided

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Dahu,

    Thanks for reporting this. I'll ask our French translators to review these areas again.

  • Well… I just switched language, and I see the same issue in English (see highlighted areas below). Compromised passwords are reported in the Vulnerable section, and reverse. Or am I misunderstanding something?

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Dahu,

    That is correct phrasing as given to us by our documentations team.

    I'll ask if they want to consider changing it to compromised items.

  • Ok. My suggestion would indeed be

    • that the section Compromised logins displays "... compromised login items..." (which is what you see on my.1password, by the way)
    • but also that the section Vulnerable Passwords displays "... vulnerable items…"

    I find it very confusing that "compromised" and "vulnerable" are both used together on both sides. This makes the meaning of each word very unclear. If "compromised" means something like "stolen", then items "compromised in a data breach" should be in a section called "comprised", not "vulnerable". Shouldn't it?

    My understanding of "Vulnerable" is "weak", whereas a "compromised" password could be strong… but inefficient, because of a breach.

    Well… I can live with it, I thought it was not intentional to use both words indifferently, and that consistent terminology would help users.

    Regards,
    Rodolphe

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Dahu,

    We've just released a minor update to fix some of the wordings.


    They both do mean the same thing, the account is compromised and you need to update the password for it. The difference is how the account was compromised:

    1. Compromised Logins is when your specific account was definitely compromised as in the site itself was breached.
    2. Vulnerable Logins mean that your account is not compromised because it is not the site that was breached but it is vulnerable because your password has been used elsewhere.
  • OK, thank you for the clarification.
    Since they seem to be exact synonyms, it might be a good idea to find some differentiating word in the titles of both sections… Besides, I am still confused, since you say

    "Vulnerable Logins mean that your account is not compromised because it is not the site that was breached but it is vulnerable because your password has been used elsewhere."

    … and the Watchtower message for vulnerable passwords is precisely:

    "This password has been compromised in a data breach"

    But I will stop arguing, I think you got my point. And if not, we both did our best. My intent was to contribute with a proposal for a potential improvement of the wording, and I do not want you to waste more efforts in explanations for me if the messages are clear to everyone else.
    I think your own wording "the site was breached" and "your password has been used elsewhere" are possibly better than the current messages.

    Another proposal, more a feature request this time, would be that some weak passwords can be "cleared" by the user (with a checkbox) and no longer be reported as such. We are constrained to use 6 digits for example on some sites. There is no added value for the user to be informed that this is weak, and being able to hide these diagnostics in the future would help remove some noise and make valuable warnings more visible.
    I think I read this proposal already, and I vote for it.

    Regards,
    Rodolphe

  • … alternatively, 1Password could provide a new PIN type, consisting of digits only, with all other characteristics of passwords (can be generated and filled automatically, etc.), but excluded from weakness checks and some watchtower checks (except site being breached, thus justifying an invitation to change PIN).

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Dahu,

    Another proposal, more a feature request this time, would be that some weak passwords can be "cleared" by the user (with a checkbox) and no longer be reported as such. We are constrained to use 6 digits for example on some sites.

    6-digits or less are considered as PIN and are not checked but we haven't applied that rule just yet to all Watchtower sections, we'll look into Weak Passwords, Reused Password definitely shouldn't show them and will be fixed in a future update.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file