How to prevent false "Reused Passwords" in Watchtower 2.0?

XIII
XIII
Community Member
edited May 2018 in Families

Watchtower 2.0 is really nice!

However, I have at least 1 false "Reused Passwords" set of passwords: a company I work for uses Single Sign-On. This means I have the same password (for the same company) in a "Login", an "Email Accounts", and a "Wireless Routers" entry.

How can I tell 1Password that these are related and should not be considered "Reused Passwords"?


Sync Type: 1password.com

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @XIII: It isn't possible to manually mark those as "okay", but I'd suggest simply saving all of that in a single Login item. You can not only use custom fields to add whatever you need, but it can also be used to fill login credentials in your browser (if applicable). Cheers! :)

  • XIII
    XIII
    Community Member
    edited May 2018

    I could do that, but then all info would only show up in 1 category (and be partially redundant), instead of in 3 categories with each only the relevant info?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @XIII: That's correct. The only downsides I can see to doing something like that is in cases where you'd want to use different items for filling purposes. For example, I have a lot of different Chase items: Bank Accounts, Rewards Programs, Documents, Logins, Credit Cards. If it weren't for those last two, which I obviously use for filling purposes, I'd gladly combine everything into a single item. So really it's a matter of personal preference and use case. We may be able to add more flexibility in the future, but right now consolidating is the best option if you want to avoid password duplication.

  • XIII
    XIII
    Community Member

    Luckily I normally only use 1Password with the Login item, so I decided to just clear the password field in the other two categories.

    Bonus: now I only have to update the password in 1 entry (this company still requires me to change the password every 90 days).

  • AGAlumB
    AGAlumB
    1Password Alumni

    Bonus: now I only have to update the password in 1 entry (this company still requires me to change the password every 90 days).

    @XIII: 100% yes! I haven't had a lot of situations like that, but I have totally updated a password in one login and forgotten to do so in others, causing me a ton of frustration and confusion until I realized...

  • macula
    macula
    Community Member

    I actually have over 600 false positives under "reused passwords." Any thoughts from the Agile folks?

  • macula
    macula
    Community Member
    edited September 2018

    [accidental duplicate — deleted]

  • AGAlumB
    AGAlumB
    1Password Alumni

    I actually have over 600 false positives under "reused passwords." Any thoughts from the Agile folks?

    @macula: Can you elaborate? I'm not sure blind guessing will help, and I know literally nothing about your setup. :)

  • macula
    macula
    Community Member
    edited October 2018

    @brenty I am running the current latest version of 1Password 7 on a Mojave-based late-2013 MBP.

    Watchtower alerts me that there are well over 600 "reused passwords," yet in reality each one of those is unique. I am 100% certain they are because they were generated by 1Password and searching for any of these purportedly duplicate passwords (with the "search all fields" option enabled) returns a single result.

    It is more likely that I'm missing something obvious, of course, but I've been grappling with this for days :/

    Thanks for your help.

    UPDATE: I did run all relevant maintenance tools from the 1Password menu, but they didn't help.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @macula: I don't know what "maintenance tools" you're referring to. Can you be more specific? Also, what is the actual 1Password versions you're using? There are a lot of them you could run on macOS. The details matter. As a basic experiment, try selecting one of the items in "reused passwords", copy the password, and then search for that in 1Password ("Expand Search to All Fields"). Are you really only getting a single result in All Vaults? Do you have any vaults hidden from the All Vaults view? Thanks advance! :)

  • macula
    macula
    Community Member
    edited October 2018

    @brenty, by "Maintenance Tools from the 1Password Menu" I mean the "Tools" submenu under "Help", indeed in the menu bar. The experiment that you suggest is the one that I describe in my original post, and indeed I only get a single result in "All Vaults" for all supposedly "reused passwords' I tried.

    I'm running v. 7.2.1 (70201002), downloaded from the Agile store. The database was imported from 1P v6.

    Thanks once again!

  • @macula,

    Are you sure that they're false-positives? I thought I had false positives myself and even filed an issue in our bug tracker. It turned out not to be the case though. For me the problem was that I had excluded certain vaults from All Vaults in preferences. Watchtower looks across all of your vaults for duplicates, but only shows the items that are within the view of All Vaults when showing the result. This can lead to confusion. We're looking to change that to make things more obvious.

    Can you check to see if this is maybe what's going on?

    Rick

  • macula
    macula
    Community Member
    edited October 2018

    @rickfillion I think this is exactly what happened. My old vault, inherited from 1Pv6, is excluded from view but included in the search for duplicates. Although I think I understand the developers' reasoning, which maximizes security, I agree this implementation is counterintuitive. I'd be in favor of a switch to enable/disable cross-vault search.

    Thanks!

  • AGAlumB
    AGAlumB
    1Password Alumni

    @macula: Ah gotcha. Sorry for the confusion there. I think it's important that Watchtower be thorough, but I can see the other side of this too.

    I guess then the question is what is the meaning of All Vaults? I guess I think of it as simply not wanting to see some of my stuff all the time. But it may be that some folks think of this as essentially removing those vaults, effectively. I'd argue that having duplicate passwords anywhere is bad, even out of sight/out of mind. Even entirely outside of 1Password. Watchtower can't tell you those need to be dealt with in that case, but I do think it should whenever possible. Food for thought.

  • iliastsangaris
    iliastsangaris
    Community Member
    edited January 2019

    I'm confused about this issue because I only have one vault and I'm getting a "Reused Password" warning, but then nothing appears for most of these "reused" passwords when I click the option to see "X other items". Seems like false-positives in my case.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @iliastsangaris: Check your other vaults. You can search for the password specifically. Probably easiest to unhide any hidden ones temporarily. ;)

This discussion has been closed.