Search all password-type fields for reused passwords
1Password supports marking new fields other than the main password as type:password through the dropdown button on the right. However, if these other fields contain passwords that are repeated elsewhere, the "reused password" warning flag does not appear above that item. It seems reasonable that all passwords in the item would be checked, not just the first one.
1Password Version: 7.2.617
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: 1Password
Comments
-
It does seem reasonable at a glance, but there are a number of non-password bits of data folks save in custom password fields. Some of those are unlikely to be reused (2FA recovery codes, is one example from my usage of custom password fields), but some certainly could be, like security question answers. Yes, our advice is to generate those answers, but not everyone is going to do that and if you give real answers, then you're probably going to repeat yourself a few times at the least. There are only so many security questions out there. So, short version? We know the default password fields are always going to be just that – passwords – but custom password fields may be any number of things some of which might very reasonably be reused. As such, we decided not to include custom password fields in Watchtower.
I hope that makes sense, and if you've got a use case for when you'd like to see custom password fields checked, let me know. I can't promise we'll make it happen, but we don't think of everything and are always willing to consider different views. :chuffed:
0 -
@bundtkate I have a use case for you! :)
I've been slowly migrating everything to 1Password over time, but I know I probably still have accounts out there in the wild that is outside of 1p and is not using awesomely generated passwords.
But I'd still like to know if I need to take action sooner rather than later to bring them into 1p!
To this end I created a "Legacy" item with a bunch of my old passwords:
And was hoping at least some of them would pop up in the watchtower alerts, but none of them did :/
I did check them manually against the HIBP password database, and at least one of them has been leaked. But this would be great to have in 1Password!
0 -
Hi @TobbenTM,
It is an interesting use case, but any additional password fields in a Login items are counted as custom password fields, that is why you do not see them in Watchtower. If you want to check your old passwords in Watchtower, you can create a Password item for each of your old passwords. This way they should show up in Watchtower.
Let me know if it works for you. Thanks!
Cheers,
Greg0
