Reused Passwords reported for only 1 of the 2 accounts
Hi,
only 1 of the two affected accounts show up in the 'Reused Passwords' section. The red bar of that account correctly points to the 2nd (for which I indeed reused that same password), but that 2nd account is neither listed nor does it have the red bar warning when I select it from all Logins. I.e. detecting the reused passwords seem to only work in one direction. Both Logins are in the same online Vault (currently still a test account) and I am using the currently latest version of 1Password 7 (7.2.4).
I before noticing this, I did do some cleanup that involved one of these two Logins (but not the 2nd that doesn't have the warning) and also deleted a local vault. Might this have caused this problem? According to the current status of both Logins though, the failure to report both seems to be a bug in Watchtower/1Password.
Any idea what's going on?
Many thanks,
Alex
1Password Version: 7.2.4
Extension Version: Not Provided
OS Version: OS X 10.12.6
Sync Type: 1PW account
Referrer: forum-search:Reused Passwords reported for only 1 of the 2 accounts
Comments
-
@brenty: I'm not sure what you mean by URL, if you mean the online account it is a US-based one at https://my.1password.com - does this help? I don't think it has to do with the login URLs of my accounts - one is from my workplace and one from a bank.
By cleanup I meant that 1 of the 2 logins in question is used at several linked servers (all from the same institution, my workplace). I merged all of them into 1 by copying their URLs into the URL fields of the main server's login and deleted all logins to the other servers. This reduced the reused passwords to 2 logins from truly independent servers (workplace & bank). The one with the merged URLs (workplace) is still detected as duplicated with the independent one (i.e. the red bar correctly reports that duplicate login and links to it) while the independent one (bank) is not any more reported as duplicate. Does this help?
0 -
Hi @alstark,
One of the exceptions we put into place with Watchtower's Reused Password detection is that we don't consider passwords with a 1Password.com domain to be re-used. In your case, say you have a 1Password.com item and a Facebook.com item both with the same password:
The exception will ignore the 1Password.com item when checking for re-used passwords for the Facebook.com item, therefore the Facebook.com item will not have a Re-used Password warning.
The 1Password.com item will surface the Facebook.com login when checking for re-used passwords.
That's a case where you'll see one item warning about a re-used password, when the other item does not.
Hopefully that helps explain what you're seeing; if not, let me know.
0 -
Hi @ag_andrew,
this is it: one of the accounts involved is indeed 1Password.com, sorry for the confusion. Could you please in the future add this to the documentation (maybe along with the fact that Watchtower ignores digit-only passwords as "pins" - this was also quite confusing to me).
Many thanks and best wishes,
Alex0 -
Glad Andrew was able to help. Certainly something we can consider. :)
0 -
Many thanks - would be great if you could make the behavior of Watchtower more transparent. I was troubled when I saw that it did not flag short digit-only password as weak/unsafe or when I noticed the asymmetry in detecting duplicates. Thinking that my password manager behaves non-intuitively or is potentially buggy was not a comfortable situation. I had to come to this forum to find more information about both non-intuitive behaviors.
Re PINs: I understand the reasons for not flagging PINs mentioned in several other threads. But I think this should be an option that can be set by the user. Having this optional would not only be more transparent but also allow the user to review these PINs at regular intervals, say once or twice a year. It is always possible that the respective websites change their password requirements, in which case one would of course want to choose safe passwords...
Many thanks and best wishes,
Alex
0 -
Thanks for your feedback, users like you make the app better for everyone!
Making the rules clearer is something we'd like to do, but it'll take us some time to strike the right balance between clarity and information-overload; especially for users who aren't as advanced as you are. We'll keep working hard to make 1Password better every day.
0
