Watchtower questions

jmjmjmjm
edited January 3 in Lounge

So I have successfully installed 1P and have started compiling LOGINS. I am enjoying the process. It is an unexpected relief having excellent pw for my LOGINS thus far.

Anyways, I see from the Watchtower report that there is a LOGIN for which I haven't enabled Two-Factor Authentication. But 2 FA has been setup for this same site _prior _ to installing 1P (and It still works as intended after using 1P). What am I missing? Can this be corrected?

Also Watchtower shows 14 Reused passwords. Where is this number coming from as I havent added that many accounts to 1P yet. And under "View Items" all I see in the right pane is the website discussions.agilebits.com for my profile...specifically my pw.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • dancodanco Senior Member Community Moderator

    Watchtower knows (from a standard database) which sites can have 2FA. But it only knows whether you have installed 2FA for a site if you have done so within 1PW. You can add the tag 2FA to an item and it then won't show up in the Watchtower list.

    As to the other question, it depends on how exactly you have been using 1PW. When you create a new password, it appears in the Passwords category (as a safety measure). If you then separately create a login with that password, it will also appear in the Logins category, so it shows as reused. You can always delete it from the Passwords category once you are happy that the login exists. Also, the normal process of creating a login should automatically delete the item in Passwords.

  • ag_anaag_ana

    Team Member

    @jmjm:

    Also Watchtower shows 14 Reused passwords. Where is this number coming from as I havent added that many accounts to 1P yet.

    If you open the 1Password app on your device, and instead of looking at the Logins category, you look at the Passwords category, do you perhaps see several items there?

  • If you open the 1Password app on your device, and instead of looking at the Logins category, you look at the Passwords category, do you perhaps see several items there?

    I do. For example I see 4 for a particular newspaper. More specifically two of these "passwords" have identical times shown and two have different times (2 at 12:06 am and one at 12:05 and another at 12:09...all on the same day). "ana" can you explain what I am seeing so I understand better what is happening when I am using 1P for the first time, going through and having it update PWs and establishing logins. (I would bet you often get qs about "reused" pw alot based on the Watchtower Report given that for each login 1P users are generating unique PW....not intuitiive...at least for me)

  • (Thank you "Danco" for your help)

  • ag_anaag_ana

    Team Member

    @jmjm:

    Any time you use the password generator, the generated passwords end up in the Passwords category. If you then create a Login item in 1Password, but you do not delete any old generated passwords, you will end up with duplicates (especially if you used the generator multiple times), and potentially Watchtower flagging those items as "reused password" (because in this case there would be both a Login item and a Password item with the same password, hence the warning).

  • I have a somewhat similar question. I am cleaning up re-used passwords in Watchtower, but many of them show up as re-used because they are in a second vault (an Archive vault that I have to keep an archive of previous passwords, due to a historical glitch, and I do not want to get rid of it yet). Is there any way to make Watchtower only search within a single Vault? It's making it much harder to see which passwords are really problems.

  • ag_anaag_ana

    Team Member

    @geekgirl54:

    Have you considered removing your Archive vault from your All Vaults list (1Password Preferences > Vaults tab > Show in All Vaults section)? This way, Watchtower will work on all your vaults, but not on your Archive vault.

    If this Archive vault only has old passwords, as you said, perhaps this will be the most sensible solution.

  • In "show in all vaults", "Archive" is not checked, if that is what you mean? And I only have Personal selected at the top of the screen. But the passwords in Archive still show up in Watchtower. To be clear, in Watchtower a single item (e.g. Amazon) is listed once, but in the alert in the upper right it will say "used in 1 other item" and the other item is (e.g. Amazon) in the Archive. So even though an item is listed in Watchtower as re-used, it is not reused in the Personal vault.

  • ag_anaag_ana

    Team Member

    @geekgirl54:

    I see, thank you for the confirmation. Can you please share some details on your use case? I would like to see if there is any workaround we can suggest, based on how you are using your Archive vault.

    For example, I know a lot of people use the Archive vault for items that are not needed anymore, or don't exist anymore. But if you use 1Password to generate random passwords, these items should not be using the same password that your items in your main vault are using. You wrote:

    in Watchtower a single item (e.g. Amazon) is listed once, but in the alert in the upper right it will say "used in 1 other item" and the other item is (e.g. Amazon) in the Archive.

    Can you please clarify why you have the same item in your main vault and in the Archive vault at the same time?

  • Ag_ana,
    The reason that I have the same items in Archive as in my main vault is that the Archive is a backup of my Primary vault before I understood it was not the one which was syncing across devices (Personal). I was using the Primary vault primarily, thinking it was syncing across devices, which ended up with some passwords which were updated on Primary but not on Personal. On another device, I was using Personal as the main vault. So, I ended up with passwords which conflicted between Personal and Primary. I understand this is an issue that 1Password is aware of and they are now recommending you delete the non-syncing Primary vault to address this confusion. Since there is no way for me to easily know which passwords are correct in Personal vs. Primary, I made an archive of the Personal vault, and then copied the Primary vault into Personal, and then deleted Primary. So now my Personal vault includes the most up to date set of passwords, but I have a record of th few items that may have been correct in Personal. This was the workaround suggested by the 1Password team in another thread.
    So, I have items that are duplicated between Archive and Personal.

  • bundtkatebundtkate

    Team Member

    If you don't mind my hopping in here, @geekgirl54, my suggestion would actually be to look specifically at Archive by selecting it in your app's sidebar and delete any items in Archive that are flagged as having reused passwords. This could actually serve something of a dual purpose. First, and most obviously, it'll make Watchtower more useful to you by eliminating these technically false warnings. But second and perhaps even more handy, it will allow you to tidy up the Login items in Archive that, more likely than not, are true duplicates of those in your current Personal vault. This will leave you with far fewer items still in Archive and quite possibly allow you to quickly sift through that vault and update things in Personal as needed so you can get rid of the extra entirely leading to an overall more usable setup.

    Now, I won't say this comes with no risk. After all, I know there's more to your items than just the passwords. Maybe you had a note or an updated OTP in Archive that will get deleted as a result. This risk is, however, mitigated by Item History. If you find down the road that something is missing, you can restore the item from Archive, replace what's in Personal with proper data, and happily move on with your life. And, of course, you know your habits well better than I so it may be that risk is minimal to non-existent depending on your personal habits. It's obviously wholly up to you if this is something you're comfortable with. You can also re-enable archive in All Vaults so you see those reused passwords side-by-side and more closely examine those items to make a better determination of which is certainly most up-to-date, rather than taking the shortcut of deleting any in Archive without closer inspection, too. It's just a matter of what you are most comfortable with and how much up-front time you'd like to put into this sort of thing.

    1Password will only show you items in the vault you have selected (or that are part of All Vaults since you've got that selected), but it's going to search literally all vaults for the purposes of flagging the displayed items regardless because it wants to remain accurate – that password is used for two or more items, whether they're in the vault you selected or not, after all. Skipping those definitely makes sense in your situation, but the majority of the time, folks are going to want to know whether a password is reused anywhere, and heck, even in your situation, you may want to know whether a password is reused in another vault that isn't Archive. It's a project to be sure and it isn't fun by any means, but the only true and final solution in this case is going to be getting rid of at least the items in Archive that are reusing a password.

    For what it might be worth, some form of the above is usually what I suggest to folks who are in the situation you were before. Most any vault can be preserved in some way without actually keeping it open in your app. This allows you to access it if you need it without having it cause clutter during your day-to-day or interfere with your use of features like Watchtower. As I mentioned, it's not without some risk and, of course, recovering the item(s) from that vault is a bit more work without keeping the vault active and open in your app, but in exchange for that extra effort if and when you need one of those old items, you gain a more usable setup today. Personally, I find that preferable to keeping old data around at all times, but not everyone is going to share my feelings and you may not either and that's okay. This is just my two cents on how I would generally handle these situations. It's your call if it would work for you as well. :chuffed:

  • Bundtkate, that was a great suggestion. I've done that (deleting duplicate password items only in Archive) and now my task is easier. For the number of items which might have useful information in them, this was a good approach, especially given item history. Thanks!!

  • ag_anaag_ana

    Team Member

    On behalf of bundtkate, you are welcome! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

This discussion has been closed.