1Password Watchtower

I didn't know this existed! Just the other day I was wishing that this existed, and it turns out it already does.

1Password Watchtower

Watchtower identifies website vulnerabilities and alerts you when one is found. Website vulnerability information is refreshed daily to verify items in your vault. 1Password downloads the information and checks it locally against your Logins. Watchtower will list Logins associated with sites which have (or had) known vulnerabilities.

Sadly, my list of passwords that should be changed is of the "there goes my afternoon" magnitude.

Previously, previously, previously.

Tags: ,

17 Responses:

  1. When I read a news article the other day saying that Cloudforce thing meant that I had to change all my passwords right away, I was wondering if tech writers understood that changing credentials on 200+ sites doesn't just take five to ten minutes

  2. John Adams says:

    Watchtower has been part of 1pw for a long time, it's a bit histrionic though. Any site alerts in there should be taken with a grain of salt.

    They add domains even if there is the remotest chance of compromise which I guess is important if said Sites do not use 2FA.

  3. MattyJ says:

    I've been using 1Pasword for a few years (thanks for recommending, jwz!) and I didn't know this existed either, until the email they sent out a couple days ago about the OSX snafu. Excellent. I only have a couple hundred passwords total, and none showed up in the 'change your password now' list, but I have way more duplicates than I thought.

    PS Interesting that 1Password blogged full disclosure on what happened last week. Not many software houses do that, they mostly try to bury that info. How very Canadian of them (didn't know they were Canadian, either.)

    • Nick Lamb says:

      Not Cloudflare's choice.

      This was found by Tavis at Google. Google's policy (for severe security problems like this) is you have 7 days. Can't fix it in seven days? Too bad, use your seven days writing an obituary for your company / project / government agency / whatever. Tavis' notes for this item say Cloudflare's disclosure "severely downplays the risk to customers".

  4. Juanjo says:

    Speaking of password managers, both Lastpass and Dashlane can automatically change the passwords of websites.
    It only works only with popular websites, but it comes handy after an incident like this.

    • greatevil says:

      Lastpass I find has a fairly low success rate at changing passwords on it's own and runs fairly slowly.

  5. db48x says:

    There's also https://haveibeenpwned.com/, but integration with your password manager is really nice.

  6. Jonathan says:

    I am so in love with 1Password it hurts

  7. The only way to be sure your shit is right is to host your own password management tools.

  • Previously