1Password is a fantastic tool for securely managing your passwords and security sensitive data, it does however do even more things that you should be aware of! One of the features is Watchtower.
You can think of Watchtower as a service that looks after your passwords and alerts you to a variety of potential problems that you may not have otherwise known about. In this article we'll take a look at each of the features.
Once you open 1Password, click the > to the right of "Watchtower" to expand and show each area:
In the example below, we see an alert that the website networksolutions.com was affected by a security breach and we haven't changed our password since. We will want to change our password as soon as possible.
This feature must be enabled before it can be used:
Once enabled it will cross-check all of your passwords against the database at haveibeenpwned.com that tracks email and phone numbers found in data breaches. If it does find a password that matches one in the database you'll see:
This password is now known and available on the internet, it should not be used for any websites or accounts. People often re-use the same password across many sites and accounts and it's often easy to guess the username of other sites.
You'll see this message if this password is used for multiple accounts. The best practice is to use a unique password for each site or account. This way if one is compromised, it won't potentially lead to multiple accounts being compromised.
Weak passwords are just that, common or easily guessed passwords using simple words. They can also be very repetitive or be very short. The technical term for this is "password entropy" while the details of that is beyond the scope of this article, generally speaking the higher the better. How do you raise your password entropy? Two easy things to do:
1. Use a random password of at least 24 characters generated by 1Password.
2. Make sure the password is using upper case, lower case, numbers and special characters (!@#*%)
Here you will find a list of any websites you have saved in your password entries that are considered unsecure. An unsecure website would be any site that does not encrypt traffic between you and the site. An easy way to see if this is the case is to look at the address of the website in your browser:
If the site starts with http:// it is NOT secure
If the site starts with https:// it IS secure.
Generally these days most websites are by default secure. There are legitimate exceptions to this and typically those are internal sites running on a corporate network not accessible to the internet or the "website" for a device such as a web cam or router which is OK because those sites are not available from the internet.
Any time you are entering confidential information, the site should be secure. If it is not, contact your IT help desk or the owner of the website and confirm you have the address correct.
This is another great feature for increasing awareness, if you have saved a username and password into 1Password but not two-factor authentication information then you might not have it enabled for that website or service. This will alert you to the fact it is available for that site. You should always store your two-factor authentication information in 1Password.
Mostly applicable to Credit Cards, but it is useful to know that you can look up when they will be expiring. Useful in a situation where people will share a company credit card.