Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Password breach report question
Hi I saw some recent massive breach news on the websites but I couldn't find a single breach entry on Watchtower reports. Does this really mean my accounts were really never breached or Watchtower i...
1Password has a long relationship with Troy Hunt, who runs Have I Been Pwned. Troy is probably the #1 authority on data breaches and reporting in the mainstream press (and sometimes technical press) is often less that accurate and reliable. Troy shared some information about this matter in his latest Weekly Update 457.
In short, don't worry about this news. 1Password will check for your credentials in all the breaches recorded in HIBP and let you know if any have been compromised. You can, of course, check details for yourself. If you find nothing new, then it doesn't mean that you can be certain that your details aren't in some dark web vendor's secret breach dataset, but it does mean that you don't have anything to do... yet.
You can test Watchtower by adding a Login item with compromised data. A safe example is
username: test
password: test
website: http://example.com
This should immediately show several problems in Watchtower including the breached credentials and lower your score a few points.
You can test Watchtower by adding a Login item with compromised data.
I did this with a password that Chrome browser and https://haveibeenpwned.com/ say was exposed in 3 breaches. However, Watchtower does not report the 1Password entry that contains the compromised password.
Whereas I suggested adding an Item with a specific username, password, and website to test, you mention only that you "did this with a password..." with no details of what you did or the password, or what happened when you tried my suggested test.
This makes addressing your reported result practically impossible.Given the possibility that the password in question was a bad one in that it used private or personal information, then not revealing it is of course the right choice. In that case, it should not be too difficult to find another compromised password which you can share; that is unless they were all that bad.
In any case, please report the results of adding the Item suggested.
