It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Re: Watchtower and password ages
Thanks for reply, 1P_Dave!
Thanks for the question! 1Password checks to see if you've saved a one-time password for a certain website in the same login item as your username and password. If you haven't then it'll alert you that 2FA is available for that website.
If you're using a different authenticator app to store your one-time password then 1Password won't know that you've already enabled 2FA. In those cases you can either add a 2FA tag to the item or click Ignore in the 2FA reminder banner at the top of the item to dismiss the alert.
Not sure if I'm understanding this correctly, but you're saying if a 2FA one-time password isn't set in a login item using 1Password's built in 2FA, 1Password will alert you that you haven't set 2FA one-time password? However only a limited number of items, out of all the items in my vault, currently show 2FA is available but not enabled yet. So 1Password has to know whether or not 2FA is available on a particular website otherwise most items would be showing 2FA is available but not enabled. Am I understanding this correctly?
1Password 8 doesn't have this kind of feature. Was there a particular reason why you wanted to see the age of certain passwords? You could sort your items by date to get a sense of when you last updated your items.
It's a convenient way to know how old a password is and whether or not it's due for a password change. Although good point about sorting items by date. However, I now realize that the "age" of the password is probably connected to last time the item was edited, which may not necessarily be when the password was last changed. I do keep a record of when a password was last changed, so I just go by that. Guess I'll just have to check manually.
Just a suggestion. It would be nice if there was a field in the item where you could input the date the password was last changed (not the last edited date) and 1Password could give an accurate age of passwords similar to previous versions of 1Password.
Thanks!
3 Replies
- 1P_Dave
Moderator
Thanks for the reply. If you didn't save a one-time password for a certain website in 1Password, and you used a different 2FA authenticator app instead, then 1Password has no way of knowing that you've enabled 2FA for a website.
That being said, 1Password's Watchtower feature does know if a certain website offers 2FA since it uses the following website as a source of knowledge: 2fa.directory
It's a convenient way to know how old a password is and whether or not it's due for a password change.
1Password doesn't include a reminder to change your passwords when an arbitrary amount of time has passed because we don't recommend that practice. Regular password changes for no other reason but because an amount of time has passed is no longer recommended as a security practice by many cybersecurity experts and organizations such as the National Institute of Standards and Technology (NIST).
Instead we recommend that you change your passwords if one of the following conditions is met:
- The password for a website/account is not a secure and unique password generated by 1Password.
- 1Password's Watchtower sends you a warning that your password for a website/account has been reused or was found in a data breach.
You can read more about how Watchtower helps you keep your passwords safe here: Use Watchtower to find account details you need to change-Dave
Thanks for the reply. If you didn't save a one-time password for a certain website in 1Password, and you used a different 2FA authenticator app instead, then 1Password has no way of knowing that you've enabled 2FA for a website.
That being said, 1Password's Watchtower feature does know if a certain website offers 2FA since it uses the following website as a source of knowledge: 2fa.directoryThis helps understanding how Watchtower works.
1Password doesn't include a reminder to change your passwords when an arbitrary amount of time has passed because we don't recommend that practice. Regular password changes for no other reason but because an amount of time has passed is no longer recommended as a security practice by many cybersecurity experts and organizations such as the National Institute of Standards and Technology (NIST).
Instead we recommend that you change your passwords if one of the following conditions is met:
The password for a website/account is not a secure and unique password generated by 1Password.
1Password's Watchtower sends you a warning that your password for a website/account has been reused or was found in a data breach.
You can read more about how Watchtower helps you keep your passwords safe here: Use Watchtower to find account details you need to changeIn regards to the bold text.
If there is a data breach, it might be some time after the data breach is actually reported and Watchtower alerts us. I think it's good practice to change passwords, especially for important websites (such as banks) every so often, just incase IMO. Of course, having 2FA enabled on important websites can help mitigate that threat of a data breach.
Thank you again for the clarifications!
- 1P_Dave
Thank you for the discussion! Let me know if you have any other questions in the future.
-Dave
