Watchtower is included with every 1Password subscription. We continually update Watchtower as security breaches are reported, so you can change your passwords right away.
Checking for compromised websites
1Password downloads Watchtower information from
c.1password.com to check your websites on your devices. A list of websites you have saved is never sent to us.
Not only do we never sell information about the websites you save, we don’t even collect it. It’s a bigger technical challenge to design Watchtower this way, but we believe it’s the right way to do it.
Checking for vulnerable passwords
The first time you use Watchtower, you can opt in to the Pwned Passwords service provided by haveibeenpwned.com. 1Password uses the service to check for passwords that have appeared in data breaches. When checking for vulnerable passwords, your passwords stay on your device. They are never sent to the service.
To find vulnerable passwords, 1Password creates a 40-character hash of each password. Then it sends only the first five characters of each hash to the service. The service provides a list of vulnerable passwords that have hashes starting with those same five characters, and 1Password compares them on your device. If any of your passwords match, 1Password alerts you.
Checking for two-factor authentication
Check for login items that support two-factor authentication but don’t include a one-time password. Your website information never leaves your device.