Security and privacy

About Watchtower privacy in 1Password

Learn how 1Password protects your privacy when you use Watchtower to find passwords you need to change.

Watchtower is included with every 1Password subscription. We continually update Watchtower as security breaches are reported, so you can change your passwords right away.

Checking for compromised websites

1Password downloads Watchtower information from to check your websites on your devices. A list of websites you have saved is never sent to us.

Not only do we never sell information about the websites you save, we don’t even collect it. It’s a bigger technical challenge to design Watchtower this way, but we believe it’s the right way to do it.

Checking for vulnerable passwords

The first time you use Watchtower, you can opt in to the Pwned Passwords service provided by 1Password uses the service to check for passwords that have appeared in data breaches. When checking for vulnerable passwords, your passwords stay on your device. They are never sent to the service.

To find vulnerable passwords, 1Password creates a 40-character hash of each password. Then it sends only the first five characters of each hash to the service. The service provides a list of vulnerable passwords that have hashes starting with those same five characters, and 1Password compares them on your device. If any of your passwords match, 1Password alerts you.

Learn more about how the Pwned Passwords service works  

Checking for two-factor authentication

Check for login items that support two-factor authentication but don’t include a one-time password. Your website information never leaves your device.