Get started

Use Watchtower to find passwords you need to change

Watchtower tells you about password breaches and other security problems on the websites you have saved in 1Password.

Watchtower is included with every 1Password subscription. We continually update Watchtower as security breaches are reported, so you can change your passwords right away.

To find items that need your attention, click one of the options under Watchtower.

If any of your items require action, you’ll see an alert banner at the top of the item while using Watchtower. Items that appear under Compromised Logins, Vulnerable Passwords, or Expiring will show an alert banner throughout 1Password.

Find compromised logins and vulnerable passwords

Item with a vulnerable password

Compromised Logins are logins for websites where a security breach has been reported, and you haven’t changed your password since the breach.

Vulnerable Passwords are items with passwords that have been exposed in a data breach. An attacker may not know that you have used that password, but you should still change it.

Learn how to change your password.

Identify reused and weak passwords

Reused Passwords are items in your current vault that share the same password. To check for reused passwords across all your vaults, switch to All Vaults, and make sure all your vaults are included.

Weak Passwords are items with passwords that are easy to guess.

To keep all of your accounts secure, make your passwords stronger.

Item with a weak password

Find unsecured websites

Item with an unsecured website

Unsecured Websites are logins in which the first website field starts with http://. Any passwords you enter while on the site will be sent in plain text and could be intercepted.

If the website supports https://, click “Make https” to update the URL.

If the website doesn’t support https://, add the http tag to exclude it from the list.

Identify logins that support two-factor authentication

Inactive 2FA shows logins for websites that support two-factor authentication, but don’t have a one-time password.

Click View Instructions to learn how to set up two-factor authentication for that website.

If you use another app to manage two-factor authentication, add the 2FA tag to exclude it from the list.

Item with inactive two-factor authentication

Check for Expiring items

Expiring Passport item

Expiring shows items that are expiring soon, so you can take action:

  • credit cards, memberships, and drivers licenses that are expiring within 2 months
  • passports expiring within 9 months
  • items that have already expired

Set up and use Watchtower

Before you can use Watchtower, you’ll need to enable it:

  1. Open and unlock 1Password.
  2. Tap Settings > Security.
  3. Enable 1Password Watchtower.

Tap an item to see its details. If you see a compromised Login alert, change its password.

To learn more about a compromised Login, tap the red Vulnerability Alert banner, then tap Learn More.

To find items that need your attention, click one of the options under Watchtower.

If any of your items require action, you’ll see an alert banner at the top of the item while using Watchtower. Items that appear under Compromised Logins, Vulnerable Passwords, or Expiring will show an alert banner throughout 1Password.

Find compromised logins and vulnerable passwords

Item with a vulnerable password

Compromised Logins are logins for websites where a security breach has been reported, and you haven’t changed your password since the breach.

Vulnerable Passwords are items with passwords that have been exposed in a data breach. An attacker may not know that you have used that password, but you should still change it.

Learn how to change your password.

Identify reused and weak passwords

Reused Passwords are items in your current vault that share the same password. To check for reused passwords across all your vaults, switch to All Vaults, and make sure all your vaults are included.

Weak Passwords are items with passwords that are easy to guess.

To keep all of your accounts secure, make your passwords stronger.

Item with a weak password

Find unsecured websites

Item with an unsecured website

Unsecured Websites are logins in which the first website field starts with http://. Any passwords you enter while on the site will be sent in plain text and could be intercepted.

If the website supports https://, edit the login and update the URL.

If the website doesn’t support https://, add the http tag to exclude it from the list.

Identify logins that support two-factor authentication

Inactive 2FA shows logins for websites that support two-factor authentication, but don’t have a one-time password.

Click View Instructions to learn how to set up two-factor authentication for that website.

If you use another app to manage two-factor authentication, add the 2FA tag to exclude it from the list.

Item with inactive two-factor authentication

Check for Expiring items

Expiring Passport item

Expiring shows items that are expiring soon, so you can take action:

  • credit cards, memberships, and drivers licenses that are expiring within 2 months
  • passports expiring within 9 months
  • items that have already expired

Set up and use Watchtower

Watchtower is automatically enabled on your device. To adjust your settings:

  1. Open and unlock 1Password.
  2. Go to Settings > Watchtower.

You’ll see an alert banner at the top of items that need your attention.

Watchtower settings on Android

Compromised logins and vulnerable passwords

Item with a vulnerable password

Compromised Logins are logins for websites where a security breach has been reported, and you haven’t changed your password since the breach.

Vulnerable Passwords are items with passwords that have been exposed in a data breach. An attacker may not know that you have used that password, but you should still change it.

Learn how to change your password.

Weak passwords

Weak Passwords are items with passwords that are easy to guess.

To keep all of your accounts secure, make your passwords stronger.

Item with a weak password

Unsecured websites

Item with an unsecured website

Unsecured Websites are logins in which the first website field starts with http://. Any passwords you enter while on the site will be sent in plain text and could be intercepted.

If the website supports https://, edit the login and update the URL.

Logins that support two-factor authentication

If you have login items for websites that support two-factor authentication, but don’t have a one-time password, you’ll see an alert banner.

Click View Instructions to learn how to set up two-factor authentication for that website.

Item with inactive two-factor authentication

Expiring items

Expiring Passport item

If any of your items are expiring soon, you’ll see an alert banner so you can take action:

  • credit cards, memberships, and drivers licenses that are expiring within 2 months
  • passports expiring within 9 months
  • items that have already expired

How Watchtower protects your privacy

1Password downloads Watchtower information from c.1password.com to check your websites on your devices. A list of websites you have saved is never sent to us.

Not only do we never sell information about the websites you save, we don’t even collect it. It’s a bigger technical challenge to design Watchtower this way, but we believe it’s the right way to do it.

When checking for vulnerable passwords

The first time you use Watchtower, you can opt in to the Pwned Passwords service provided by haveibeenpwned.com. 1Password uses the service to check for passwords that have appeared in data breaches. When checking for vulnerable passwords, your passwords stay on your device. They are never sent to the service.

To find vulnerable passwords, 1Password creates a 40-character hash of each password. Then it sends only the first five characters of each hash to the service. The service provides a list of vulnerable passwords that have hashes starting with those same five characters, and 1Password compares them on your device. If any of your passwords match, 1Password alerts you.

Learn more about how the Pwned Passwords service works  

Published: