Get started

Use Watchtower to find passwords you need to change

Watchtower tells you about password breaches and other security problems with the items you have saved in 1Password.
We continually update Watchtower as security breaches are reported, so you can change your passwords right away.
Watchtower graphic

Use Watchtower on 1Password.com

Sign in to your account on 1Password.com, then choose a vault. Click Watchtower in the sidebar to create a Watchtower report.

Watchtower on 1Password.com

To view items that require your attention, click “View items”.

To see if you have any vulnerable passwords or logins with two-factor authentication available, click “Check now” in the Vulnerable Passwords section.

To see if the email address for your 1Password account has been found in any data breaches, click “Create report” in the Breach Report section.

Use Watchtower in the 1Password apps

Watchtower in 1Password for Mac

To manage your Watchtower settings, choose 1Password > Preferences > Watchtower.

To get alerted when a website you have an account for is added to Watchtower, choose 1Password > Preferences > Notifications and turn on Watchtower Alerts. Learn more about notifications.

To find other items that need your attention, expand the Watchtower section in the sidebar, then click any category with an item count.

If any of your items require action, you’ll see an alert banner at the top of the item while using Watchtower. Items that appear under Compromised Websites, Vulnerable Passwords, or Expiring will show an alert banner throughout 1Password.

Set up and use Watchtower

Before you can use Watchtower, you’ll need to turn it on:

  1. Open and unlock 1Password.
  2. Tap Settings > Security.
  3. Turn on Watchtower.

You’ll see a Vulnerability Alert banner at the top of items that need your attention. Items with a compromised website will also appear in the category list.

To read more about the issue, tap the banner, then tap Learn More.

To get alerted when a website you have an account for is added to Watchtower, tap Settings > Notifications and turn on Watchtower Alerts. Learn more about notifications.

Item with a compromised website

Watchtower dashboard in 1Password for Windows

To view your Watchtower dashboard, click Watchtower in the sidebar. Any Watchtower category that has items in it will appear on your dashboard.

To limit your Watchtower dashboard to a specific account or collection, click All Accounts and choose the account or collection.

Items that appear under Compromised Websites, Vulnerable Passwords, Weak Passwords, Unsecured Websites, Inactive Two-Factor Authentication, or Expiring will show an alert banner throughout 1Password.

To manage your Watchtower settings, click All Accounts and choose Settings > Privacy.
If you have an account or collection selected, you’ll see its name instead of All Accounts.

Set up and use Watchtower

Watchtower is turned on by default. Before you can check for vulnerable passwords, you’ll need to turn it on.

To adjust your settings:

  1. Open and unlock 1Password.
  2. Tap Settings > Watchtower.

You’ll see an alert banner at the top of items that need your attention. Items with a compromised website will also appear in the category list.

To get alerted when a website you have an account for is added to Watchtower, tap Settings > Notifications and turn on “Watchtower alerts”. Learn more about notifications.

Watchtower settings on Android: Check for compromised websites, vulnerable passwords, and two-factor authentication

About the Watchtower categories

Watchtower sorts items into seven categories based on the security problems they have.

Find compromised websites and vulnerable passwords

Item with a vulnerable password

Compromised Websites are logins for websites where a security breach has been reported, and you haven’t changed your password since the breach.

Vulnerable Passwords are items with passwords that have been exposed in a data breach. An attacker may not know that you have used that password, but you should still change it.

Learn how to change your password.

Identify reused and weak passwords

Reused Passwords are items that share the same password.

Items in the Reused Passwords category are grouped by the password they use, so you can see which items share a password.

Weak Passwords are items with passwords that are easy to guess.

To keep all your accounts secure, make your passwords stronger.

Item with a weak password

Find unsecured websites

Item with an unsecured website

Unsecured Websites are logins in which the first website field starts with http://. Any passwords you enter while on the site will be sent in plain text and could be intercepted.

If the website supports https://, you can click Use HTTPS in the alert banner to update the URL.

Identify logins that support two-factor authentication

Two-Factor Authentication shows logins for websites that support two-factor authentication, but don’t have a one-time password.

To set up two-factor authentication, click “Learn how to enable two-factor authentication”. When you find your QR code, click Scan QR Code.

If you manage two-factor authentication in another app, click Don’t Save in 1Password.

Item without two-factor authentication

Check for expiring items

Expiring Passport item

Expiring shows items that are expiring soon, so you can take action:

  • credit cards, memberships, and drivers licenses that are expiring within 2 months
  • passports expiring within 9 months
  • items that have already expired

Learn more

Still need help?

If this article didn't answer your question, contact 1Password Support.

Published: