1Password for Mac was updated today to include include their new Watchtower Service. Watchtower checks all your 1Password logins to see whether any site associated with a login in your 1Password database is or ever was vulnerable to Heartbleed and compares it with the date you last changed your password. You will then receive a notification inside 1Password letting you know if your password is vulnerable and needs to be changed.
1Password 4.4 for Mac is now available to website and Mac App Store customers, and it has Watchtower built right in. Watchtower is a free service, and once you enable it (either under Security Audit or Preferences), Watchtower will alert you if a website is found to be at risk.
Like Captain Picard sounding the call to battle stations, 1Password will display a red alert at the top of any affected Logins (see this post’s gallery for examples). Click the alert to learn more about what’s going on and when it is necessary and safe to update your password.
This added functionality is pretty awesome (I especially like the Star Trek reference) but a little scary too. I consider myself to be pretty security savvy and thought I was on top of Heartbleed. I changed a number of passwords shortly after the Heartbleed vulnerability was announced. According to 1Password Watchtower, I have over 100 logins that are vulnerable. That was shocking. Granted, many of these logins are for sites and services I no longer use. But I was stunned to see just how many susceptible sites were out there, including my bank, my ISP, and my brokerage account to just name a few. Worse yet, I never received notifications from these companies and scores of others. Shameful.
If you have 1Password, make sure you grab the update. Watchtower has to be activated manually inside 1Password. You can learn more on the Agile Blog.
Disclosure: 1Password is a sponsor of Mac Power Users