Password Generator - Duplicate Passwords
Hello,
I've seen a few posts with my issue, but I wanted to add a side-effect that I haven't seen mentioned yet.
When using the 1Password extension to generate a new password, specifically when changing an existing password, the app creates a duplicate password along with the entry that was updated.
I've seen this issue posted a few times in the following threads:
- https://discussions.agilebits.com/discussion/89618/duplicate-passwords-logins-match-their-own-generated-password
- https://discussions.agilebits.com/discussion/90963/duplicate-passwords-recovery-email-and-attachments
- https://discussions.agilebits.com/discussion/91369/1pw7-password-generator-creates-duplicate-entries
I have been experiencing this issue today, but I have also seen a wrinkle that's been a bit of a security issue for us.
The problem we're running into is when we generate a password for an item in a Vault with permissions, the temporary password is being created in an entirely separate vault from the original credentials. This wouldn't usually be that much of a problem, but we have access controls setup to limit who can see what so this is giving people access to passwords they shouldn't be seeing in the first place.
Any suggestions? Thank you for your support!
-Nick
1Password Version: 7.2.5
Extension Version: 4.7.3.90
OS Version: OS X 10.14.1
Sync Type: 1Password Teams
Comments
-
Hey Nick,
I'm really sorry for the confusion around this! When generating a password with the 1Password Extension, a "Generated Password" item is saved to give you a backup in case the generated password is lost before a login item is created. This generated password item is saved to whichever vault you have set as the
Vault for Saving
in 1Password > Preferences > Vaults. Normally that vault will be set to your Private vault, however you can change it to any vault that you want - even shared vaults. I can definitely see how this could cause problems.Out of curiosity, have you tried our new 1Password X extension? It handles saving these generated password items in a new way that is much cleaner - rather than saving a temporary generated password item to the Vault for Saving, it maintains a separate history of generated passwords which doesn't show up in any vault. This could be a much better option for you if the Vault for Saving is set to a shared vault.
Let me know if that helps or if you have any other questions!
0 -
I am having this problem as well, its a huge monkey wrench in an otherwise seamless workflow (especially for my less tech minded family members). I see Meek mentioned 1password X as a solution, but we purposely use the app to be more secure. Would love to know a solution - I never had this issue with LastPass. I understand why you would save the history in case someone screwed up, but adding it straight to the vault doesn't seem like a great solution. Also, we should be able to generate a new password inline on the form if possible. Thanks in advance for any help.
0 -
@bubbaslopchop: As Meek mentioned, with 1Password X we're trying something different, in that generated passwords are saved to a separate password history. I'd encourage you to try that, as, though it's possible we will bring that feature to the other apps in time, this is still a very new feature and we'd like to iterate on it first before making such a drastic change across 6(?) other 1Password apps. 1Password X is very secure (it uses the same technologies as we're using everywhere else), and you can find more information about it here:
About 1Password X security
Otherwise, you can simply delete any extra items you do not need. We do not have plans to stop existing 1Password app from saving Password items for generated passwords in the mean time, as that's an important safety net that helps people avoid getting locked out of an account due to not saving a login for it. You may find it somewhat inconvenient to see more items, but it is much more inconvenient to get locked out of something.
0