Password fills instead of Login [based on URL match]

This discussion was created from comments split from: New 1Password Mini Feedback.

Response from @MrRooni:

@ecormany We have made a couple changes to how we match website addresses. We now prioritize exact matches of the website over the item type. That means if you're on billing.amex.com and you have a Login for amex.com, but a Password for billing.amex.com, we're going to fill that Password by default. I don't know that we're going to change this behavior - I believe the new behavior is the more accurate solution - but it's certainly worth discussing. In the meantime, while it would be some work on your part, you would have to make sure your items have up to date website addresses or that you clean up the Password items that you don't need. In the main app you can try clicking on the Help menu > Tools > Remove Redundant Generated Passwords to get started.

Comments

  • ecormany
    ecormany
    Community Member

    My biggest trouble with the new Mini window is that it includes Password entries, not just Login entries, and will sometimes prioritize them over Logins. This usually results in filling a password but no username, the website getting angry at me, having to invoke 1P visually, and finally choosing the Login. It's not the streamlined workflow I was used to previously!

  • ecormany
    ecormany
    Community Member

    @MrRooni Thanks for the response. I get that more specific URL = more accurate item matching, but leaving a username field blank and hitting submit never seems like the "smart" thing for the 1Password Brain to do.

    I'm reluctant to remove old password entries entirely…occasionally I find that one of them is the only place a password was accurately stored and it saves my bacon. But maybe I could move them to a separate "Just In Case" vault to keep things tidy.

  • Archived vaults FTW! 🙂

  • OAW
    OAW
    Community Member

    @MrRooni

    Earlier you said this ....

    "We have made a couple changes to how we match website addresses. We now prioritize exact matches of the website over the item type. That means if you're on billing.amex.com and you have a Login for amex.com, but a Password for billing.amex.com, we're going to fill that Password by default. I don't know that we're going to change this behavior - I believe the new behavior is the more accurate solution - but it's certainly worth discussing. In the meantime, while it would be some work on your part, you would have to make sure your items have up to date website addresses or that you clean up the Password items that you don't need. In the main app you can try clicking on the Help menu > Tools > Remove Redundant Generated Passwords to get started."

    This is ... quite frankly ... baffling to me. Perhaps I have a fundamental misunderstanding of the intent for the Passwords category. But in all the years I've used 1PW I've always found it to be superfluous at best. It's quite literally the same thing as a Login only missing 1/3 of the information (i.e. username.) So the only thing that ever ends up in there for me are previously generated passwords for a website which are only ever useful on those rare occasions that the password on the corresponding Login is incorrect. I just don't understand the use case for ever prioritizing something in the Passwords category over the Logins category for autofill purposes. What am I missing here?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2019

    @ecormany: Just to clarify, Help > Tools > Remove Redundant Generated Passwords, which Rooni mentioned, only removes Password items where the password is redundant -- i.e. you've already got that password saved in another item. So you can still do that. :)

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2019

    @OAW: As Rooni mentioned, it's something we're discussing. I think it's worth considering why you need the Password item at all if you've already got a Login item you want to use. I tend to agree with you, but I think there's a good argument to be made that if you're hanging onto a Password item that's a better match, there's probably good reason for it. And if you don't have a reason to keep it, Help > Tools > Remove Redundant Generated Passwords will remove it for you.

    ref: apple-3538

  • OAW
    OAW
    Community Member
    edited April 2019

    @brenty Honestly I don't really know how I end up with entries in the Password category because if I'm generating a password it's because I'm creating a Login. I think in previous versions of 1PW it just always kept any generated password whereas the more recent versions don't? When I upgraded to 1PW 7 and setup an account I blew away every thing in the Password category. Deleting Logins I no longer need. Just general "housekeeping". But since then I've ended up with 13 entries in the Password category. Most are entirely redundant with a Login entry. Not sure what's going on with that. I'll use that option in the Help menu per your suggestion.

    UPDATE: Well Help > Tools > Remove Redundant Generated Passwords only moved 1 out of 13 to the trash. Looks like it needs an exact match not just for the website but the password itself. I think what must be happening is I try to generate a password. But the website rejects it because of a violation of its particular password formula requirements. So then I tweak the password on the website to comply. 1PW prompts me to save a new Login which I do ... but it also keeps the original generated Password as well? Make sense?

  • AGAlumB
    AGAlumB
    1Password Alumni

    Honestly I don't really know how I end up with entries in the Password category because if I'm generating a password it's because I'm creating a Login.

    @OAW: Any time you use a generated password (copy or fill), 1Password saves a Password item for it. This is an important safety net that avoids you getting locked out of the account if you don't save a Login item for it after that. We don't want 1Password deleting data, so the Password item remains unless you remove it manually or using the Redundant tool. Previously you would not have noticed this because Logins were given priority over Passwords, so you're just noticing now due to the change discussed above.

    Looks like it needs an exact match not just for the website but the password itself. I think what must be happening is I try to generate a password.

    Correct. A Password item is only "redundant" if a Login for that website with the same password exists.

    I think what must be happening is I try to generate a password. But the website rejects it because of a violation of its particular password formula requirements. So then I tweak the password on the website to comply. 1PW prompts me to save a new Login which I do ... but it also keeps the original generated Password as well? Make sense?

    That sounds exactly right: 1Password saves the Password item when you use the generated password, but it has no way of knowing whether or not it meets the website's requirements and is accepted. The Redundant tool won't help in that case, but if you have a working Login item for any given website (again, 1Password can't determine this for you) then it's probably safe to delete any Password items for that site. We just don't want 1Password trashing people's data on its own, because it has no way of knowing definitively what is needed and what isn't.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I've split this off into a separate discussions since it's less about the new mini UI and more about how filling works. :)

This discussion has been closed.