Reused password list
I am trying to clean up my weak, vulnerable and reused passwords lists. Most of the items that have reused the same passwords are really the same items (login item plus one or more password items identified by the key icon). It seems like a proper "reused passwords list" should not include items that are supposed to be the same. For the list to be entirely useful, it should list only those that we do not have duplicate passwords.
I don't understand the purpose of the password items and why they are necessary. Why are there multiple password items for that match up to some login items?
1Password Version: 7.3.1
Extension Version: 7.3.1
OS Version: 10.14.5
Sync Type: Dropbox
Comments
-
Hello @ctolson,
The main reason Password items exist is if you have used the 1Password password generator. Each time it is used it generates a Password item to act as a safety net. If you use the password generator within a browser with a working 1Password extension it won't just store the generated password and timestamp but the title of the item and the website field will help pinpoint the site/page it was used on. If everything works as it ought to soon after using the password generator 1Password should be prompting you to update an existing or save a new Login. If you do the Password item is removed from your vault, its purpose fulfilled. If the prompt doesn't appear for any reason or you dismiss the prompt then the Password item hangs around just in case it is needed.
If you have Password items for a particular site but you can successfully sign into the same site using an existing Login item you can safely delete those Password items as they're now redundant.
I hope that helps a little, if you have any follow-up questions please let me know.
0 -
Great explanation. Thank you.
0 -
Happy I could help :smile:
0 -
Hi @littlebobbytables ,
I've been using 1Password for a long time and have never seen this behaviour you speak of (ie I've never seen a "password" shown as a login item that can be used/updated. As a result I have ~300 "reused passwords" which are basically all due to generated passwords.
Am I doing something wrong, or is this new behaviour?
Thanks
0 -
Hi @wraith,
When looking back at 1Password 6 there are two large changes in 1Password 7 that I feel contribute to people being much more aware of Password items. The first is 1Password mini in 1Password 7 will list Password items in the Suggested Items section; 1Password has always allowed filling with a Password item but it wasn't given such prominence in the past. The second is in the password reuse banner. Looking back to 1Password 6 Password items have been listed alongside Login items but only if you went to the security audit and viewed the Reused Passwords section. The banner works to bring more attention to certain aspects of Watchtower. So there's nothing new about Password items in terms of how or when they're created but depending on how a person used 1Password 6 they could have been fairly invisible.
~300 reused Password items is quite a few. Assuming the extension is working do you have a preferred workflow for creating new Login items? Password items are deleted by 1Password if it prompts you to save a new Login item or update an existing one so do you prefer to create them from inside the main 1Password window or something else?
No matter what the reason for why they still exist, if you have a working Login item for a site and you know it contains the current password then any associated Password items can be safely deleted.
0
