Reused password list

Options
ctolson
ctolson
Community Member

I am trying to clean up my weak, vulnerable and reused passwords lists. Most of the items that have reused the same passwords are really the same items (login item plus one or more password items identified by the key icon). It seems like a proper "reused passwords list" should not include items that are supposed to be the same. For the list to be entirely useful, it should list only those that we do not have duplicate passwords.

I don't understand the purpose of the password items and why they are necessary. Why are there multiple password items for that match up to some login items?


1Password Version: 7.3.1
Extension Version: 7.3.1
OS Version: 10.14.5
Sync Type: Dropbox

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    Options

    Hello @ctolson,

    The main reason Password items exist is if you have used the 1Password password generator. Each time it is used it generates a Password item to act as a safety net. If you use the password generator within a browser with a working 1Password extension it won't just store the generated password and timestamp but the title of the item and the website field will help pinpoint the site/page it was used on. If everything works as it ought to soon after using the password generator 1Password should be prompting you to update an existing or save a new Login. If you do the Password item is removed from your vault, its purpose fulfilled. If the prompt doesn't appear for any reason or you dismiss the prompt then the Password item hangs around just in case it is needed.

    If you have Password items for a particular site but you can successfully sign into the same site using an existing Login item you can safely delete those Password items as they're now redundant.

    I hope that helps a little, if you have any follow-up questions please let me know.

  • ctolson
    ctolson
    Community Member
    Options

    Great explanation. Thank you.

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    Options

    Happy I could help :smile:

  • wraith
    wraith
    Community Member
    Options

    Hi @littlebobbytables ,

    I've been using 1Password for a long time and have never seen this behaviour you speak of (ie I've never seen a "password" shown as a login item that can be used/updated. As a result I have ~300 "reused passwords" which are basically all due to generated passwords.

    Am I doing something wrong, or is this new behaviour?

    Thanks

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    Hi @wraith,

    I've never seen a "password" shown as a login item that can be used/updated

    I am not sure I understand this sentence, can you please clarify what you mean by this?

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    Options

    Hi @wraith,

    When looking back at 1Password 6 there are two large changes in 1Password 7 that I feel contribute to people being much more aware of Password items. The first is 1Password mini in 1Password 7 will list Password items in the Suggested Items section; 1Password has always allowed filling with a Password item but it wasn't given such prominence in the past. The second is in the password reuse banner. Looking back to 1Password 6 Password items have been listed alongside Login items but only if you went to the security audit and viewed the Reused Passwords section. The banner works to bring more attention to certain aspects of Watchtower. So there's nothing new about Password items in terms of how or when they're created but depending on how a person used 1Password 6 they could have been fairly invisible.

    ~300 reused Password items is quite a few. Assuming the extension is working do you have a preferred workflow for creating new Login items? Password items are deleted by 1Password if it prompts you to save a new Login item or update an existing one so do you prefer to create them from inside the main 1Password window or something else?

    No matter what the reason for why they still exist, if you have a working Login item for a site and you know it contains the current password then any associated Password items can be safely deleted.

This discussion has been closed.