Regression: Post-submission Password Update/Saves
This was not a problem before 1Password X due to the new vs old nature of integration.
Simply put, I can't choose to save or update my password information until it is already too late.
I was on the Firefox open source team when they first introduced password saving, and it was a very deliberate decision that we made to allow actions on the password to happen AFTER the password is submitted.
Right now, for instance, I have passwords for sony rewards, sony credit cards, sony mmorpgs, sony playstation... etc, and when I scratch my head and pick one when Sony asks for my "sony account" credentials, I can't update or save whatever information is correct without digging into my vault to update things AFTER I've succeeded / failed. And if I do dig into my vault, I've already lost the exact internet address that asked for my login (many web pages will take you somewhere else to log you in).
At that point, I might as well run a password reset through the web site.
1Password Version: 7.3.712
Extension Version: 1.16.2
OS Version: Windows 10 64bit 1903 update
Sync Type: 1Password
Comments
-
Hi @slate!
I have moved your discussion to the 1Password X forum category so it's in the right place, I hope you don't mind :)
I can't update or save whatever information is correct without digging into my vault to update things AFTER I've succeeded / failed.
I am not sure I understood this sentence. Can you please elaborate? Perhaps a couple of screenshots will also help.
Thank you!
0 -
Hello, I am sorry I posted to the wrong forum.
Maybe I can be most clear if I break it down into steps. I can't think of a way to recreate the situation easily right now for screenshots. As I asked in the other post, do you guys maintain a site for testing functionality?
Remember this is all about the part where I capture existing logins or change passwords for existing logins.
New behavior:
1) fill in password
2) I need to answer if I want to save or update password (Figure A) https://imgur.com/a/A13iGsm
I don't know for sure if the password I entered is correct, if I overwrite the correct password it will take work to fix it
3) page loads to tell me if password was right or wrong. It is too late to make a choice for 1PasswordXOld behavior (confirmed in the Chrome Canary default password manager, will check older 1Password extension in future):
1) fill in password
2) page loads (now I know if password is right or wrong)
3) Now I have opportunity to answer if I want to save or update password. I can choose confidently :)Figure 2 shows the default Chrome behavior result. https://imgur.com/a/RhY525e
I have already typed in my password and Amazon has accepted my login. Now I know that my information is correct. Now I can choose wisely whether I want to save the password I just entered.0 -
@slate – What you're comparing in "new behavior" vs. "old behavior" is 1Password X vs. Chrome's password manager. I'm not sure those can be compared on the same level, but I appreciate the feedback nonetheless. I've explained this behavior in detail in the past, so please check out this forum post for a thorough explanation: https://discussions.agilebits.com/discussion/comment/518633/#Comment_518633
If you have any additional thoughts after reading that comment, let me know and I'd be happy to discuss!
0 -
Well I'm glad I'm not the only one with this concern. I guess before when I was using Chrome and 1Password together, the behavior of 1Password didn't bother me because I had a "backup" way to do it.
I see that it is hard for the extension to pick up when it is the appropriate time to trigger "okay the user should know by now that the password was good or bad." So extensions don't have access to changes in URL's? I know that wouldn't be 100% correct but maybe it would cover 80% of the situations. What if the extension (unlocked) could securely store what the most recent login activity was, and just offer the option to "create login from most recent".
So the new behavior could be:
1) user fills in login
2) current behavior triggers, asking to save or update login
3) there is an additional option called "decide later"
4) If "decide later" is chosen, the 1passwordx icon glows to indicate it is ready for a decision, and the recent login information is temporarily stored in a secure location
5) The user can then click on 1PasswordX icon when they know the login worked.One might question if this is secure once the user walks away from the computer, BUT these options are only available if the vault is unlocked, and if the vault is unlocked, there are other security concerns :)
What do you think?
Edit: I feel that the "new" vs "old" behavior is not exactly an unfair comparison. This is because, while the old 1Password might have not functioned like this, the system as a whole functioned like this.
What has changed is that now Chrome lets 1Password take over all _of the password duties, so now _as a whole the situation has changed from Old to New. So it's "old situation" vs "new situation"
Edit 2: I haven't been reading about all of the Chrome updates, but from the settings menus it looks like my following statement is true. "Chrome is allowing extensions to take over password manager duties in a more integrated way that also replaces the existing Chrome password system instead of adding to it."
0 -
@slate: This is not a matter of "new behavior" or "old behavior", but rather what you choose to use:
New behavior:
1) fill in password
2) I need to answer if I want to save or update password (Figure A) https://imgur.com/a/A13iGsmI don't know for sure if the password I entered is correct, if I overwrite the correct password it will take work to fix it
3) page loads to tell me if password was right or wrong. It is too late to make a choice for 1PasswordX
That's how 1Password X works as it runs entirely independent of the OS and desktop apps.
Old behavior (confirmed in the Chrome Canary default password manager, will check older 1Password extension in future):
1) fill in password
2) page loads (now I know if password is right or wrong)
3) Now I have opportunity to answer if I want to save or update password. I can choose confidently :)That's how the companion 1Password desktop extension works. If you prefer that, you can get it here:
https://1password.com/downloads/#browsers
However, getting back to "Now I have opportunity to answer if I want to save or update password. I can choose confidently" -- this doesn't matter: if you save login credentials prematurely and find you need to redo it, you can just save login credentials again, either by updating an existing Login item or creating a new one. But again, you can get the "old behavior" you mention by using the current desktop app/extension instead. Cheers! :)
0 -
Okay so we agree that 1PasswordX does not provide the functionality that I and at least one other poster wants. In addition, I can confirm that at least 4 major browsers have gone out of their way to implement this system: (Firefox (and Mozilla before it), Chrome, IE, and Edge).
The landscape has changed, and now users must choose EITHER the browser plug-in OR the free built in password system.
I have proposed a way that 1PX could bring back this functionality and incorporate it into the new look and feel.
It sounds like you are not addressing whether the idea has any merit or if the functionality should be included or if the current behavior is ideal (hint: it's not.). You are simply saying what is. That's not why I'm here.
(Sociology Tip: This is something I see a lot of in forums outside of the US. The company reps don't perceive that the point is to give feedback. The point is not to get help about how to work around the issue because the issue/flaw is staying there and nobody in the company gives a hoot.)
0 -
@slate: Since Kaitlyn mentioned already that the feature has been requested for 1Password X, and we're grateful for your feedback, I was just trying to clear up any potential confusion for anyone interested, as this is a public forum, in that the behavour being discussed is available with the 1Password desktop app/extension. That's all. Have a great weekend! :)
0 -
Good point about this being a public forum and the usefulness of providing a record of a workaround. I myself might have considered this point of view in other situations. I really appreciate your explanation, this will help me a lot in future forums posts!
A little bit more sprinkle of "we hear your concern" into the answer would have felt better from my perspective, but I'm just a single cranky user :)
Thank you once again and have a good day!
0