Regression: Post-submission Password Update/Saves

This was not a problem before 1Password X due to the new vs old nature of integration.

Simply put, I can't choose to save or update my password information until it is already too late.

I was on the Firefox open source team when they first introduced password saving, and it was a very deliberate decision that we made to allow actions on the password to happen AFTER the password is submitted.

Right now, for instance, I have passwords for sony rewards, sony credit cards, sony mmorpgs, sony playstation... etc, and when I scratch my head and pick one when Sony asks for my "sony account" credentials, I can't update or save whatever information is correct without digging into my vault to update things AFTER I've succeeded / failed. And if I do dig into my vault, I've already lost the exact internet address that asked for my login (many web pages will take you somewhere else to log you in).

At that point, I might as well run a password reset through the web site.


1Password Version: 7.3.712
Extension Version: 1.16.2
OS Version: Windows 10 64bit 1903 update
Sync Type: 1Password

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @slate!

    I have moved your discussion to the 1Password X forum category so it's in the right place, I hope you don't mind :)

    I can't update or save whatever information is correct without digging into my vault to update things AFTER I've succeeded / failed.

    I am not sure I understood this sentence. Can you please elaborate? Perhaps a couple of screenshots will also help.

    Thank you!

  • slate
    slate
    Community Member

    Hello, I am sorry I posted to the wrong forum.

    Maybe I can be most clear if I break it down into steps. I can't think of a way to recreate the situation easily right now for screenshots. As I asked in the other post, do you guys maintain a site for testing functionality?

    Remember this is all about the part where I capture existing logins or change passwords for existing logins.

    New behavior:
    1) fill in password
    2) I need to answer if I want to save or update password (Figure A) https://imgur.com/a/A13iGsm
    I don't know for sure if the password I entered is correct, if I overwrite the correct password it will take work to fix it
    3) page loads to tell me if password was right or wrong. It is too late to make a choice for 1PasswordX

    Old behavior (confirmed in the Chrome Canary default password manager, will check older 1Password extension in future):
    1) fill in password
    2) page loads (now I know if password is right or wrong)
    3) Now I have opportunity to answer if I want to save or update password. I can choose confidently :)

    Figure 2 shows the default Chrome behavior result. https://imgur.com/a/RhY525e
    I have already typed in my password and Amazon has accepted my login. Now I know that my information is correct. Now I can choose wisely whether I want to save the password I just entered.

  • kaitlyn
    kaitlyn
    1Password Alumni

    @slate – What you're comparing in "new behavior" vs. "old behavior" is 1Password X vs. Chrome's password manager. I'm not sure those can be compared on the same level, but I appreciate the feedback nonetheless. I've explained this behavior in detail in the past, so please check out this forum post for a thorough explanation: https://discussions.agilebits.com/discussion/comment/518633/#Comment_518633

    If you have any additional thoughts after reading that comment, let me know and I'd be happy to discuss!

  • slate
    slate
    Community Member
    edited September 2019

    Well I'm glad I'm not the only one with this concern. I guess before when I was using Chrome and 1Password together, the behavior of 1Password didn't bother me because I had a "backup" way to do it.

    I see that it is hard for the extension to pick up when it is the appropriate time to trigger "okay the user should know by now that the password was good or bad." So extensions don't have access to changes in URL's? I know that wouldn't be 100% correct but maybe it would cover 80% of the situations. What if the extension (unlocked) could securely store what the most recent login activity was, and just offer the option to "create login from most recent".

    So the new behavior could be:
    1) user fills in login
    2) current behavior triggers, asking to save or update login
    3) there is an additional option called "decide later"
    4) If "decide later" is chosen, the 1passwordx icon glows to indicate it is ready for a decision, and the recent login information is temporarily stored in a secure location
    5) The user can then click on 1PasswordX icon when they know the login worked.

    One might question if this is secure once the user walks away from the computer, BUT these options are only available if the vault is unlocked, and if the vault is unlocked, there are other security concerns :)

    What do you think?

    Edit: I feel that the "new" vs "old" behavior is not exactly an unfair comparison. This is because, while the old 1Password might have not functioned like this, the system as a whole functioned like this.

    What has changed is that now Chrome lets 1Password take over all _of the password duties, so now _as a whole the situation has changed from Old to New. So it's "old situation" vs "new situation"

    Edit 2: I haven't been reading about all of the Chrome updates, but from the settings menus it looks like my following statement is true. "Chrome is allowing extensions to take over password manager duties in a more integrated way that also replaces the existing Chrome password system instead of adding to it."

  • AGAlumB
    AGAlumB
    1Password Alumni

    @slate: This is not a matter of "new behavior" or "old behavior", but rather what you choose to use:

    New behavior:
    1) fill in password
    2) I need to answer if I want to save or update password (Figure A) https://imgur.com/a/A13iGsm

    I don't know for sure if the password I entered is correct, if I overwrite the correct password it will take work to fix it

    3) page loads to tell me if password was right or wrong. It is too late to make a choice for 1PasswordX

    That's how 1Password X works as it runs entirely independent of the OS and desktop apps.

    Old behavior (confirmed in the Chrome Canary default password manager, will check older 1Password extension in future):
    1) fill in password
    2) page loads (now I know if password is right or wrong)
    3) Now I have opportunity to answer if I want to save or update password. I can choose confidently :)

    That's how the companion 1Password desktop extension works. If you prefer that, you can get it here:

    https://1password.com/downloads/#browsers

    However, getting back to "Now I have opportunity to answer if I want to save or update password. I can choose confidently" -- this doesn't matter: if you save login credentials prematurely and find you need to redo it, you can just save login credentials again, either by updating an existing Login item or creating a new one. But again, you can get the "old behavior" you mention by using the current desktop app/extension instead. Cheers! :)

  • slate
    slate
    Community Member

    @brenty

    Okay so we agree that 1PasswordX does not provide the functionality that I and at least one other poster wants. In addition, I can confirm that at least 4 major browsers have gone out of their way to implement this system: (Firefox (and Mozilla before it), Chrome, IE, and Edge).

    The landscape has changed, and now users must choose EITHER the browser plug-in OR the free built in password system.

    I have proposed a way that 1PX could bring back this functionality and incorporate it into the new look and feel.

    It sounds like you are not addressing whether the idea has any merit or if the functionality should be included or if the current behavior is ideal (hint: it's not.). You are simply saying what is. That's not why I'm here.

    (Sociology Tip: This is something I see a lot of in forums outside of the US. The company reps don't perceive that the point is to give feedback. The point is not to get help about how to work around the issue because the issue/flaw is staying there and nobody in the company gives a hoot.)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @slate: Since Kaitlyn mentioned already that the feature has been requested for 1Password X, and we're grateful for your feedback, I was just trying to clear up any potential confusion for anyone interested, as this is a public forum, in that the behavour being discussed is available with the 1Password desktop app/extension. That's all. Have a great weekend! :)

  • slate
    slate
    Community Member

    Good point about this being a public forum and the usefulness of providing a record of a workaround. I myself might have considered this point of view in other situations. I really appreciate your explanation, this will help me a lot in future forums posts!

    A little bit more sprinkle of "we hear your concern" into the answer would have felt better from my perspective, but I'm just a single cranky user :)

    Thank you once again and have a good day!

  • AGAlumB
    AGAlumB
    1Password Alumni

    @slate: You're absolutely right. I'm sorry about that. It is something we're looking into, and I'll also try to do better in the future. Thanks for the constructive criticism. <3

This discussion has been closed.