Requesting Save Password prompt *after* a successful login/signup

Hi, migrant from Lastpass here and liking 1Password (with X browser extension) more overall.

In browsers, can we have the save-password flow/prompt to be after I have successfully finished registration/login? This is how browsers have been doing it since ages. It was a major UX win when browsers changed their flow to be after instead of blocking the user at the prompt.

There are myriads of ways why this is important:
1. What if my entered credentials were wrong in the first place? why would i want to save wrong credentials? editing after the fact is way too tedious
2. For a registration flow, there are other fields that might fail. Many old websites and clunky goverment websites don't do any client-side input validation and return errors only after a submit flow. Sometimes including password-character requirements. I wouldn't want my 1p to save these till I have found success.

I request a companion extension hover card asking me to save that remains there till I dismiss it (or a timeout). It needs to persist across page navigation changes.


1Password Version: Not Provided
Extension Version: 1P X 1.18.1 on Firefox 76.0a1 (2020-04-06) (64-bit
OS Version: MacOS 10.15.4 (19E266)
Sync Type: Families
Referrer: forum-search:save password after success

Comments

  • kaitlyn
    kaitlyn
    1Password Alumni

    Hi @onepasswordusername! 👋

    I'm glad to hear you're liking 1Password so far. You actually bring up a really good point, and you're not the first person to request something like this.

    Prompting to save an item after signing into a website is something we've looked into several times and have no plans to give up on it, but currently offering to save a Login item after successfully signing in requires a few things we're not willing to do. To name one in particular, this would require arbitrarily capturing and maintaining data you've entered into fields as well as all the details of the page in the background, assuming you might want to save a login, as you navigate websites. Currently the most efficient and least invasive way to ensure your Login items are secured by 1Password with all of the correct data is by offering to save a new item from within the fields being saved themselves. I know it's not the most convenient method, but I assure you the conversation is still being had and the feature is still being researched with your security first on our list.

    I request a companion extension hover card asking me to save that remains there till I dismiss it (or a timeout). It needs to persist across page navigation changes.

    If I'm understanding this correctly, you described the behavior of the 1Password companion extension. That extension runs off of the 1Password desktop app, which means we can offer to save via a floating window that allows for the page to load in the background. That leaves it up to the user to save the Login or just hit cancel if the password wasn’t accepted. 1Password X doesn’t have that same ability since it operates solely in the browser. You're more than welcome to give the companion extension (linked above) a shot to see if that's what you prefer.

    For what it's worth, what I did when I originally set up 1Password was always chose to save the Login on my first attempt. If it was incorrect, I’d just save it again and update what I already had saved. That way I didn’t risk losing a password by not saving it (unless the password was generated by 1Password X, in which it would automatically get stored in your Generator History).

    I really appreciate you sharing your thoughts with me. I’ll bring our conversation up to my team and make sure they’re aware of your interest.

    ref: dev/core/core#586

  • harpal
    harpal
    Community Member

    I have the same issue as the person above. Describing it in my own words:

    Current Flow:

    1. Go to any website to change the password while 1Password browser extension is active. 1Password brings up "Suggest Password" in the "New Password" field and shows a button "Save Password".

    2. If you press "Save Password" in 1Password pop-up, there are plenty of sites with stupid password rules (like no special symbols or only 12 characters max) failing the password update on that site. In the meantime, 1Password has already updated password in its app.

    If you don't "Save Password" with the suggested password, then you have to go to "Generated Password" in the browser extension, copy that new password and update it manually in the app.

    Kills the point of having the app. A simple solution would be to show the "Save Password" option AFTER the password update process has been completed.

    Any pointers on circumventing the annoying steps while you figure out a secure solution?

  • kaitlyn
    kaitlyn
    1Password Alumni

    Hi @harpal! Thanks for sharing. :)

    Did you get a chance to read my reply above?

    To reiterate, here's the workflow I've adopted:

    For what it's worth, what I did when I originally set up 1Password was always chose to save the Login on my first attempt. If it was incorrect, I’d just save it again and update what I already had saved. That way I didn’t risk losing a password by not saving it (unless the password was generated by 1Password X, in which it would automatically get stored in your Generator History).

    Other than that, you're more than welcome to use the 1Password companion extension if you'd prefer to see if your password was accepted before clicking the Save button. Like I mentioned, 1Password X doesn’t have that same ability since it operates solely in the browser.

    I hope you have a good weekend!

  • swrobel
    swrobel
    Community Member

    Like I mentioned, 1Password X doesn’t have that same ability since it operates solely in the browser.

    Just chiming in here to say LastPass operates solely in the browser and offers this functionality, so it certainly isn't a browser restriction keeping X from operating this way!

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for sharing this update with us @swrobel :+1:

This discussion has been closed.