I get told that I'm re-using a password even though the password I use is from the generator!

Ciwan
Ciwan
Community Member

Hello all

When adding a new login, I get told that I am re-using the password even though the password is 40 characters long and generated by the 1Password password generator.

I very much doubt that the password is re-used unless the generator is terrible and it isn't randomly generating passwords.


1Password Version: 7.4.767
Extension Version: Not Provided
OS Version: Windows 10 Pro
Sync Type: Not Provided

Comments

  • Greg
    Greg
    1Password Alumni

    Hi @Ciwan,

    Thank you for getting in touch!

    Am I right to understand that you use 1Password extension to create a password? Please confirm.

    The thing is that when you generate a password with the help of a password generator in 1Password companion extension on Windows, it is automatically saved as an item in the Passwords category of your vault. It works as a backup plan, if you happen not to save a Login item you generated a password for. After that, when you select All Items view in 1Password, you will see those password items alongside your Login items (that is why you see a Reused warning from Watchtower as well). This is normal and intentional for the moment. If you saved all of your needed passwords as Logins, it is safe to delete the passwords in Passwords category.

    We are looking at ways to improve this experience on Windows, but I do not have anything to share at this point. I hope it helps.

    If you see something different on your side, please let us know. Thanks!

    ++
    Greg

  • Ciwan
    Ciwan
    Community Member

    Thanks Greg, yes I was using 1Password X in Firefox to generate the passwords.

    It turns out you were right! I had over 400 passwords stored in the Passwords section under Watchtower. Those aren't items I stored, so I wasn't expecting them to be stored in there, but I see the reasoning behind that decision. I never paid attention to that section!

    The way things currently are, it is causing confusion and that is bad UX in my opinion. I would suggest you somehow get that "Password re-used" check to be smart and to ignore things under Passwords.

    If all entries under Passwords serve as a back-up in case one forgets to create a proper login entry. Then they shouldn't be looked at as "proper login entries" when checks such as password re-use happen.

    That's one suggestion, I'm sure there are other ways this can be made better.

    Anyway, all is clear now, thanks for the clarification.

  • We actually already do that, @Ciwan, but it's not quite perfect for a few reasons. First, we can't ignore everything under Passwords because they can be created independently and often are. Personally, most of my Password items are either backups or they are viewed as PINs (like the combination to the lock on my shed) so those should both be ignored, but some folks do store ordinary passwords that just don't have usernames there so we don't want to be providing a blanket exclusion when customers might reasonably want some of those items monitored by Watchtower.

    So, instead, we exclude based on the likely outcome of generating a password. If you have a Login item and a Password item with the same domain associated with them, they're ignored by the Reused Passwords portion of Watchtower. Most of the time, this is how things will end up because your Password item is assigned the URL it was generated on which will likely match the domain of your Login item. But, if you switch focus (intentionally or otherwise), 1Password might read a different (or no) URL and save that instead breaking the system. Or, sometimes, the change password page might have a totally different URL than the sign-in page and thus your Login (rare, but I've seen it happen). Regardless, the works can get gummed up a bit at times.

    Now, with all of that said, I'd wager you're still old stuff here for the most part. 1Password X doesn't create password items – only the companion extension does. 1Password X instead has a separate generated password history. So, if you tidy up those you have, chances are you won't see them again (but you'll still have those backups if you need 'em). :chuffed:

This discussion has been closed.