reused password: app://com.agilebits.onepaassword?

siplhium
siplhium
Community Member

I'm getting a reused password warning for passwords that are not being reused -- except for several odd-looking recent entries under "passwords" title "1Password", with the url "app://com.agilebits.onepassword?"

Please explain what this is and why it is giving me false warnings about reused passwords.


1Password Version: 7.8.6
Extension Version: Not Provided
OS Version: macOs 10.15.7

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @siplhium!

    I'm getting a reused password warning for passwords that are not being reused -- except for several odd-looking recent entries under "passwords" title "1Password"

    Can you confirm if these passwords are being reused or not? You wrote that they are not being reused, but the second part of the sentence sounds like there might indeed be multiple entries with the same password.

  • siplhium
    siplhium
    Community Member


    Those are not entries that I am creating, at least knowingly. Because those entries exist, yes, the passwords are technically being reused. For example, I reset my password for paypal. One of those odd entries contains that new password for paypal. But why are those entries even there? What are they? You must have seen these before. I have a whole bunch of them.

  • ag_ana
    ag_ana
    1Password Alumni
    edited August 2021

    @siplhium:

    Thank you for the screenshot! I have to say I have never seen a list quite like this, but I might have a suspicion: every time you use 1Password to generate a password, it saves it to the Passwords category so you can retrieve it later on in case something happens.

    Normally, the name of the Password is the URL of the website. Since in your case you only get 1Password 7 as the name, is it possible that you are generating this passwords while you are not on a specific website?

  • siplhium
    siplhium
    Community Member

    Sometimes I do have to generate passwords independent of a particular site or url, bypassing the built-in 1Password workflow. That's because I can't trust the 1Password interface to get the password correctly inserted into the existing or new entry. That's just been my experience. 1password will offer a suggested password, but something whacky always seems to happen whether I click on that suggestion or highlight it and press Enter ( I still don't know how to reliably select it). So I sometimes generate a password manually, paste it into a sticky, and then paste it into 1Password. I don't like having to do this this, but I've gotten stung too many times by losing the new password. I think it happens more and more as sites offer js-driven (and sometimes modal) login windows that seem to clash with what 1Password expects. And then sometimes the browser 1Password plugin doesn't update very quickly, which is really annoying because if I try to log in, the site tells me the password is wrong. It's not a smooth experience.

    Can you confirm with a tech how an entry with the url I gave you might be generated? And should those password entries be counted when 1Password checks for duplicate passwords? It doesn't make much sense to me.

  • Can you confirm with a tech how an entry with the url I gave you might be generated?

    This happens when you generate a password, and the 1Password app is the one in the foreground. If you generated a password while Finder was in the foreground then app://com.apple.Finder (or similar) would be the resulting URL. :+1:

    And should those password entries be counted when 1Password checks for duplicate passwords?

    They are intended to be, yes. I suppose there could be a debate as to whether they should or not. But 1Password defaults to being quite aggressive about warning you w/r/t password reuse.

    Ben

This discussion has been closed.