Saving passwords AFTER password change has been submitted

I found this topic posted in two other places, but one was in regard to 1password X & the resolution was that it was intended in that version. The other version the OP never responded to questions from 1password, so I'm posting a separate post.

I am new to 1password & so far, I'm really liking it except for changing passwords. I was a LP user & am switching over to 1password. I plan on changing all my passwords (which will be a lengthy process), but I've noticed when I'm on a site & go to the settings area to change my password, 1password prompts me to enter my password (in current password box). When I move to the New password, it prompts me to use the suggested generated password, which is great. The problem is that it then wants me to save the suggested generated password BEFORE it's actually saved on the site. If I decline, it does not prompt me to save the generated password after its changed.

I was going through the trouble of doing a lot of copying & pasting, so that I have the new password saved in a place other than 1password & not updating it in 1password until I could confirm the password was successfully changed on the site. THat was a PIA, so I thought, 'well, what are the changes that a password change will be unsuccessful?'. Apparently, the chances are high. WIthin 10 minutes, I had two password changes not go as expected. For one site, the site went down right after I clicked to save the new password in 1password, but before I had clicked submit on the form. In the second situation, it didn't accept my password because there were too many characters (the site did not list their password requirements so there's no way to know on some sites when this might happen). In both cases, I had to reset my password with the Forgot Password option because 1password saved the new password & I had no access to the old password.

Is this intended? If not, is there a fix? If it is intended, can I put in a feature request for it to prompt _after _the password change/password entry, if the password you submit is different than the one in 1password? I've noticed that it doesn't seem to be specific to password changes. If I enter a password other than what is saved in 1P, it doesn't prompt me to save the used credentials after I submit them (regardless of whether I'm entering them into a log in form or a change password form).

Everything else about 1P, I love. This is my only complaint. Thanks! P.S.: I'm using the browser extension in Firefox, but I've tried in Chrome also, with the same results.


1Password Version: 8.9.10
Extension Version: 2.5.1
OS Version: Windows 11
Browser:_ Firefox & Chrome

Comments

  • Tertius3
    Tertius3
    Community Member
    edited January 2023

    @FutureOfPass

    THat was a PIA, so I thought, 'well, what are the changes that a password change will be unsuccessful?'. Apparently, the chances are high. WIthin 10 minutes, I had two password changes not go as expected.

    This behavior was mentioned in the past (for at least a year, if not longer), it's a topic that comes up every once in a while, and 1Password is aware of users having trouble with the current behavior. However, it's not sure if it's intended behavior due to reasons unexplained (and the issue you're running into has to be endured) or if it's a thing 1Password is actually going to change (and it just takes its time).

    For my part, I consider the current behavior one of the very few but very annoying flaws in 1Password that's probably not going away, and that other password managers with browser integration don't have. It would probably be less annoying if there was a technical reason mentioned, but I don't remember a reason was posted beyond "it's the design".

    For the time being, you can use the password history to copy a replaced password and paste it back as current password if the update on the website fails. The requirement to manually do this on failed updates is what I mean with "annoying". It's also a security flaw, because it involves the clipboard. However, you don't need to initiate the "lost password" recovery of the website - look into the password history of your login item for all the previous passwords.

  • FutureOfPass
    FutureOfPass
    Community Member

    Thanks. I didn't know there was a password history. I will look it up.

  • Fedup
    Fedup
    Community Member

    Had to help a friend recover his old password today. He initiated a password change saved it in 1Pssword because 1Password asked him to. Only then did the website in question reject the new password. I had to remote in and show him how to find out the old password was.

  • Hey @Fedup,

    I'm sorry to hear your friend had difficulty when changing a password, I'd be happy to take a look at the website in question and file an issue if the suggested password isn't meeting the requirements if you wouldn't mind sending it over?

    Thanks!

  • mbbookie
    mbbookie
    Community Member

    Like the OP, I too have switched from LP and find it annoying that 1Password does not automatically ask to save a password when I change it. I hope this is something that will be added.

  • FutureOfPass
    FutureOfPass
    Community Member
    edited March 2023

    The reality is, there are still plenty of sites that haven’t updated their password requirements. Smaller companies, companies that don’t store critical information, companies that are slow to adopt new processes, etc. They limit password length to 12 characters or under, or they only allow using certain special characters, if any at all. They are usually the same sites that don’t list the password requirement upfront so a user has no way of predicting if a chosen password will work or not until they try to submit the change.

    Even for sites that have updated their password requirements, they might have lower requirements that what a user uses as a standard. For instance, many reputable sites limit password length to 20 characters, some limit length to 16 characters. It’s not an uncommon thing so I, too, hope this can be fixed in the software.

  • Fedup
    Fedup
    Community Member

    @steph.giles

    The website in question was https://www.peoplestrust.com/en/ where the suggested password did not meet the requirements.

  • Joy_1P
    Joy_1P
    1Password Alumni
    edited March 2023

    Hey @FutureOfPass I do understand why you would want the extension to save your login after it has been submitted and accepted by a website. While that is not what we've chosen to do at this time, based on the reasons mentioned here, I will share your feedback with our developers.

    In the meantime, if you run across a suggestion from 1Password does not meet a website's password requirements, please let us know about it. We'll be happy to review the website and report the issue to our developers for a fix.

  • Joy_1P
    Joy_1P
    1Password Alumni

    Hey @Fedup I took a look at https://www.peoplestrust.com/en but I'm unable to get to the new password field where 1Password would be making a suggestion. I would need some data from the page where that new password field exists in order to report the issue on our end. Are you or your friend able to get to that field and then share the following with us?

    1. Navigate to the site and sign in.
    2. Go to the password change page and find the new password field.
    3. Right click the 1Password icon in your browser toolbar.
    4. Click Help and choose Collect Page Structure.
    5. 1Password will save a .json file to your "Downloads" folder.

    Attach the downloaded .json file to an email message addressed to support+forum@1password.com. With your email please include:

    You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks!

This discussion has been closed.