To protect your privacy: email us with billing or account questions instead of posting here.

Think I got burned. Why does item history only go back 1 year ?!

K2342
K2342
Community Member
edited January 2023 in Memberships

As the title says. I had a login item with an OTP in 1P, and I deleted the OTP key in 1P intentionally BUT forgot to disable the OTP method on the CompanyX user account. So of course when I tried to login, I got hit with an OTP requests I couldnt find the key for.

I thought - Oh, I'm saved. 1P keeps an item history !
But when I tried to recover the previous version of the item in 1P that had the OTP - it wasnt showing it. This change probably occurred 18-24 months ago.

I then saw some very hidden fine print at the bottom of the item history page that says item history only goes back one year ! Why ?!?! And if this is indeed true, please for the love of god make this more obvious in the 1Password UI.

I will need to take regular backups if item history only goes 1 year back. That's not really a history, so much as "recent changes". History gives the implication that it's comprehensive since the item's inception - and I think that burned me here. Very annoyed user. The 1P "History" is not a true "History"


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • K2342
    K2342
    Community Member

    The snippet I'm referencing that is buried at the bottom of https://support.1password.com/item-history/ :

    "Previous versions of items are saved for one year."

    It's the only place I can find that mentioned, but my gosh is it a crucial piece of information on this feature's limitation! That needs socialized way better if 1P really can't save the item's true history.

  • Hello @K2342! 👋

    I'm sorry for the confusion. I've checked with the team and it looks like we're not purging previous versions from the Item History just yet, this is a change that may be made in the future and the article's goal is to clarify that users should only expect up to a year of previous versions that can be restored.

    If I check the Item History for some of my older items I see previous versions from over a year ago, the last item that I checked had previous versions from 2018.

    We'll need to dig deeper to see why you don't see previous versions for your item. Is it possible that you migrated the item that is missing the previous versions from an older standalone vault? When was the item created?

    -Dave

    ref: dev/b5/b5#17655

  • K2342
    K2342
    Community Member
    edited January 2023

    Hi Dave. Thanks. So you’re saying the documentation is incorrect ?? That sounds like another issue - having documentation and function differ is another source of confusion for the user. The documentation is pretty brief and doesn’t provide the nuance you gave.

    Having said that, I did my figure out my own issue. User error - as the specific edit I was looking for I think I made before I moved to 1Password (from Lastpass)

    Item History is a user’s last chance for problems from user error and/or bad actors. We need better documentation on how it works, what the limitations are, and I put a very loud vote in for keeping in for the lifetime of the account.

    For now - what I have started doing is taking manual exports of all of the data at regular intervals and safely storing them. That way I will have my own static snapshots.

    However that’s risky and time consuming for the user, and gets users familiar with full exports - which is something 1Password probably doesn’t want, as it makes it easy to test other password managers then.

    A full, lifetime history - which is what I would argue 95% of your users think this feature is intended to do - should be the standard and I can’t imagine why limiting it would be considered.

    My acute issue is resolved (I found a way into the account I was having problems with), but a greater concern about incorrect documentation and a misleading feature name (if it has a 1 year span it’s not a “history”) remains as feedback.

  • MrC
    MrC
    Volunteer Moderator

    I believe Dave is saying that the Policy is 1 year, but they have not implemented the Policy yet.

  • K2342
    K2342
    Community Member

    MrC - Yes I agree and understand. What I am saying is - the documentation doesn’t say that.

    As an engineer working with a web app myself - I get how tricky it is to balance between telling the user enough without saying too much. Sometimes ignorance is indeed bliss for the user.

    I don’t think that’s the case here. I’d like to see the documentation explain the nuance - it helps in a variety of edge cases.

    But more than that - I put my vote for 1P reconsidering this (potential) 1 year limit altogether. An “item history” implies data on the life of the item. The storage costs to do this would be something as a user I’d be fine absorbing - if that is the issue. The utility for it to save my a** one day is priceless.

  • MrC
    MrC
    Volunteer Moderator
    edited January 2023

    I read...

    Previous versions of items are saved for one year.

  • K2342
    K2342
    Community Member
    edited January 2023

    MrC - that’s a quote from 1Password’s doc page.

    Doc says 1P stores 1 year. No other nuance.
    In actuality, it stores full life but only guarantees 1 year given the proposed purge plans. That’s what the docs should say I believe (just have the copywriters workshop it a bit).

  • MrC
    MrC
    Volunteer Moderator

    I think we're crossing signals. You say "the documentation doesn’t say that", but say "that’s a quote from 1Password’s doc page.".

    I think your point was wanting it more prominently stated and located.

    As far as documenting that they haven't pulled the trigger yet, to me this seems kinda without much purpose. Then they'd just have to update the updated docs to say "the stated policy that previously had not been implemented is now implemented".

    These are just my 2 cents. I have no opinion on 1-year being the limit, so yield the floor! :-)

  • K2342
    K2342
    Community Member
    edited January 2023

    MrC - Very possible. Omitting words typing shorthand on mobile device can be mean some context is lost. Agreed.

    Elaborating now with full keyboard ! :-)

    • 1Password documentation says "We Store 1 Year". No other modifiers.
    • 1Password Web App actually, currently, stores the lifetime history. There is a proposed, potential change to shrink that to 1 year. So the documentation is actually, objectively, inaccurate at this moment in time.
    • 1Password is attempting to "warn" users of this future change by having documentation that is conditioning us to only expect 1 year, despite that not being what the app does now.

    I get the goal. I think it's counterproductive. Users look to documentation to see how an app functions, and a product roadmap for future changes. I don't think documentation should mention a future state without acknowledging the current one - it creates a disconnect and confusion for any "in crisis" users trying to triage a problem.

    I think an updated documentation could say something like:
    "1Password currently guarantees up to 1 year of history. We are exploring the idea of lifetime change tracking - so users will see the full history for a limited time. Do you have an opinion on the path of this feature ? Let us know here <InsertQuickSurveyLink"

    This would serve multiple functions:

    • Explains what users actually, currently, will see in the app. Makes sure that documentation is indeed, documentation.
    • Explains the proposed plan, and sets expectations for the prospective, cost cutting 1 year data policy
    • Provides an avenue for user feedback collection, to really see if people like me are in the minority. Very few people will ever reach that survey, but I would imagine the ones that do would have an opinion on it.

    This feature is one of those "You don't need it 99% of the time, and then suddenly you REALLY need it." . It's essentially item recovery to me. As someone who experienced that "Oh crap!" moment - I can see it's such a huge letdown to see it's not the full history.

  • K2342
    K2342
    Community Member

    I typed up a long reply - but it seems I made too many grammar edits after posting and the post was blocked until mod approval. (Maybe we'll see it at some point - not sure if it'll be before or after this one.).

    More or less, yes.

    I disagree though that it would not have purpose. My long reply if ever approved elaborates on this.

    As a user that had to use this feature, in crisis, I found the feature and its documentation lacking. Most users have a "make or break" moment with an application, and that is what either beholdens them, or pushes them away from, the app. Consistent service is not rewarded, just performance in crisis.

    Any app can store passwords, what I look for is a password manager that helps with the usual human errors. At this point I'm just providing feedback, my acute issue is resolved.

  • Tertius3
    Tertius3
    Community Member

    @K2342 Is it really the whole item history what you need? Or is it only the history of previous passwords? Because 1Password also keeps a password history for each item, which is kept indefinitely as far as I know, and which cannot be edited or deleted as long as the item itself stays alive. It's a bit hidden and easy to miss. Choose some login item where you know you recently changed the password, then click on the dropdown arrow next to the password (becomes available if you hover the mouse over the password field). The dropdown options should include "Password history".

  • K2342
    K2342
    Community Member
    edited January 2023

    To me - yes full history. See my use case in first post.

    I had an OTP key, that I removed intentionally from 1P. Something happened when I was in that account on BrandX website, and my attempt to turn off 2FA with Auth code there didn't stick/save. So turns out I still needed that OTP key in 1P.

    I didn't realize the issue for a couple years, until I went back into the account on a new device. I was nerfed. Account locked.

    In actuality I found a workaround, and the change predates my use at 1P - but the potential use case still stands. Someone could get completely locked out of a major account, like Google, in this manner. If 1P advertises an item history - I think it needs to be full and comprehensive to be useful.

  • MrC
    MrC
    Volunteer Moderator
    edited January 2023

    I typed up a long reply - but it seems I made too many grammar edits after posting and the post was blocked until mod approval.

    Sometimes the anti-spam bot is a little over eager. I’ve released your post from its jaws.

  • @K2342

    I can see how our support documentation's current wording can be confusing. The good news is that there's already a discussion going on internally about improving the documentation for this behaviour and I've added your comments there. Hopefully this will be improved in the future.

    I've also passed along your feedback that you'd like the Item History to continue to keep an indefinite copy of your previous items to the product team by filing a feature request on your behalf. They'll review, and take into account, the request as they're making decisions about our roadmap for the future.

    It sounds like you were able to figure out that the item in question doesn't have a history because you moved that item from one account to another. This is intended behaviour, when you move an item from one vault to another vault (even in the same account) that item's history won't move with it. We do have an internal work item open to look into changing this behaviour and I've added your comments there as well.

    I'm sorry again for the confusion and frustration that this has caused. Thank you for taking the time to post your feedback.

    -Dave

    ref: PB-30048793
    ref: IDEA-I-390

  • K2342
    K2342
    Community Member

    Thank you Dave and all for considering my feedback.

  • @K2342

    Thank you again for voicing your feedback. It really helps make 1Password even better. 😊

    -Dave

This discussion has been closed.