Password History Bug?

fulles123

Is there an issue with password history? I don't seem to be able to access the immediate previous password on macOS, iOS or Windows. However, the website seems to show the correct password.

I have a server password that I have to change once per month. I created a new password in 1Password today for February and then I log onto the server to change my password. I look at my password history to see my previous password. I type in the password for January and it says incorrect password. Now I'm stumped. How can my old password be incorrect in 1Password? After a bit of investigation I've worked out that when I view password history the password showing for Jan was the password before I changed it in Jan (i.e. December's password). This is true for all previous months in the password history. It's therefore not possible to view the immediate previous password.

However, when I log onto the website the password history is as I'd expect (i.e. the password showing for Jan is the password I created in Jan).

---

1Password Version: 8.9.15
Extension Version: Not Provided
OS Version: macOS 13.2
Browser:_ Not Provided

Dave_1P

Hello @fulles123! 👋

I'm sorry that you're not seeing a previous password in the apps. I'll need to ask you for more information since I'm not able to reproduce the issue. Here's what I'm doing:

1. Open the 1Password for Mac app.
2. Create a new Login item.
3. Type in Password 1 as the password. Save the item.
4. Edit the item and change the password to 'Password 2'. Then save the item again.
5. Hover over the password field.
6. Click on the down arrow on the right of the password field.
7. Click View Password History.
8. Reveal the listed password.

I then see 'Password 1' revealed. Are you doing something different from my steps when you change or reveal a password? Are you using a Login item or another type of item to save the password? I look forward to hearing from you. 🙂

-Dave

fulles123

Hi Dave,

Thanks for the reply. Yeah I tried that myself and it worked OK so maybe it's just an issue with old passwords (I've had this one for a while and it's been changed monthly since Feb 2020) or maybe just this specific one. It is consistent on this password though.

You can see from my password history that the last 2 passwords are almost identical (I've just noticed that the original password starts with a colon and the one listed for 10 Feb 2020 doesn't).

The one listed as 31 Oct 2019 was the original password. The password was changed on 10 Feb 2020 but you can see that it's showing the password prior to change in Feb 2020 (i.e. the original password created on 31 Oct 2019). Then the password listed for 20 Mar 2020 is showing the password that was created on 10 Feb 2020. This follows on right up to today.

If I log onto the website and look at the entry for 10 Feb 2020 I get the correct password for that date.

I've also just noticed that the website shows more history than the app:

Maybe the answer is to delete this entry and create a brand new one.

Thanks,
Steve

PS: It's setup as a Server item not a Login item.
PPS: I've just noticed this also happens on other Server items I have so it's not specific to this entry but maybe an issue with Server items?

andrew.l_1P

Hi Steve (@fulles123),

Thanks for sharing your findings. Password fields in Login and Password item types are indeed handled a bit differently than others. To confirm, is your first screenshot there also a server item?

ref: dev/core/core#17252

fulles123

Hi Andrew,

Yes. All the screenshots I provided are from the same server item.

Steve

GreyM1P

@fulles123

Thanks for confirming that. Our development team are currently investigating this behaviour with Server and Database item types. Sorry for the inconvenience. We expect to include a solution to this problem in a future update. At the moment, we don't have an estimate of when this will be, but would recommend you keep 1Password up to date and check the release notes.

• How to keep 1Password up to date
• 1Password Releases

dcblack56

I think a change in the Password History dialog would help to avoid confusion. I just went through a panic until I started to understand what is presented. Allow me to explain:

When you bring up the password history a dialog is shown with a list of dates and passwords. What is not obvious is that the dates shown are the dates when the password was taken out of service (removed). Some text to this effect would be useful. Perhaps add text to the right of the date: "Date password was retired".

The scenario I went through was:
1. Service indicates I need to change my password and put up a dialog
2. I opened 1P and changed my password, saved it and then copy pasted it to the service.
3. Oops, it was also asking me for the previous password (validation).
4. I open the password history and see several dates.
5. Since I am changing the password, I don't want today's password, so I selected the second entry (wrong).
6. Panic because it doesn't like the password.
7. I try again.
8. Then I look at the password and luckily realize the entry with today's date is not the new entry.

andrew.l_1P

Hi @dcblack56,

I can certainly see how additional clarification here would help avoid confusion, I'll share this with our Product team for their consideration. Thanks for sharing your use case in such detail, the context is a big help. 🙂

ref: PB-31899531

B_Paul

Any updates on the Server password history situation? I checked the release notes and did not find anything pertaining to password history. I just experienced the same situation with a "Server". Password change, use now, can't get back to the old one to enter in Windows, etc. I'm not sure I want to go through the hassle of creating new entries/deleting old for all of our server entries so they aren't "server" types?

For reference the comment from February:
"Our development team are currently investigating this behaviour with Server and Database item types. We expect to include a solution to this problem in a future update. At the moment, we don't have an estimate of when this will be, but would recommend you keep 1Password up to date and check the release notes."

Dave_1P

@B_Paul

Thank you for following up. I don't have an update to share at the moment, the issue is still open in our developer's backlog. While I'm not able to provide any sort of forecast as to if or when we'll be able to resolve this issue, I can tell you that our developers are aware of everyone's reports. I hope you can understand.

In the meantime, you can still find previous passwords for Server items by using the Item History feature on 1Password.com: View and restore previous versions of items - Restore a previous version of an item

-Dave