Duplicate Logins

Kris Armstrong

Is there anyway to detect Duplicate logins and merge them. I noticed that my email account has like 25 listings and several others have multiple listings. I'd like to clean all that up.

sjk

Hi Kris,

One thing that might help is to find items with the same password by selecting the Duplicate Passwords group under the SECURITY AUDIT section in the main application sidebar. There's some writeup about it in this blog article:

Time to give 1Password 4 for Mac’s Security Audit a whirl

And if some of the duplicates might be older and obsolete, with the same or similar titles, you can sort the item list by Date Modified and do a search to help locate which ones could simply be deleted, e.g.:

Are there specific differences between certain items that you're interested in merging with each other? It can't be done directly but maybe there will be fewer or even none to do it with after you've identified and removed duplicates.

Is your goal to just keep a single item for any that currently have duplicates?

Fofer

Same question here. I currently have many records in 1Password that are duplicates: same website, with same username and password. And I'd like 1Password to be smart enough to be able to identify these and remove the older duplicates. A "Find Duplicate Records" command would be great to see!

And I think the reason this happens is because I have "Submit Logins" checked. So it's always offering to save my logins. The dialog/menu that appears when I enter my credentials into a site offers to "Save New Login," as default. If I click that menu item, I see "Update Existing Login" as an option. It is either grayed out (if there's no existing login) or it's black (if there is an existing login.) I rarely click that menu item though, I just save logins as I go. Why can't that dialog show me more clearly (without needing to click) whether or not there's already an existing login saved? Moreso, why isn't 1Password smart enough to note that what I have entered is the same as what 1Password already has saved, so there's no need to save/update anything?

Thanks for any reply.

sjk

Hi @Fofer,

Is the Duplicate Passwords group under SECURITY AUDIT not providing enough of the "Find Duplicate Records" functionality you're looking for?

So it's always offering to save my logins.

Is that repeatedly happening for every site you're using existing Login items with or just specific sites?

The dialog/menu that appears when I enter my credentials into a site offers to "Save New Login," as default. If I click that menu item, I see "Update Existing Login" as an option. It is either grayed out (if there's no existing login) or it's black (if there is an existing login.)

You're seeing 1Password's autosave window right after successfully filling and submitting?

I just save logins as I go.

When you have successfully filled and submitted, clicking Not Now will at least keep redundant items from being created.

Why can't that dialog show me more clearly (without needing to click) whether or not there's already an existing login saved?

We are looking at improvements like this for the current autosave window. .

Moreso, why isn't 1Password smart enough to note that what I have entered is the same as what 1Password already has saved, so there's no need to save/update anything?

Normally it does so we want to determine what's causing any repeated autosave prompting for you. In some cases saving a new Login manually or adding multiple URLs to a Login item will stop it from reoccurring.

If you can post any examples of pages (URLs) where this is problematic we'll take a look at them here.

Thanks in advance for the additional information!

Fofer

Hi @sjk, and thanks for the detailed reply.

I'll start by saying, no, the Duplicate Passwords group under "Security Audit" is NOT providing enough of the "Find Duplicate Records" functionality I'm looking for. Because I do in fact use the same password on across some websites and that means that group is filled with a long list of sites that aren't relevant to the cleanup I am actually trying to do. Yes, I know it isn't considered "best practice" to ever use the same password twice, but the fact of the matter is, I participate on many discussion forums all over the web and generating unique passwords for each and every one wasn't a priority for me. These aren't financial sites, they're blogs and discussion forums. Alerting me that I have duplicate passwords across multiple sites is useful information, and I'll change them as I come across them, but that doesn't address the bigger 1Password question I have, and that is, why is it always coercing me into saving the same password for the same site, leaving my 1Password database with complete duplicates of the same exact login?

I end up with dozens of duplicate sets in 1Password, like this (see attached)
http://www.fofer.com/sharedimages/1Password-20140521-201615.jpg

I feel like 1Password should be smart enough to know, that hey, I've already got this site saved, with the same username and password, so why is it saving it yet again? At the very least, I'd expect it to be able to handle a manual scan where it presents me with a list of these "exact duplicates" so it can automatically prune/merge them down to one.

As far as your other questions go, I'm a fairly casual user. When 1Password offers to save a login, I'll click to allow it. I try to remember to click the pulldown to see if there's an option to "Update Existing Login" and if so, I'll choose that. If not, I'll have it save the login as a new one. And therein lies the rub, why should I have to click the pulldown first to check? Why isn't "Update Existing Login" (if there is one) the DEFAULT selection? If it did that, I have a feeling I'd have far less of these duplicates.

I will try and see if there's any more rhyme or reason to this issue, how 1Password behaves on certain sites. If I come across an example I will. But for now, it seems to me the 1Password just isn't being bold and clear enough, letting the user know explicitly and clearly, there's already a saved login for this site, so the user doesn't click through the pulldown menu enough, and ends up just saving the same password again as a new login. And then they end up with a bunch of duplicates that 1Password really has no easy mechanism to clean up.

I hope this makes sense and helps 1Password become the best product it can be. Thanks for reading.

sjk

Hi @Fofer,

Thanks for your answers and feedback about this.

Is the issue you're having with using Duplicate Passwords for cleanup caused by items you want to keep (unchanged) interfering with ones you're trying to identify for removal (e.g. redundant duplicates)?

Using your image as an example, it looks like single items for couchy.tv and crucial.com are the obvious unchanged keepers, while all but one of the multiple items for crashplan.com are candidates for removal. That would leave a total of three unique items, but with identical passwords.

You're wondering and asking:

… why is it always coercing me into saving the same password for the same site, leaving my 1Password database with complete duplicates of the same exact login?

I feel like 1Password should be smart enough to know, that hey, I've already got this site saved, with the same username and password, so why is it saving it yet again?

1Password's autosave window shouldn't be appearing right after successfully filling with an existing item and submitting. However, it can happen at least in cases where the URL for a login page changes while the credentials remain the same (from an existing item). LogMeIn is one example, with differing login subdomains like:

dakdyozcog.app05-05.logmein.com
lzwiepwvhl.app05-05.logmein.com

It's considered a bug and planned to be fixed.

I don't know if that's the same issue causing unnecessary extra autosave prompting for you with CrashPlan and other sites. Is this the CrashPlan login page you're using?

https://crashplan.com/account/login.vtl

Login page URLs can differ with CrashPlan Pro, e.g.:

https://web-eam-msp.crashplanpro.com/console/login.html

https://web-ebm-msp.crashplanpro.com/console/login.html

And redundant autosave prompting does, and shouldn't, occur there.

What do website fields for your duplicate CrashPlan items look like? That relates to this:

… I'd expect it to be able to handle a manual scan where it presents me with a list of these "exact duplicates" so it can automatically prune/merge them down to one.

If website or other fields differ then the items aren't truly exact duplicates. However …

When you only need a single item from several similar ones clustered together in Duplicate Passwords, like for crashplan.com items in your image example, then removing any of the others should typically leave you with a functional one.

When 1Password offers to save a login, I'll click to allow it.

Whenever I fill with an existing item and occasionally get unnecessarily autosave prompted after submitting I always click Not Now, knowing there's no change to be saved. I should never have gotten that offer so I've never had a reason to accept it. When I'm only using an item there's no intention of updating anything during that process. Plus saving a new Login manually or adding multiple URLs to a Login item followups can help stop unneeded prompting.

Thinking about and responding to it like that seems easier to me than this:

I try to remember to click the pulldown to see if there's an option to "Update Existing Login" and if so, I'll choose that. If not, I'll have it save the login as a new one.

Maybe try the alternative of asking yourself "is there really anything new to be updated/saved now?". Nope? Click Not Now and move on. Eliminates both fussing with existing items and saving redundant new ones. :)

Why isn't "Update Existing Login" (if there is one) the DEFAULT selection? If it did that, I have a feeling I'd have far less of these duplicates.

That's meant to happen when autosave/autoupdate is well-behaved, like in step 5 of this guide:

Updating your site's password

But there shouldn't be any autosave/autoupdate prompting when just (re)using existing items, avoiding the unnecessary creation and cleanup of these types of duplicates in the first place.

I will try and see if there's any more rhyme or reason to this issue, how 1Password behaves on certain sites. If I come across an example I will.

We appreciate you letting us know specific examples of overeager autosave prompting you encounter. The more that's reduced will also reduce the burden of duplicates and their removal.

Thanks!

Colin Wright

Why do you spend so much time trying to coach users through the de-duplication process? This is a HUGE problem for me, and it's really annoying that you won't simply add a "Merge Duplicate Logins" button, just like my Contacts program has a "Merge Duplicates" function, and so many other similar programs do. I have 9 different logins saved for Facebook in my 1Password, and I can guarantee you that I didn't save them individually. It might be the Chrome autofill that did that, but I want to keep Chrome autofill turned on for LOW SECURITY websites, like newspapers and blogs, where loss of a frequently entered password is not an issue and I don't want to re-enter my master password.

sjk

Hi Colin,

Thanks for your feedback about this.

I've added your interest-vote for item merging to the request we have for it in our tracker.

If you only need and use a single Login item for Facebook from the 9 you have, which information from the other 8 would you like to merge with one that's working properly?

To keep 1Password and web browser password management for interfering with each other, in our Browser settings guide:

We strongly recommend disabling your browser’s password management feature.

1Password will not normally offer to auto-save items with sites that already have working Login items. If that is happening for any reason (e.g. with Facebook) you can add domains under "(except on the following domains)" in the Preferences > Browser tab of the main 1Password application:

I hope that helps!

ref: OPM-1804

bonnieb

1Password's autosave window shouldn't be appearing right after successfully filling with an existing item and submitting.

Yet it does on a daily basis, and not always because of slightly different domains.

I second what everyone else has said about duplicate logins. The problem isn't duplicate passwords; it's duplicate login items.
I would like:

1. to search for duplicate or close-to-duplicate login items (a la www.domain.com / www2domain.com / secure.domain.com )
2. "Merge Duplicates" feature to merge duplicates, or at least a "Merge Items" for selected login items --> one updated item
3. for 1Password to know in the browser when a login item exists already, and default to "Update existing login" option**

**I just found out about the "Update existing login" option in this post and I've been using it since 2010!

@Colin
@Fofer‌

@Kris Armstrong

sjk

Hi @bonnieb,

Thanks for your comments about auto-save issues and duplicate Login items.

Can you share any examples of specific sites where you're being prompted to auto-save after using existing items for those sites?

1. to search for duplicate or close-to-duplicate login items (a la www.domain.com / www2domain.com / secure.domain.com )

This custom search would match Login items with those domains:

That alone won't determine which of those items, if any, might be considered as duplicates. Selecting Show Duplicate Passwords or Show Websites with Multiple Items criteria can help filter the results, e.g.:

This might not be what you have in mind. Just want to mention a few suggestions that may help flesh out items you consider as duplicates. :)

2. "Merge Duplicates" feature to merge duplicates, or at least a "Merge Items" for selected login items --> one updated item

I've added your interest in that feature to the request in our tracker.

**I just found out about the "Update existing login" option in this post and I've been using it since 2010!

We do have improvements planned for the auto-save window, including making the Update existing Login … selector clearer.

ref: FR-3, OPM-1429