How to update your passwords in 1Password 4?

arnbar
arnbar
Community Member
edited April 2014 in Mac

Here's the link to the above in 1Password 3: http://help.agilebits.com/1Password3/change_password.html

But the interface looks different. Why isn't there a similar page for the new version?
ESPECIALLY CONSIDERING THIS IS WHAT EVERYONE IN THE WORLD IS DOING THIS WEEK.
(Sorry if it's somewhere....I just can't find it.)

I keep trying to figure the process out, but it's not easy. If I try to insert the New Password first, as per the 1Password 3 instructions, ALL THREE fields get entered and the site (understandably) rejects the new information.

Comments

  • Jasper
    Jasper

    Hi @arnbar,

    Please see this link:

    1Password for Mac Tips: How to update your passwords

    Also, in response to Heartbleed, affected websites will need to update their servers to the fixed version of OpenSSL and get a new SSL certificate. Only once a site completes both of those steps should you change your password.

    Please let us know if you have any other questions! :)

  • arnbar
    arnbar
    Community Member

    Thanks for the advisory re timing. However, after studying your linked page....

    Actually, my banking and credit card sites, critically, do not permit manual pasting into password fields. So I did the process something like this:

    1) reveal your current password and copy it. Paste it somewhere else. (If you ask 1Password to insert it, it pastes into ALL three fields and tries to submit these identical old passwords. The bank DOES NOT LIKE THAT and makes you jump through security hoops) Next, you go to the Password Generator, highlight and copy the New Password and let it insert new passwords, but quickly go to "old password" and delete the new password just inserted there - this seems to stop the submission process. Now paste the New Password you just copied somewhere else. You still have your old password pasted somewhere else too. Type this into the old password field and FINALLY, submit the old and new passwords.

    HOWEVER, 1Password does not remember the new one! You have to open the 1Password app and navigate to that login location, wait for the popup window, click edit at the bottom and paste in the New Password!

    I can't BELIEVE it's that complicated. There must be another workaround.

  • Megan
    Megan
    1Password Alumni

    Hi @arnbar‌

    I'm sorry to hear that you're having trouble here. Please understand that sites (like banks) that disallow pasting do it with your best interests at heart. To make this process easier, try using the anchor feature in 1Password Mini. When viewing your item's details, just click on the anchor in the bottom left of the menu to pin the item's details to your screen. Then you can type the details in without having to paste into a secondary source.

    I hope this helps, but if you have any further questions, we're here for you!

  • MrC
    MrC
    Volunteer Moderator
    edited April 2014

    I just went through the mentioned process to test it, and the very first attempt failed (for my adobe online account).

    After generating the password, 1P4 apparently filled in the password including re-entry, I hit Save on the web page, and 1P4 didn't offer to update the password, but it was changed on Adobe's site. So now I have to go fetch the password from the Passwords category, losing my place in Logins, have to copy the newly generated password, go back to Logins (or All Items) and Search for the Adobe Login, hit Edit, and manually save the password, then go to Passwords and delete the auto-generated adobe entry, and then go Delete the trash (or else the Security Audit shows duplicate passwords, and I can't delete a single Trash item). Shesh!

    I find the entire process entirely too fragile, and because it is sufficiently unreliable, I can't see using the Easy Way. I can't imagine explaining this process to someone. If you need a Blog or Wiki article to explain The Easy Way to update a password, there's something wrong with the workflow.

    I think you folks need a serious re-think on this entire workflow. Changing about 50 passwords earlier today was a real chore, mostly due to 1P4's attempting to automatically, but incorrectly, do stuff. The automated process signed me up for several newsletters, inappropriately leaked my passwords to various Search entries on sites, and locked me out of one account.

    (this was with 1P4 beta, I should note).

  • roustem
    roustem

    MrC,

    You are right, 1Password fails to detect password change form on Adobe.com. We are not able to capture that AJAX-style request that Adobe is using there. I think @dteare‌ had some ideas on how to overcome this but it is tricky.

    We need to figure out how to make the process simpler when the detection fails. Maybe offer to update the existing login when you generate and fill the new password instead of relying on autosave.

  • MrC
    MrC
    Volunteer Moderator
    edited April 2014

    Thanks for the reply and info. Maybe a blacklist might be useful (pulled from a server, updated however is most expeditious).

    Perhaps a nicer workflow will be one that is reliable and repeatable. For example, I'd like to be able to go to a Login entry, and click a button Create a New Password (perhaps adjacent to the card's Edit button). It would immediately migrate the current password value to a pseudo-field in the card immediately below the current Password called Current Password, which obviously would contain the current password. The Password field would then open to the password generator, allowing a new password to be generated. Both fields would remain, with Copy and Reveal buttons adjacent to each. This would allow a user to copy both the new and the old passwords for manual (reliable) entry. Once the site's password was changed, the user could hit an Accept New Password button, which would then hide the Current Password row. This gets rid of the current problem where it feels scary and basic wrong to muck with an existing password (even though the old one is saved, this is not intuitive at all, and requires more button presses to get to the old password).

    I really dislike how the old passwords are hidden when I'm editing a card. That's exactly when I want to see them! So I have to Cancel or Save the edit, click a button to open the old password list, Reveal them, just to check that my changes occurred and to give some context of what I've done (Did my password in the card get changed? Do I still have my old password? What was it? I have no idea, because as soon as I clicked Edit's generate icon, the old password is snatched away and changed, but I only know this if I've payed attention for the first 1/4 second after clicking the icon - if my eyes darted away, I have no idea what happened).

    The Password Generator should behave the same way in all three interfaces (1P4, extension, and mini). It is fundamentally confusing that sometimes it creates entries in Passwords, and other times it does not. Users shouldn't have to commit to memory these different operating modes of 1P4 and its friends.

  • EnerJi
    EnerJi
    Community Member

    Completely agree with MrC on this. As he said, the password change process is entirely too fragile, and results in entirely too much switching back and forth between the password generator, the web site, 1Password mini account screen, the 1Password mini login screen, etc. At the end of the day, I'm never completely sure that the website has accepted my new password and 1Password has stored the new password!

  • roustem
    roustem

    Thank you for the feedback! We got a few ideas and hope to make password changing easier soon.

This discussion has been closed.