Bug: Password change auto-saved to primary vault which was the wrong vault
On Mac OSX 10.10.2 with 1Password 5, Version 5.1 (510035), Agile Web Store, Firefox ESR 31.5.3.
I have 2 vaults. A Primary for me (blue) and another is my Wife's (named with her name and in yellow). We each have our own accounts at Amazon and different username/login credentials.
I had the non-primary yellow (wife) vault opened in the 1Password app. Doubled clicked the Amazon entry to login and to change her password from simple to complex. Was in her account at Amazon for sure with her email address and other info unique to her account showing up in the Firefox browser.
Copied her old password from 1Password browser extension listing for Amazon (showed her named vault in yellow at top) and pasted as old pw in Amazon's pw change form, used 1Password's Mini app's pw generator to create a new pw, then pasted in textedit so I can make a few changes, copied, then pasted that pw into Amazon's form for new pw and pw confirmed fields. Then the popup from 1Password asking to automatically update the password, I said yes. However, when I go to show her that the new pw was automatically saved in the 1Password mac app, it's the old pw. I still had it in text edit so I copied and pasted in the pw field for that entry. Told her that it usually works and has the new password there, but for some sites will have to do it manually.
Tested this using Chrome with it's 1Password extension and it worked to log into her account and showed all of my wife's account info as expected. All is good and as expected except for the auto update not working.
I change vaults yellow to primary blue from inside the 1Password app on Mac to show my wife my complex Amazon pw and to my surprise it has her new password in it! Double checked and it's my vault in blue with my username info in the notes field etc for amazon, but her pw. I go to the amazon entry inside my iPhone's 1Password and it's already sync'ed with the wrong pw - again, just the pw with my username etc still there.
From inside my account in the 1Password app on the Mac, I was able to use the "show previously used passwords" to see and copy my previous and paste it in the pw field. Testing that, it logged into my account at amazon showing my unique orders etc, switch vaults to her's and tested her amazon log in and it works as well. All is good until the next time we might use the password change "update" option from my Macbook Pro.
So, there's a bug in the auto save "update" option that I speculate is saving to the primary vault instead of the currently selected/open vault.
Comments
-
Hi @Hawkwind ,
Thanks so much for providing such a detailed report here!
The behaviour that you are seeing is by design. I know it might seem a bit weird, but let me explain our reasoning behind it. In general, we recommend that users set up their vaults so that the primary vault contains the personal and private information, and secondary vaults contain shared information. With this setup, a user could have multiple shared vaults, some with family members, and some with co-workers. When saving new entries via the browser extension, the decision was made to default to the primary vault so that personal and private information is not accidentally shared with co-workers or family.
The good news though is that it is possible to save a Login to a secondary vault. It just requires some editing to that 'Save new Login' dialog box.
There are two ways you can change which vault you are saving to:
- Click on the vault icon and select the vault you wish to save to
- Use the ⌘# ( Command-'vault number' ) keyboard shortcut to switch between vaults.
I know, this workflow took me a little while to get used to, and we are looking into ways of refining it in the future. I'll be sure to let our team know that you would like to see this reconsidered as well.
0 -
Yes please, should be easier to save a new login to the vault of choice when 1Password knows there are multiple vaults.
However, my point was all about 1Password updating a password in an existing entry for me. So for an updated password, I would expect 1Password to know which web site it is currently using and its entry 1Password since it's asking for update as an option (instead of save new) and therefore 1Password should keep track which vault to update. If this is not easy to program, just warn the user which vault is the currently selected and then update the entry in that current vault allowing the user to change to the correct vault as you describe. Or, as in multiple entries (users) for for a single website, from the Extension, you show all the logins for them and allow me to choose. (like the way for example www.comcast.net with multiple email addresses works now) I get a list of entries to choose from, so show the vaults that have the matching entry when choosing to update a changed password. ie: but please change the application programing to stop just using the Primary vault.
0 -
Hi @Hawkwind,
At the moment the Update existing Login works off of just the website field. When coupled with the fact that it defaults to the Primary vault it can get confused. Until we come up with a more satisfactory solution though there are some cues you can use to help you.
We always say what vault you're currently in (if there is more than one) and the action to be taken in the first of the drop down menus.
So for example, if I update my Amazon password, where the Login item is in my Primary vault I see the following.
Where you will notice it says Update existing login in Primary Vault. If I change to a secondary vault it replaces Primary with the name of that vault instead. So technically you're always being informed of which vault is being referred to but that isn't to say it can't be improved on.
If I update the password of an item that is only in my secondary vault I instead get the Save new Login in Primary Vault as you can see below. I first have to switch to my secondary vault and then manually change the option from Save new Login to Update existing Login. As you can see, one of the areas where we can improve.
Now because you have an Amazon Login item in both your Primary and secondary, even though you were working in the secondary vault it still displayed as Update existing Login in Primary Vault because the URL matched to your own Login item when it defaulted to the Primary vault.
Now if you have multiple Login items in the same vault, when you select Update existing Login the text field for titling a new Login item turns into a drop down menu where you can select the Login item you wish to update, which the screenshot below should help highlight.
We do have a feature request for a unified view over all vaults and I shall add your voice to that request. Hopefully until this is looked at the descriptions above will help a little with how it currently works. I definitely see your point of view, I'm not disagreeing with you, I just hope the small cues that are there will help until we come up with something better :smile:
ref: OPM-1840
0