Problems with updating change passwords
1Password version 5.1
OSX version 10.10.2
browser Safari
The interface to change a password for an existing site is significantly flawed. I follow the process described in the user manual for doing so, and all is fine EXCEPT that the popup dialog to update the 1PW record with the new password does not reliably appear - sometimes it does and sometimes it doesn't. When it doesn't, the website is updated with the new password and there's no way to recover the new password in 1PW! If you can't guarantee that the update dialog box will appear, you need a new interface paradigm. Suggestion:
When the user clicks "Fill", pop a dialog box that remembers the generated new password and poses a question "Did the website successfully update with with new password?" Provide 2 command buttons (YES/NO); if YES is pressed, update the 1Password login record and dismiss, if NO is pressed, simply dismiss. The user will first interact with the website to update the password and then, DEPENDING ON THE RESULTS, interact with the 1Password dialog box.
I find 1Password to be very useful, but frustratingly "touchy" and unreliable. I can never be sure that the actions I'm taking will actually "do the right thing". I have to constantly recheck logging into my sites whenever I interact with 1PW to make sure a 1PW failure hasn't locked me out of my website(s).
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @marklme,
The primary reason the update dialog may not seem consistent is because we're trying to work with with an unknown quantity. Every site does something a little differently and the range of change password pages, sometimes even spanning multiple pages for a single site, makes things really tricky. We try to look for clues, combinations of fields you would only see on a change password page to help identify that this is what you're doing. It is tough which is why 1Password always saves all generated passwords used as Password items inside your vault. The last thing we want to do is lock you out of an account because we've not recognised you're changing your password - that would be bad!
The way 1Password currently works is if you generate a new password inside our Password Generator and then you fill or copy it we will create a new Password item and the title will be the domain of the active tab e.g. Amazon. If you then go on to update an Amazon Login item in the same vault with this new password we remove the Password item as it has become redundant. If you don't those Password items will still be there and the name of the item can be used to distinguish them.
It isn't quite what you're suggesting but we do attempt to safeguard your generated passwords until we're confident they're correctly stored. Does knowledge of our current behaviour help at all?
0 -
Please explain "...1Password always saves all generated passwords used as Password items inside your vault..."
I tried to update my Aetna Navigator password, had the problem I described (1PW didn't display the update dialog), and I was subsequently locked out of my account. Trying to log in again using the 1PW entry for my Aetna Navigator account failed. And no, there was not another entry in my vault for the Aetna Navigator domain with the new password.
0 -
Hi @marklme,
How can I recover an unsaved password?
If you used the Password Generator to fill or copy the new password in the website, then 1Password created a new item to save that password, as a safety net. It's not a Login item, it's in the Passwords category.
Are you able to find it there?
0 -
Yes, I did find it, thank you. Safety net it is, but I'm still of the opinion that the interface from a human factors standpoint leaves much to be desired. As a former software designer/developer, I see several ways in which the "update password" sequence could be improved so it didn't scare the living' bejeesus out of the customer when the update dialog doesn't appear. And a question - if the Password Generator knows enough to capture the new password in a "Passwords" item, why the heck can't it update the appropriate login item?
0 -
Hi @marklme,
Can we improve the software both in terms of UI and behaviour? undoubtedly. As a developer you know the job is never finished and also the struggle to find enough time for all the components of even a small piece of software. Maybe a large rethink is required (whilst still acknowledging any limitations of JavaScript). What once was good may not stay that way as ideas and technologies change.
Now with the Password Generator, simply performing an action such as copy or fill will cause the creation of the Password item, as soon as we have any indication that the password might be used we record a copy. Now the person may not go through with changing a password while some sites won't tell you there is a problem until you click the submit button so altering the Login item is currently a separate section of the code. This also allows us to handle password changes that don't involve the Password Generator. Obviously it does require 1Password correctly recognising and reacting. I can't offer any sort of timeframe or promise anything I'm afraid but hopefully we can improve on the design.
0
