Updating a login-entry with a generated password actually makes it duplicate
I'm relatively new to 1Password and so far I like it pretty much. As a start, I installed Google Chrome Extension and then I started to log in to all of my web-sites using my credentials. Thankfully 1Password offered to save them as login-entries in my vault. Then I found out that some passwords are weak and so I used the password generator feature to update them. Here's what I basically did:
1. From the website that I needed to update my credentials for, I went to change password
2. I opened the 1Password Google Chrome Extension and used password generator
3. I click 'Fill' to populate the password field
4. Clicked save and 1Password offered to update the existing log-in entry I have. I clicked update.
However, sometimes when I open the 1Password application to double check I find that the original log-in entry is "not" updated at all. And there's a new entry (with a key icon next to it) with the generated password that I picked up. Accordingly, when I logout and try to login again using the original entry, it doesn't really work. It only work when I "manually" update the old entry by copying the generated password to it and save it.
I'm not sure if that's a defect or I'm doing something wrong here.
Please help. Thanks!
1Password Version: 5.3
Extension Version: Google Chrome v4.4.2.90
OS Version: OS X 10.10.4
Sync Type: iCloud
Comments
-
Hi @enawara,
So there are a couple of possibilities here.
- Let's say 1Password offered to update a Login item, you clicked update and it didn't - that's bad and we'd want to work with you to try and reproduce this as we'd definitely want to resolve that. This, I really hope, isn't what is happening.
- What would seem more likely, but will require your confirmation, is if for whatever reason we've failed to recognise you're updating your password and we've not offered the standard update 1Password window. You might think it sounds silly given how easy it is for us as the user to say "that's a password change page" but pinning down what makes this different at the level of the HTML so the code can say "that's a password change page" is more tricky as we also don't want to confuse a registration page - recording the registration page would save far more information than is required and almost never helps with actually logging in.
- You've found the Login item doesn't have the new password when you next try to log in, you copy over the new one and then the 1Password Save Login pops up and you click Save. You then go back but it seems like it hasn't updated.
Let's say 2. is happening. It sounds like you've already stumbled upon the Password item we always create when you use the Password Generator. That's the safety net in case the detection code can't handle the page you're on. It means there is a history of passwords that you've potentially used and that haven't been added to a Login item yet. One way, as you've done already by the sounds of it is to manually update the Login item with the new password. Another way would be to log into the site, if we normally prompt you with a 1Password Save Login window you should get one here. This is where scenario 3. comes into play but this defaults to Save new Login while you actually want to update. This can be changed though with the first menu as seen in the screenshot below.
That leads to the following two options
and from there you can then select which Login item is being updated if you have more than one for this site
Now if none of this feels like it applies then then next time you find a site that causes this undesired behaviour, or if indeed you remember specifically which sites you noticed this happening on recently, if you were to let us know the site we could try it out ourselves and then we've got a concrete example to work with. I often find that can really help pin down the issue as well as give us a good point of commonality to base the conversation on.
0 -
Hello @littlebobbytables
Thank you for providing such a detailed and informative response. I think it's more likely towards the first possibility.
In my cases, 1Password always detected that it's an update for an existing login item. I've applied the same scenario on 6 different web-sites and 4 for them worked flawlessly. Only 2 of them didn't work properly, namely: Twitter and Github. In those two sites, I found out that the original login item is not updated and it has the old password, and then there's another generated log-in item that has only the password field (with the key icon).There's one aspect I'm suspecting which is the user interaction time. When I'm at the password generator and then I wait for while before I click 'Fill' (closer to a minute) to use the generated password, or when I wait before click 'Update' existing login item; that problem exist. However, for the 4 sites that worked successfully with me I was fast enough to generate/update login item.
I hope I was clear enough and please let me know if you would like logs/traces to help you figuring out the problem.
0 -
Hi @enawara,
Thank you for mentioning the sites you've found this to happen. I haven't tried Github yet but I did have a Twitter account for test purposes and it does what you say. I've said a few words not used in polite conversation but more importantly I've written up the report with everything required to reproduce. Thankfully this bug does leave the Password item so while annoying it doesn't lock you out. Hopefully we can get this resolved promptly.
ref: OPM-3243
0 -
Hello @littlebobbytables
Much appreciated. Thanks!
0 -
Just to clarify, the not very polite words were used during testing. I respect the awesome talent of our developers and I didn't leave a gutter-fueled report for them. For starters nobody works well if you do :tongue:
0
