Suggestion: Merge Selected Cards (similar function from another program)
Over the years, I've picked up a proliferation of duplicate passwords for the same account, which I can easily find by listing items with duplicate passwords. They are all very slightly different. For example, I have 11 for my bank account. They all have the same user name and password; it's the other stuff that's different. I don't think these are from sync malfunctions but from failure to recognize that the login already exists. Some are for CreditUnion.org, others for www.CreditUnion.org (in the title). While some differ only by date, others will have slightly different URLs, so one will be https://www.CreditUnion.org/ and another for https://www.CreditUnion.org/index.html and a third for https://www.CreditUnion.Org/home.html (presumably there was a software update at the bank at some point) -- obviously, I can delete these as they crop up, but I have hundreds of them, so it's tedious, and I expect new ones to be created in a steady trickle, where I don't notice when they are created, but only later.
Cleanup could be made safer and less tedious by implementing a MERGE command. I'm not talking about merging vaults. I've only ever had one of those. I started out years ago with a version of 1Password that synchronized between devices manually, and I'm currently using DropBox, Mac version 5.4 (540046) on Yosemite (10.10.5) and iOS version 6.1.2 (iOS 9.1). I don't want to use iCloud, because I still also use older machines that don't support it.
The MacOS X Contacts program has a "Merge Selected Cards" menu command that lets you select multiple cards that refer to the same person and turn them into one card. If there are fields on one card that aren't on the other(s), it collects them all in the final card, which can then be manually edited, if necessary. (That is, I think it records the deletions of all but one, but first copies distinct fields and values into the remaining card.) Part of what makes it tedious to manually combine cards is a user interface that doesn't support side-by-side comparison of cards, and the possibility that one or more of the duplicates will contain additional information, like a PIN or routing number (to stay with the bank example).
Each of my AppleIDs (I have several for different purposes) has many duplicates as well, for different Apple URLs, like iCloud.com, daw.apple.com, appleID.apple.com, id.apple.com, secure2.store.apple.com, me.com, and so on. It would be nice if one item could match multiple URLs, but if there were a way to do that, a MERGE function could accomplish that automatically. There seems to be no way to select multiple items using the iOS app, but multiple selection on the Mac works. (The style which I use is to enter the passwords manually, looking them up in 1Password if I can't recall. It seems best to err on the side of caution if it asks if I should save a password. I am NOT a fan of 1Password extension. There must be some kind of matching function, because sometimes it asks me if I want to update the existing password when it's changed.)
I'm sorry if this duplicates some other suggestion, or if there is a function like this I could not find, but I diligently searched for "merge", "duplicates", "combine" and so on in the forums before posting this. Found a lot of stuff about sync and vaults, but I am not complaining about the programs creating these things, just dealing with duplicates that already exist.
1Password Version: 5.4
Extension Version: Not Provided
OS Version: 10.10.5
Sync Type: DropBox
Referrer: kb-search:merge, kb-search:merge items, kb-search:merge duplicates, kb-search:suggestion
Comments
-
When I say I am not a fan of 1Password extension, I mean that I am not a fan of any of the "automatically provide field values and submit the form without allowing for manual review" type functions. That's like shooting yourself in the foot with an automatic weapon. Obviously, there is some kind of extension which intercepts the values as I type them in, and that's great. In Safari, I have 1Password Extension 4.4.3. In Chrome 4.4.3.90.
0 -
Hi @jslove,
Thanks for taking the time to contact us. It's a useful suggestion. :)
In the meantime, if the duplicate items you are seeing consist of both Password items and Login items, you can Control-click (or right-click) on "Passwords" in the sidebar and choose "Remove redundant" as shown in this screenshot.
That will remove any duplicate Password items where the password is an exact match for one already stored in a Login item. You can read more about the different item categories in the User Guide:
1Password for Mac: Categories
If the items you have containing duplicate passwords are both Login items, then you will need to use the "Duplicate Passwords" function in the sidebar to locate them and then manually remove them as you mentioned.
I'll add our vote for some functionality to improve the workflow here in a future update. :)
With regard to the extension automatically submitting a login form after filling in your username and password, you can disable that if you wish. Simply disable "Automatically submit logins after filling" on the Browsers preference pane:
I hope that helps a bit. If we can be of further assistance, please let us know.
0 -
It may be clear from my original post that I already knew about the Show Duplicate Passwords sort/select function, which does not require selecting Security Audit, though a useful shortcut. It's quite helpful to find password reuse between genuinely different IDs. However, it also highlights annoying redundancy, making genuine collisions harder to find.
To be more clear, I am suggesting that the MERGE function allow merging specifically selected items, not like the Remove Duplicates function which seems to be a very broad brush. I am concerned about deleting extra data associated with an item, which is a large part of why just deleting all but one of a set of duplicates is a bad idea. One or more of the entries may contain a PIN, a routing number, an account number (when that is different from the login handle), a statement closing date, all kinds of stuff you might add, and then carelessly lose. If I had used the same password and user handle on different sites, that might or might not be a valid reason to merge them. For example, if my e-mail address were an AppleID but also the login handle for innumerable other sites, id.apple.com and appleID.apple.com would be the same, but meetup.com would not. One of those accounts would best have its password changed, which is what Duplicate Passwords is good for.
Which brings me to the idea of matching. It is very inconvenient to have multiple entries for the same account. If I change the password for an AppleID, it applies to any number of URLs with different domain names, and using 1Password I would have to change every one of those independently. A single entry that specifies multiple candidate URLs would centralize this function. I gather something like that may be partially implemented, but I can't find it in the documentation, so I don't know for sure whether it exists at all, what the rules are, or how to take advantage of it. It's totally useless to have separate entries for store1.apple.com and store2.apple.com (the actual URLs are not that but similar), and I would want a password for apple.com to apply to subdomains unless I go out of my way to specify otherwise. That doesn't help merge apple.com, iCloud.com and me.com, though. A similar case would be he.com and tunnelbroker.com. If the matching function were robustly used, it wouldn't create a duplicate entry if "Automatically submit logins after filling" were checked.
An implicit URL-matching function could ASK whether a login were new or the same, when auto-submitting. It's not useful when the same domain name with different complex URLs are considered distinct, when many sites have (perhaps over time) different pages where you can login to the same account. By considered distinct, I mean separate items are created. Some sites mark every contact with a handle which is never reused, and the unique part may not follow a "?" in the URL. It's perfectly easy to code sites that (not so obviously) have URLs like "foo.com/member/account.cgi/jslove/jahdKlkuEH3rfl2fkjsdbn". It would be nice to have some explicit control so separate authentication zones could be unambiguously tagged. They don't do so, but I think Uber should allow distinct passwords for rider and driver. It's an example, only. Thus, uber.com could have one password, except that uber.com/driver and vault.uber.com could have another. Maybe too complicated to implement or explain, but could greatly simplify keeping things in step.
0 -
What you're asking for is very complex, in terms of flow, presentation and usability for ordinary users. I'm not saying it wouldn't have value for some, but that value would be greatly limited to a few fastidious users.
I'd suggest, that for most of us, the easiest thing to do is simply manage the duplicates, or incorrect records, over time, as you use or discover them. Duplicate records unused aren't worth your time, and issues in records used frequently will be spotted and corrected very quickly. You'll get 80-90% done in very short order, and the rest... who cares. :-)
If you really have many records which need some sort of merging and management, help me understand your needs and we can work on a de-duping tool. You'll need to be clear about your requirements, and what constitutes matching or similarity, and under what conditions, and which fields should be ignored. I've toyed with the idea of doing this for a while now, knowing full well how complex the issues are, and moreover how complex the presentation is for user comprehension.
There's a bit of a built-in discordance with respect to the tool's audience. Fastidious, meticulous, OCD types, typically do not have, nor ever allow, such chaos in their data (or lives, perhaps), and so they won't need such a facility. Easy-going, go with the flow, whatever, types who are conformable with ambiguity and don't much care about the order of things, won't have much interest in such clean-up, and just live with whatever works. So who is the target audience?
So, that's a lot of push-back, and I don't mean to derail your good request. Just some food for thought.
0
