How to delete password history?
As I figured out there is no possibility to delete the password history of any item at that time. So far so good.
But since the great possibility exists to move or copy items in other vaults also the history is copied. So far so bad because I didn't think on this first. Even now I realized that I have to watch if there is a password in the history which I have still in use after duplicating an item.
As you can imagine it isn't my intent to send active passwords to anybody in case of a lapse. I think there should be a protection against this.
1Password Version: 6.0.1
Extension Version: Not Provided
OS Version: osx 10.11.3
Sync Type: dropbox
Comments
-
Hi @Silvermoon,
When you Duplicate an item, the previously used passwords are stripped out of the new item. So for your use case, it would be best to Duplicate an item before sharing it to another vault, so your previously used passwords won't go along for the ride.
0 -
Hi @chrisdj. The request to be able to delete password history (or not to store it in the first place) has been floating around at least since 2011. @Megan mentioned there are two reasons why this is a good feature:
- "If you update your password in 1Password first, there's always a (slim) chance that the update won't go through on the website"
- "To avoid password re-use (if you're not using our strong password generator)"
There should be a better way of handling this. For example, put the old password in the trash. If I need it - I'll look for it there. If I want to tidy up my database, I'll just empty the trash and not waste time on duplicating dozens of logins (without their history) in order to delete the old ones. Another options is to have an 'Older passwords' entry where again I can make batch operations on. And the best option in my mind - have a preference to never save old passwords. If a site rejects my strongly generated password, I'll deal with that.
This is just bloating my database which I want to keep as small as possible and wastes my time. I think it's about time this gets fixed.
0 -
At the same time, having password history is an important safety net. I understand that for your particular use case this feature isn't appreciated, but we do also have to consider other users as well. Thank for helping us understand how you'd prefer it work. It may be something we can accommodate in the future.
0 -
Thanks @brenty. I don't think most of your users realize you're bloating their databases. You don't give a setup for how many and how long to keep old passwords so databases just get bigger and bigger even if users don't add any new entries. I think the list of options in my post can be a good compromise - keep old passwords and be able to get rid of them efficiently.
Unfortunately I find it hard to believe you will ever accommodate this since, as I said, it's been floating around since 2011 and that means it has always been too low in the priority list.
I appreciate your work and love 1Password - I think it's a great product. But in this area I think you need to invest some time and effort to make it perfect.0 -
@gabym: 1Password can't "bloat" your database without your help — or mine! After all, it just stores the data we tell it to.
That said, maybe in the future it will become a problem, but it seems like storage and performance are scaling a lot faster than my 1Password vaults. Do you have an inordinately large database that's consuming a lot of disk space? Are you encountering performance issues? Even in 2011, mobile hardware wasn't choking on people's vaults, but perhaps you're going far beyond what the average user has.
As far as I've seen in testing and my own use, this really isn't a pain point for people. However, we get a lot of requests in 1Password Families/Teams to retain more data longer: people are used to 1Password retaining everything indefinitely (unless they delete it), and they want and expect that behaviour. And while I agree with you in principle, I think that an even more important ideal is that people never have to say, "Aagh! I wish I still had that!" so long as the technology can accommodate for retaining our data.
As a real-world example from an admitted digital hoarder, by 1Password database is the least of my problems. I have more items in my Trash at this point than my "active" data because I just don't empty it, but it's yet to cause me any issues, even on some rather old, weak devices I still use from time to time. But if you or anyone else are running into problems with "database bloat", we need to hear about it.
0 -
Thanks for your elaborated answer, @brenty however, I think you are missing the point. The reason I don't want to keep old passwords (and a few other users I saw in the forum) may be stupid, irrelevant or irresponsible but it is my choice. Your approach of knowing better what is good for me or what I need or don't need is a little condescending.
The current workaround of duplicating entries and deleting the old ones is not good enough. I'm asking to have a setting to not store old passwords at all. I don't think it should be that hard to implement. Alternatively, store the old passwords in the trash - that's the correct place in my mind where they belong. This way I can still look for them or clear everything once in a while.
@divot @xyz @sjk @Arthaey @benfdc @tullyhansen @howdytom @nigelm @skyrkou
https://discussions.agilebits.com/discussion/3666/how-to-clear-password-history
https://discussions.agilebits.com/discussion/41506/how-can-i-disable-the-previous-passwords-feature
https://discussions.agilebits.com/discussion/11871/how-do-i-clear-a-login-s-password-history
https://discussions.agilebits.com/discussion/20158/delete-passwords-from-password-history0 -
@gabym It is indeed your choice. As brenty mentioned, it's unlikely old passwords would cause performance issues. If they do, let us know. That being said, I'm happy to add your vote for the option to remove previously used passwords. Just know that there's not an overt problem here, and this would be a new feature. I can't say if or when this feature would be added, but thank you for taking the time to let us know why it would be valuable.
Another thing I wanted to mention is that you just mentioned nine people in this thread. I don't know why you did that, but in the future, please do not mention anyone who is not participating in the thread you are commenting in. Those folks will get emails saying you mentioned them in this thread, and that's just confusing.
ref: OPM-1962
0 -
You're right @penderworth, that wasn't very polite of me. These people opened and participated in other threads regarding password history deletion and had a strong opinion about it. Wanted to let them know the subject is still alive.
0 -
@gabym: I'm sure your heart was in the right place, but I think we all get more "unexpected" email than we'd like already, so it's important to put ourselves in the other person's place. Then again, I can ping @penderworth because he does it to me all the time. He had it coming. ;)
But in all seriousness, thanks for your passion, and for taking the time to both tell us that this feature is important to you and also explain why. It really helps us have a better sense of how people use 1Password (or would like to in the future), and when we're plotting out a new release it helps us see where we can do the most good for the greatest number of people. Cheers! :)
0 -
I gave up on this issue. I am no longer spending time convincing staff for any feature requests. Agilebits has its own point of view on this topic. I don’t think it’s even a feature. It should be implemented as a default option. Anyway.
0
