why is password change so cumbersome
Can i please ask why does the app not recognize that I am entering a new password and therefore prompt me to save it? like any browser would.
Also would be really nice if i did not have to press ctrl + \ to enter my credentials - why can this not happen automatically?!
thanks!
DQ
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:password change
Comments
-
Hi @dqdqdq,
Can i please ask why does the app not recognize that I am entering a new password and therefore prompt me to save it? like any browser would.
Can you tell us which sites this happened on? We do have several algorithms to detect the password change but not every site works the same way and we have to constantly update our algorithms to improve the detection. We have an idea for a future update that might have a big improvement on this.
For an example, there are various sites that:
- Asks for current password before taking you to the next page asking for the new password. It may or may not ask you to repeat the new password.
- Ask for current password and the new password on the same page, it may ask to repeat the new password
- Ask for new password without current password. It may ask to repeat
- There are some that sends you a link to reset the password to set up a new password
As you can tell by now, it isn't that easy for us to have a single solution that works on all sites. The main reason browsers can do this is because they work in a lower level, they have access to more of the site that our extensions do not.
Also would be really nice if i did not have to press ctrl + \ to enter my credentials - why can this not happen automatically?!
We consider this to a security risk. Imagine one of the sites you visit got infected and it has an invisible iframe to redirect you to different sites, your password manager can fill in on each site it goes to and you wouldn't know what was happening. That's why we don't do anything by default and always ask you first.
This is something that has to be fixed in the lower levels, not in 1Password. In the future when this is mitigated, we would give you an option to enable the direct automatic filling but for now, it is not there yet.
You can read more in our article here: https://support.1password.com/why-no-autofill/
0 -
Thanks for your reply.
I am talking about when I make a change to my AD password. I put in a different password and I would hope that 1password would prompt me to save the new credentials. This does not work for any site. I primarily use Chrome. If this is not technically possible then it would be nice if it was easier to change the password in the chrome extension. For now the only way I can change the password is to open the url in the 1password application and change it from there - it is very cumbersome.
Also would be really nice if i did not have to press ctrl + \ to enter my credentials - why can this not happen automatically?!
We consider this to a security risk. Imagine one of the sites you visit got infected and it has an invisible iframe to redirect you to different sites....
This should be a choice the customer makes imho i.e. have an option to turn this feature on or off.
Thanks!!
0 -
Hi @dqdqdq,
I am talking about when I make a change to my AD password
AD as in Active Directory? I didn't know you could change it in a web site. Is this something we can test ourselves to see how it works?
1Password does prompt to update passwords, I've tested it on facebook as an example here:
You said any sites, that's not right, it should work on a lot of sites. Can you open the main 1Password program, unlock, and go to the File Menu > Preferences > Auto-Save, are both options checked on top here? If the second option is checked, you would need to make sure 1Password is unlocked first before you can change your password, so it can check the database to find an existing Login item to update.
This should be a choice the customer makes imho i.e. have an option to turn this feature on or off.
It's not that simple, each single setting makes the entire security system more complex to maintain and the more complex it gets, the more prone to issues it will be. Having less options and a sustainable stable system is more valuable than having a flexible system that can expose different type of issues.
We might be able to make this optional in the future but for now, it's not on our list for the short term. As I mentioned before, once the browser and web community comes up with a better solution on a lower level, we'd be happy to add this option sooner.
0 -
hi there. When I say AD it is active directory I am referring to. A lot of sites I go to are AD integrated and there is a compulsory password change every month. When I go to the site and enter a different password it does not prompt me to update it. I had checked auto-save before I made my initial post and it is checked. The second option is not checked.
0 -
sure. I will contact you again when it comes to password change time
thanks!
0 -
By the way, if you're using the same AD credentials among several sites, you might be able to just add these URLs to the same Login item, so that you only need to edit one Login item instead of several items.
0 -
thats a good idea! thanks.
0 -
We're glad Mike's suggestion, adding multiple URLs to one login item, helped.
Let us know when you have to change a password again so we can work with you.
Cheers!
0 -
I emailed at this address but nobody replied :-(
0 -
thanks! I resent the original mail! as MikeT instructed I sent it to support+windows@agilebits.com. I got a bitbot reply this time so you got it. This did not happen when I sent the original mail!
0 -
@dqdqdq: Aha! That explains it. If you didn't receive a response from BitBot, that means we never got your email. :(
I'm glad to say that we've got the message this time, so we can continue the conversation via email. Sorry again about the trouble. We'll get back to you shortly! :)
ref: HFR-73887-877
0