Bug Report: Generated password not saved ANYWHERE if login item is being edited.

abatty
abatty
Community Member
in Mac

Just had a nerve-wracking experience as I was changing a password at a site. They were doing a security upgrade and had me set up several security questions. Since I always answer these with lies, I was also editing the login "notes" field with the answers.

It then came time to reset the password, and I used the password generator in the browser. It auto-filled, and asked if I'd like to update the login. I clicked "update existing," but the change was not reflected in the login, probably because it was still open for editing. I saved and closed it and went to the list of generated passwords, which I always have sorted by creation date, newest first, for exactly this kind of situation.

The just-generated password was nowhere to be found.

I must have missed the clipboard window as well, because pasting into a text editor still gave me nothing.

(I was able to use the security questions to generate yet another; no problem there.)

It'd be great if you could ensure that in such an uncommon, but reasonable case, the password at least gets saved to the list of generated passwords.

1Password Version: 6.2.1
Extension Version: 4.5.5
OS Version: 10.11.4
Sync Type: Dropbox

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @abatty,

    That is genuinely horrific and I can reproduce. I can only assume I've never performed such a task before.

    The only saving grace is you should have found a Password item in the Trash of that vault and if you were to order the Trash by Date Modified or Data Created it would be at the top of the list. Now I say this but...

    1. It isn't obvious at all.
    2. It shouldn't matter, we shouldn't allow this combination to happen.

    The only thing positive thing I I can think say is given the lack of complaints most people have been lucky enough not to hit on this situation yet and you yourself may consider it an unlikely situation to be in often. I'm not trying to make light of the situation when I make that remark, I'm just trying to take anything away from it that I can given it is a really crappy bug. I've written up the report for the developers.

    ref: OPM-4011

  • abatty
    abatty
    Community Member

    Ah-hah! Yes; there it is in the trash!

    That's definitely good to know; I hadn't even thought of looking there.

    But yes, as I said, I used my brand-new security questions to reset the password 5 minutes after making it. And also, as I said, and as you note, this is probably an edge case, but one that happens when the user may be doing something entirely reasonable, if uncommon.

    Just thought you guys should know.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Sorry for the scare. I'm glad that helped! Hopefully we'll be able to make it a bit less opaque in the future. Thanks for bringing this up!

  • yndara
    yndara
    Community Member

    Just wanted to say that I ran into this same issue a few days ago, and then again today. I was happy to find this solution today, rather than redoing the whole process the way I did the first time. In any case, I wanted to make sure you knew this bug was, sadly, alive and well.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @yndara: Really? Please tell me the OS, 1Password, and device versions you're using and the exact steps you're taking. This issue was resolved back in May, so I'm surprised to see it cropping up again! The more information you can give, the better. Thanks in advance!

  • yndara
    yndara
    Community Member

    @brenty
    Sorry for the delay in getting back to you. Glad I finally saw your post before I upgraded to Sierra!

    OS X El Capitan, version 10.11.6
    1Password
    Version 6.3.2 (632000)
    Mac App Store
    iMac (27-inch, Late 2013)

    I believe exact steps were as follows:
    Go to a web site that is asking you to reset your password.
    Using the 1Password extension, find the login for that web site and anchor the window to stay open.
    Click Edit to make changes to the login (I was adding security questions).
    Click the icon next to the password field to bring up the password generator.
    Copy the newly generated password, paste it into the new password fields on the site.
    1Password asks, "Would you like to update your existing username and password for this site in 1Password?"
    Select the correct login from the dropdown if necessary, then click Update Existing.
    Note that the 1Password window is still in edit mode.
    When the web site asks you to log in again using the new password, try to use the extension to log in.
    It fills your old password, and when you try to find the one you just generated, it is in the trash.

    I tried this just now, and when I did, the anchored window had kept the new password, so when I hit save, it saved it and I was able to log in normally. The steps above are what I remember doing when I ran into the problem last week.

    Please let me know if I can tell you anything else that would be helpful!

  • Drew_AG
    Drew_AG
    1Password Alumni

    Thank you for the details, @yndara!

    I tried following your exact steps, but it worked correctly for me. I tried it twice, just to be sure. Here are my steps & results:

    • Went to a website where I have an account, signed in, found the 'change password' page.
    • Clicked the 1Password extension, found my Login for the site, anchored the window.
    • Clicked Edit on the anchored window.
    • Copied & pasted the current password into the "old password" field on the site.
    • Clicked the password generator icon (next to the password field) in the anchored window.
    • Copied & pasted the new generated password into the "new password" and "verify password" fields on the site.
    • Submitted the 'change password' form, 1Password asked if I wanted to update the existing Login item.
    • Clicked Update Existing button (anchored window was still open and in Edit mode).
    • Signed out of the website, went back to the sign-in page.
    • Used the 1Password extension, it filled the username and new password, I was signed in successfully.
    • Opened the main 1Password app, found that Login, confirmed the new password was shown.
    • Confirmed nothing new in the 1Password Trash.
    • Went back to the anchored window for the Login item and clicked Save.
    • Confirmed the main app still showed the new password, and nothing new in the 1Password Trash.
    • Repeated all of the above steps with the same results.

    Now, I should mention that I'm using the latest beta versions of the 1Password app and browser extensions, so if there's a bug in the current stable versions that caused this for you, it's possible that was fixed in a beta.

    However, I'm confused about why you saw a Password item in the Trash in 1Password, because a new Password item is only created when using the Password Generator menu option in the 1Password mini / browser extension window and clicking the Fill or Copy button there. If you edited a Login item and clicked the password generator button next to the password field, that doesn't create a new Password item, so there's nothing that gets moved to the Trash once you save the changes.

    Is it possible you made 2 different attempts to change the password on that site - once by using the Password Generator in mini/extension, and once by editing the Login item and clicking the button next to the password field? In case it helps, we recommend changing a password by following the steps here: Change your passwords and make them stronger

    If you're still running into a problem like the one you described, you're welcome to switch to the latest beta versions of the app and browser extension to see if it helps. Please let us know how it all goes! :)

This discussion has been closed.