Change password not saving new password in the correct place

tomalexander
tomalexander
Community Member
edited August 2016 in 1Password in the Browser

When I change my password on a site, I'm finding that it's not saving the new password as the current one. It's saving it elsewhere (so at least I can recover) but I'm not sure this is how your app is supposed to work. I'm hoping it's not just me doing something wrong, but I've followed instructions and I'm still able to reproduce the issue.

For example, today, I browsed to an existing web account and clicked on my profile. The web form has a bunch of fields and among them are 3 fields and a button to change my password.
I filled out my current password.
I used password generator to fill in the new password (and confirm password fields). That worked great.
I clicked on the button to change my password and it the form saved without issue.

However, here's what's been happening to me (3 times so far on different sites):

[screenshot removed by admin]

This is a screen cap from within 1Password where I have clicked on the "Show Web Form Details" button. As you can see it's storing the old password as my current one, and looks like it's storing the new password twice (assume once for each field of "new password" and "confirm password".) When I try to login to the site, it's filling my old password and I can't login.

I was locked out of my firewall on the weekend for a while until I figured out that the new password was just hidden.

What am I doing wrong?


1Password Version: 6.3.2
Extension Version: 632001
OS Version: OS X 10.11.6
Sync Type: 1Password account

Comments

  • Megan
    Megan
    1Password Alumni

    Hi @tomalexander,

    Thanks for bringing this to our attention! I just wanted to let you know that I’ve moved your post into the specialized ‘Saving and Filling in Browsers’ section of our forums. It’s where our filling gurus hang out, and they’ll be much better able to help dig into this issue and get to the bottom of it.

    I’ve also removed your screenshot, just in case that’s your current password information - this is a public forum and we don’t want to share any unwanted information. I hope that’s alright. :)

    Could you tell me which instructions you’re following to change these passwords? Are you asking 1Password to save a new item while you are on the password change page?

  • tomalexander
    tomalexander
    Community Member

    Hi @Megan,
    The passwords have been changed so no worries with the screenshot (but thanks).

    I was following the instructions that were sent to me by Dave Teare as part of a newsletter type email. It was sent August 14, and I also looked online and found a document at https://support.1password.com/change-website-password/.

    Also, I forgot to mention that when I clicked the "Change Password" button, 1Password opened and said, "want to create a new login or update an existing" and I chose to update an existing.

    It seems to be getting confused as you'll notice the username got saved as "Later" for some reason. The password stayed the old password, and the new password got stored in separate, unnamed fields. Hope that clarifies a bit.
    Thanks.

  • jxpx777
    jxpx777
    1Password Alumni

    Hi, @tomalexander. Sorry for the trouble you're having. Without being able to see the actual page where this is happening for you, I can't say for certain what the issue is, but I can explain generally how 1Password tries to recognize password changes. In the extension, we have some heuristics for how to recognize when a user is changing a password. The most common case is that there are three password fields on the page, one for the current password and then two for the new password to confirm it. There are some other patterns we've seen that we take into account as well, but it sounds like the three password fields are what you're seeing. Correct me if I'm wrong. :)

    When the extension sees that you're submitting a form that matches one of its patterns for password change forms, it sends an autosave message to 1Password with a flag set that it's a change password situation. In this case, 1Password should offer you the Update Existing tab first and make it a very short process to update the Login. It sounds like this didn't happen for you. When you get a regular, non-change-password autosave, you can still choose to Update Existing, but this will update the username and password for the chosen Login, which again sounds like what happened for you. This would be more commonly useful if, for instance, your username or email address changed for a site and you wanted to update the credentials in the Login from the sign in page.

    If you can share a URL (either here or via email if you can't share it publicly) to where we can see the change password form in action, that would be great. If not, could you visit the page that gave you trouble and then choose File > Save As… in Safari and save it as a Web Archive? You can then email that to support+forum@agilebits.com and we will take a look at it.

    Thanks!

    --
    Jamie Phelps
    Code Wrangler @ AgileBits

  • tomalexander
    tomalexander
    Community Member

    Hi Jamie - thanks for the response, however I need to clarify something that got left off my first post, and not sure if it's clear in my second update.

    I've have a copy of the HTML for the site if you want.

    Yesterday, when I wanted to change my password for this site, I first signed into the website. As it does, 1Password asked me if I wanted to store this login. I said yes, sure why not. So it did.

    Next, I accessed my profile page and it had the typical 3 fields (current password/new pwd/confirm pwd). I entered my current password, then I used password generator to generate the new password. The plugin (using firefox v48.0 btw) auto-magically filled in the new password/confirm password fields. When I clicked on Change Password, the plugin asked me right away:
    Create a new login? or Update Existing?

    I selected update existing. When I logged out and attempted to log back in used the login from 1Password and pre-filled my username and password. When I clicked Login, it said, "sorry, wrong password". After a couple of bad words, I did some digging and that's when I discovered that it had saved the old password as the current, and buried the new password in the addition web form details area (screen shot from 1st post).

    Does that make sense? It did detect that I was changing my password, but then it didn't save the fields in the correct positions.

    So, I decided to try again today, hoping to recreate the issue and send you more info. But today, magically, as software tends to do, it worked. When I changed my password it saved the new password correctly. I was able to logout and log back in without issues.

    But I have 2 other web interfaces that this has happened to me and they're different applications. One if my firewall web admin interface, and the other was a Joomla instance on my personal website. In both cases, 1Password detected that I was changing my password, but it saved the old password as the current, and the new password was buried in the other web form details. At first, I thought I was locked out of my accounts (obviously very distressing).

    So, I'm at a loss. It's very inconsistent and so I'm thinking the safest way is to launch a text editor first, generate my new password an immediately paste it into the text file as a backup, then let 1Password save what it's going to save. Then I'll have to go back and manually edit the entry and ensure it's correct.

    That's a lot of work. I'm not sure what I'm going to do.

  • jxpx777
    jxpx777
    1Password Alumni

    @tomalexander First, you won't need to go that text editor route. Even if 1Password does mess up in identifying the new password, you can always get generated passwords from the Passwords section in 1Password. We also maintain a list of previously used passwords inside your item so you can easily retrieve the previous one if the change isn't accepted.

    As for your description of what happened when you changed your password, I'd love to know what those sites were where the problem occurred. Hopefully someone on the team has an account so we can try it out ourselves. Generally, if you know you're on a change password form and 1Password does not select the update tab first, you should cancel and manually update the password using the Passwords section. (If you fill a generated password, it should remain on your clipboard by default after the fill.) This is something we definitely need to make clearer and more functional in the future.

This discussion has been closed.