wrong password saved upon password change at bank
I had problems logging in at TD Bank [https://onlinebanking.tdbank.com/default.asp] where my saved password was not being accepted. Called in and the representative reset my password to something simple, with a forced change immediately after login. I logged in with the simple password, declined the save password request from 1Password, and then completed the password change form presented after my successful login. I then got a new offer to save the credentials from 1Password. I acquiesced and merely edited the default name of the item. On checking the item though, I found that 1P had 1) not saved the username, leaving it blank, and 2) had used the simple password from the original login before the password change form. Had I not checked the item, I'd have been unsuccessful using that item later on.
1Password Version: 6.6.2
Extension Version: Not Provided
OS Version: 10.12.4 beta
Sync Type: DropBox
Comments
-
Hey @vcayenne,
Thank you for writing in and I'm very sorry that 1Password didn't appear to save the Login item correctly for you. I don't have a TD account to log into and check this web form for myself though. Hopefully we can talk through what happened so I can understand more and later I can explain a way for you to send us some more information.
When you received the prompt upon changing your password for TD, it sounds like you were offered to create a new item rather than update the existing Login item. This is not expected and 1Password should be smart enough to figure out that you already have an item which you might like to update. Usually you should see two options at the top of the "Save Login" prompt - one called "Create New" and the other called "Update Existing". It sounds like "Create New" was selected by default which resulted in a new Login being created and because you were creating a Login from the Change Password web form the username wasn't available to 1Password at the time. This would be why the Login item didn't include your username.
However, it should have at least saved your new password. May I ask if you had used the 1Password Password Generator to create the new password? If you copied from the generator to the clipboard or used the browser extension to fill in this newly generated password 1Password would have automatically created a new Password item in your 1Password vault for this web page containing this new password. This is a safety precaution we took with 1Password as it ensures that any password used in a Change Password form will be saved if it is created using the Password Generator. That way, even if 1Password fails to detect that you changed your password you can always manually find the new password to get logged back into the website. In the ideal case, 1Password detects that it's a change password form and offers to update the password - once you approve the update the new Password item is merged into the existing Login item.
I'm sorry about the trouble with this - it's a constant struggle to ensure that 1Password works with as many different websites as possible. These kinds of reports are invaluable to us as they allow us to focus on what's not working and improve 1Password.
As I mentioned initially I don't have access to this particular change password form myself, but we do have a feature that allows you to report websites like this that don't work well with 1Password. That link will explain how to use this feature and what information would be sent.
Thanks again for reporting this and I hope the above explanation helped. Let me know if you have any questions.
Best regards,
Matthew0