Potentially dangerous? If main app auto-locks, it doesn't save generated passwords

Steven_L
Steven_L
Community Member
in Mac

Here's the sequence of events:

-I'm updating the password for something important. I need something generated by 1password.
-In the main 1password app, I select the entry and hit 'edit' in the bottom right corner
-I use the password generation feature
-It's a "memorable" password so instead of copying or filling, I type it in to where I need it. The password is changed.
-Just at this moment, an emergency calls me away from my computer (chipmunk ran by my feet in my bedroom)
-I APPARENTLY never hit "save" in the lower right corner
-I deal with the rodent, and I come back to my Mac. 1Password (again this is the main app) has locked itself (I have it set to lock after 10 minutes)
-The new password I generated is absolutely nowhere to be found. The old password is still there, and the new one is not in the 'passwords' category in the left hand side, nor is it listed in "previously used passwords"

Thankfully, I remembered what i typed and I was able to manually update the entry. However this could have been a minor crisis if I couldn't remember the password.

I can reproduce this by generating a password, NOT hitting save, and then locking the main app with control-option-command-L. After I do this, the generated password is nowhere to be found. Not in the entry, not in the password category on the left pane, not in 'previously used passwords' either.

Now I realize that this is probably by design, and it's my fault for failing to hit save. But, I would argue that this could easily happen if, for example, the power went out after I make use of a password but before I hit "save."

From now on I will make sure I actually save a new password before making use of it. In the meantime I wanted to let people know that this could happen if you're slightly irresponsible like me.

Thanks for reading.

1Password Version: 6.7.1
Extension Version: Not Provided
OS Version: 10.12.4
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Steven_L: That's definitely an interesting scenario — even without the rodent! A few things come to mind, and I hope you'll indulge me for a moment and then give me your own thoughts on this:

    1. I don't think most people who use 1Password to generate a password then enter it by hand.
    2. When you use 1Password to fill or copy a generate password, it automatically saves it.
    3. Locking 1Password removes the encrypted keys from memory, so it is impossible for it to save anything to the vault at that point.
    4. Having 1Password save every generated password could easily become unwieldy.

    I'm not sure I'm getting these in the best order, but hopefully this makes some sense. Expanding on that last point a bit, I regularly regenerate passwords (often to try to get one that conforms to some absurd requirement), and I don't think I'm alone in this. It's kind of fun, after all! If 1Password saves all of these, if I fail to update the appropriate login, the Password item safety net is not helpful, as I then have to go through many one by one to try to find the correct one, since many more were saved than just the one I actually used.

    I agree that this is a bit of a problem. I'm not sure I'd call you irresponsible or blame this on you, but it does seem like a bit of an edge case. And while I wouldn't say that the current design is ideal, it seems to me that designing for this edge case would create more problems than it solves. But it's late, so I'll sleep on it and look forward to your thoughts. :)

  • Steven_L
    Steven_L
    Community Member

    Thank you very much for replying.

    So, I have to admit that when I started this thread I was a little agitated, as the incident had happened a few minutes prior.

    Now that I've had time to think about it, I'm going to chalk this up to user error. I agree with your points, and in particular I agree that recording every single generated password is impractical and unwieldy.

    So, yeah...not much else to say, other than thanks for indulging my spur-of-the-moment complaint. I remain 100% satisfied with 1password.

    Thank you again for your attention.

  • Drew_AG
    Drew_AG
    1Password Alumni

    I'm happy to hear you're enjoying 1Password despite the trouble you ran into while editing a password! One thing I wanted to mention is that if you're changing the password for a website account, you might want to follow the steps here instead: Change your passwords and make them stronger

    We're always glad to help, so please let us know if you need anything else. :)

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2017

    @Steven_L: You're very welcome. I really didn't get a negative vibe from your post at all, and found it really thoughtful. I can't stress this enough, but even if in the end we decide that the way it works is, though imperfect, the best option for now, it's incredibly important that we challenge our assumptions so that someday we can come up with something even better. Thanks for your help in that regard. Cheers! :chuffed:

    P.S: Thank you for affording me the opportunity to write the following sentence:

    That’s definitely an interesting scenario — even without the rodent!

    :lol:

This discussion has been closed.