Handling of website change password pages in 1Password X

1Password X doesn't seem to be set up sensibly for handling new password creation for a specific case which I will describe below. I recently signed up for 1Password X and just finished going through the process of adding all my accounts and changing passwords where appropriate.

Most of the websites I want to change the password for, I'd already be logged in to. What this means is that the first time I save a password using 1Password is from the change password page of a given website.

A great example of where this leads to problems is Hilton's website. The change password page also contains fields / form entries for other sensitive information including telephone, address, and ID numbers for programs associated with Hilton (i.e. your ID number for AARP). Some of these fields are auto-filled by default, to the extent I had already given the information to Hilton. However, that doesn't mean that I want 1Password X to save these fields. Unfortunately, in some instances (like Hilton), 1Password X does save these sensitive fields.

An even better example of this would be www.ladwp.com. It's pretty clear this is bad design on LADWP's part, but the page to enter a new password opens with pre-autofilled fields showing the answers to my password recovery questions (i.e. my father's middle name). Obviously, not something I want 1Password X to save.

I understand that it would be very difficult for 1Password X to "know" which fields are sensitive / should not be captured and that capturing web field capture can be helpful for login. With this in mind, I have two questions:

  1. What is the 1Password team's suggested "workflow" for saving new passwords using 1Password X? Is the correct procedure to first log out of the given website, then log back in and save the old password, then create the new password and update the entry? Is it wrong to initially save a new login from a change password page?

  2. It seems like a lot of these issues could be solved by giving users more power to edit web form details, remove old passwords, remove item history entries, etc. Either that or create some kind of "cleanse entry" button that could remove old and unnecessary (and potentially sensitive) details from login entries.

By the way, other than this, love the service! Hope to hear your feedback soon.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @miles12345: Thanks for reaching out. You raise some good points. Indeed, ideally 1Password (X or otherwise — this problem is not unique) would know what needs to be saved and what doesn't. The hard part is that it just isn't simple. In a world (IN A WORLD...sorry) where many websites like to be "creative" and use stuff other than "username" and "password" and/or split the login process up into multiple pages/steps, being too rigid in a way that would help in your case would really hinder in many others.

    So while it's definitely a problem worth solving, and we'll continue to work at it, the only solution currently is to save the login at the form you want 1Password to fill, with the information you want it to save.

    1. What is the 1Password team's suggested "workflow" for saving new passwords using 1Password X? Is the correct procedure to first log out of the given website, then log back in and save the old password, then create the new password and update the entry? Is it wrong to initially save a new login from a change password page?

    That's a tough one. Saving on the login page is best...but of course sometimes you'll need to save on a "signup" page or something like that. You could always do that to capture the info easily, and then save a new login later at the login page. I do that many times since that also often allows 1Password to take me right where I want to go each time I visit the site. If I save on the signup page, not only do I have a bunch of stuff I don't need, I end up there each time I ask 1Password to Open and Fill. It sounds like a chore, but doing it once it saves me a ton of time going forward.

    1. It seems like a lot of these issues could be solved by giving users more power to edit web form details, remove old passwords, remove item history entries, etc. Either that or create some kind of "cleanse entry" button that could remove old and unnecessary (and potentially sensitive) details from login entries.

    I agree. We have this capability in the desktop app, but not yet in 1Password X (which does not have its own editor) or the 1Password.com web interface (which helps 1Password X in this regard). We definitely want to expand the capabilities of both, so that can help in the future.

    Thanks for not only the feedback on this, but the kind words! I'm glad you're enjoying 1Password overall, and we'll keep making it better in every way we can. :)

This discussion has been closed.