1Password Auto-Saves Any Editing Upon Lock
I'm not sure this is a BUG per se, but I would consider this improper behavior. Not sure if previous versions did this or not; maybe it's ALWAYS worked this way and I just never ran into it before.
I was editing a Login entry, generating a new password. I still had the Generator open since I was adjusting it for a stupid website that wouldn't give me the validation criteria until AFTER I submitted a password. Anyway I got distracted at one point and left 1P in this state for a minute. I have a short screensaver time, so it came on after a couple minutes and 1P of course locked as it should.
When I turned off the screensaver and unlocked 1P, I found it had automatically saved all the edits to the Login entry I was working on. Saves I did not actually want to commit, since the most recently generated password did not pass the website's validation so it wasn't usable. No real harm done, since I could of course revert with the Password History, but still, yikes. Please don't save without confirmation!
Granted I also shouldn't have left it in an edit state. :)
1Password Version: 7.0.1
Extension Version: Firefox 4.7.1.90
OS Version: OS X 10.13.4
Sync Type: Standalone
Comments
-
@Mousit: This is intentional. If you quit Notes without "saving", do you lose data? 1Password has worked this way for a while now, but it did used to prompt to save when switching away from an edit, or simply lose people's data when locking. That's not something that most people expect or find acceptable so we changed it. I'm sorry that this behaviour was unexpected for you, but I hope you'll understand why we needed to do this. We really can't count on most users remembering to treat 1Password differently than other apps. After all, by then it's too late.
0 -
@brenty Fair enough! I shouldn't really have left it in an edit state anyway, especially with a generated password I'd already tried to use and knew the particular site wouldn't accept. I'll just keep in mind to always save or discard before I turn my attention away from the editor. :)
Incidentally, speaking of the Generator, I've noticed the Mac generator doesn't have an option to turn off repeating characters, the way the old Windows 1P4 version does. That's the one I've been used to using for a while now (still use it in fact, until Windows 1P7 comes out, because I do standalone). It's just been a habit to do my work on 1P4 and folder-sync it to the Mac version, instead of vice-versa, but with the 1P7 release on Mac I decided to focus on using that one for a while and get a good feel for it, since 1P7 for Windows is coming. So I've been noticing the little things.
I really like that "Allow repeating characters" option in Windows 1P4's Generator though, because I keep it UN-checked. I've noticed the Mac Generator seems to LOVE to give me repeating characters. I've gotten quadruple repeats several times even during generations. One password I generated, I still remember it (didn't keep it, of course), because it had ===6666$$$ in it. Seriously, that string. That strikes me as quite bad, from a complexity standpoint, and in fact many sites explicitly will not accept a password that has 3 or more repeated characters in it either. I'd much rather the Generator not allow that, either hardcoded or as an option I could toggle like Windows 1P4 has.
Maybe I should nudge that to a separate discussion and not tack it onto this one though.
0 -
@Mousit: I hear you. But making "repearing characters" optional makes for not only lower-entropy passwords, it also makes it harder for 1Password to give you a sense of how strong they are. Truly random passwords are strongest, and like the old flip-a-coin experiment, it is possible for the same character to be chosen at random repeatedly. It certainly can feel crazy that you got one composed like that, but I've seen my fair share of odd ones too. It really helps to not try to read them, I find. A 10 character string of ===6666$$$ will not be any easier to guess than H8LAzkmJjo. Seriously, just try it sometime. I know that's counterintuitive to us as humans, hindsight being 20/20, but if I'd asked you to guess my example you could not have done so in time for my reply here, even if you wrote a script to do it for you. And that's only 10 characters. As far as I know, we're still waiting for someone to guess 3 words — and there's even cash money at stake. If you want to see where we're headed with the password generator, the new Windows app is a good example, but we have some tweaks to make there too. Our newest iteration on the design is in 1Password X, and we'll continue to improve on that as we roll it out across all of the apps.
ref: apple-1452
0
