Why did 1Password store the password I use to log into my computer as a Login?

Options
rhiannono
rhiannono
Community Member

Within the past few weeks there have been a number of updates so I'm not sure when it began, but I suspect with v7. 1Password has been storing login information without asking permission so I have multiple logins for the same thing. Today I noticed that it had stored my personal iCloud login (okay) but with the password I use to login to my work computer as the item name. I was shocked and immediately changed the name to "aw hell no." I noticed that v7 requires a script which gets access to this password in order to turn on the "automatically sign in after filling usernames and passwords" feature. I have NEVER shared this password with anyone or anything including 1Password, so I'm shocked that it was recorded and stored in 1Password.


1Password Version: 7.0.4
Extension Version: 4.7.1.90
OS Version: 10.13.5
Sync Type: Not Provided
Referrer: forum-search:stores mac sign in password

Comments

  • rhiannono
    rhiannono
    Community Member
    Options

    I should add that another person within my organization had the issue of multiple logins being stored without the prompt asking permission to store as new or update.

  • Lars
    Lars
    1Password Alumni
    Options

    Welcome to the forum, @rhiannono! Sorry for the trouble you've been experiencing.

    1Password has been storing login information without asking permission...

    This literally never happens. If you have the "Detect new usernames and offer to save them" box checked in Preferences > Browsers, 1Password will notice if you appear to be submitting a login form for a site that it doesn't already have in its database (or that you're using credentials for a site you DO have in 1Password but which don't match the saved credentials), but it will never automatically save them without offering you the familiar pop-up window:

    I say "familiar" because this behavior hasn't changed for quite some time -- well back into the mists of time. We offer to save new-seeming logins for you...but you can always cancel or modify. 1Password does NOT simply save new Login items without your permission.

    To be clear, automatically signing in after filling has nothing to do with saving. They're two different ends of the equation: the latter is what (can) happen on the front end (as I described), the former affects whether we're able to fill saved Login data effectively.

    Are you referring to a Login item, or is it a Password item (identifiable by the key icon in the 1Password items list)?

  • rhiannono
    rhiannono
    Community Member
    edited June 2018
    Options

    I'm willing to accept that perhaps there was some user error that caused me to create a Login item while I was logging into my work computer (not sure how that would happen, but whatever), thus mistakenly entering my computer password as the name of my personal iCloud Login item (which would have been pre-existing). I've submitted a help request and described the scenario _**just in case **_this happened through no fault of my own. Better to be safe than sorry.

    The other issue of the replicating passwords... yeah, it does happen. A few other folks reported this as a bug in these forums and Agile Bits team members said they were working on a fix. Currently in my private vault I have 9 duplicate password items for a pre-existing Login Item. The Login item has the logo of the website and the dupes are all keys. I'm sorry if my imprecise language has caused confusion. Consider this ticket resolved.

  • Lars
    Lars
    1Password Alumni
    Options

    @rhiannono

    The other issue of the replicating passwords... yeah, it does happen.

    Indeed it does, currently, and yes, we're working on a fix. Sorry if that wasn't clear. However, this happens upon generation of the password (1Password appears to be making two copies of the record). But it won't make 9 copies -- or at least, we've not seen anything like that yet. Can you look at the creation date/time stamps of the passwords in question (as well as the actual password) to see if they're truly identical?

  • rhiannono
    rhiannono
    Community Member
    edited June 2018
    Options

    Hi Lars, they are not identical passwords, but they were all created between 7:16:24 PM and 7:17:46 PM on May 23rd. The actual login item was created at 7:15 PM and modified at 7:19 (changed password once using the Password Generator). Interestingly enough, each password is unique.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited June 2018
    Options

    @rhiannono: That sounds like something else then. 1Password should save a new Password item any time you "use" a generated password by filling or copying it. It sounds like you just generated a number of them in a short period, perhaps trying to find one that was suitable.

    ref: XRE-47136-888

This discussion has been closed.