Password Generator: Don't store a useless password

I'm trying to understand the value of the Password Generator automatically creating a mostly useless item in 1Password?

  1. My workflow for signing up to a new site is this:
  2. Visit the site, find the signup form.
  3. Fill out the form, using a password generator of some sort to create the password and activate the account. Decline 1Password's offer to save the password (this saves the wrong page, and often the wrong form details -- I get my first name just as often as the account name).
  4. Complete the signup (email verification or whatever)
  5. Logout
  6. Login again, saving the password and the actual login form.

Whether you choose to let 1Password save the signup form or use a login form like I do, you end up with a duplicated entry for this site in the password list. Is this intended? Why? Is there a better way to generate a password without saving a duplicate? Or a better way to avoid having a signup form saved?

Don't get me wrong, losing the password would be unfortunate, but I can think of a couple solutions. Easiest: Leave the password generator window open, maybe even stop it from generating another password once "Copy" is clicked, this ensures I won't lose the password by accident. Maybe more complicated: Remove the useless item when a real login entry is created that happens to have the same domain and same password.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @TheDave,

    Thanks for writing in.

    I'm trying to understand the value of the Password Generator automatically creating a mostly useless item in 1Password?

    To prevent getting locked out from websites where you submit a new password but 1Password didn't prompt to save.

    Whether you choose to let 1Password save the signup form or use a login form like I do, you end up with a duplicated entry for this site in the password list. Is this intended? Why?

    Sort of, we haven't implemented the ability to clean up password items automatically after it detects you've saved a new Login item with the same website/password combination. It is coming in a future update along with the ability to clean up existing redundant passwords.

    Is there a better way to generate a password without saving a duplicate? Or a better way to avoid having a signup form saved?

    Not yet, the planned improvements coming will help you quickly clean this up.

  • dmpaul1
    dmpaul1
    Community Member

    This also creates a problem for the duplicate password check, as it finds the login and the password entries

  • TheDave
    TheDave
    Community Member

    @dmpaul1 Maybe that is more of a feature than a bug? A reminder to go clean out that category?

  • Hi guys,

    That will also be addressed by the same cleanup tool. Once it is implemented, you won't notice redundant Login/Password items in Reused password section.

  • AGAlumB
    AGAlumB
    1Password Alumni

    It's neither a bug nor a feature. Just a nicety that we haven't had had the time to implement. With each update under our belt though, we're knocking more and more stuff off our todo list, so we'll get there. Thanks for pushing us to do better! :)

  • reda999
    reda999
    Community Member

    Hello guys,

    Isn't keeping the password generated another way of saving it for not generating it in the future, even if that's not likely ?

  • AGAlumB
    AGAlumB
    1Password Alumni

    That's not the intention, no.

  • Hi @reda999,

    Keep in mind that we're only talking about removing redundant password items, the password is already in the existing Login items. Watchtower will warn you of reused passwords (Login item vs. other items) anyway. We only prevent the strong password generator from using anything that's in the top 1K common passwords but nothing else is used to prevent reusing the existing password.

    In addition, 1Password records all of the password changes you make for a single Login item via its own password history, not in the Passwords category.

  • XIII
    XIII
    Community Member
    edited July 2018

    We only prevent the strong password generator from using anything that's in the top 1K common passwords but nothing else is used to prevent reusing the existing password.

    Does that in- or exclude dolphin? ;)

    https://github.com/danielmiessler/SecLists/pull/155

  • Hi @XII,

    I have no...words for that. 🤕

This discussion has been closed.