Experience of dealing with generating passwords on iOS

System

This discussion was created from comments split from: Password Generator: Don't store a useless password.

wkleem

I do have an issue with 'useless passwords'. Logins that create a useless password temporarily before going to a more permanent one for security reasons. My 1Password vault has these useless passwords.

MikeT

Hi @wkleem,

I'm not sure I understand, aren't these temporary passwords usually provided to you by the website (usually via emails), so that you can change it on the first sign-in?

I haven't seen a site that asked you to generate a temp password and then generate a permanent one, that doesn't make any security sense.

In this unusual case, you'd have to delete them manually.

wkleem

I'm not sure I understand, aren't these temporary passwords usually provided to you by the website (usually via emails), so that you can change it on the first sign-in?

@MikeT, That is usually the case.

I haven't seen a site that asked you to generate a temp password and then generate a permanent one, that doesn't make any security sense.

Cannot recall the site now. I noticed some sites are now using phone and TOTP instead of email.

In this unusual case, you'd have to delete them manually.

Thanks.

AGAlumB

If you remember which site it was I'd love to know. It's always interesting to see the different things people come up with, both the good and the bad. :crazy:

wkleem

@brenty, Take a look at ComGateway. Changed passwords via forgot password with email. The temp password came through and I changed password but the stronger password didn’t work but the weak temp password does!

https://secure.comgateway.com/home

AGAlumB

Wow. I wonder if the temp password works forever (!!!) or if it's accepted for a certain amount of time ...

wkleem

OK I posted to the wrong forum again. Doh!! Should have been at the The Dave’s ! Weak passwords.

https://discussions.agilebits.com/discussion/comment/447004#Comment_447004

AGAlumB

@wkleem: Ha! I actually thought that's where you'd posted it. I didn't scroll up. I'll move it for you. :lol:

System

This discussion was created from comments split from: Watchtower: different result on Windows and macOS.

wkleem

Thanks! The temp password still works, even now.

AGAlumB

@wkleem: Just to clarify, the new password you set does not work at all? Was it maybe rejected by the password change form, perhaps due to some hidden (and likely Byzantine) password restriction?

wkleem

@brenty, I will have to recheck. I cannot remember the number of characters I used.

If the password I set was rejected there was no indication of a rejection. The new password was changed successfully.

wkleem

Temp (weak) password is the default and stronger password is optional.

AGAlumB

So both passwords work? :unamused:

wkleem

I would change password to the stronger one and that fails, forcing a change to the weak one! Meanwhile I have saved multiple logins in the attempts. And forgot password.

AGAlumB

@wkleem: Hmm. If you copied or filled a generated password from 1Password, it should have saved a Password item in your vault at that time. Does that help?

wkleem

Hi

I did discover an issue with the iPhone SE when saving passwords on the site. 1Password 7 from Mobile Safari does not capture all info, unlike Windows.

AGAlumB

1Password for iOS should be able to capture the username and password. Is that not the case?

wkleem

Yes it can save the username and password but beyond that, like if I have current or temp password, new password (optional) and confirm password (optional) all filled in, it fails here.

I am adding a screen capture for reference. Temp password always works but when the optional password is filled, nothing works after I have filled in the stronger password below (currently 34 characters from Password Generator).

MikeT

Hi @wkleem,

The 1Password extension on the mobile devices are far more limited compared to what the desktop extensions can do, it can only save the user and password fields. If you wish to save more information, you'd have to copy/paste to the 1Password app to add the extra fields.

wkleem

Thanks MikeT. It still does not help me get away from weak passwords when the site seemingly encourages it.

wkleem

Android does complicate matters a little by being restricted to one URL. So right now I need one login or more logins for Android and another for everything else with multi URLs.

Greg

@wkleem: If a website creates a weak temporary password for you, I am afraid that there is not much we can do from our side – you will need to manually change it to a more secure password, using 1Password extension.

Is there a reason why you do that on a mobile device? As Mike mentioned above, 1Password extension on the mobile devices is quite limited, so I would recommend you to change your passwords on your desktop.

Thanks!

Cheers,
Greg

wkleem

@Greg,

Mobile is not particularly important but I was away from my desktop and tried the site on the iPhone.

I thought I would highlight the issues here. I will need to test different password lengths to see which ones work.

MikeT

I understand and I've moved our conversation to the iOS forum here to see if the iOS team can figure out a better approach to generating passwords for certain sites using the 1Password extension on mobile devices.

wkleem

Thanks MikeT.

I also have Android devices which I use infrequently except to keep them updated. Android saves logins to one URL, a known problem. I did it test the website on Android only Windows and IOS.

wkleem

Did not test on Android.

AGAlumB

@wkleem: I think you'll be glad to know that the version 7 beta of 1Password for Android includes support for multiple URLs. At least, I'm very glad for that. :)

wkleem

Thanks! I have the 1Password 7 beta version installed but it isn’t used

AGAlumB

Well, it's there if you need it. Anyway, looking forward to getting 7.0 into everyone's hands. :)