How to handle airgapped transfer of certain files for 1Password on Windows

AGAlumB

That's a great strategy. :) Prioritizing definitely helps.

It reminds me of when I moved some stuff to 1Password long ago. It seemed overwhelming. But sort of accidentally, out of frustration, I ended up just taking it a step at a time, verifying/updating the most important logins, notes, etc. first, and then mostly just doing the rest a little bit at a time as I used it. Before I knew it, my imported data was almost all "processed" by me, just through normal usage, and then I had a couple dozen items that I finished off while watching a bad movie. ;)

sach_nyc

thanks but I do not see any option to sort by risk/priority as mentioned earlier

AGAlumB

@sach_nyc: As Mike already mentioned,

Watchtower already sorts it by risk level with vulnerable/compromised on top, reused below and so on.

You should see the following in the sidebar:

• Compromised — accounts known to have been exposed in a website breach
• Vulnerable — known passwords dumped from hacked websites
• Reused — passwords that you're using in more than one place
• Weak — passwords that are simply not safe to use because they can be easily guessed

Anything "priority" beyond that is subjective though. For example, do you have a bank account with a lot of money which is using a password that is problematic for one of the above reasons? 1Password has no way of knowing that, but you can certainly change something like that first. I know I would.

sach_nyc

got it. thanks 8-)

AGAlumB

Anytime! :chuffed: :+1:

sach_nyc

Will you recommend secure notes for keeping PIN? I have many pins which are obviously weak passwords as they are 4-6 digits longs, they can't be more secure. also, for some websites I have 2fa enabled but it is still listed as inactive 2fa

MikeT

Hi @sach_nyc,

There is no need to do anything for PINs right now. We have a known issue with flagging Login items with 6 digits but no website. As long as it has no website, no items should be flagged with 6 digit password fields but 1Password 7.1 for Windows does. This will be fixed soon.

For your 2FA items where you don't use 1Password as the 2FA authenticator or they use a custom authenticator, you can tag them as 2FA and it'll remove that banner. We are going to improve Watchtower to let you tag/suppress certain items.

sach_nyc

I moved most of my pins to secure note. I hope I can migrate them later easily. do you recommending storing 2fa keys or qr codes in 1password? and where does 1password generate 2fa codes?

AGAlumB

I moved most of my pins to secure note. I hope I can migrate them later easily. do you recommending storing 2fa keys or qr codes in 1password?

@sach_nyc: Generally we do recommend using 1Password for this, but honestly that's a very personal choice. Only you can decide what's appropriate for your purposes. There was a really good discussion on this topic recently. I encourage you to check it out for different perspectives. :)

and where does 1password generate 2fa codes?

It displays TOTP codes it generates inline with the other information in a saved login. It's just another field in the item.

sach_nyc

great. thanks. One problem which bothering me persistently is this - as soon as I change weak password to new password generated by 1password, I see another duplicate entry in 1password with time of change and my duplicate password count increases by one which I have to fix manually by deleting timestamped entry. why?

see this for example: https://snag.gy/Hfdsnj.jpg

another issue - how to bulk convert http to https to get rid of warning for unsecured wesbites? I have 348 of them right now

MikeT

Hi @sach_nyc,

1Password 7 on Windows doesn't have an automatic cleanup tool yet to remove redundant items if the same password/website combination was used to update a Login item. We do plan to implement this tool in a future update but no ETA.

another issue - how to bulk convert http to https to get rid of warning for unsecured wesbites? I have 348 of them right now

There isn't any way to do this, we're going to add a button in a future update that lets 1Password check if https is accessible and update your website field for you but it'll be within the item itself, not a bulk function for all items. Bulk replacing all items with https:// wouldn't work, not all sites, sadly, works with https right now.

sach_nyc

1Password 7 on Windows doesn't have an automatic cleanup tool yet to remove redundant items if the same password/website combination was used to update a Login item. We do plan to implement this tool in a future update but no ETA.

Understood but why 1password is creating new entry for me with timestamp after I update old entry. see this for example: https://snag.gy/Hfdsnj.jpg

MikeT

Hi @sach_nyc,

How are you creating the new password?

Each time you use a new password via 1Password's Strong Password Generator (via 1Password mini), it'll create a new Password item separately as a safety measure. Imagine if you entered the new password into the website and 1Password doesn't prompt to update it, you'd later log in with the wrong password. This way, you can find the new password without being locked out.

They're not duplicates or have any connection between two items. The way the cleanup tool works is to make sure to remove a Password item only and only if its password and website fields are exactly the same of an existing Login item and in the same vault, the Password item will be moved to Trash.

sach_nyc

I am creating new password using your tool and then logging to website and changing password there. after that I get popup to update password which I do and then I see duplicate entry.

MikeT

Hi @sach_nyc,

Yep, that's all fine. It's not a duplicate item, they're two separate items with no connection to each other. 1Password is not aware that you were updating a password for a specific item, so it saves that new password as a separate item for you as a safety net.

That's where the automatic cleanup tool will help, it'll remove the redundant password items once the Login item is updated with the exact same password/website combination. This is coming later.

sach_nyc

what is way to update password without creating duplicate item?

MikeT

Hi @sach_nyc,

You're already doing the normal method, the other method is editing the Login item in the main 1Password app and click the password icon next to the password field to generate a new password. Save it and then copy it into the site to update it. 1Password will save the old password into the password history of that item.

sach_nyc

Save it and then copy it into the site to update it.

When i'll do above step and it will show update dialog, won't it create duplicate item again?

MikeT

Hi @sash_nyc,

It should not because you've already updated the password in the Login item, there's nothing to update.

The reason people don't use this method is because when you update the site's account password, the site often ask for the old password first before you enter new password. This is when you copy the old password from 1Password, paste it in, and then save the new password in the main 1Password program. It's more hassle than the first method.

My suggestion is to keep doing what you're doing, wait for us to add the redundant cleanup in the future instead.

sach_nyc

thanks. Two questions:
1. Is there a way to delete traces of 1password (like secret key) from a backup computer I used a week ago?
2. how to view secret text key for 2fa online so that I can back it up?

Greg

Hi @sach_nyc,

1. You can clean website data in the browser (clear cookies and everything) and delete your local database for 1Password. It should be located in: %LOCALAPPDATA%\1Password

2. Not sure I understood this part. Are you talking about a 2FA code for your 1Password account or a Secret Key? Please let us know.

Thanks! :+1:

Cheers,
Greg

sach_nyc

1. thanks
2. 2fa key which generates code

sach_nyc

3. My old laptop just came back from repair and I put my HDD and started it up. I fired up 1password to unlock my bitlocker drives. but 1password fails to login. i get red password incorrect but I can login 1password.com using same password. any ideas what magic is going on here?

bundtkate

@sach_nyc: Your 2FA secret will be visible when you edit the item in question and select the custom field created for your OTP, assuming you saved this secret in 1Password. As for your password troubles, have you made any changes to your 1Password account since you sent that laptop off for service? 1Password doesn't truly sync your Master Password, so if you did change it between then and now, you'll need to unlock with your old Master Password, then update that app with the new one. You'll see a red error banner after unlocking that you can click to complete that update. :+1:

sach_nyc

1. No I did not save 2fa secret in 1password. i have a print copy but now I want to save it in 1password too as text key. how do I do that?

2. I logged in using old password and now it unlocks and asks me to relogin. what happened to old 1password db? is it still in my computer as it is using old password..how to delete it permanently from your system and my computer?

Greg

Hi @sach_nyc,

Am I right to understand that you made a screenshot of a QR code from step 4 here and printed it out? Please confirm.

As for your second question, if you changed the Master Password for your 1Password account while your old laptop was in repair, you'll need to finish changing your password in 1Password 7 app on your old laptop. Open and unlock 1Password using your old Master Password, click the red authentication error banner, and sign in with your new Master Password. After that 1Password will update the Master Password in the local database. We have this information available in our knowledge base here and have plans to improve this behaviour in the future updates.

Please let me know if it clarifies the confusion. Thank you!

Cheers,
Greg

sach_nyc

Am I right to understand that you made a screenshot of a QR code from step 4 here and printed it out? Please confirm.

yes

MikeT

Hi @sach_nyc,

The easiest way to do that is to have 1Password scan the same barcode from 1Password.com website, 1Password will decode it into text for you.

To do this;

1. Sign in to your 1Password account on https://my.1Password.com and click on your account name on top right to select Get the apps
2. You'll see the barcode in step 2, keep this visible on your screen.
3. Edit the Login item for your 1Password account to add a custom field, select One-Time Password and then click the camera icon to select From my screen, and your QR barcode will be decoded into text inside that custom field.

Note that we do not recommend that you use 1Password as your authenticator for your 1Password account. The reason is that when you set up 1Password on a new device, you will need to authenticate your account but without another 1Password app, you may lock yourself out.

sach_nyc

thanks. I tried this. I get "unsupported QR code" error. any ideas?

MikeT

Hi @sach_nyc,

That's odd, we've never had anything like that error before. Just to be clear, you have the barcode fully visible on your screen when you asked 1Password to scan your screen? It cannot be hidden behind any window.

I just tested this on several accounts, I can't reproduce that error.

This is what you see at the end, right: