incorrectly showing duplicate password warning

2»

Comments

  • Lars
    Lars
    1Password Alumni

    @Michael Mercurio - 7.2.2.BETA-4 should have solved the issue for you of generated password items being flagged as duplicates if you have a saved Login item with the same URL and password. Are you certain they match? If the generated password item has no URL in it, that will be the cause of it: you'd need to either delete the password item entirely or (if you don't want to do that), add the same sign-in URL that exists in the Login item, then it should no longer be flagged.

  • Full Score
    Full Score
    Community Member

    As far as I can determine, the finished 7.2.2 still doesn't give the user the choice of switching off the ridiculously Reused Password red warnings. I positively hate the direction in which 1Password is travelling. Agilebits knows what's best for us, therefore take it or leave it. Well, that's not a choice I want to make after all these years; however.......

  • Full Score
    Full Score
    Community Member

    Additionally, in 7.2.2 they have changed the way Cmd-Opt-\ works. I like to keep the main app open on a 2nd monitor, and have the search box automatically open on my 1st monitor when I press the above key combination. It will open on the 2nd monitor, but, if I move the Search box to the 1st monitor, it won't open. Likewise, choosing an URL in the Search box no longer opens it in Safari.

    Have some preferences changed? 7.2.1 and before has worked perfectly.

  • Full Score
    Full Score
    Community Member

    Allow me to correct my last post. I have uninstalled my 7.2.2 version, reverted to 7.2.1, and then used the 7.2.2.pkg found on MacUpdate to re-install a clean version of 7.2.2 rather than rely on the built-in installer. It now works as it should.

    However, the changes that have been made to the Reused Password red warnings are fairly insignificant. I would still like the ability to switch them off completely as has been mentioned in many posts.

  • Lars
    Lars
    1Password Alumni

    @Full Score - glad to hear you got things working as intended in 7.2.2 after re-installation. :)

  • gct3o
    gct3o
    Community Member

    Just starting to use 1Password 7, and I am having the typical annoyances with the changes to the app. The biggest on so far is similar but different problem to what I have read in earlier posts in this conversation.

    So here is an example of what I am running into.

    I have an account on Office365 and 1Password created a Login item for me when I logged into the site.

    Then at a time a few days later Microsoft brought me to a login portal with a different URL that required the same credentials. So 1Password prompted me to create a new login item, which of course has a duplicate password.

    I also use the same credentials to login to my email account for Office365 on my Mac. So I created a 1Password Email account item to hold the details of this account including passwords.

    As a result I now have three entries in 1Password with the same password and I get the duplicate password warning.

    Now I can combine the two logins by lumping the URL's together into a single item; however, I am uncertain how the 1Password Extension will deal with this since it seems to behave differently now and I have not gotten used to the new behaviors. In addition without a great deal of work I can't merge the Email item and Login item to completely get rid of the warning.

    I have many cases of this occurring and need to do the leg work to make sure the duplicates are justified, and combine multiple logins when acceptable. In our current era of cyber threats managing a password database has taken on increased importance so perhaps we could eventually get some tools to connect multiple 1Password items(email, login, etc) to the same set of credentials. Understand this may be problematic. Just a thought.

  • Lars
    Lars
    1Password Alumni

    @gct3o - i'm sorry for the trouble.

    Then at a time a few days later Microsoft brought me to a login portal with a different URL that required the same credentials. So 1Password prompted me to create a new login item, which of course has a duplicate password.

    That can be tricky, but it's not impossible to solve. Creating a new login gives you a duplicated password warning on both, not to mention giving you two items instead of just one. If you don't mind not being able to double-click the item within 1Password itself to launch it, then the solution for this one is to edit the first item and add the second sign-in URL as a second website, so that 1Password will a) offer this record whether you're visiting Office365 or the second URL, and b) you won't have two very-similar items with a re-used password warning on both.

    The email account issue is one that persists, unfortunately. We want people to be able to see where they've re-used passwords, and although this is a "proper" re-use case, there's really no way for 1Password to "know" that. We could potentially hard-code in exceptions that would bypass the warning banner rule, but then we'd be at risk of doing so in the wrong circumstances sometimes, which would defeat the entire point of the warnings themselves. There's also a very broad range of users to consider, from complete newbies to long-time power users. Each will want a different set of abilities, rules, assumptions and features from 1Password, and, while none of them are wrong to want something that works for them, we obviously can't make 1Password all things to all people. And yet all users, regardless of skill level, deserve good security. That's the "side" we'll come down on, in the end -- so, we're looking at ways to make some of the changes you're suggesting, to allow more-sophisticated users the ability to link items or bypass/suppress warnings while at the same time not allowing less-sophisticated users to inadvertently turn off or defeat protections they think are still working. I don't have anything new to announce on this score just now, but we are always looking to iterate as we move forward. But I do want to thank you for clearly and respectfully articulate this issue. We're definitely aware of it, and we appreciate the perspective from you and everyone else who's taken the time to share their thoughts and use-cases regarding it. :)

  • gct3o
    gct3o
    Community Member

    I have used this app for many years now, and I have gotten my family and a few friends to use it as well so I am all in, and happy to contribute. The forums can help add perspective when we run into an issue.
    In instances like mine the warnings can be “unnerving” when a user believes they are doing everything correctly; however, I believe that the warning is also highlighting an issue we all face with the current security system. The sites we all use force us to re-use passwords and every instance of forced reuse is likely to weaken the security of the over all service.
    Thanks for listening!

  • Lars
    Lars
    1Password Alumni

    @gct3o - you're quite welcome, and thanks to YOU for taking the time to let us know what's going on with your set up.

  • gct3o
    gct3o
    Community Member

    As I sort through the duplicate passwords I have for logins, email accounts and the like I have started simply using "SEE WEBSITE LOGIN" in the password field on these duplicate, but necessary accounts. The login fields that are linked to website accounts appear to me to be the most important ones to have these passwords included so they can autofill. The other items like email accounts can simply point to the login rather than actually containing the password. This gets rid of the warning messages.
    Perhaps in the future we might have the ability to link the password fields or items themselves together. So for example the password field in the email account would actually be a link to the password field in the login account. Of course this may not really be effective for all users.
    Just a thought I would let folks know how I am currently addressing this.

  • Lars
    Lars
    1Password Alumni

    @gct3o - thanks for the update! Indeed, what works for you may not make sense for other users, which is why we have to take care to consider as many use-cases as possible when we roll out new features or even modifications to existing ones. What you've identified is indeed one of the areas we're looking to make more streamlined and user-friendly.

  • arcanjo
    arcanjo
    Community Member

    I'm having the same situation:

    • I go to a website on Chrome
    • I create an account
    • I use the generate password function from the google chrome extension
    • The app asks me to save the login.
    • I click save the new login

    Result: I end up with 2 items on my 1Password account: 1 is the account itself and 1 is the password generated automatically. I don't know if I'm doing it wrong or I'm missing something, but it seems awkward to me.

  • Lars
    Lars
    1Password Alumni

    @arcanjo - I'm not quite sure what's going on either, as 1Password should observe that the password and the URL match the one you saved as a Password item, and remove the existing password item when you save it as a Login item. Are you using an older version of either 1Password, the 1Password extension, or Google Chrome?

  • gct3o
    gct3o
    Community Member

    I have experienced similar issues and I believe it occurs when instead of letting the password generator auto fill the new password field I copy the password and paste it into the new password field and then after completing the new user info I click submit. Perhaps when the site has a non-typical login page format too. For example username is entered then a button is pushed and a password is entered then a button push then a question or two-factor response is requested, ... .

    I can’t think of anyway to test this at the moment. But I have had it happen to me enough that I watch out for it. We actually use Watchtower to help me ID these cases so I can fix them if they occur.

  • Lars
    Lars
    1Password Alumni

    @gct3o - thanks for the perspective. I'd need specific steps from @arcanjo, as this isn't something we see happening here.

This discussion has been closed.