Problems with password updates

I've been going through my Watchtower list to strengthen my passwords. This involves a lot of "current password, new password, confirm new password" fields. Unfortunately, 1password X has been a bit frustrating on these fields.

  1. It often does fine with entering current password
  2. Then I click on the new password field, I choose a generated password, and it enters the generated password in the new password field, which is great, but also overwrites what was entered in the 'current password' field, and leaves the 'confirm new password' field blank.
  3. It now asks to save my new password, which if I do, I will have to go to my 1password history to find what to re-enter on the "current password" field that was mistakenly overwritten in step 2.
  4. Instead I will cancel the whole thing, manually copy my current password from 1password, generate a new password and save it, then paste the old password from clipboard.

Ideally, the password generator would be better about not overwriting the 'current password' field, and would enter the generated password into both 'new password' and 'confirm new password' fields.

For an example site that has this behavior, you can test it out on icloud.com

Thanks!


1Password Version: Not Provided
Extension Version: 1.9.2
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @twonine: You're absolutely right. 1Password should be smarter about this. I was trying to test your example though, and I'm not seeing anywhere on icloud.com to do a password change. Can you give me the URL? I keep getting redirected to apple.com, and I'm not having any trouble using 1Password X to fill the current password and a new one there, in both fields. Thanks in advance!

  • twonine
    twonine
    Community Member

    Sorry for the delay...here is the password change page:
    https://appleid.apple.com/account/manage

    For further info, I see this issue on my Linux box at work:
    Chrome Version 63.0.3239.108 (Official Build) (64-bit)
    Centos Linux 7.3.1611 (Core)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @twonine: No worries! Thank you! I think that may explain why we're having a different experience. That's where I ended up as well, and I was able to have 1Password fill both old and new passwords there. I thought maybe there was an icloud.com URL I was missing somehow. But you have a really, really outdated version — last year — of Chrome installed. We just don't test with that. Please install the latest version — 67 as I write this — and let me know if you have better success there:

    https://google.com/chrome/

    It's certainly possible that there's some difference with CentOS that I'm not aware of, but the browser is the best place to start.

  • TheHooond
    TheHooond
    Community Member

    Hi,

    I came to post about this issue but found this thread first so will add here.

    I am doing a lot of user/pass remediation with Watchtower and encountering the same issue, repeatedly across different sites.

    Step 1. Go to site in question.

    Step 2. Login to site and find the change password form.

    Step 3. Use 1Password to enter current password again (typically asked for before making a change).

    Step 4. Click the 1Password icon in the first (usually of two) "enter new password" fields.

    Step 4. This is where the first part of the problem occurs - using 1Password's "use suggested password", it adds the strong password to the both "new" password fields, but also adds the new password to the "current password" field and;

    Step 5. Suggests adding the new password as a new Login. I need to select ... and choose to update the existing 1Password entry, but then;

    Step 6. When I do this it overwrites the current password entry again, creating a loop.

    This is all proving incredibly frustrating.

    It's compounded by all the different sites that still have archaic password rules, that force me to use the 1Password Windows desktop app to change the password generator rules (typically to reduce to 16 char and/or remove symbols). This means I have to copy/paste into the site password field and again into the 1Password record. Not the efficiency gain I'd hoped for when coming across from Lastpass.

    I came across from Lastpass recently, for some valid reasons, but this is giving me a bit of buyer's remorse I have to admit. Their password generator just works.

    Am I doing something wrong when trying to change the password? Please advise if there's a tweak I can use to avoid this issue.

    Regards.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @TheHooond: I don't think you're doing anything wrong. It depends entirely on the website. Not only do they often have strange and different requirements, as you mentioned, they're coded differently. For example, typically what I see is the following layout: Old Password, New Password, Confirm Password. As a user, that's not so bad, but these fields are typically named different things, both for display and under the hood (which is the part 1Password often needs to rely on, since the page may show images instead of text for the names, etc.) But I've seen many other variations too: New Password, Confirm Password, Old Password; Old Password, New Password; old and new passwords broken up across multiple pages, etc. There is no one-size-fits-all solution, either for generating passwords or filling on password change pages, but if you'll tell us the URLs where you're having trouble we'll be happy to look into it. There just isn't much we can do to address site-specific issues without knowing the specifics of the site.

  • Hello @TheHooond,

    I'm sorry for the trouble. As @brenty mentioned we'll happily look at any website URLs you share and see what we can do to make things better. We found an issue recently that has just been fixed locally on our machine and will make it's way to the official release soon. Still, please do share the URLs so we can make sure our fix works well there.

    One thing I wanted to mention was you are not required to switch to 1Password for Windows to customize your generated password when the default format isn't accepted by the site. You can access the full Password Generator from the toolbar popup:

    You can fill directly from there or copy the password and paste manually. That will at least save you a couple of steps.

    I hope that helps. Take care and please do let us know a few of those URLs that gave you troubles.

    ++dave;

  • tqla
    tqla
    Community Member

    Same problem here. Since v1.12 it overwrites the current-password-field when I use the Password Generator to set a new password. It happens on all sites I have tested (20+).

    @dteare I hope you release the fix soon!

  • Thanks for the update! I almost included the fix in 1.12 but the team wouldn’t let me. 🙂 Something about following the process I helped define and never including last minute changes in an Release Candidate. I hate it when they repeat what I say back to me. 😂

    We’ll have a new 1.13 beta out soon. Hopefully by Monday afternoon. Please give that a go and let me know how it turns out.

    Thanks!

    ++dave;

  • tqla
    tqla
    Community Member

    You are surrounded by a good team :)

    I just tried 1.13 and password changes work way better now!

  • AGAlumB
    AGAlumB
    1Password Alumni

    You are surrounded by a good team :)

    @tqla: Dave's no slouch either, but it's good to have checks and balances. Dave is often mine. ;) Everybody wins! :lol:

    I just tried 1.13 and password changes work way better now!

    Awesome! Thanks for giving it a try and letting us know. Hopefully we'll have that available as a new stable release for everyone before long too...and given that the 1Password X team is firing on all cylinders that could be any minute now! :sunglasses: :+1:

This discussion has been closed.