Cannot modify suggested password; changed passwords not saved
When I first installed 1P worked like this on a new site: It would record my username and offer a password but I had access to a password generator where I could change the length, include special characters or not, choose to use random word groups. Now none of that works. Now it works like this: if the username is on one screen and the password field on another it does not retain the username. This is not optimal but not terrible as I can click on that field and edit. But the new password handling is horrific. Just today I had to create a password for a new site. 1P suggested a password that was 1) too long and 2) contained a special character that wasn't allowed. There is no opportunity to change that password. So I save the "bad" pw and changed the pw to something that would work (I simply used the view option provided by the site to see the pw, deleted some characters and the offending special character and I had an acceptable pw. 1P did not change that password. What it did was create a second entry with a completely new password. So now for some reason I had two entries for the same site, one without an id and with the original password created by 1P and a second entry with a username and a completely different password I had never seen. I had written down the correct password so tried to logon and change the password that 1P filled to the correct password. I assumed 1P would ask me if I wanted to save the changed pw. It didn't, 1P just ignored the pw change as I was logged in.
What did I do? I logged into 1Password.com and went to the vault. I edited the entry without an id and added my username and fixed the password and then I deleted the second entry. It is now working fine.
But this is unacceptable. Why can I not have some level of control over the creation of the password? Why is it ignoring password changes? Why does 1P seem to create new logins for the same sites over and over again?
I have a family plan and as an aside I can not give access to anyone else because no one needs to deal with this foolishness. So now it's just me but I'm thinking of looking at other solutions because 1Password is now worse than when I initially bought it. And that's never good.
1Password Version: 7.7.810
Extension Version: 2.05
OS Version: windows 10
Comments
-
Hi @rhussey993, thanks for raising this issue. I'm sorry to hear you've gone through what sounds like a really frustrating experience with that password setup.
I hope I can offer some suggestions on how to handle this kind of issue going forward, and explain a little of how 1Password in your browser deals with filling and password generation too.
First, you do still have access to a password generator. It doesn't show up within a website's username / password field itself, but if you click on the 1Password icon in your browser's toolbar, then the + sign and Password Generator, you can custom-make a password there to fit the website's specific requirements. You would then copy / paste that over to the password field in the website, and choose "Save" in 1Password's inline menu. I understand that soon the password generator will be front and center in the browser extension as well, so it will just be one click to get to it.
Of course, we don't even want that to be necessary most of the time. 1Password does its best to pull as much information as it can from the website, so that the auto-generated password it provides fits the website's requirements without you having to do anything. It works most of the time, but sometimes it does miss the mark. That's why we try to make using the password generator in 1Password for your browser as accessible as possible.
I should say that putting the password generator directly into the suggested inline menu within the website itself is something we'd consider. I can't speak to what features might come in future versions of 1Password, but it's really not out of the question. Thanks for letting us know that you'd like to see that option - we act on feedback from customers all the time.
Why is it ignoring password changes?
I'm not sure why that would be happening, but I'm happy to investigate that issue if you're able to reproduce it. We of course want to make sure the passwords "stick" properly once you've changed them! If you'd like to follow up on this, send us a message at support+windows@1password.com and we'll dig into it for you.
Why does 1P seem to create new logins for the same sites over and over again?
This shouldn't happen often, but it can occur from time to time when the URL an organization uses for creating your account is different from what you use to sign in once your account is established. Example: sometimes an insurance company might have you sign up at <biginsurancecompany.com>, but then afterwards they might have you manage your user account at some other domain they own, like <otherinsurancesubsidiary.com>.
There isn't that much 1Password can do about this, because for security purposes it's really really important that 1Password fill your passwords only when they match up with an exact domain you've approved - not some other one that's kind of like it. If we ever opened the door to 1Password making judgment calls about whether a website is "probably" the one you intend, attackers would be able to exploit that with dummy domains in ways that would ... well, it'd be bad.
In any case, our goal is to make dealing with this kind of thing easier with time. We're open to any suggestions for improvement and don't mind being challenged to make things better. Thanks for letting us know about how this went, and again my apologies that things got so tangled.
0 -
Oh, I wanted to mention one more thing too: if you get into a situation where you've created a password with the password generator but something has gone awry and it maybe hasn't saved in 1Password properly, you can go to 1Password in your browser, the + symbol, then password generator > generator history to see everything the generator has created. I hope that's handy!
0
