Account versus Login managemetn

That "tap 'search vault'" must be on an app implementation. I get no option of any kind doing that in Chrome which is where most of the accessing of "new" work servers would be performed. Unless I'm missing something there's no particular advantage to having 1Password since I have to type the credentials manually. That also means I can't really use the password generator to generate a truly obscure password since I have to be able to type it manually.

I will give this another try once I'm on my work machine. I specifically tried drag and drop when in the chrome browser and nothing appeared to move between the mini window and no credentials populated. I did that before I wrote this case.

As I said there are really two parts to this - the credential management part and the browser presentation part. It sound like what we are discussing is more the browser presentation part.

I still would be concerned if by using drag-and-drop I was creating many entries with that common password that would have to be changed separately when my passwords rotate. The indirect reference (pointing to a credential instead of recording the credential) for an entry is really still a feature I think addresses several issues.

Again look at the lifecycle. If I drag and drop 100 servers over the course of a 90 day password cycle do I really want to cycle through 100 entries to update the password? (Especially since I might only log into 50 of those next cycle and add 50 more). If I have the indirect reference to the credential I have to change the password exactly once per cycle. Then it doesn't matter how may servers I've connected to or how I populated the login entry (drag and drop, credential select, typing the password).

I think I have confirmed all these behaviors. I'm in Windows 10, Chrome 100.0.4896.88, Chrome plugin version 2.3.2.

I can find no "Drag and Drop" in the Windows/Chrome implementation that would allow me to re-use a credential set. The closest I can find is to select an account and click copy on the name in the plugin and then paste it into the box. Repeat for the password. That copy is only of value in the case of an difficult to type generated password.

More importantly when a new server is logged into it creates a separate entry for that server/url/username/password combination. When I log into another server it creates another separate entry with a different URL but duplicate credentials. This can be inspected by editing the login in the main app. In this case the credentials were identical not because of password re-use, but because the server authenticated against a domain server which has the single identity and is authenticating both servers with the same credentials.

I then changed the password on the domain side. Of course I expect 1Password to have the incorrect password at this point. As an exercise I changed one of the entries to the correct new password. This entry works. The remaining entries which were created with the previous password still contain the previous password.

This emphasizes the need for the indirect reference to the credentials. I should be able to POINT to a credential set in 1Password and maintain the username and password in that single item. I actually work with multiple domains but as long as the "login" points to a credential there's no reason why this wouldn't scale.

I also think the proposed "account" vault item could be rendered in the GUI components that way separately from a login. A login carries an implicit URL in the 1Password implementation which is why new servers show "No items to show". The GUI could offer Accounts separately from "logins" (and probably with logins prioritized higher on the list) such that if an account is used to fill the username/password boxes the login entry automatically gets created with the indirect reference to the selected "account".

Well I could have sworn I tried that specific drag and drop yesterday with no action but it worked this morning. This is the copy I mentioned as being useful only really with a generated password. Otherwise it's slower to use 1Password than to just type the password. Since this particular account also unlocks my laptop I haven't gone in on password generation yet.

With respect to the multiple servers, what you suggest would require that I prepare all possible access points ahead of time. I certainly don't get an option when a new server gets presented to use an existing credential. All I get is the "No items to show".

I have literally thousands of servers and applications that can use my domain ID. While I have experimented with only application logins I haven't got to the point of trying with ssh (which obviously wouldn't use the chrome plugin). Those other types of logins aren't going to have the "url" that the application does - it will almost certainly get anther type of entry if the two entries 1Password created for my Bank of America credentials is an indication.

So yes, I think I would like to dig in further. I'm using this corporately and personally (I just accidentally mixed vaults doing the test).