Trouble changing passwords

Thank you to Tertius3 for chiming in.

I have used 1P since 2009. The change password function worked pretty well for most of that time. However, during the last year it has become extremely difficult. Sometimes it works, but at least half the time it results in a large amount of rework, including additional password resets with websites.

It is a fact that when you create a new password, it you don't save it temporarily somewhere, you are asking for a good chance of quite a bit of additional rework. The fact that I have a listing of passwords, including the current one and the new one, available in a separate text editor has saved me countless episodes of frustration.

The automated support from 1P should just work. It doesn't.

Here are things that need to be improved:
- the password history function. Used to be great. Now it is useless.
- the confusing UI where you get multiple popups, some covering others, and you never know whether to click Save, or something else. The fact that Kevin.li gives a workaround demonstrates somewhat the issues.

Hope this helps.

These are some great suggestions Former Member !
Thanks for taking the time to share your thoughts and feedback on this. I will forward it to the team.

I can relate to every word from jasimon9. He described the issues very good. I don't have such issues with every password change, but from time to time. The changing of a password is the most fragile workflow you find in 1Password.

The main issue for me is that you have to change the password in 1Password before you actually change it on the website. If the website rejects the new password, you're often thrown back and need to enter the old password again, which can then only be found in the history, which gets real tedious, as soon as the password is rejected multiple times: which of the last passwords was the real old one? The last one? The next to last one? Or even the third? The history starts to get cluttered with passwords that were never active. It's also not clear if you will really get a valid new password according to the policy of the website, because you never see the new password. You cannot validate the password manually. I also tend to use a copy via clipboard to some notepad to "see" the new password. Which is a security risk of course. 1Password doesn't support me here good enough.

I recommend an update workflow in two steps. Instead of directly saving a new password, I propose the new password is saved to a temporary area, if I click on "save Login". Then I update the password on the website. I may need multiple loops until a new password is accepted. After the new password is actually accepted on the website, I click on a "commit password" function and commit the temporary area to the real password entry. If I abort the password changing, I do nothing or use some "abort password change" function to clear the temporary area.

An alternative to this could be "rollback password" function that pulls the last password from the history if the last change was only a few seconds ago and inserts it again as current password. I would use this to restore the password entry to the start, if a password was rejected and I have to do it all again. This should throw away and destroy the rejected password from the entry, which makes sense, because it was never active.

Hi jasimon9. I appreciate the steps you shared. That's super helpful.

I can see that step 4 is where our issue lies. When you mentioned the "Password is changed", does it mean you clicked the Save button for the new password on the website? However, the password is not changed yet for the saved item in 1Password. Using the Password Generator will not directly update the saved item.

We will need to update the saved item's password by editing it. Let's try the following steps to see if it would help with the process:

1. Go to the password-changing page.
2. Copy the new password from Password Generator.
3. 
4. Paste it into the password-changing page and save it.
5. Search the saved item in 1Password. Edit it and paste the new password into the password field. Save the item.
6. Go to the login page and test it with the updated-saved item.

In addition, if you are using the Autofill button in step 2 above. 1Password will autofill the new password to both fields and will prompt you with an update password window as demonstrated below:
-

I hope my suggestion above will help you with the password-changing process.

Seems almost every time I try to change a password over the last several months, it goes wrong.

Just today:
1. Need to change a password.
2. Get new password from password generator.
3. Fill in the new password (but did not save it to an editor).
4. Password is changed.
5. I have no idea what the password is--the login in 1P has the old password.
6. So I have to do a pw reset

I long ago adopted the policy of copying newly generated passwords into an editor, to prevent this problem. I hate doing it, but it is the only way to avoid the problems of losing the new password. I also hate having to copy the password.

This did not used to happen. 1P automatically changed the password. But it no longer works for me.

Unfortunately, I did not capture screen shots in advance. But for the umpteenth time I have to do an extra password reset.

I do appreciate the feedback and input here jasimon9 , we always strive to improve 1Password and make it more helpful/useable.

I would like to separate between feedback and actual issues that are occuring, so if something is not working we would love to dive into it and improve things.

If/when you encounter a website where you can provide us with a step-by-step to reproduce it (or record a video of what exactly goes wrong and where), we'll be happy to investigate it with you. We can do that here publicly, or, if your screenshots/videos contain personal information, we can do it privately via email so always feel free to email us to mailto:support+x@1password.com and we'll dive right into it.

Thanks for investing the time and effort here, it is very appreciated :+1:

I understand that from your point of view it is working as designed. But for me, I normally have to take a lot of extra steps, including frequent "forgot my password" with websites. Plus saving the password temporarily in textedit. Wish it was not so.

Yes, the generation history could be helpful, but as I am pointing out in a separate question, that has gone missing in a lot of cases.

Clearly discussing this back and forth is getting nowhere. I will have to carve out some time where I can take detailed notes and screen shots to show you what I go through.

Hey jasimon9 ,

I don't quite understand what the issue is with the example scenario and screenshot you provided. 1Password seems to be working correctly and doing its job here.

If you sign up to a new website, 1Password will suggest a new password for you to sign up with. When you select that new password, it will trigger the save prompt and save the entire page for you (including the username and any other field that is filled), creating a new working login for you to use the next time you try to log into the website.

You are not supposed to know or remember what the new password is because that's not interesting. That's not important. That is why 1Password was invented.
Using the clipboard is not a great security practice and is one we try to avoid. The clipboard is not a secure space to store passwords in (even if only for a moment), so 1Password bypasses all that and saves what you need for you.

If you ever find yourself in a situation where you did not save the password for some reason, you can still recover it in the generator's history as I mentioned in my previous reply. You will never be locked out of your account or lost without the password that you autofilled, we have failsafes that prevents it such as the generator's history.

Another scenario: an issue that I was experiencing before is that if you click Save in 1P, it saves a different pw than the suggested one. So now you have put the suggested pw into the website, and saved a different one in 1P. Again, rework required with the website to request another pw reset.

That scenario is not possible unless the website does some javascript voodoo magic in the password field that changes the input you type in it.

If the password field is empty and you click the "Save in 1Password" button, 1Password will show the save prompt and will have an empty password field in the new login item you create. If there was already something typed into the password field and you click on "Save in 1Password" (but you do NOT click on the suggested password), then 1Password will save whatever is typed into that field.

The biggest point of interest here is that the "Save in 1Password" button and the strong suggested password are two separate functions that do different things, do not expect them to perform the same action. The Save in 1Password button will save whatever is filled into the fields already but will not add anything new to any field - it will not fill the suggested password it shows you. The strong suggested password option will overwrite whatever is in the password field and will autofill it with the new suggested password it showed you, then trigger the save prompt with that new password in it.

I hope that clarifies things a bit better. If you encounter a website that is publicly accessible where you can reproduce a specific scenario where you're having troubles, please provide us the link here with an exact step-by-step description of your actions and clicks so that we can replicate it and follow up on it. :
As I mentioned previously, you can use this website to do some testing: https://fill.dev/form/registration-simple

Here is yet another failing scenario: setting up a new user in postfix.

1. when password field is arrived at, 1P suggests a password.
2. If that is clicked on, the password fields are filled and a popup appears to update the postfix password. If you are not careful, you will update the postfix password. You don't want this to happen because you are not changing the postfix password so you have to be careful to click Cancel.
3. Now the password is filled, but one does not know what it is. Previously whenever 1P filled, it would copy the newly generated pw to the clipboard. This no longer happens. So now you have a newly generated password that you don't have any information on.

Bottom line, 1P is getting in the way here, and not helping. The only solution for such a case is to ignore 1P. Generate a pw separately and save it in an editor and use it, and later update 1P with that pw. Lot's of extra steps. Don't either click on the suggested pw or the Save to 1P. Both of those will trigger a lot of rework.

Another scenario: an issue that I was experiencing before is that if you click Save in 1P, it saves a different pw than the suggested one. So now you have put the suggested pw into the website, and saved a different one in 1P. Again, rework required with the website to request another pw reset.

All of these mean that 1P pw set and change features have changed from a tools that just worked, to one that should be ignored,

Hey jasimon9 ,

You can test things on our test website: https://fill.dev/form/registration-simple

The "Save in 1Password" button will save all fields that were filled on the page as they are. If some fields are still empty, don't click the "Save in 1Password" button yet. Only click that button when all required fields are filled in.

If you click the suggested password that 1Password offers, it will automatically tigger the save prompt so you can save that new password and won't lose it, but if you prefer to type in your own password and click the "Save in 1Password" button, make sure to click that button only when you're done filling all the fields on the page.