"reused password" alert won't let me login to apps, never seen this before

Latest app (7.2.5) alert popped up and saw my two backup drives on my iMac and asked me if I wanted to update and I said yes but it wanted me to trash my backup copies (b/u HD & stick) which I did. The red banner "Reused password" appeared and I failed all login attempts. I rebooted but nothing works and I can't login to my bank... nothing. I seem to be able to login to 1Password but but it doesn't fill in the PSW when I click the 'Fill' button. Please help


1Password Version: 7.2.5
Extension Version: 70205002
OS Version: 10.13.6
Sync Type: Not Provided
Referrer: forum-search:"reused password" alert won't let me login to apps, never seen this before

Comments

  • ag_anaag_ana

    Team Member

    Hi @frosty52!

    The red banner "Reused password" appeared and I failed all login attempts.

    I don't think this warning has anything to do with filling, I think the issue is rather related to something else you mentioned in your post:

    I seem to be able to login to 1Password but but it doesn't fill in the PSW when I click the 'Fill' button.

    I think this is the real issue. My first question to you is: is your 1Password browser extension installed?

  • I've been using 1Password for a couple of years successfully so unless the new version removed the previous extension (did it?) I not sure how it happened. But I will check. Thx

  • Reinstalled newly downloaded copy of 7.2.5, it installed ok but gives same symptoms... won't fill password.

  • BenBen AWS Team

    Team Member
    edited April 2

    @frosty52

    Which web browser are you using? If you're using Safari, have you tried restarting the Mac?

    Ben

  • Latest Safari Version 12.1 (13607.1.40.1.5). First thing I tried was reboot. Reinstalled newly downloaded copy of 7.2.5, Rebooted and it installed ok but gives same symptoms... won't fill password. Apparently, the browser extension is loaded from Safari if I understood correctly. No difference. Everything seemed to work the other day until I installed 7.2.5 when I was prompted.

  • BenBen AWS Team

    Team Member

    Please look in Safari > Preferences > Extensions and click on 1Password if you see it listed. Could you please post a screenshot of what you see there? It should look like this:

    ▷ How to take a screenshot

    Ben

  • I took a screen shot below (.png)

  • BenBen AWS Team

    Team Member

    @frosty52

    That image doesn't seem to open for me... are you able to open it? Could you please try again?

    Ben

  • the screen shot really didn't want to send the image when I dragged it over the box and dropped it only the URL came up. i'll try again...
    Tried both 'DnD' and 'Choose File' technique but both yielded the same.


  • Is it normal for the image to show up only after Comment is Posted ?

  • BenBen AWS Team

    Team Member
    edited April 2

    The screenshot worked that time around, thanks. That is helpful. Are you having trouble with all websites, or just the bank that you mentioned in your original post? If just the bank... could you please post the URL to their login page?

    Ben

  • https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go?msg=InvalidCredentialsExceptionV2&request_locale=en_us&lpOlbResetErrorCounter=0

    Some other accounts seem to be working, others require that i manually copy and paste PSW (BofA).

  • brentybrenty

    Team Member

    @frosty52: Ah! It's been quiet for a while -- perhaps too quiet -- but it looks like they changed their website again.

    What's happening there is that they block the "passcode" field completely until after the username field is filled. So 1Password quite literally isn't able to fill both at once. If you press ⌘ \ a second time though it should work. I don't know why they like doing this stuff, but we'll see if we can find some way to work around it in the future. I hope this helps! :)

    ref: xplatform/filling-issues#364

  • I always ensure the user name is there before I try filling the password. The command forward slash sometimes puts the username in and sometimes the password so that makes it a little trickier since it's not visible. I will try your idea and see what happens.

  • ag_anaag_ana

    Team Member

    Thank you @frosty52! Please keep us posted :)

  • clicking on 'Fill" still doesn't work on Bank of America website...

  • Affirmative. Did you see my response ?

  • ag_anaag_ana

    Team Member

    @frosty52 I believe Brenty asked you if you could try pressing Cmd+\ two times, while you mentioned clicking on Fill just once. What happens if you try pressing Cmd+\ twice, once for the username and once for the password field?

  • brentybrenty

    Team Member
    edited April 6

    @frosty52: Indeed, you responded,

    clicking on 'Fill" still doesn't work on Bank of America website...

    But I didn't suggest clicking. That's why I was curious if you tried what I suggested, since using the keyboard shortcut seems to work here. Let me know. :)

  • Yes, I tried exactly as you described. When I CMD+\twice sometimes it would toggle between ID and password and sometimes process would work. Sometimes it would only insert ID in ID space and password space. Since insertion entry was not visible by myself I could not tell whether entry was ID or password. The only work around I've found now is CMD+ \ to enter ID then do a copy and paste of password after I've opened 1Password using my master password. Interestingly, nothing works with initial login screen. After initial screen fails it sends me to another backup login screen that says you incorrectly entered something. Only on this screen will the CMS+\ work. Many other non B of A screens unlock ok but I never know for sure til I try. I'm trying to eliminate duplicate/weak/compromised passwords so I have to log on to about 150 sites to change the passwords and it's quite a chore. i do appreciate your help, i'm just swamped.

  • Hi @frosty52,

    So I tested both Vivaldi and Safari for good measure using the URL https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go (I removed the parameters relating to a failed sign-in attempt) and I'm afraid only experienced consistent results. About the only thing I can think to suggest is to see if you still see inconsistent behaviour if you create an entirely new Login item using the steps detailed on our support page How to save a Login manually in your browser as that is what I had to do prior to my testing.

    What I really dislike about this approach is that page allows anybody to test to see if a username is valid or not and that just feels wrong from a security angle.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file