password generator in 7.3

2

Comments

  • Hello Brenty,

    Thank you for your reply. So far I like 1Password X very well. I will deal with my modest knowledge of it. It is very appealing and interesting to work with the new look.
     They put a photograph of a password manager in another version with explanations of the debate that I have never seen before.
    Can you please tell me where to find this password manager in this version?

    Thank you.

    Greetings from Gruber Johann

  • BenBen AWS Team

    Team Member

    @rb9

    The words based recipe is still available. I'm not entirely sure I understand your feedback here?

    Ben

  • BenBen AWS Team

    Team Member

    @Johann_Gruber

    Are you referring to the screenshot Brenty posted in this message? https://discussions.agilebits.com/discussion/comment/508497/#Comment_508497

    If so, that is 1Password for Mac (which is the primary subject of this thread), not 1Password X.

    Ben

  • rb9rb9

    Ben, I was maligning the developers. On closer inspection I found the option "memorable passwords", and that does just what I need! It just wasn't obvious at first sight that it was there. Objections withdrawn!

  • Hello Ben,

    Yes, exactly this Screenshot I mean. Only I have not found this SPG so far! Sorry, if I caught the wrong topic.

    Thank you!

    Greeting from Gruber Johann.

  • BenBen AWS Team

    Team Member

    Thanks @rb9. Glad to hear you were able to find it. :)

    Ben

  • BenBen AWS Team

    Team Member

    @Johann_Gruber

    No worries. If you're using 1Password X, and not 1Password for Mac, that screen won't be available.

    Ben

  • edited June 3

    I did inform Agile of the 2FA misfires. It's been several months, but as I recall, you guys were unconcerned.

    I don't want another subscription (1PWX) in my life. It's just me. I'm not sharing with someone else. Everyone is moving to an SaaS business model. I also don't have time to get up to speed on something new (you already indicated it's different by letting me know password handling might be different enough on that version to solve my problem.

    I found what I need in a 3rd party Chrome extension. [name of 3rd party app removed by moderator] And I found an app for my devices that does the same. Brain-dead simple. The clipboard app on my computer copies it for me, so I can plug it in wherever I need.

    In the absence of getting the PW generator back the way it was (BUT REVAMPED INTERFACE!!!! WE MOVED THE FUNCTIONALITY AROUND!! THE INTERFACES OF THE DESKTOP AND iOS DON'T MATCH UP! GET OVER IT! DON'T YOU LOVE IT???), this looks like it will work for me.

  • BenBen AWS Team

    Team Member

    Glad to hear you've found a solution that works for you, even if it isn't 1Password, @mscwebmaster :+1:

    Ben

  • It's still 1Password, but an additional solution for the password generator.

  • BenBen AWS Team

    Team Member

    Which isn't 1Password. :wink: In any event. We'll continue to evaluate how to best make the password generator in 1Password helpful without being overly complicated to use.

    Ben

  • brentybrenty

    Team Member

    I did inform Agile of the 2FA misfires. It's been several months, but as I recall, you guys were unconcerned.

    @mscwebmaster: Were that the case, I wouldn't have bothered asking. :tongue:

    If you're encountering misfires as far as 1Password offering to save when it should not (or vice versa), please let us know the details. Maybe there's something we can do to improve that. :)

    With the exception of a separate issue where I requested diagnostics from you last summer and never heard back, I don't see anything apart from this very discussion.

    If you'll let me know the details of the website issue, or where to find them, I'll be happy to look into it. It's up to you. :)

  • Hello Ben,

    Thank you for your reply.

    I'm still a bit confused, because I have 15.9.2018 a subscription to 1Password 7 completed and 29.05.2019 downloaded the large update on the Appstore. Now it's all new on Safari too, just not as stated in the screenshot of Brenty in this version. Only chrome is 1Password X.

    Did I do something wrong or misunderstood?

    I look forward to your response.

    Greeting from Gruber Johann.

  • BenBen AWS Team

    Team Member

    @Johann_Gruber

    No, nothing wrong, it just isn't expected that 1Password X and "new mini" (what you'll find in 1Password for Mac 7.3 + Safari) will look or act the same.

    Ben

  • edited June 5

    Hello 1Password team,

    I'm a consultant to a couple of hundred home users in NYC. I have concerns about the password generator changes both personally and professionally.

    I having been strongly recommending 1Password to clients for years, and the workflow I trained them on was to find the Change Password area of a web site, then to use Password Generator, then Copy and manually paste into a password field, then let 1Password save the password via its dialog.

    Yesterday, I was training a client on 1Password, and I literally could not figure out how to replicate this workflow. It was embarassing, as he had subscribed on my recommendation. From reading the above, it appears that the proper move to do what I did before now is to click "+ New Password", followed by "Save and Copy".

    I advised against this yesterday, because "+ New Password" sounds a lot like it will be equivalent to "Make a New 1Password Entry", which isn't what I want when I'm trying to change an existing entry. And when you click the button, it looks exactly like a new entry is about to be generated and saved in 1Password. So I kept cancelling out of it. This seems like poor (certainly nonintuitive) design.

    And, now that I've read the above, and tried today, and read your help pages, I'm still not clear on what "Save and Copy" means. I get Copy, but Save where? Happily, a new entry doesn't get generated, but I was reluctant to click the button because I thought a new entry would be generated.

    So, that's me. I'm annoyed, because I was perfectly happy with my previous habits, but I'll adapt.

    My much larger concern is now every single one of my clients has to also adapt. These are not interested technology users. They're busy people who just want things to work with a minimum of having to learn things, and it's hard enough to persuade them of the merits of a password manager and then train them to use it. With this update, they're going to be utterly confused, and I know this, because I myself was. What are they going to do when the menu they are habituated to using has just gone missing?

    I understand as creative developers your desire to perfect the design and operation of your product, but I urge you to think of 1Password as a platform that non-tech-savvy people depend on, and the consistency of operation is essential because if they can't figure how to do what they did, they'll stop using 1Password, and become less secure. If you're going to make a fundamental workflow change like this, I'd recommend putting at least something that says "Looking for Password Generator?" or a Password Generator menu item that instead provides instructions on how to do it the new way.

    For the very first time yesterday, I started thinking I ought to at least investigate competing products; I've always found 1Password so effective that I never really looked at them. Yesterday, I came to see it as a frequently moving target with many clicks required for password entry and saving.

    As for yesterday's client, I think he was left with the impression that Safari with iCloud Keychain was less capable, but ultimately more efficient and easy to manage. I do not know whether he will keep his 1Password subscription.

    Best,
    Ivan Drucker
    IvanExpert Mac Support
    New York

  • BenBen AWS Team

    Team Member

    Thank you for taking the time to share your perspective on this @IvanExpert. There has been some discussion internally about the labeling of the button for the password generator. Hopefully we can come to a consensus on that soon.

    As for "save & copy" -- it is actually saving a new item, intentionally (even if your ultimate plan is to update an existing entry). This is so if you get distracted and don't get to that step, lightning strikes and the power goes out, etc etc you still have a record of the password that was generated. Once you actually complete the process and save that password to a Login item (new or existing) the record the password generator creates should automatically be trashed:

    If you used the password generator and can't find the password to sign in | 1Password

    It's a bit of a fail-safe if you want to think of it that way. :+1:

    Ben

  • @Ben, thanks for clarifying. Makes sense, now that you've explained it, and the functionality is useful, but please note that there's no way, from the interface, to anticipate the behavior you describe; to the contrary, it leads one (or at least me) to believe they're going to end up with an unwanted entry.

    Best,
    Ivan.

  • BenBen AWS Team

    Team Member

    @IvanExpert I'm not sure how we can make that more clear without overly complicating the UI, but I'll certainly pass the feedback along to the team so we can do some additional brainstorming on it. If you have any suggestions we'd be happy to hear them.

    Ben

  • edited June 5

    @Ben Thanks. I was editing my suggestion and it got eaten somehow during re-saving, so apologies if this appears twice.

    My suggestion would be to have the behavior it has now, but not visibly. In other words, more like before.

    I'd change the "+ New Password" button to read "Generate Password".

    Clicking it would pop up a window for password generation, rather than displaying/editing the newly generated temporary entry that could still be created behind the scenes. (Any other alternative to a pop-up that doesn't display the temporary entry would be fine.)

    The Save and Copy button would simply be relabeled "Copy", as saving something implies creating something if you're not editing something existing.

    The recovery process for an aborted password change, that you linked to, would still apply and be valid.

    I don't think these suggestions would overly complicate the user interface -- to the contrary, I feel it would simplify it. As it stands in 7.3, I think what 1Password is doing exposing a recovery mechanism to a user, which requires a more explanation and understanding, and creates visual noise. If it's simply a recovery mechanism, I don't think it's something a user (whether power user or non-power user) needs to see, though it could certainly be an option in Preferences if you think it's something important to expose to those who want it.

    Essentially, I feel that if the password generation recovery entry is temporary under normal circumstances, it should remain unseen and not consciously interacted with, because it is confusing and distracting. I think it is analogous to if a document editor put a visible temp or autosave file on the desktop of a computer -- even if you're a power user, why do you want to see it or be aware of your role in its creation on a day to day basis?

    Thank you for your interest and attention.

    Best,
    Ivan.

  • BenBen AWS Team

    Team Member

    Thanks again @IvanExpert.

    Ben

    P.S. I cleared up the situation with the spam filter. Should be fine going forward. :+1:

  • @Ben thanks!

  • BenBen AWS Team

    Team Member

    :+1: :)

    Ben

  • OAWOAW Junior Member
    edited June 5

    @Ben I want to co-sign the suggestion made by @IvanExpert that the + New Password should be renamed to Generate Password to be consistent with previous versions. And it's just much more clear about what the function is. As for his other suggestions to rename Save & Copy to just Copy I certainly don't agree. Because 1PW is doing exactly what the label says in that instance. Saving a new Password entry and copying it to the clipboard. But I will point out that his suggestion speaks to the fact that many users don't understand the purpose of the Password entries and how they are differentiated from Logins. And that's a fundamental design issue that's harder to solve. I get why 1PW is automatically saving all generated passwords. It's erring on the side of saving everything out of an abundance of caution. My suggestion would be to have a Copy and Save & Copy button to support those users who only wish to generate a password and those who wish to create a new Password entry.

  • Over the course of this discussion there is a definite trend from 1password towards removing control from the user. As with every other company that has followed this trend, I feel it is a grave mistake. For sure the majority of your users don't/won't care about this particular subject, but that's no justification to remove control that the most vocal and evangelist of your users use. There have been many valid use cases brought up in this discussion and trying to convince users to change them only generates ill-will. Perhaps a simple solution would be to offer Advanced Options that give back this control to power users? For example on the special character list, perhaps the whittled down list in place in 7.3 could remain the default but there could be an advanced option to turn on the full list (or better yet options for each missing character). Or for the count of numbers and special characters there could be an advanced option to turn on sliders for those to bring back that functionality.

    In the end it's about choice and the less choice you give your users, the less attractive your software becomes. Even if the majority of your users will never change the defaults, those who would change them usually care quite strongly. I urge you to return choice to users as much as possible. 1Password may be experts on password security but you're not mind readers so you cannot know what your users actually want in any given situation. Use your knowledge and experience to set reasonable defaults and give power users options to change those defaults and everybody wins and there's less to disagree on.

  • BenBen AWS Team

    Team Member

    Thanks @OAW. I struggle with not saving all generated passwords that are copied, though. Imagine the scenario that you copy a password (but don't save it), use it to change your password somewhere, and then your clipboard is cleared by 1Password's own clipboard clearing timer before you get a chance to save it. I would think folks would have much more reason to be upset about a situation like that, rather than us saving an item that most people will never even know is/was there (remember: we automatically clean it up when the password is saved to a Login item).

    Ben

  • OAWOAW Junior Member
    edited June 5

    @Ben I do understand the hesitation. But in the scenario where I copy a generated password to the clipboard and use it to change my password on a website somewhere ... the 1PW app will prompt me to save a new login or update an existing one. And when I make one of those choices I end up with a Login only and not a separate Password entry straggling around that I have to delete later. And even in the off-chance that I don't save the Login and no longer have access to the password anymore I have yet to come across a website that won't allow you to reset the password and start over.

  • BenBen AWS Team

    Team Member

    @Utgoff

    I think it is important to keep in mind the goal of the password generator: random passwords. "Customized" passwords are inherently less random. In this case "giving power users more control" is the same as "reducing randomness." We want to make sure the password generator is generating passwords compatible with websites as often as possible, without loosing too much randomness. That's why we're asking for specific examples (URLs) where it isn't doing so. There may indeed need to be more options available in the generator, but those options should be backed by evidence, rather than an unexplained desire to be able to adjust things. Giving fine grained control over something for the sake of it is not universally a good thing, power users or not. We're asking that folks think about the outcome, rather than the specific implementation. What sites are having problems that were not before?

    It is definitely possible that additional thought is needed with regard to the UI that is exposed for the password generator. We're not denying that.

    Ben

  • BenBen AWS Team

    Team Member

    @OAW

    That's exactly right. The difficulty is when that process is interrupted or doesn't function as expected (e.g. 1Password does not detect the change password form submission).

    Ben

  • I would like to have a better understanding of why you want to be able to specify the exact number of digits and symbols instead of simply "must contain symbols and digits".

    Why is it we have to justify how we generate passwords? We're the users. And we've used it this way for the entirety of the generator's existence. It doesn't really matter why we want to generate passwords the way we want them. They're our passwords. Nor do we need a lecture on the "dangers" of generating a password outside of the workflow that you envisioned. Again, we've been doing this a long time, we actually know what we're doing.

    Changes like this are the kinds of changes that lose customers.

  • @IvanExpert said in an earlier post:

    As for yesterday's client, I think he was left with the impression that Safari with iCloud Keychain was less capable, but ultimately more efficient and easy to manage.

    This hit home for me. After some years using 1Password, my spouse made this very decision for convenience. Admittedly, she never really mastered the power of 1Password, despite my coaching and encouragement. I had been hoping to pull her into a family membership, I wanted to get vaults separated for shared passwords we both need. As it is, when either of us makes a change on a site, the other is in the dark until it doesn't work and the question becomes, "Did you change the password to the bank web site?"

    I know this is peripheral to the discussion about the latest version of the application, but I've been a dedicated user for quite some time and used to be a community moderator here. It's too bad when newly generated inertia turns users away, when they just want simplicity. And I get that this change might well enhance simplicity, but moving the cheese sometimes isn't so great.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file