Updating Login

I'm comparing password managers.

In 1Password, let's say I enter a username/password at a website. 1Password saves it for me. I go into the site, change the username, and log out. Now I go back to log in. I manually enter the username/password, but 1Password fails to spot the change; that is, it does not ask me if I want to update the existing username information it has on file.

However, let's say I enter a username/password at a website. 1Password saves it for me. I go into the site, change the password, and log out. Now I go back to log in. I manually enter the username/password, and 1Password does spot the change and asks me if I want to update the existing password information it has on file.

Am I doing something wrong? Why will 1Password properly update a changed password, but not a changed username?

Comments

  • brentybrenty

    Team Member

    Hey there, SecretSquirrel (love the name)!

    Is it a particular website that's giving you trouble? Sometimes the site may be coded in such a way that makes it difficult for 1Password to discern that a password change is taking place at all. Also, which browser are you using? Does the 'password change' box come up for you on other sites, or using a different browser?

    From your description, I doubt you are doing anything wrong. It sounds like you are doing the password change steps in good faith, but 1Password doesn't see the form -- even though it is able to on the normal login page and prompt you to update the login item.

    Any information you can provide may help shed some light. I look forward to hearing back from you. :)

  • svondutchsvondutch

    Team Member
    edited March 2015

    @SecretSquirrel @brenty I'm afraid 1Password's auto-save feature does not look at your username. It looks at the domain+password combo. Please see this discussion where @dteare explains how it works, and why it works that way.

    That being said, here is how you can update your username in 1Password:

    1. Start 1Password
    2. Unlock
    3. Locate your Login item
    4. Click on the Pencil button (or press Ctrl+E)

    At the bottom of the edit window, you see all your fields. One of them should have the "username" designation. Double-click on this field. Change your username, and press OK (twice).

  • brenty & svondutch, thank you for your comments.

    svondutch, I reviewed the referenced discussion, but I think that customers would be better served by giving them the option to have 1password to check domain with the username and/or password instead of just the domain/password. The latter could be the default option and the former could be an elective option. Many sites use email for the username login. If you change your email, then you are faced with changing hundreds of logins, while still keeping the password the same. Having to manually change each username/email in 1password simply takes too much time. When I compare the process to Roboform (which has its own problems) its much easier; that is, if I enter a new username/email it asks me if I should create a new passcard or update the current one. Still comparing LastPass, so not sure about it yet.

    Anyway, my suggestion would be to reintroduce this option into 1password. So, a customer changes his email account (perhaps to a different isp or a private domain) and goes to log into a site. 1password would supply the old username/email, the customer simply types in the new email (or uses a macro to make it faster) and then 1password would automatically update when the customer logs in. Simple and faster than going into each passcard, drilling down to the correct area, form, and entry box and then manually saving the new passcard.

    Thoughts?

  • brentybrenty

    Team Member
    edited February 2015

    @svondutch: Thanks for the clarification!

    @SecretSquirrel: Initially I felt the same way, but years of forum posts with folks really struggling with one particular website login or another, have, I think, taught me that what works for one use case isn't necessarily going to be the best thing for others. And I'm sure the devs have a lot of data on this to boot.

    dteare said one thing that really kind of hits the nail on the head for me, as far as a clear statement of why this works the way it does now, without getting bogged down in the details of specific cases:

    The problem is each time the algorithm improves it can cause bogus autosave windows to appear for those users with logins created with an earlier version. This is the primary reason I don't want to use the full (username, password, domain) tuple when determining if we should prompt to save or not.

    Ultimately, there isn't a one-size-fits-all solution to this problem, so the solution that does the most good for the greatest number of users wins out -- at least ideally. ;)

    You and I can probably consider ourselves 'power users' of 1Password, and we're comfortable tweaking and experimenting with login issues; but there's a whole lot of people out there (my friends and family, for starters!) who are just confounded and perplexed if they suddenly start getting popups to save a login they thought they had already saved. And they do! It's there, but many users generally have one of probably three reactions to this:

    1. Annoyance: "Why does this keep popping up? I already did this!"
    2. Confusion: "Is it broken? Or maybe I didn't save it after all..."
    3. Terror: "OH MY GOD WHAT HAPPENED TO MY DATA?!"

    I'm pretty meticulous with my logins, so it doesn't come up for me much...but man, there is nothing more obnoxious for me than getting unwanted or just-plain-unnecessary popups. Decades of web advertising have caused this to trigger a visceral response, even though I understand what's going on here. So I still fall into the first category, I'm afraid, even if I can talk myself down. :p

    But it's always good to have these kinds of discussions, because it's something that can -- and will -- be improved with time, as the web evolves and 1Password grows. :)

  • MikeTMikeT Agile Samurai

    Team Member
    edited February 2015

    Hi @Secret_Squirrel,

    but I think that customers would be better served by giving them the option to have 1password to check domain with the username and/or password instead of just the domain/password.

    In a perfect world, we agree but the problem is that it is never really this simple as Brenty wrote. Our algorithms are very complex and by adding another option in the mix will further that complexity to the point that it might actually break things for more users than we'd like to see. One example is that there are many sites that does weird things to the username/email addresses such as masking them before 1Password can get to see the username. That'll result into 1Password prompting to auto-save your data each single time you use the site.

    Since we made this change, the auto-save prompt became far more accurate and less noisy compared to the previous setup that resulted into many inaccurate prompts.

    However, we never say never to anything. Our algorithms are constantly improving over time and there is a good chance in the future that the ability to look at the username would be included.

  • @brenty I agree with your assessment that 1password uses a matching scheme that works best for the most people. My preference though is to have software that allows a user options and more customization. @svondutch, in the referenced thread, indicated that "In older versions we used to show the auto-save prompt if the exact username+password combination wasn't already saved, but it caused problems with lots of logins out there. Looking for domain+password really is the better algorithm." It seems that this feature was removed because it was problematic, but I would suggest the better solution would be to fix the algorithm so it works properly, and then allow the user to choose which method they want to use. The default could be domain/password, with the option of username/password. The program is stronger and fits more user' needs.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Secret_Squirrel,

    It seems that this feature was removed because it was problematic, but I would suggest the better solution would be to fix the algorithm so it works properly, and then allow the user to choose which method they want to use. The default could be domain/password, with the option of username/password. The program is stronger and fits more user' needs.

    As mentioned in my post above, we always are working on improving our algorithms but right now, it's not that level that we can do this as an option. We will not offer an option when it is not ready and proven to work on all sites we have tests for.

    My preference though is to have software that allows a user options and more customization

    Unfortunately, 1Password is not that software. We will be reducing options over time to simplify the operation and will not offer options to try to accommodate all users. We might offer hidden options if we believe it is safe to do so but we want our app to be simple but powerful to use, not powerful but complex to use.

This discussion has been closed.