Option to disable auto saving generated passwords?

When I generate a password for a web site, I don't want it to save automatically. This fills ups the Passwords section of my app very quickly with junk. Is it possible to disable it?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • jxpx777jxpx777 Code Wrangler 1Password Alumni

    @fletom Thanks for your post. I certainly understand wanting to keep things tidy. It's not possible to prevent this right now, but one thing you can do is right click the Passwords section, you can choose "Remove Redundant" and it will remove passwords where you've saved a login for the same site. For instance, if you generate a password on example.com and then save a login for the same site with the same password, then when you choose "Remove Redundant" it will remove the generated password and leave only the login.

    Does that help?

  • @jpx777

    Thanks for your reply. I have used the "Remove Redundant" feature before, but it only removed a few of the many junk passwords.

    What seems to be going on is that when I sign up for a new website, I often have to generate/fill the password many times before I get one that the site will accept. For example, my passwords are often too long, or contain invalid characters, or don't fulfill the site's specific requirements for how many numbers/symbols/capital letters are needed. So I end up with several saved passwords, only the last of which is turned into a login.

  • Hi @fletom,

    It can be a nuisance as you use trial and error to discover the requirements but I fear any attempt to be smart here could bite us in the rear badly. While it is annoying, our current approach is the safest as you can manually delete a password that you know you don't need but it's harder to retrieve a password that was permanently deleted or never saved that it turns out you really do need.

    The sort order of each category is independent of the others so it might be you find use in one of the other options, such as order by Date Created (the default is recent to oldest) although you might find the default of by Title keeps everything grouped neatly enough already. I do realise a group deletion of the unwanted Password items isn't ideal but I do believe it's the safest approach given you as the user are the only one who can say confidently what ones to keep and which ones not to.

    I realise it wasn't what you were hoping for but when generating passwords there has to be a safety net until we know for sure it is no longer required.

  • +1 on @fletom's request. On a daily basis, I'm setting up accounts for other people where I'm required to set a password that I do not want to save in my own 1Password account. Currently, it's not even possible to copy the password out of the 1Password password generator without saving it. This makes the password generator tool (which is awesome, btw), almost useless to me.

    @fletom: If you are a command-line person, consider using this to generate a random password that does not get saved in 1Password: openssl rand -base64 8

  • Hi @haagendazs,

    I can see how our Password Generator doesn't fit your needs in this situation and we will take your thoughts on board but I still do feel how it currently behaves is important. I would say your situation is quite specific and not shared with the majority and you may well agree that this is true. Obviously that shouldn't mean you can't express your desire to see a tool that more fits your needs and I do get it. I'm not sure what the ideal solution here would be. It may be that a supplementary app for this single purpose better works for you.

    We have to be careful here and weigh up the pros and cons. How many people would benefit? Is there a risk of password loss? even something as simple as does another option have the potential to cause more confusion? The answer may be no of course but we do have to consider it as it's easy to imagine that with enough time an option for almost anything can be added but what does that to for the ease of use? I'm not saying no, but unless there was a very compelling reason it would seem unlikely right now. Of course maybe this thread will highlight a massive desire that we didn't realise existed, that's one of the things I like about the public forums :smile:

  • @littlebobbytables: Thanks for the detailed response. I can absolutely see how most users would want their passwords to be saved automatically. And I can of course also use a separate tool or just type out random characters, but I still feel that this feature addition would be a worthy addition to 1Password.

    To be frank, I am even confused by the current behavior of that feature in 1Password Mini. Here's an example: I can always open 1Pass Mini, then generate a password, and then click on "Fill". Other than 1Password generating a new entry based on my current focused window, nothing happens. The password doesn't get added to a textarea or textbox by default. Another example: Following the same steps, I click on the dropdown area which exposes two options. The one is an action "Copy", the other is a setting "copy to clipboard before filing". It seems that the "copy" action does what the second settings describes, no matter if it's enabled or not.

    To your point of adding additional options: You already added the option "copy to clipboard before filing". Would you consider adding another option along the lines of "copy to clipboard without filing"?

  • jxpx777jxpx777 Code Wrangler 1Password Alumni

    Hi, @haagendazs. When you're trying to fill these generated passwords, are there any password fields on the page? Currently, when filling generated passwords, 1Password collects the page's details and then fills the new password into every empty password field. If you are working with a regular text field or a textarea, 1Password won't fill a password there. The idea is to avoid having a password filled into a field that is not properly concealed.

    Let me know if that sounds like your situation or if I'm barking up the wrong tree. :)

    --
    Jamie Phelps
    Code Wrangler @ AgileBits

  • @jxpx777: Sorry for the delay in my response.

    When I currently generate passwords, there are no password fields on the page. I'm not even generating passwords in a browser (or while a browser is even open). I completely understand that 1Password would want to auto-save passwords when use it to generate passwords on a form or signup page in a browser.

    That's exactly where my frustration stems from: When I use 1Password mini to generate a password, it will auto-save that password and clutter my vaults. I understand that sometimes there's a fine line between a feature and a bug, but this behavior seems more like the latter.

  • brentybrenty

    Team Member

    When I currently generate passwords, there are no password fields on the page. I'm not even generating passwords in a browser (or while a browser is even open). I completely understand that 1Password would want to auto-save passwords when use it to generate passwords on a form or signup page in a browser.

    @haagendazs: Sorry for the confusion there! At first I thought we might have a bug too, but I'm not able to reproduce it. In fact, if you simply generate a password, 1Password does nothing with it:

    1. ⌘ ⌥ \
    2. Password Generator
    3. (Tweak options if necessary)
    4. ?? (Nothing)

    That's exactly where my frustration stems from: When I use 1Password mini to generate a password, it will auto-save that password and clutter my vaults. I understand that sometimes there's a fine line between a feature and a bug, but this behavior seems more like the latter.

    That's not actually true. If, however, you take one more step and click Copy or Fill (depending on the context, one or the other will be the default of the button to the right, with the other selectable from the dropdown menu), you're telling 1Password that your intention is to use that generated password, which, at that point, is why it will save it as a Password item. Just skip this last step and 1Password will never save a generated password you don't want.

    Of course, you can always double-click the password itself to select it can then copy it manually...but if you don't want that password in the first place, you probably don't need to copy it anyway. Cheers! :)

  • jxpx777jxpx777 Code Wrangler 1Password Alumni

    I also find that I generate passwords in other apps and then the Passwords section saves my bacon. For instance, if I'm signing up for some new service that uses an app instead of a web page, 1Password saves the password I generated with a url of the app that it came from. Here's an example:

    If something happens and I lose the password in the app or I need it on another computer, I can easily come back and locate it.

    All this is to say that we would rather have folks with extra Passwords saved than have folks wish 1Password had saved a password because now it's nowhere to be found. Just looking over my Passwords section, I see passwords saved for iTerm, Terminal, iTunes, Sublime Text, PDFPenPro, Evernote, and others. I don't know if I'll ever need these again, but I'm happy they're there. :)

    --
    Jamie Phelps
    Code Wrangler @ AgileBits

  • @brenty: I disagree with you both conceptually and on a technically level. Conceptually, if I see a button called "copy" to copy text from a password generator, I expect it to do just that: copy it to the clipboard. Not copy it to the clipboard and add an entry in a password manager. I agree that this is different for the "fill" method. Technically, your workaround does not work. When you select the password manually and copy (Control-C) the password manually, 1Password still saves it as a new item in the list. So the only way to use the password generator and not have it saved as a new item in 1Password is to manually type it out. Which then, of course, completely defeats the purpose of using a password generator.

    @jxpx777: I would consider having 50 random passwords saved with the name "iTerm2" is almost as useless as not having the passwords saved at all, because one won't be able to distinguish between them any longer.

    I understand that your main goal is make sure no users lose a password, but I'd still consider the lack of my ability to manually copy a password from the field without having it being saved a bug. As a workaround, also for others, I suggest switching to the "Secure Password Generator" plugin for Alfred 2: http://www.packal.org/workflow/secure-password-generator.

  • brentybrenty

    Team Member

    @haagendazs: That's fine. We can agree to disagree. When it comes to it, I really have to err on the side of having a safety net for those times when we need it. Password items may seem like "clutter", but the space they take up is negligible and they can be deleted anyhow. They can be a real lifesaver, and the time spent hitting Delete will, for most of us, be far less of an investment than scrambling to get into an account we've forgotten to save a Login or Password for. However...

    Technically, your workaround does not work. When you select the password manually and copy (Control-C) the password manually, 1Password still saves it as a new item in the list.

    I do this all the time, and I double checked right before I replied earlier. Can you tell me the exact steps you're taking? I'm not able to get 1Password to save a generated password by copying manually:

    1Password doesn't intercept ⌘ C and save a new Password item in response.

    So the only way to use the password generator and not have it saved as a new item in 1Password is to manually type it out. Which then, of course, completely defeats the purpose of using a password generator.

    Oh god no! I would never suggest manually typing the password to anyone because I am totally unwilling to do that myself. See above. And of course even if you do manually type the password, 1Password will not save a Password item. It isn't monitoring your typing to determine if you're entering the password it just generated...and I'm not sure how to get the window to stay open with the generated password in order to type it manually. I'm talking about manually copying the generated password text.

    I would consider having 50 random passwords saved with the name "iTerm2" is almost as useless as not having the passwords saved at all, because one won't be able to distinguish between them any longer.

    Not really, since you can sort them by date. If the last password you generated is the one you need, you can put that right at the top of the list with sorting. Otherwise, I don't even do this every day, so just having a general idea has helped me track one down in the past.

    I understand that your main goal is make sure no users lose a password, but I'd still consider the lack of my ability to manually copy a password from the field without having it being saved a bug. As a workaround, also for others, I suggest switching to the "Secure Password Generator" plugin for Alfred 2: http://www.packal.org/workflow/secure-password-generator.

    That's really awesome! Thanks for sharing! I know we have a lot of folks here who use Alfred like he's their actual butler. ;)

    Please get back to me about the copy issue above, in case there is a bug we need to address!

  • @brenty: First of all: Thanks for taking the time to respond in so much detail. Here are the steps I'm taking that always save the password.

    1. Bring up 1Password Mini (my previous focused app was iTerm 2)

    2. Select the password without clicking anything else

    3. Hitting ⌘ C on my keyboard, which closes 1Password Mini and copies the password into the clipboard, as well as creates a new entry in 1Password.

    4. Finding the new item created in 1Password

    I don't have any other keys mapped to ⌘ C.

  • brentybrenty

    Team Member
    edited June 2016

    @haagendazs: Wow. I appreciate you making that crystal clear. Here's the thing: I've been using that exact method all along, but...you're absolutely right! This has suddenly become terribly baffling. I can't explain it, but I'm seeing the same thing here now too.

    I don't know if it was some 1Password mini connection issue on my machine or what, but I almost always intentionally do a manual ⌘ C specifically to avoid having a Password item saved. Most of the time when I'm generating a password using 1Password, it's for some other use — testing, for example. Notably, doing this never dismissed the 1Password mini window; yet now, mini is dismissed and a Password item is created every time — apps, websites, whatever.

    I am so sorry if I made you feel a little crazy with my earlier replies. Now I am wondering a bit if I imagined the whole thing...but my Passwords "paper trail" demonstrates otherwise:

    December: 1 saved generated Password item
    January: 0 saved generated Password items
    February: 0 saved generated Password items
    March: 3 saved generated Password items
    April: 1 saved generated Password item
    May: 3 saved generated Password items
    June: 1 saved generated Password item...

    At least, until testing this tonight, where I generated 17 in the space of a few minutes using my much-lauded "manual copy method". Good grief! I haven't even restarted my Mac since my previous posts, and I don't manually delete Password items either — too much of a bother.

    I've done some digging to see if there's a bug related to this, and it turns out that there "was" a bug a while ago regarding 1Password not saving a Password item on manual copy. This was reportedly fixed over a year ago, and working as intended now — at least, today it is for me as well. This again goes back to the "safety net" rationale, which I am partial to, but the twist is that now I'm suddenly in the same position you have been — not being able to avoid saving Password items even by manually copying.

    Much to both your dismay and mine, I doubt this change will be reverted, but I am intent on figuring out why this behaviour was different in my case for so long in case there's another bug. My only clue so far is that I updated to the latest beta last night, but reverting to the previous version made no difference.

    As far as I can tell, the three of us (you, me, and the originator of this discussion) are squarely in the minority here, albeit for different reasons, in wanting to avoid saving Password items in some cases, but it's something we'll continue to discuss. Thanks so much for bringing this up — and your patience with the alternate reality I've somehow been living in! :angry:

    ref: OPM-2603

  • @brenty: I'm just glad I wasn't going crazy. First of all, thanks a lot for the detailed research on this matter. I do understand the safety net rationale, but for someone like you and I, it might not be the expected behavior.

    Fortunately, I get all the options at once with the new Alfred plugin :)

  • brentybrenty

    Team Member

    @haagendazs: Man...that does look pretty cool. I may have to switch to Alfred. :lol:

    You're very gracious! I'm continuing to investigate this. I won't lie about our chances, but I'll definitely bring up the dissenting view on Password saving. ;)

  • jdepungjdepung
    edited March 2017

    @brenty @haagendazs: I think both are extremely valid use cases. Having a list of all auto-generated passwords that 1password has created is a great safety net, and its especially useful that they are contextual and contain the url/site associated if created in the browser extension.

    With that said, the way it currently works does make the "Passwords" category very difficult to use for any other use case than the safety net. Passwords I explicitly need to save that are not "logins" are always impossible for me to find (e.g. padlock combinations, ssh key passwords, etc). And I really don't think @brenty's use case is overly specific or much of a corner case.

    My feature request is this: Have a category for auto-generated passwords and a separate category for explicitly added passwords. As a bonus, have a way to convert an auto-generated password to the other type. This maintains both use cases and would make a whole class of frustration I experience regularly go away.

    I love the product and I love the company. Keep up the good work.

  • brentybrenty

    Team Member

    @jdepung: Thanks for your feedback, and kind words! It's certainly something we'll continue to consider. The tough part is that, while imperfect, so many people are already used to the way it's setup now. So any change we make will cause a lot of confusion if it isn't intuitive and obvious. We'll continue to work to come up with more ways to make 1Password easier for everyone. Cheers! :)

  • Hi There -

    So happy to find a detailed conversation on this topic!

    +1 to keep this "developer centric" idea on your radar.

    My scenario:

    As a technology project manager, I pre-build entire solutions in TextWrangler first, planning out all the needed services, levels of permissions, and appropriate credentials for each.

    When starting from scratch with a new domain registrar account and ending with a three-server enterprise solution and half a dozen 3rd-party services -- multiplied by X number of users with distinct credentials -- this file can easily contain 20+ passwords.

    Each time I use 1P Mini to create a password, copy, and paste into TextWrangler, a Password entry is saved. Later, when I execute the solution and create / configure all of the users, a Login entry is saved.

    I literally have hundreds and hundreds of TextWrangler Password entries with no context as to which account or user it's associated:

    But I am loath to delete the Password entries, because ONE day I'll need to search the time stamps on those hundreds of entries to find that ONE password that was erroneously entered and not saved! However, I've been managing customer credentials with 1P since at least 2012 and this has yet to happen. :-)

    So, yeah... very specialized 1P User case here... as one person managing a lot of complex customer assets, I could not survive without my 1P data accessible 24/7 on all of my devices!

    Thanks for reading.

  • brentybrenty

    Team Member

    But I am loath to delete the Password entries, because ONE day I'll need to search the time stamps on those hundreds of entries to find that ONE password that was erroneously entered and not saved! However, I've been managing customer credentials with 1P since at least 2012 and this has yet to happen. :-)

    @rblackford: Because I have recurring nightmares about this, I have never emptied my Trash.

    In 1Password, that is. :crazy:

    Anyway, that's definitely not something I would have thought of, but as soon as you started talking about TextWrangler I immediately saw where you were going. Definitely not a common case, but something we can keep in mind. Cheers! :)

This discussion has been closed.