Changing username when logging into site no longer triggers 1Password confirmation?

Usually when I forget my password for a site I don't currently have stored in 1Password, 1Password asks me if I want to save the login when I'm on the password reset page, which I go ahead and save.

1Password won't currently have the username stored (or may have stored something incorrect such as a auth key in the username field) so when I actually log into this site with my details the username is obviously going to be different to what it has stored; in the past 1Passworsd would notice this and prompt me and ask if I wanted to create a new entry or if I wanted to update the current entry - of which I always chose to update the current entry.

Problem is, for the last maybe 2 weeks or so I have noticed that it no longer prompts you on what you would like to do if you enter a different username than what it has stored and it's rather annoying as then I have to manually go and enter in the correct username.


1Password Version: 4.6.1.616
Extension Version: 4.6.1
OS Version: Windows 7
Sync Type: Not Provided

Comments

  • matthew_agmatthew_ag 1Password Alumni

    Hi @cyphix333,

    Thanks for taking the time to write into us - that is a very good test. Sorry to hear 1Password isn't giving you the option.

    Could I ask which website you're seeing this with? I would love to test this out myself and see if there's a bug there we need to fix.

    Many thanks,
    Matthew

  • Hi @matthewoflynn .... it has done it with several sites of late, but the most recent being: https://ozlance.com.au/

    Used the lost password feature, then when I clicked the confirmation link in the email it had already filled in the auth key for me and then I chose a password with the help of 1Password's PW generator; then 1Password stored the auth key as the username; then when I logged in and used 1Password to assist, it filled in both fields as usual, then I changed the username to the correct one and it didn't prompt me to update the login.

  • matthew_agmatthew_ag 1Password Alumni
    edited December 2016

    Hey @cyphix333,

    Thanks for letting us know about this - I have been able to reproduce this and have created a bug in 1Password to track this issue. Sorry but I don't see a work-around for this particular website.

    The next time you encounter these kinds of issues please do drop us a line again, these reports are very useful to us.

    Thanks again,
    Matt

    ref: OPX-1299

  • Thanks @matthewoflynn - I will do! :)

  • Hi @cyphix333,

    I've just read the conversation so far and I'm a bit puzzled. I see Matthew has filed a report but to the best of my knowledge 1Password will only prompt to save if it comes across a new password and this hasn't changed lately.

    If 1Password prompts you there are a couple of options. The first main option is whether you:

    1. Create new Login
    2. Replace existing Login

    If you select the replace option a checkbox becomes available which is titled Replace password only (keep the other fields). If you tick this checkbox only the password field of the selected Login item will be replaced, if the checkbox isn't ticked it will replace the entire web form details which includes the username.

    So you can see why I'm puzzled if you've found 1Password has offered to update if just the username was different. 1Password can update both fields but it does require a password 1Password hasn't seen before to trigger the dialog. You could force 1Password by instructing it to manually save (How to save a Login manually in your browser) and then selecting the replace option. That would update the username field. It isn't the behaviour you felt 1Password had though but I genuinely can't think of a time where solely a different username triggered the update process.

    There's another possibility. When you use the Password Generator it creates a Password item inside of your vault, a safety net until 1Password prompts you to save. Now normally this offer to save happens so soon after using the Password Generator that most people don't know the Password item is being created at all (and by default 1Password 4 for Windows doesn't show the Generated Passwords category in the sidebar either). However, if you don't save on the password reset page but instead then visit the standard login page you can use an option titled Last Generated Password in the 1Password helper menu to fill in the generated password. This will leave the username blank and allow you to fill it in with the proper value. Then when you log in you'll be asked if you want to save, this time with all the credit details in the new Login item. This will replace the Password item with a Login item which is ultimately what you want to happen.

    I really hope I can learn what behaviour you've seen in the past though simply because it seems to contradict my understanding of how 1Password has worked both now and in the past, as I say, very puzzling.

  • Hi @littlebobbytables Hmmmmmm........ sorry to confuse you haha

    Sorry I can't quite recall the exact process I went through, but as I recalled it was similar to how I stated in my OP. I'm aware of the "Last Generated Password" tool, but I'm almost certain I wasn't using that; I just recall being being a little annoyed at the whole process of how I was asked to save the login when I created the new password as then I knew it was going to get my username, but I saved it anyway to retain my password, then I recall learning that it wasn't a huge deal as then it would ask me to update the details when I actually login.

    But now that you mention it I guess that may not make sense as you could have multiple logins stored for that site, so any change could be for another login - unless if you were using a username that wasn't currently stored, 1Password notices it doesn't have that username stored for that site so it asks if you want to store a new login or update an existing one!?

    ...or maybe things happened differently than I imagined haha

  • Hello @cyphix333,

    I think part of the reason we don't trigger on usernames is that they can sometimes be a lot tricker to identify. Password fields give a certain confidence about what we're looking at and there are times where we use knowledge of the password field to identify the username because there are simply too many vague text fields to choose from. It isn't always the case but a lot of what is present in 1Password is defensive programming, where we can't assume nice, clean pages and instead have to work on the expectation of very weird.

    I'm happy to be proven wrong if we can find a configuration that behaved as you remember it doing so, anything that expands my understanding is a good thing after all :smile: I'm just wondering if something else happened to be at play or possibly you updated both a username and password at the same time?

    Who knows what the future may bring though. If we can make things reliable enough maybe 1Password can do a better job of recognising updated usernames. The trick is ensuring the false positives are remarkably low otherwise it's likely to infuriate.

This discussion has been closed.