Duplicate Passwords - Logins match their own Generated Password

Almost all of my generated passwords are marked as duplicates of the login for which they were generated. This makes the duplicate password section have a signal-to-noise ratio that makes it very un-user-friendly and difficult to find actual duplicate passwords with.


Although the two of these do not have strictly matching URLs (because one comes from the password change URL, and the other is the root/login URL), I do have others which have identical URLs and are still marked as duplicates.

I have 478 logins, and 431 duplicate password entries. 90+% of the duplicates seem to be pairs like this.


1Password Version: 7.0.543
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • MikeTMikeT Agile Samurai

    Team Member
    edited May 2018

    Hi @Philippe23,

    Thanks for writing in.

    We do not yet have the option to remove redundant generated passwords but it is coming in a future update. We also currently do not remove them automatically when we've detect a new Login item based on the same password you've just generated for the same site.

    If you have a Mac, you can find this option via the Help Menu > Tools > Remove Redundant Generated Passwords.

    ref: OPW-1051

  • Thanks Mike, just wanted to make sure it was known and on the roadmap.

  • MikeTMikeT Agile Samurai

    Team Member

    You're welcome!

  • Hi @MikeT ,

    Looking for an update on this. I'm not seeing this option in the Windows version, or the 1PasswordX version. When might we expect this? You mentioned that it would be in a future update, and that was about a year ago.

    Thanks,
    Jonathan

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @jonobk,

    There's no update on this yet and we do not have a timeframe; the only thing we can say at the moment is that it is planned for a future update.

  • Hi @MikeT ,

    Thanks for the info. Sorry to hear that this hasn't been asigned to a particular release yet.

    Is there a place on your site where I can find the development timeline?

    Thanks,
    Jonathan

  • bundtkatebundtkate

    Team Member

    We don't publish that timeline, @jonobk, in no small part because it tends to be fluid. Priorities are set based upon everything from demand to impact, to wholly external factors like upcoming compatibility concerns. Beyond that, new features need testing (both internal and external) before release and even things we think are ready for release may prove to have issues prevent their release once that testing gets done. As such, we feel it's best not to commit to a particular timeline given everything that can happen to prevent us from meeting that goal.

    For what it's worth in your case, 1Password X doesn't actually create Password items at all. Instead, it saves a Password Generator History. That history doesn't get considered by Watchtower and won't show up in your item list – it's part of the generator pane of 1Password X. This means you should see fewer of these issues moving forward and, if you decide to clean up any existing redundant Password items, you may not see it ever again. Most of us tend to allow our extension to save and update passwords for us, so if 1Password X is the extension you use every day, you won't see any new password items created unless you specifically decide to generate one with your desktop app instead. :+1:

  • This still is an issue in 1Password for Windows v7.3.684 when generating new passwords.

    Aside from the nuisance and the signal-to-noise issue of actually finding true duplicate passwords: it's a little like 1Password is "calling wolf", which dings it's credibility on other legit security warning features (Compromised Logins, Vulnerable Passwords, etc). After all a less knowledgeable user might think, "if it's claiming issues that don't exist in this one category (Reused Passwords), why should I trust it's not doing the same in other categories? I bet none of these things are something I need to worry about if it's making up red flags for show."

  • Hi @bundtkate ,
    Thanks for the info. I'm currently using 1PasswordX to generate passwords. This works great when the sites password parameters are supported. However, as a longtime 1password user I have many (200+) passwords that have been created using the stand alone Windows version.

    Ultimately, I'm just trying to figure out if I should invest my time to clean them up. If you (1password) devs were going to invest your time to automate this process I obviously wouldn't bother. However, with you estimate being sometime between tomorrow and never I guess I should just dig-in and get to it - or buy a Mac.

    Cheers,
    Jonathan

    PS: I think the no deadlines thing sounds great! Going to suggest this to my boss some day. I guess the whole subscription model really helps with that.

  • bundtkatebundtkate

    Team Member

    While I understand your point, @Philippe23, I think it's a bit more complex than that. When you look in the reused passwords section of Watchtower, you can clearly see one Password item and one Login item under the same (partially masked) password in the case of items impacted by this. With that said, I do think we could do more to surface this info in the banner itself as most folks are likely to be looking at only their Login items and scratching their head as to where, exactly, that password is reused. My hope would be that they'd look to the Watchtower section of their app to find that, but it's always better to point folks in the right direction where we can. :+1:

    As for deadlines, @jonobk, we certainly have internal deadlines, but we want any public ETA to be accurate and the point where we're confident in that is invariably when such features is just shy of release. We also continually monitor the impact of various issues, the demand for new features, and forthcoming external changes we need to be ready for which means those priorities end up shifting. What's priority number one today can and does become backlog in the face of a critical issue. Particularly if y'all are going to change your plans based on whatever ETA we give, it's important for it to be accurate and in the case of this feature, we just don't have an accurate ETA at this time.

  • I just wanted to bring this back up, since I emailed a dev about this and got a totally different response. I am having the same problem so I see it is still an issue. I am using the Windows version and I don't have the option of "removing redundant passwords." I am currently on a 30 days trial, but this, and not being able to specify which symbols to use in the password, seems to be a big oversight. Every time I update a password, it gets flagged as a duplicate, I then have to manually find the password and delete it. Please update and let me know if there is something coming in the pipeline or if there is another option,
    Thank you.

  • bundtkatebundtkate

    Team Member

    Have you checked out 1Password X, @yossiea? We don't have any news to share right now about Password items or any changes to the desktop app's password generator, but 1Password X doesn't create Password items at all, so that would be one problem solved for you. It has a Password History instead that's separate from your actual data if you need to retrieve a generated password for any reason. While it also doesn't allow you to specify symbols, I have personally found that its suggested passwords work the vast majority of the time, even for the pickiest of sites. I always use the bank that handles my mortgage as my test case. It's just about the worst with password rules that I've ever heard of. Limits on length, requirements for caps/digits, and only certain symbols are allowed. But, to make my life just that much harder, they don't even specify which symbols aren't allowed until you try to use one they don't like, so even if I could specify symbols, I'd not know which to include. Barf. 1Password X's suggested passwords, however, near always work there. I can't tell you why, only that it has saved me hours of time generating new ones every 90 days when those jerks force me to change my perfectly good password.

    Like me with that cursed bank website, I think near all of us have one site or another that has put all its effort into training us that we need to micro-manage our password recipes, but we actually want to get away from that at 1Password. Little around here is ever set in stone, but given we recently removed many of the customization options in the password generator on Mac, I suspect our preference will be to continue avoiding them – not introduce new customizations. There is, however, a good reason for this and one our Chief Defender Against the Dark Arts and security guru extraordinaire, Jeff Goldberg, discusses much more eloquently than I can here. His comment is specifically addressing the reasoning and goals behind the changes recently made in 1Password for Mac, but they can apply more generally to limiting those customizations for generated passwords across the board. I'd encourage you to give it a read and to give 1Password X and its suggested passwords a try. You may just find that specifying symbols isn't quite as necessary as it may seem.

    Of course, if you have any feedback about why specifying symbols is important to you that you don't feel Jeff covers in that post, definitely do let us know. Our hope is that this design will allow generated passwords to serve every purpose they need to without you having to set their recipe, but we don't use every site on the internet and we probably work a bit differently from you. This is the only the beginning for this more refined password generator and there's certain room for further evolution. Your feedback about what would help you moving forward is always valuable. :smile:

  • Thanks for the reply, I will give 1password X a shot. I've been using the App and honestly I thought the X was a Mac app, as in OS X. :) I know passwords are tricky ,and phrases are actually the best form of password security and we're beholden to the site themselves who setup terrible password restrictions.

  • bundtkatebundtkate

    Team Member

    Oh, don't I know it, @yossiea. In a way, I'm kind of thankful for that bank. Much though it annoys me, it does mean I have a very good understanding of why these things are a struggle. I've been there for sure. We all have visions of our perfect passwords, but we have to live in the real world and that often means silly rules. Our hope is that we can design a system that will work well in that real world while allowing our generated passwords to be as truly random as possible. It will probably be a lot of hard work and I'd not be surprised if we're not quite there yet, but I feel like we're moving in the right direction and I think we'll get there given time.

    As for 1Password X, it also came out around the same time as the iPhone X, so I can definitely see how one might think that. Thankfully, it's fully cross-platform. Windows, Mac, even Linux and ChromeOS can all use 1Password X. This is particularly good news for me as my teammates can tell you I'm an absolute nightmare on a Mac so I'd be very much out of luck if I couldn't use it on Windows. :joy:

  • Count me in as someone longing for this feature, its a huge monkey wrench in an otherwise seamless workflow (especially for my less tech minded family members).

  • brentybrenty

    Team Member

    @bubbaslopchop: Please see my reply to you in the other thread and avoid posting the same thing in multiple places, as that generates notifications for everyone involved and slows down response times for everyone -- including you.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file