Duplicate Passwords - Logins match their own Generated Password

Almost all of my generated passwords are marked as duplicates of the login for which they were generated. This makes the duplicate password section have a signal-to-noise ratio that makes it very un-user-friendly and difficult to find actual duplicate passwords with.


Although the two of these do not have strictly matching URLs (because one comes from the password change URL, and the other is the root/login URL), I do have others which have identical URLs and are still marked as duplicates.

I have 478 logins, and 431 duplicate password entries. 90+% of the duplicates seem to be pairs like this.


1Password Version: 7.0.543
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • MikeTMikeT Agile Samurai

    Team Member
    edited May 2018

    Hi @Philippe23,

    Thanks for writing in.

    We do not yet have the option to remove redundant generated passwords but it is coming in a future update. We also currently do not remove them automatically when we've detect a new Login item based on the same password you've just generated for the same site.

    If you have a Mac, you can find this option via the Help Menu > Tools > Remove Redundant Generated Passwords.

    ref: OPW-1051

  • Thanks Mike, just wanted to make sure it was known and on the roadmap.

  • MikeTMikeT Agile Samurai

    Team Member

    You're welcome!

  • Hi @MikeT ,

    Looking for an update on this. I'm not seeing this option in the Windows version, or the 1PasswordX version. When might we expect this? You mentioned that it would be in a future update, and that was about a year ago.

    Thanks,
    Jonathan

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @jonobk,

    There's no update on this yet and we do not have a timeframe; the only thing we can say at the moment is that it is planned for a future update.

  • Hi @MikeT ,

    Thanks for the info. Sorry to hear that this hasn't been asigned to a particular release yet.

    Is there a place on your site where I can find the development timeline?

    Thanks,
    Jonathan

  • bundtkatebundtkate

    Team Member

    We don't publish that timeline, @jonobk, in no small part because it tends to be fluid. Priorities are set based upon everything from demand to impact, to wholly external factors like upcoming compatibility concerns. Beyond that, new features need testing (both internal and external) before release and even things we think are ready for release may prove to have issues prevent their release once that testing gets done. As such, we feel it's best not to commit to a particular timeline given everything that can happen to prevent us from meeting that goal.

    For what it's worth in your case, 1Password X doesn't actually create Password items at all. Instead, it saves a Password Generator History. That history doesn't get considered by Watchtower and won't show up in your item list – it's part of the generator pane of 1Password X. This means you should see fewer of these issues moving forward and, if you decide to clean up any existing redundant Password items, you may not see it ever again. Most of us tend to allow our extension to save and update passwords for us, so if 1Password X is the extension you use every day, you won't see any new password items created unless you specifically decide to generate one with your desktop app instead. :+1:

  • This still is an issue in 1Password for Windows v7.3.684 when generating new passwords.

    Aside from the nuisance and the signal-to-noise issue of actually finding true duplicate passwords: it's a little like 1Password is "calling wolf", which dings it's credibility on other legit security warning features (Compromised Logins, Vulnerable Passwords, etc). After all a less knowledgeable user might think, "if it's claiming issues that don't exist in this one category (Reused Passwords), why should I trust it's not doing the same in other categories? I bet none of these things are something I need to worry about if it's making up red flags for show."

  • Hi @bundtkate ,
    Thanks for the info. I'm currently using 1PasswordX to generate passwords. This works great when the sites password parameters are supported. However, as a longtime 1password user I have many (200+) passwords that have been created using the stand alone Windows version.

    Ultimately, I'm just trying to figure out if I should invest my time to clean them up. If you (1password) devs were going to invest your time to automate this process I obviously wouldn't bother. However, with you estimate being sometime between tomorrow and never I guess I should just dig-in and get to it - or buy a Mac.

    Cheers,
    Jonathan

    PS: I think the no deadlines thing sounds great! Going to suggest this to my boss some day. I guess the whole subscription model really helps with that.

  • bundtkatebundtkate

    Team Member

    While I understand your point, @Philippe23, I think it's a bit more complex than that. When you look in the reused passwords section of Watchtower, you can clearly see one Password item and one Login item under the same (partially masked) password in the case of items impacted by this. With that said, I do think we could do more to surface this info in the banner itself as most folks are likely to be looking at only their Login items and scratching their head as to where, exactly, that password is reused. My hope would be that they'd look to the Watchtower section of their app to find that, but it's always better to point folks in the right direction where we can. :+1:

    As for deadlines, @jonobk, we certainly have internal deadlines, but we want any public ETA to be accurate and the point where we're confident in that is invariably when such features is just shy of release. We also continually monitor the impact of various issues, the demand for new features, and forthcoming external changes we need to be ready for which means those priorities end up shifting. What's priority number one today can and does become backlog in the face of a critical issue. Particularly if y'all are going to change your plans based on whatever ETA we give, it's important for it to be accurate and in the case of this feature, we just don't have an accurate ETA at this time.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file