Hidden Vault Items show up in Update Dialog

Michael Tennes
Michael Tennes
Community Member
edited May 2018 in 1Password in the Browser

When updating passwords on a website like this one, after using the password generator the 1Password update panel shows ALL logins to update from across ALL vaults, even if they're hidden using the Mac App Preferences to hide the vault. The hidden vault item DO NOT show up when 1P suggests login credentials for the website in question. Kinda confusing, had to reset my Agilebits Support Forum password 3 times before I figured it out.

Also, I miss the Password Generator History which would have saved me.


1Password Version: 7.0-BETA-18
Extension Version: 4.7.1
OS Version: 10.13.4
Sync Type: 1Password Subscription

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Michael Tennes: Indeed, that does sound confusing. Just to make sure we're on the same page here, when you say "hidden", do you mean that you've edited these items "Display" option to "Never display in browser"? It sounds like you're not saying that, but please double check for me. That should be the only reason they would not be shown in 1Password mini.

  • Michael Tennes
    Michael Tennes
    Community Member

    No, I don't mean that I've edited these items "Display" option to "Never display in browser"
    I've set a preference to not display the vault at all.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Michael Tennes: Thanks for clarifying! Indeed, I misunderstood your original post. Let's revisit that:

    When updating passwords on a website like this one, after using the password generator the 1Password update panel shows ALL logins to update from across ALL vaults, even if they're hidden using the Mac App Preferences to hide the vault. The hidden vault item DO NOT show up when 1P suggests login credentials for the website in question. Kinda confusing, had to reset my Agilebits Support Forum password 3 times before I figured it out.

    The All Vaults preference is only meant to hide vaults from the All Vaults view, not make those items disappear completely. I think this is also consistent with 1Password not barring you from saving a login to a vault which is hidden from the All Vaults view. So I guess the question is, do you think that 1Password should not allow you to save new logins to hidden vaults either?

    However, I see your point, especially if you expect them to not be available to you when updating login credentials for a website. I just haven't hear this come up before. I'll bring it up with the team for consideration though. Thank you for bringing it up!

    ref: apple-1390

    Also, I miss the Password Generator History which would have saved me.

    I'm not sure what you have in mind when you say "password generator history", but there are two things that 1Password does which can help you:

    Let me know if that helps.

  • Michael Tennes
    Michael Tennes
    Community Member

    Do you see the "History for Instagram?"

    In doing this password reset for this example, I have experienced the problem that really bothers me. The new password wasn't stored in the Instagram Login Item. The new password isn't in 1Password either, neither is "previously used passwords." In the end, I have lost the credentials to sign-in and must recover a forgotten password. Instagram isn't mission critical, but I've experienced this for sites that are.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Michael Tennes: Thanks for clarifying. Did you generate and fill the new password using 1Password? If so, did you check for a saved Password item?

  • Michael Tennes
    Michael Tennes
    Community Member
    edited May 2018

    Yes, I did generate the password from 1Password. And yes, I checked for the password in 1P but newly generated password aren't appearing.

    No Instagram password anywhere to be seen, although I've reset it six times today.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Michael Tennes: To be clear, if you updated the login in 1Password when you changed it on the website, you won't have a Password item for that generated password, as it was saved into your Login item instead. Is that not the case? I just changed my own password there, and 1Password prompted me to update it (which it sounds like it does for you too, since that was the subject of your original post). The Password item is created using the generated password when you use it if you do not save it in 1Password yourself. Let me know if you're seeing something different.

  • Michael Tennes
    Michael Tennes
    Community Member

    What I am experiencing, is that when changing a password at many different websites, the only sure way to succeed is to immediately paste the filled password into a document (notes, BBEdit, TextEdit, etc..) in clear text. Despite choosing the "Update existing" password dialog presented by 1P, the password doesn't get saved or updated. After choosing update, then logging out, then trying to log in with 1P updated Login Item, it fails. However, manually copying and pasting password from my notes doc into the password field in the 1P login item fixes it. Being a technically proficient, former senior software engineer, I find it frustrating. my brother has virtually given up on 1P because of similar issues.

    Just to be clear, about 50% of the time, when using 1P to generate and update a Login Item, the newly generated password is lost. I have thoroughly searched high and low, in every vault, in Login Items, and Passwords and it isn't there. Much of the time, from a simply pragmatic stance I let Apple's iCloud password service save the password, then if it gets lost, I can manually retrieve it using KeyChain Access, manually pasting it back in. Formerly having access to 1P Generated Password History eliminated the KeyChain Access step. Before another round of posts, let me state that in my testing, I have experienced the same 1P behavior with iCloud Keychain completely disabled in iCloud and Safari, even though they always work.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @Michael Tennes,

    I've yet to lose a password generated by 1Password so at the moment I'm struggling to think why you're not seeing the same. Let's take a step back and check something.

    Use the Password Generator to either copy the generated password to the clipboard or fill a page. It doesn't actually have to be on a change-password form and you don't have to follow through with changing anything. Right after the copy or fill action in the Password Generator, switch to 1Password and review the Passwords category for your Personal vault as that is the vault designated for default saving (from the screenshot in your second post). There should now exist a Password item that correctly contains the generated password and the title and website field should reflect the site you performed the test on. At the very worst the title and website field may not match if the extension was not connected to 1Password for any reason but the Password item should always exist - I've never seen or heard of it not happening.

    Does this happen and if you perform a number of tests are you ever seeing it not happen?

    The next test will require an active change password form. When 1Password prompts and you update what you should find is the Password item is deleted and the new password reflected in the Login item you just updated. You should find the Password item is now in 1Password's Trash for that vault. If for any reason the updated password doesn't match what was in the Password item the Password item is not deleted, its purpose as a safety net has not been confirmed as now complete.

    There are two workflows that can disrupt things. If you edit a Login item and manually update the password and then let 1Password also update when you actually change the password on the site the two updates basically counteract each other. The new Password will be in the password history of that Login item. The other I've learned of recently is if you update a Login item that you happen to also have in edit mode at that point. Edit mode does not dynamically update fields so when you save it saves the old password over the updated one. Again, the new password will appear in the password history. In both cases the password does update but it's essentially hidden due to the double save.

    If you can find a site where we can reproduce the prompts but doesn't correctly update please tell us. I will definitely file an issue so we can investigate as that isn't the correct behaviour.

This discussion has been closed.