Automatic conversion of password -> login?

Hi, folks.

Really enjoying the latest version of 1Password for Windows. It's amazing how far things have come.

I have a question about how passwords and logins relate to one another. When I'm signing up for a new account on a website, I typically use the 1Password browser extension to create a new password, which I paste into the password field of the signup form. When 1Password generates the password, it creates a "Passwords" entry and populates the "website" field of the password item.

When I finalize the creation of the login, 1Password recognizes that I've just created a new login and offers to create a new Login item.

The end result of this process is that I have a Password item and a Login item for the same website.

I'm pretty sure that the Mac version of 1Password used to (and might still) offer to convert the Password to the Login or something like that. Is this a missing feature in the Windows app? Or is there some other strategy I should be using to create new logins so that I don't end up with two items?

Depending on how you look at it, Watchtower either makes this worse or better. I currently see Watchtower telling me that I have 63 reused passwords. Every single one of those is a Password and a Login for the same site. So Watchtower is helpful in the sense that I can use it to clean this stuff up but it seems like I shouldn't have the issue in the first place.

Thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • MikeT
    edited June 2018

    Hi @zendnez,

    Thanks for writing in.

    There are three separate features that 1Password for macOS has that we have not yet implemented in 1Password 7 for Windows:

    1. Automatic cleaning up redundant password items when it detects a new Login item was created with the same password and website combination as the password item
    2. Manual clean up tool via Help Menu > Clean up duplicate items (this actually does more than just redundant pass items)
    3. Convert Password to Login

    All of which are definitely coming to 1Password on Windows (we had some of it in 1Password 4 for Windows).

    The reason it is more obvious now is one of the new features in 1Password 7 was that we automatically record the website for which you're generating a new password for, so that makes it show up more often now. This is needed to make the features above work better since we need both website and password to match against Login items.

    For now, there isn't a different workflow to optimize this for you yet, we just need to keep improving 1Password on Windows continuously.

    ref: OPW-1051

  • zendnez
    zendnez
    Community Member

    Thanks for the quick and detailed response.

    This makes sense. As a stopgap, Watchtower is helpful in finding these dupes. I'm looking forward to one or more of the Mac features getting implemented on Windows but, until then, Watchtower helps and it's good to know I'm not missing an obvious workflow that would avoid the issue.

    Thanks again.

  • You're welcome. Wait until you see Watchtower 2.0 coming in 1Password 7.1 for Windows fairly soon. (It's a RC right now)

  • zendnez
    zendnez
    Community Member

    I'm on the beta channel. I see it now. It's awesome. Seriously...really awesome.

    Bit of feedback:

    • Warnings about insecure websites are great. How about a button below the warning that says "Click to try https". You guys then track that I opted to give it a try and change the message: "You tried https. Did it work?" If I click "Yes", you change the website URL for me.

    • A number of the Watchtower categories weren't enabled and I just thought they were empty. Had to go exploring to figure out that they had to be manually enabled. How about something like an "Enable" button in the left nav where the item count would go for the categories that aren't enabled.

    • Vulnerable Passwords and Inactive 2FA are really, really great.

    • Love the design of warnings at the top of items. Very visible and the help text for TFA available, vulnerable password, https available is clear and actionable. Was a brilliant design to break Watchtower down into actionable categories with instructive text the way you guys did.

    • Reused Passwords. This is where my problem about logins vs passwords surfaces. Almost every entry in there for me is a case where I created a password then immediately created a login. Enough said on that topic :).

    • Compromised Logins. My wife and I share a vault and her Twitter login is identified as compromised. It's modification date is 5/5/2018. Isn't that date post the most recent Twitter compromise? I assumed that identifying an account as compromised reasoned about the last password change date relative to when the impacted service was last compromised. Is that not right?

    • Love how you're displaying a small Watchtower icon overlay on items in the item list.

    You guys are really on fire with this release! Congratulations!

  • Hi @zendnez,

    Thanks for trying it and for your awesome feedback.

    How about a button below the warning that says "Click to try https". You guys then track that I opted to give it a try and change the message: "You tried https. Did it work?" If I click "Yes", you change the website URL for me.

    Yep, we already have it in 1Password 7 for macOS and we are planning to bring it to the Windows app soon.

    A number of the Watchtower categories weren't enabled and I just thought they were empty. Had to go exploring to figure out that they had to be manually enabled. How about something like an "Enable" button in the left nav where the item count would go for the categories that aren't enabled.

    It's an interesting idea, I'll pass it on to our design team.

    Vulnerable Passwords and Inactive 2FA are really, really great.

    👍 Totally great features, some of our users were surprised to see how many sites supported 2FA, so this is great.

    Almost every entry in there for me is a case where I created a password then immediately created a login. Enough said on that topic :).

    😸 Yep, one step at a time. We'll get these features implemented as soon as we can.

    My wife and I share a vault and her Twitter login is identified as compromised. It's modification date is 5/5/2018. Isn't that date post the most recent Twitter compromise? I assumed that identifying an account as compromised reasoned about the last password change date relative to when the impacted service was last compromised. Is that not right?

    You can modify an item without changing its password, so modification date isn't the only factor we check. We also check the password history in the Login items to make sure the password did change after the compromise date.

    Can you review the Twitter login to confirm there was a password changed on 5/5/2018?

  • zendnez
    zendnez
    Community Member
    edited June 2018

    Hi @MikeT

    [Editing - Removing explanation of why I thought the Twitter issue was a false positive]

    I checked with my wife. It sounds like she started to edit the item but then didn't follow through with the password change for some reason. So there's a good chance that this was a true positive.

    Sorry for the false report.

  • No worries, I'm glad that was cleared up and I hope she did change it now.

This discussion has been closed.