How to delete some items from the password history?
Not so rarely, I create a new password and, when I try to enter it on the site, I get a message saying things like "no longer than 16 characters" or "you must use letters, numbers and at least one capital letter". These requirements were not stated before I entered my new password. So I change the password and then I have a false history stored for all time.
Is there any way to delete some items from the password history? I don't want to remove all the history, only those items which were never actually used.
1Password Version: 7.0.7
Extension Version: Not Provided
OS Version: OS X 10.13.5
Sync Type: Subscription
Comments
-
Hi EllenH,
There is no built-in method for doing this. It would have to be done through manually editing an object JSON -- which is a very technical effort. Sorry.
0 -
I'm sure I could manage that, if I knew where to find the file and what I need to do with it, but to tell the truth, I don't think it's worth the trouble. So thanks, I'll leave things as they are and I'll try to save passwords only if I'm sure they are going to be accepted.
0 -
@EllenH -
...and I'll try to save passwords only if I'm sure they are going to be accepted.
The way I handle this is when 1Password pops up asking if I want to update an existing password I don't do anything and just drag the window to the side and see if I can tell if the password was accepted. If it wasn't I hit Cancel and that "unacceptable" password doesn't get saved to my history. (But I still have to go and delete a bunch of orphaned standalone Password items that remain lying around).
0 -
@rlh - thanks for the tip! Indeed, this is similar to what I do, myself. It's not perfect, but it's one way around having "bogus" items in your Login's password history. What I really wish is that websites would state their doggone password requirements up front, instead of waiting until you inadvertently violate them to tell you what they are. I mean, is that SO much to ask, people? Never mind, I already know the answer to that one. 😞
0 -
feature request: disable password history or at least make history visable/deletable during edit
use case:
One is setting up some infrastructure in the lab using some standard passwords. If everything is finished one is changing all passwords and moving the infrastructure to the team. One is moving the 1Password entries to the team-vault as well. Unfortunately the password history is moved as well without any notice or warning. This is NOT the intended behavier.0 -
Welcome to the forum, @TMEI! I'm not sure what you mean by "not the intended behavior." If you mean intended by you, then I can't argue the point. But, at least in the current iteration, that IS the intended behavior in terms of 1Password itself: if you share an item, it includes all of the data contained within that item, including password history, etc. We can look into making password history an editable item -- I'm not sure what all that might entail, since it has to be consistent across standalone data and 1password.com items, as well as across four platforms and our web client. But for the meantime, I'd suggest if you have a set of items you want to pass on in "pristine" condition (i.e. with no history attached), you make new copies of the data, and then share those. For logins, you can use these instructions to save a login manually, for example.
0 -
Sharing data which is neither visible when viewing the item nor while in edit mode doesn't seem to me to be a great default behavior. Of course one can click 'view password history' and make duplicates before sharing. But IMHO 1Password is for improving security and sharing (mostly) hidden information is NOT contributing to security. A pop up 'Do you want to share password history as well (y/N)?' would be nice.
0 -
Hi TMEI,
Thanks for the feedback. We can certainly consider making that improvement. I'll pass your feedback on to the development team.
Cheers,
Kevin0 -
Let me try explaining why some of us want to remove password history:
Let's say a user used the same password at multiple sites. Yes it's bad practice, but it happened so lets focus on fixing it! This user sets out to change passwords on those accounts to something random, and different from all other sites so as not to have this problem again. The user searches for the compromised password in 1Password and starts changing those passwords.
Here's the problem: The accounts with new secure passwords still come up when searching for the old bad password. So how does one show ONLY the accounts that CURRENTLY use the bad password? One way is to delete the compromised password, but it's not possible.
0 -
Hi @robodaddy! Welcome to the forum!
So how does one show ONLY the accounts that CURRENTLY use the bad password?
You can use advanced search for that:
If you only search within the current password field, every other field in your 1Password items, including password history, will be ignored and you will have a list of only your accounts that currently use the bad password.
0
