Prompt to save new site/password AFTER login

AGAlumB

Yep. We'll continue to work to strike the right balance for all of our users. Cheers! :)

geekflyer

Alright, I'm also going to add my 2 cents to this.
I signed up recently with my company and about 30 users for 1password business and we're using it since about 1.5 months. The lack of 1password's ability save a login after login is a giant annoyance especially as we just started using 1password and have to add literally hundreds of existing credentials as-we-go into 1password. Chrome itself has this capability, Lastpass has this capability. Using 1password (non-X) with the desktop app seems to have this feature somewhat, however unlike lastpass and chrome 1password displays a disruptive, flow blocking modal in the middle of the screen instead of a non disruptive popover on the side. Also the non-x 1password doesn't seem to show login suggestions inline next to the form and lacks in a bunch of other areas too. So we basically have to choose either evil...
Honestly I really don't understand why you don't have this feature yet and @brentys comments seem to indicate that the team doesn't see a need for this anytime soon, because of available "different flows" or "workarounds". The workaround of logging in twice is just unacceptable, especially given 1passwords focus on UX imho. It also implicitly requires that when you try out 10 different password combinations and one works, that you are remembering the exact same password combination that worked 20 seconds later to login again, which is simply not always the case. It's also annoying if you have a long, complicated password that you have to type in twice, besides the additional clicks etc. Saying 1password "browser" app cannot show persistent dialogs is either an excuse or simply lack of technical understanding. There are hundreds of chrome extensions with persistent dialogs and the 1password extension shows that this is technically absolutely feasible.

I respect your design decisions, but in this case I just have to disagree.
UX may be a subjective thing in some areas, however most UX designers would objectively agree that if UX design A requires a user to do 2-3x as many clicks + 2x key strokes to achieve a common task compared to UX design B, that the UX B is the better one. On top of that UX design B is the more familiar one (not because of Lastpass, but because of Chrome's password manager).
Since there is seemingly no hope of this feature coming anytime soon, it means we'll probably switch this or next week to LastPass Enterprise before it's too late.
Thanks

Zaka7

How are you 'logging in twice'

If you log in with the correct credentials first time, then there are no issue what so ever, The correct item is saved and you never need to worry again.

If you log in and save the wrong credentials, then whatever you are using, Lastpass, 1PW (etc) you would have to log in again until you got the correct details to save? The only extra step with 1PWX is that you have to click update instead of save new?

kaitlyn

Hi there @geekflyer! Thank you for sharing your opinions with us. I'm also curious why you're needing to sign in twice in order to save an item in 1Password X. If you're clicking the Save in 1Password prompt underneath the password field, then you should be good to go as soon as you successfully sign in. @Zaka_7 actually asked a similar question recently where I explained things a bit more in depth. You can check out that post here.

geekflyer

@Zaka_7 Of course when I login with the correct credentials on the first attempt everything is alright, but this thread is mainly about adding things to 1password when you are not 100% sure about what the correct creds are.

If you are not 100% sure about the correct password and need multiple attempts the dilemma the current workflow with 1password X would be this (let's say you need 5 attempts):

Workflow A:
1. You go to xyz.com
2. enter your username
3. You enter an unknowingly incorrect password. Once you do so 1password x will display a small dialog underneath the password field.
4. You make a click on "save In 1password" and then a click on "save as new login" or "update login" (i.e. in total 2x clicks)
5. You repeat step 3. and 4. 5x times until you found the correct password.

Workflow B:
1. you go to xyz.com
2. enter your username
3. You enter an unknowingly incorrect password.
4. repeat 3. 5x times until you found the correct password.
5. now that you're logged in (but without saving password), you logout again in order to let 1password capture the next login.
6. you enter your username and the correct password again.
7. you make a click on "save In 1password" and then a click on "save as new login" using the correct password.
8. you are logged in and password is saved.

Workflow C:
1. you go to xyz.com
2. enter your username
3. You enter an unknowingly incorrect password.
4. you make a click on "save In 1password" and then a click on "save as new login".
5. you enter a password 5x times until you found the correct password and login.
6. You open the 1password X app / menu, search for the password entry of the website you just logged in, enter the correct password manually into 1password.

All of these workflows are suboptimal.
In workflow variant A you have to repeatedly click the "save in 1password" and "update login" button (in total 10 clicks).
In workflow variant B you don't repeat the "save in 1password" and "update login" multiple times, however you have to logout and login again once after having found the correct password.
In workflow variant C you have additional manual steps after the login in order to update the 1password entry with the correct password.
Workflow B is what some people on the previous case suggested as a "workaround" and is what I referred to as "login twice".

So let's look at how things should be (and ARE with chrome, lastpass and a few other pw managers) (let's call it Workflow D):
1. you go to xyz.com
2. enter your username
3. You enter an unknowingly incorrect password. Every time you click the login button a popover on the upper right corner appears, asking you if you want to save the password to LastPass. You choose to ignore it and waste no clicks on it.
4. You enter a password 5x times until you found the correct password and login.You ignore the dialog in the upper right corner 5x and waste no clicks on it.
4. AFTER you found that you successfully logged in, you finally click "save in lastpass" in the dialog in the upper right corner (2 clicks).

Conclusion
As should be obvious from the example, in Workflow D you have spent the least number of clicks to achieve the final desired result. In other words Workflow D allows the user to efficiently complete his task, and efficiency is imho a key property of good UX design.

Because lastpass allows capturing the password after (possibly failed) login attempts, you can simply choose to ignore the popover and waste no clicks on it for failed attempts.
With 1Password X this is simply not possible, you have to choose either workflow A-C which will result in additional clicks / steps.

I hope this gives you an understanding and somewhat convinces you that having the ability save a password after login is a crucial feature.

@kaitlyn I read your post and thanks for your thoughts. Your post mentions "1Password X doesn't have that same ability [to save a pw after login] since it operates solely in the browser." but this doesn't explain how other apps (namely lastpass) which also solely run in the browser are able to achieve exactly that.

geekflyer

.

AGAlumB

@geekflyer: We're careful to avoid issues with 3rd party code, as security is our first priority. Most software is, understandably, written with the primary intention of having it work, by any means necessary. That's not a liberty we're willing to take, as there are plenty of high-profile examples of where that can go wrong. We won't be around anymore if we mess up in a way that harms 1Password users' security and privacy, so we're going to proceed more cautiously as a result.

As far as the 1Password desktop app/extension, autosave is not a "modal", but a floating window that allows interaction with the web page, and can be moved, ignored, dismissed, or even disabled completely if desired.

Regarding the issues you're reporting with 1Password X, if you already have the correct login credentials and are just trying to save them to 1Password, you should be successful logging into the site every time after saving it with 1Password X. On the other hand, while not knowing your passwords can be frustrating, though not something 1Password can save you from retroactively, once you've saved correct passwords in 1Password it will be able to help you going forward. :)

Zaka7

@geekflyer I'm not trying to cause any argument here, merely trying to help if I can as I experienced the exact same thing and was frustrated at that time.

As you say if the credentials are saved then there is no issue, the information is saved, whatever software you're using and there is no problem.

So the issue is that you're disgruntled when you have to keep entering information and 'clicking' unnecessarily to save a log in when you don't actually know the password? Whilst I agree that there are far more clicks, if you translate your workflow examples into time I would be surprised if there is any difference. A click takes a fraction of a second, whilst your workflow D is 2 clicks vs 10 clicks, I would almost guarantee that the time taken in both processes is the same as you're still repeatedly failing log ins and trying again until you have to save, the only difference is you click save once when you get into the account instead of clicking save / ignore each time until then clicking update.

In your example whereby you get the password wrong 4-5 times, you would save a second if you had an average of say 200 passwords then using 1Password has taken you around an extra 3 minutes to set up vs if you didn't have the extra clicks, This is a process you only go through on initial set up and once set up you never have to do any of this again. That does seem a very strong reason to want to leave some software that on a security basis is unparalleled?

geekflyer

@brenty I don't get what this has to do with 3rd party code. First you indicate it's technically not possible due being "in the browser" only, now it has to do something with 3rd party code and security? Honestly I still can't follow that argument. Even BitWarden, which by most security researchers is considered even more secure than 1password chose to implement the ability to capture/save a password after login in a way similar to Workflow D. Just fyi, technically 1password X already has the ability to show a popover in the browser. When you press Cmd + Shift + X 1password already shows exactly that...

@Zaka_7 While the "click" itself may just take a fraction of the second, you have to add the time it takes to move the mouse multiple times to the right position and the time it takes to switch multiple times between typing with your right hand on your keyboard and moving your right hand to the mouse. FYI you cannot purely perform those "repeated steps" via the keyboard / arrow keys, because for whatever reason the "update saved login" dialog of 1password X cannot be saved via keyboard.
So altogether this whole thing takes way longer than "a fraction of a second" and indeed makes a difference.
Besides that, the mental learning curve it takes to conclude that this weird repetition is the best workaround, also takes time. I'm not just concerned about myself, but explaining workarounds like that to the remaining 30 users in my company.
Last but not least with manual repeated steps like this it will inadvertently happen that sometimes you forgot to "update" the login with the correct password and you end up basically saving an incorrect password in 1password. 2 weeks later you or another user will attempt to use the incorrectly saved credentials in 1password to login into a website. You will waste another 1-2 failed login attempts, end up calling your colleague for the right password or have to go through the entire password reset flow.
Simply speaking the current 1password flow of "saving BEFORE successful login" simply encourages saving incorrect credentials into 1password which is creating a form of "debt" or clutter.

What I haven't mentioned yet, but others did: The current 1password flow also creates the same problems when creating a new sign up for a site with a very restrictive password policy. In those cases one sometimes needs multiple attempts to get to a password which satisfies the validation (and repeatedly update the pw in 1password with each attempt). So no, this inefficient flow will cause long term trouble and not only during "initial set up".

While this broken flow may not upset me enough to leave 1password alone, you have to consider we pay 10$/user/month for 1password business which is basically the most expensive option out there on the market. When you are at the higher end of the pricing spectrum of course expectations are high. Furthermore there are plenty of similar alternatives on the market, half of which implement exactly workflow D. The responses from the 1password team citing technical and security based excuses on why this feature is "not possible" and telling me that I'm just doing it wrong, doesn't raise my confidence that 1password is ever going to fix that or that 1password will have a productive discussion about any other feature request or design decision that may come up in the future.

Thanks.

kaitlyn

@geekflyer – I see where you're coming from, and I appreciate you taking the time to explain your opinions to us. I agree that the lack of ability to use keyboard selection on the save Login dialog can be time consuming, even if it is only a fraction of time, so I brought that up to my team as well. I'm excited to explore our opportunities in this aspect and see what we can do to improve the experience for you and all 1Password X users. Thank you for holding us accountable and having high expectations for 1Password. ❤️

ref: x/b5x#1425

lfolco

Please implement this. I pretty much have to manually add all my passwords because I never get the prompt to save the password before I login. This is extremely frustrating. I've used both Dashlane and LastPass and I prefer 1password. As someone mentioned above, I also have tons of passwords for clients and I run into this problem at least once a week. From a user perspective, it makes more sense to prompt to save the password once the user has clicked the Login button.

kaitlyn

Thank you for sharing your perspective, @lfolco!

lfolco

Lost another password due to this issue and had to fill out the forgot password. This is the one thing that will make me move elsewhere.

kaitlyn

@lfolco – Did you generate the password using 1Password X? If so, all generated passwords get stored in your generator history. You can access it by opening the 1Password X pop-up, then pressing Command-G or Ctrl+G and clicking Generator History at the bottom.

I also want to make sure you saw the option to "Save in 1Password" underneath the password field after filling out your password. I understand if you forgot to click it, but I'd like to confirm it showed up for you regardless.

lfolco

It did not; it never works correctly on this site (authorize.net). I had to reset the password three times before I could get it right, and saved.

kaitlyn

@lfolco – I see! I've got that site reported already. It turns out that authorize.net uses frameset and frame elements, which are deprecated. The inline menu will only show up if it's inserted within a body tag. This website places a body tag within the frame element, which allows the (mispositioned) button to appear, but not the inline menu.

Did you generate the password in the 1Password X pop-up? If so, like I mentioned, you'll be able to recover it from your generator history.

lfolco

I used the generator, but it was lost from my clipboard each time. I didn't know that you could see the password generator history, that's helpful, thanks.

kaitlyn

@lfolco – Was it lost from your clipboard because you copied something else? 1Password X itself doesn't clear your clipboard unless you have your browser set up that way. I'm glad you're aware of generator history now. That should come in handy in the future. :)

lfolco

I have no idea why it was getting removed; I ended up copying it to a text file after the third time.

kaitlyn

@lfolco – Keep a close eye on it for me next time, if you don't mind. Even if you were to forget to save a Login and it wasn't in your clipboard for some reason, you should always be able to recover any password generated by 1Password X in generator history. If that's not the case, we'll want to know the steps you took to see if we can reproduce it. Thank you!

rafaelm

I'm here just to add my +1 for this....I miss this soooo much from Lastpass. Log in and save password AFTER it's confirmed login is succesful.

The UX around this right now is SUPER frustrating and a time waster.

ag_ana

Thank you for the feedback! We appreciate you taking the time to share your thoughts :)

allawrence

How does one stop receiving notifications for this subject??

AGAlumB

@allawrence: Your notification settings can be adjusted in your profile:

https://discussions.agilebits.com/profile/preferences/

cecelia

I really appreciate the feedback here! I'm not a developer but I'll do my best to fill in everyone eager to see this change. This feature is something we've looked into several times and have no plans to give up on it, but currently offering to save a Login item after successfully signing in requires a few things we're not willing to do. To name one in particular, this would require arbitrarily capturing and maintaining data you've entered into fields as well as all the details of the page in the background, assuming you might want to save a login, as you navigate websites. With that, as I mentioned here last year, currently the most efficient and least invasive way to ensure your Login items are secured by 1Password with all of the correct data is by offering to save a new item from within the fields being saved themselves. I know it's not the most convenient method, but I assure you the conversation is still being had and the feature is still being researched with your security first on our list.