Keep being pointed to the change new password site on gmail

Hello, I used ipassword to change a new password for my gmail account.

I followed the steps in:
https://support.1password.com/guides/mac/changing-a-saved-password.html

I went through Steps 1 to 6 but the Update login descriped in Step 7 never shows up. Doing it in Safari rather than Firefox does not help. So, I went back to Firefox. I followed the steps in:

https://support.1password.com/recover-unsaved-password/

to save the automatic generated password.

Under FireFox 44.0.2 on Mac OS 10.11.3, whenever I choose login->Google, my account is logged but the browser always point me to enter a new password and confirm a new password. Each time this happens, I log out and the google login screen shows up with my userid shown. The password field is empty each time. I press 1Password->Login>Google. My account is logged in but again the browser is switched to one that asks me for a new password and confirmation of new password. Could you please let me know how to solve this issue? Thanks.

Note that under iPassword icon, I have three entries of Google. One was made at 1:40 and the other two were made at 1:50. I could only login to my google account by choosing the one 1:40.


1Password Version: 6.0.2
Extension Version: Not Provided
OS Version: OS X 10.11.3
Sync Type: Not Provided
Referrer: ug:mac/changing-a-saved-password, ug:mac/using-a-saved-login, ug:mac/changing-a-saved-password, kb:recover-unsaved-password, kb:change-website-password

Comments

  • @petercohen8877 please tell us your 1Password Browser Extension version (the link will tell you how to find that information).

    Stephen

  • Drew_AGDrew_AG 1Password Alumni

    Hi @petercohen8877,

    I'm sorry you're having trouble with your Login item for Google!

    I have an idea of what might be happening here: Is it possible you saved that Login item from the 'change password' page in your Google account? If so, the URL for that page is probably the one saved in the Login item, so each time you open that Login item, it takes you back to that page.

    The best way to solve this is to follow these steps to save a new Login item for your Google account. Does the new Login item work correctly? Let us know how it all goes (if it's still a problem with the new Login item, please also let us know the information Stephen asked for). Thanks! :)

  • edited February 2016

    Hello Drew_AG, I followed the instructions posted on the link your provided. However, it does not work. I have multiple gmail accounts. I tried two but they both have the same problem. After following the instructions you provided, my userid is typed automatically on the gmail login screen. However, the password field is empty. I have to go to iPassword to copy and paste the password in order to login. On the gmail login screen, am I supposed to check "Stay signed in"? The browser extension number is: 4.5.3. Firfox Mac version is 44.0.2

    I tried other websites that require user login. I seem to have the same problem. Clicking the 1Password icon on the web browser -> login -> website points me to the account setup page of the corresponding website.

  • JacobJacob

    Team Member

    @petercohen8877 Hmm, that's very strange indeed. Did you save an additional Login item with the instructions Drew posted and then try using that? It should fill things just fine. Google does sometimes use a two-page sign in system that may be affecting things. I would recommend giving this knowledge base article a read for some details on saving the Login specifically for that situation:

    Using 1Password with login sequences split across multiple pages

    Let us know how that goes. :)

  • edited February 2016

    Thanks penderworth. That seems to be working better. I tried to login a few times using the method you cited. Sometimes after getting logged in, I got transferred to the My Account page. Other times I got transferred to the Inbox. Do you know what is wrong?

    Another problem: to follow the steps you suggested, I created a simple password myself as a test. What shall I do if I want to change the password to one generated by 1Password?

    Is it better not to check options like "Stay signed in", "Save password", etc.? I guess if I check such options, the 1Password generated password will be saved on the computer and security is compromised. Am I right?

  • Hi @petercohen8877,

    How do you normally interact with 1Password when it comes to using Login items?

    1. You open up the main 1Password window and click on the URL stored inside the website field.
    2. You search for the item in 1Password mini, either using the search field and typing or navigating the submenus (such as Logins) to find the Login item you're after and you click on it. With default settings this always opens a new tab.
    3. You manually open the login page from inside your browser, possibly a browser bookmark or similar and once you've reached the login page you use something like ⌘\ to fill the currently open page.

    Why do I ask? With Google all logging in happens on their subdomain accounts.google.com but they also use a parameter called continue which tells their accounts.google.com where to send you after you've been authenticated. If you were using what we call open and fill (options 1 & 2) then I would expect you to be sent to the same place every time. With the third option it would depend on how you reached the login page. If you were redirected to accounts.google.com after trying to visit gmail.com I would hope you're always returned to a Google mail view.

    Changing your Google password.

    I just tested this with an account where i have 2FA enabled and my findings were disappointing and ones we need to look into.

    One of the key ways we identify a password change form is when a page has three password fields and the value in two of them is the same. Why do we look for that? Many sites will ask for your old password as confirmation and then ask you to enter a new password twice. The duplication is to avoid a typo locking yourself out of the account. When we see this pattern we think "Aha! Password change form" and 1Password does it's thing which should include bringing up the 1Password Save Login window. Google ask you for your original password on one page and then the new password twice on a completely separate page. I suspect this is confusing things.

    Okay though, I generated my new password using 1Password's Password Generator so the new password is stored in a Password item in my vault. So the next thing I tried was to log out and then log back in. The first screen Google asks for me email address and I use my Login item to fill this. The next page asks for my password and I use the Password item rather than the Login item (as I know the password there is old). Then I'm asked for my 2FA code as a third step. I think this third step is messing things up for our recognition here.

    So in the end what I had to do was copy the password stored in the Password item, edit my Google Login item and paste the new password over the old one. I then tested and everything was fine.

    I hope we can do something better here but you can still use 1Password to generate a new and strong password but it's a bit more manual than we'd normally like. So you go through the steps of changing your password and use the Password Generator to fill it in the password change form. You would then manually update the password in your Google Login item using the password stored in the Password item. For me the title of the item was myaccount.google.com as it's an entirely other subdomain for changing your password it seems. When I did this though the Login item worked without a hitch.

    I personally don't like to be remembered or to have my browsers save passwords, I want everything in 1Password and I use it all the time so it is what I go to for filling. Some people do what to be remembered and not to have to enter their login details all the time. A lot will depend on your preferences and how secure you feel. If you have a Mac whose storage device is encrypted with FileVault, the user account is password protected and you never leave it open for anybody to access then the risk of having a website remembering you would seem minimal. If you share the computer with others and don't want to accidentally leave yourself logged in you would be best making sure it doesn't remember you and you probably don't want any passwords stored in the browser if others can also access this OS X user account.

    Does any of this help at all. If I've not gone into enough detail anywhere or approached at the wrong level please do let us know and we can adapt to suit :smile:

This discussion has been closed.