Why do I see so many "reused password" warnings in my logins? There shouldn't be any duplicates.

mppetrick
mppetrick
Community Member

Starting a few days ago most of my logins have the warning "Reused Password...". I generate new passwords for all of my logins, none of them should be reused. Why all of sudden this warning?


1Password Version: 7.2.1
Extension Version: 4.7.3.90
OS Version: OS X 10.14
Sync Type: Not Provided
Referrer: forum-search:Why do I see so many "reused password" warnings in my logins? There shouldn't be any duplicates.

Comments

  • odysseus
    odysseus
    Community Member

    Something is certainly broken. I have the same problem.

  • Eingang
    Eingang
    Community Member
    edited October 2018

    I noticed this too and I have several theories:
    1. If you're using a standalone licensed version and you've never emptied your trash, it might be looking in the trash too.
    2. If you're using a membership plan but didn't remove your standalone vault or have multiple vaults, it may be doing the duplicate thing across all vaults and not just the currently selected one.

    Search, because it doesn't search the trash (apparently and sensibly) and searches across the currently selected vaults, wasn't turning up the instances where my unique passwords are allegedly being reused.

    What I was surprised to see, and why I came to the forums today, was no obvious way to jump/locate the duplicate(s) from the point I had the notice that it was allegedly a reused password.

  • Eingang
    Eingang
    Community Member
    edited October 2018

    Ahhh… While browsing the forum after posting minutes ago, I see several other threads about this exact issue. My supposition about 1Password searching multiple vaults when labelling things as "reused" was correct, if I'm interpreting @Lars correctly in Reused password handling change, Mac only, starting in 7.2.1. All those years of figuring of why students' programs don't work with little provided information or knowledge of what they actually did pays off again. (-: That doesn't, however, answer why there's no obvious way to click on the allegedly reused password and have it show you the entries it's matched on.

  • Lars
    Lars
    1Password Alumni

    @Eingang - thanks for the sleuthing and the feedback. We're currently trying to navigate a way to allow users to suppress these warnings on an item-by-item basis. We've done something similar with the 2FA tag for items that have been set up using anything from SMS to Yubikeys (IOW: not within 1Password). The problem with that is: it's a bit of a kludge: it's a Mac-specific solution, so although the 2FA tag will appear on other platforms, it won't perform the same function there, which could be quite confusing. A much better solution would be cross-platform, but of course that's much more difficult to implement and requires the participation of multiple teams, with all the coordination that entails. That's what we'd like to implement, however, so in the meantime, we appreciate users' patience. We know the banners are annoying if you can't change the reason they exist...but they're also not going to cause data loss or a security issue: they're just annoying. So please bear with us, and we hope to have a solution for this out before too long. Thanks. :)

  • mppetrick
    mppetrick
    Community Member

    It is annoying, but as long as it's not causing any problems data/security-wise I can wait for the fix. I'm very fond of 1Password.

  • Lars
    Lars
    1Password Alumni

    @mppetrick - thanks for understanding. :) :+1:

  • TonyHall
    TonyHall
    Community Member

    @Lars We know the banners are annoying if you can't change the reason they exist...but they're also not going to cause data loss or a security issue: they're just annoying. So please bear with us, and we hope to have a solution for this out before too long.

    I appreciate app development isn't easy, but the issue with these persistent, overly zealous, warning banners was raised when the new mini was unexpectedly released at the very end of the initial public beta testing 5 months ago - we're still patiently waiting for a solution.

    Facetious question (with tongue very firmly wedged in cheek)...

    • Will we see a solution to this, and other UI problems raised around the same time, in the current v7, or will it be a much vaunted new feature in the next paid upgrade to v8? ;)

    Many thanks.

  • Hi @TonyHall

    We need to understand what the issue is before we'll be able to address it. Where are these warnings / duplicates coming from? There may be some cases we can address, and others where 1Password is working as intended (and as such isn't likely to change).

    Ben

  • glioma
    glioma
    Community Member

    I upgraded to Mac OS Mojave today. Now, every item in 1Password has the "reused password" banner, even though 99% of the passwords are not reused.

  • Lars
    Lars
    1Password Alumni

    @glioma - did you do anything else besides update to Mojave? Did you perhaps also upgrade to 1Password 7 for Mac, or create a 1password.com membership?

  • glioma
    glioma
    Community Member

    I had already upgraded to 1Password 7 prior to upgrading to Mojave. And I have had a 1password.com signin for years. I've been a 1Password user for years.

  • Lars
    Lars
    1Password Alumni

    @glioma - thanks for the additional information. Can you tell me, if you visit Preferences > Vaults, what you see there? The number and names of the vaults?

  • glioma
    glioma
    Community Member

    Thanks. I have the family plan. So under vaults, I have the main "family vault." There are two vaults under that. One is my main vault and the other is a sharing vault for another family member. This is the same setup I've used for a long time. Nothing has changed recently except the upgrade to Mojave.

  • Lars
    Lars
    1Password Alumni

    @glioma - so you've got only two vaults, and doing nothing else but upgrading to Mojave suddenly made all of your items appear in the Re-Used Passwords category in Watchtower, when they didn't previously? Did you copy the items over in bulk from one of those vaults to the other at some point in the past?

  • glioma
    glioma
    Community Member

    Yes, in the past I have copied more than one item at a time from the main vault to the sharing vault.

  • Lars
    Lars
    1Password Alumni

    @glioma - that will be the source of it, then -- copied items create, well, a copy - in other words, a second item, which does indeed have the same password as the first one. In other words, it's "reused" for the purposes of how 1Password checks for these things. As a rule, we don't recommend copying an item into multiple vaults; they are indeed separate items, meaning if you change the password or any other data on the record in one of the copies, the other copy will still have the same older data, leading to gradual data mismatch and likely confusion. However, we are also looking into ways to change what 1Password uses to check for re-used passwords.

  • glioma
    glioma
    Community Member

    Thanks for the answer. Makes sense, except why did I not get this message until the upgrade to Mojave? Also, how do you recommend sharing under the family plan if not copying the shared items?

  • Lars
    Lars
    1Password Alumni

    @glioma

    how do you recommend sharing under the family plan if not copying the shared items?

    Not sure I understand that one. If you've got a 1Password Families account, then the Shared vault is available to everyone in the family. Each family member has his or her own Personal vault, as well as access to the family-wide Shared vault. You would keep things only you need (personal email credentials, your individual Facebook accounts, etc) in your respective Personal vaults, but put anything you ALL need access to into the Shared vault. This is a great place for joint checking account or credit card information, the family Netflix password, garage door/building codes, and anything else where you all use a single login/password, instead of each having your own individual accounts. There's no need to copy items everyplace. Just move (NOT copy) your shared items and that's it. :)

This discussion has been closed.