Updating an existing password

Comments

  • 1pwuser31547
    1pwuser31547
    Community Member

    Hi.
    Regarding changing passwords using the extension, when I do this the new password is saved as a password entry rather than updating in the password field of a login entry. In other words, the old username and password remains and the new password is created in a separate entry (password entry).

    I am initially autofilling from the app (clicking next to the URL and clicking open and fill).
    I then go to to the password change site on the website, copy/paste old password, generate new password and then save and fill, all in the extension.
    Should I be initially autofilling using the extension/mini rather than through the app when initially logging on?

    I have the most recent version of 1 PW for Mac and the most recent version of Chrome.

    _I noticed that the "Click Update Existing" doesn't occur. _

    Thanks

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @1pwuser31547!

    Should I be initially autofilling using the extension/mini rather than through the app when initially logging on?

    This should not matter.

    I have the most recent version of 1 PW for Mac and the most recent version of Chrome.

    Can you please confirm the exact versions?

    • 1Password for Mac version
    • Chrome version
    • 1Password Extension for Chrome version

    Thank you!

  • 1pwuser31547
    1pwuser31547
    Community Member

    Chrome
    Version 80.0.3987.122

    1 pw extension Version 4.7.5.90

    1 pw 7 Version 7.4.3

  • ag_ana
    ag_ana
    1Password Alumni

    @1pwuser31547:

    Thank you for the confirmation. I originally thought that this was happening on twitter.com for you, but then I noticed that you copied the screenshots from our support article instead. So can you confirm what website this is happening in for you?

  • 1pwuser31547
    1pwuser31547
    Community Member

    Every website

  • ag_ana
    ag_ana
    1Password Alumni

    @1pwuser31547:

    I cannot reproduce the issue here on the websites I have tested. Please make sure that the website field in your 1Password login item matches the URL of the website you are on: if they differ, 1Password will consider that as a new website and will not show you the Update Existing button.

  • 1pwuser31547
    1pwuser31547
    Community Member

    Every website

  • 1pwuser31547
    1pwuser31547
    Community Member

    I’ll confirm.
    However, won’t the website domain of the password change field will differ slightly from the website of the log in page?

  • ag_ana
    ag_ana
    1Password Alumni

    @1pwuser31547:

    No, the domain will remain the same. The URL will be probably different, but the domain will remain the same during a password change.

  • 1pwuser31547
    1pwuser31547
    Community Member

    Yes, sorry that’s what I meant.

    “Please make sure that the website field in your 1Password login item matches the URL of the website you are on”

    If I change the current log in URL entry to match the password change URL, will I be able to login using autofill since the URLs are different (domains same).

  • ag_ana
    ag_ana
    1Password Alumni
    edited February 2020

    @1pwuser31547:

    If I change the current log in URL entry to match the password change URL, will I be able to login using autofill since the URLs are different (domains same).

    Yes. However, there is no need to change the entire URL inside your 1Password item. You just need to make sure that the domain part is the same inside your 1Password item and the website that you are visiting.

  • 1pwuser31547
    1pwuser31547
    Community Member

    Still no luck,
    URLs match exactly and still the new password is saved as a separate entry while the old credentials remain the same in the website field in my 1 PW log in item.
    Please advise.

  • 1pwuser31547
    1pwuser31547
    Community Member

    Am I supposed to edit the password in the website field and then fill into the new password space?
    Each time I click generate new password, the system generates a new password entry, separate from the original data.

  • 1pwuser31547
    1pwuser31547
    Community Member

    So one more thing- I noticed that the specific website favicon is not present in any of website login entries. So for example for Google, I don’t see the icon, rather a generic “gm” for gmail.

  • ag_ana
    ag_ana
    1Password Alumni

    @1pwuser31547:

    So one more thing- I noticed that the specific website favicon is not present in any of website login entries. So for example for Google, I don’t see the icon, rather a generic “gm” for gmail.

    Can you post the exact value of the website field inside this Google login item?

  • 1pwuser31547
    1pwuser31547
    Community Member

    So the problem seems to be that for some websites, the change password URL is different from the initial log in page.
    When the change password URL begins with www. 1 PW is able to detect the changed password and does update the password in the 1 PW website field.
    When the change password URL does not begin with www. , 1 PW detects the changed password as a separate password entry and does not update the original 1 PW website field.

    For example, with ADP, the log in page, _as well as _the change password page begin with my .adp.com
    https://my.adp.com/static/redbox/login.html

    With Bank of America, the initial log in page is https://www.bankofamerica.com
    The update password page (only after login in) is:** https://secure.bankofamerica.com/login/edit/sm/redirectSecurityCenter.go?target=signin_settings**

    1 PW is unable to update website settings after a password change for these sites.

    Note where the the change password URL also begins with www, 1 PW is able to automatically update the 1PW website field with the new password.

    For example https://www.abebooks.com/servlet/SignOnPL for sign into Abebooks
    and https://www.abebooks.com/servlet/ChangePassword for changing password.
    Both have WWW. and 1 PW works here.

    Please advise

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @1pwuser31547 ,

    Bank of America's website is a known problematic website, as well as many other banking websites that actively try to prevent autofilling software from working properly. We've seen all kinds of crazy stuff they're trying to pull off in order to prevent users from autofilling on their websites and even preventing apps like 1Password from even detecting fields on their websites. We've even wrote an open letter that our users can send their banks in hope that the banks will listen at some point (and some of them have!): https://blog.1password.com/an-open-letter-to-banks/

    I'm having troubles finding a normal website that anyone can open an account in for free to test your theory about the "www" part, if you manage to come across such a website where we can open a free account and test it in, please do let us know!

    Just for general knowledge, whenever you generate a new password and use it, 1Password saves it as a separate password item in the app just in case you didn't manage to save it in the login item or if the page did not allow it. It is a failsafe to prevent loss of generated passwords after using them.

  • 1pwuser31547
    1pwuser31547
    Community Member

    I’ll let you know. I’m planning to change a bunch of passwords soon. Still it’s an interesting observation, albeit with small sample size.
    Yes I know the password is saved as a separate entry these cases.
    By the way, iCloud Keychain password manager is able to detect these cases and properly autofill.

  • ag_yaron
    ag_yaron
    1Password Alumni

    @1pwuser31547 Thanks for the update. Please do share your findings here if you are able to reproduce the issue on demand on a website we will also be able to reproduce it on. :+1:

  • 1pwuser31547
    1pwuser31547
    Community Member

    Maybe someone on your end could look at the code to see if it’s something that can be updated.
    I’ll let you know about my results.

  • ag_yaron
    ag_yaron
    1Password Alumni

    If we can confirm it is a bug, I will be able to file it as such for our developers to look at, so it is crucial we will be able to reproduce it first.
    I keep a close eye on it on my daily use but so far did not come across a website with such a URL.

  • 1pwuser31547
    1pwuser31547
    Community Member

    Hi Yaron.
    This issue occurs with gmail.
    The URL for the password reset page does not have www. It starts with myaccount.google.com
    The new password is saved as a separate entry as a password entry.

    Please advise

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @1pwuser31547 ,
    I have tested this and saw that the "www" doesn't quite relate to the issue, it happens whether there is a www in the URL or not. 1Password simply does not pop up and ask if you'd like to update the existing login when changing a password in Google's account settings.

    Thanks for reporting it. If you have a 1Password.com membership account, I suggest you give 1Password X a try, as it handles such situations better for now.

  • 1pwuser31547
    1pwuser31547
    Community Member

    Yes. It appears this occurs for sites where the URL's of the log in page and password change page don't exactly match.
    Thanks for looking into it.

  • ag_ana
    ag_ana
    1Password Alumni

    :+1: :)

This discussion has been closed.