This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Chrome Extension Issues
I'm a new user as of this morning, and noticed a few issues when using the Chrome extension. These are mostly minor, but just get in the way of making the process of the initial use of 1Password. I don't think all of these are unique to the Chrome extension, or even the extension directly, but that's what I was using. Anyway:
1) When creating a new login to a site, there is a prompt to save it that has part of the site URL as the default title. The text box that shows the title doesn't respond to the normal shortcut key of CTRL+A to select all, so it makes it a bit of a pain to modify the title - you have to click in it, then delete and backspace to clear in order to put the title you want in there, or you have to use the mouse to select with a click-and drag. I usually ended up just adding it with whatever the default is, then go to the windows app to edit, which has the title fully selected so I can just start typing after I click Edit.
2) Multiple logins to same website, that used different user names but the same password is a pain. Yes, I know I should have been using diff passwords for everything, but that's basically impossible when you have 50+ different logins, which is the whole point of the 1Password app and one of the main reasons I bought and started using it. However when you're initially signing up is when this problem will be most prevalent - after a while you'll have unique and very strong passwords generated by 1Password. I could not figure it out on my own at all, and it took several searches before I finally found this support item [url="http://support.agilebits.com/discussions/browser-extensions/2941-multiple-logins-from-chrome-extension"]http://support.agile...hrome-extension[/url] (I later saw something in the user guide about it that I missed on first read). If the behavior was that it would not just look at the password for uniqueness, but look at both the user name and password, it would make the process of migrating over to 1Password much easier - and when I sees this maybe have a message that tells the user that they should have unique passwords in this scenario. Remember that the people that will run into this problem are [i]new users[/i] who likely have bad password policies, but also don't fully understand the application yet.
3) Changing passwords is a [b]huge [/b]pain. Most sites that have a password change require 3 fields, one with the current password and 2 with the new password. To get the current password to fill in you either get the password in the clipboard and paste it there, or use the "Fill and submit login" entry to fill it in, which also fills in the other two fields which you must now clear. Then after that you use 1Password to generate a much better password, so you click on the password generator option and hit fill - however, hitting that button will close the extension drop-down and fill in the items, without a way to then get the password that was just generated. I was expecting that the Fill button would fill in the fields and also copy the generated password to the clipboard so I could use it to edit the settings in the database. I ended up messing this up on 3 different websites and had to do a password reset before I finally got in the habit of either copying it before hitting fill, or generating it from the Windows app and copy/pasting from there.
Like I said earlier, these are all minor issues that I probably won't even notice in a week as I move everything into 1Password, but it definitely caused a lot of friction and frustration this morning as I was getting accustomed to how things work. Had I just been doing a trial (instead of just buying it straight off), these issues probably would have been enough to have me check out some of the competition, especially after hitting #3 a couple of times.
1) When creating a new login to a site, there is a prompt to save it that has part of the site URL as the default title. The text box that shows the title doesn't respond to the normal shortcut key of CTRL+A to select all, so it makes it a bit of a pain to modify the title - you have to click in it, then delete and backspace to clear in order to put the title you want in there, or you have to use the mouse to select with a click-and drag. I usually ended up just adding it with whatever the default is, then go to the windows app to edit, which has the title fully selected so I can just start typing after I click Edit.
2) Multiple logins to same website, that used different user names but the same password is a pain. Yes, I know I should have been using diff passwords for everything, but that's basically impossible when you have 50+ different logins, which is the whole point of the 1Password app and one of the main reasons I bought and started using it. However when you're initially signing up is when this problem will be most prevalent - after a while you'll have unique and very strong passwords generated by 1Password. I could not figure it out on my own at all, and it took several searches before I finally found this support item [url="http://support.agilebits.com/discussions/browser-extensions/2941-multiple-logins-from-chrome-extension"]http://support.agile...hrome-extension[/url] (I later saw something in the user guide about it that I missed on first read). If the behavior was that it would not just look at the password for uniqueness, but look at both the user name and password, it would make the process of migrating over to 1Password much easier - and when I sees this maybe have a message that tells the user that they should have unique passwords in this scenario. Remember that the people that will run into this problem are [i]new users[/i] who likely have bad password policies, but also don't fully understand the application yet.
3) Changing passwords is a [b]huge [/b]pain. Most sites that have a password change require 3 fields, one with the current password and 2 with the new password. To get the current password to fill in you either get the password in the clipboard and paste it there, or use the "Fill and submit login" entry to fill it in, which also fills in the other two fields which you must now clear. Then after that you use 1Password to generate a much better password, so you click on the password generator option and hit fill - however, hitting that button will close the extension drop-down and fill in the items, without a way to then get the password that was just generated. I was expecting that the Fill button would fill in the fields and also copy the generated password to the clipboard so I could use it to edit the settings in the database. I ended up messing this up on 3 different websites and had to do a password reset before I finally got in the habit of either copying it before hitting fill, or generating it from the Windows app and copy/pasting from there.
Like I said earlier, these are all minor issues that I probably won't even notice in a week as I move everything into 1Password, but it definitely caused a lot of friction and frustration this morning as I was getting accustomed to how things work. Had I just been doing a trial (instead of just buying it straight off), these issues probably would have been enough to have me check out some of the competition, especially after hitting #3 a couple of times.
Flag
0
Comments
-
Welcome to the forums, Darrell! Thanks for taking the time to contact us. You've written quite a bit, so I hope I am able to address everything you wrote. Let's give it a go. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
[quote]1) When creating a new login to a site, there is a prompt to save it that has part of the site URL as the default title. The text box that shows the title doesn't respond to the normal shortcut key of CTRL+A to select all,…[/quote]
I'm not able to reproduce any trouble using CTRL+A to select all in the title (or any) field of a new (or existing) Login item in the extension. When I position my cursor in the title field while editing an item in the extension and press CTRL+A, all the text in the field is selected as expected. What versions of (1) Windows, (2) Chrome, and (3) extension are you using?
[quote]2) Multiple logins to same website…[/quote]
As you mention, 1Password will not prompt (via the autosave bar) to save a Login with the same password for the same domain more than once. If it did, it would prompt you to save a new Login item every time you logged into the site. This is not really something most users would find tolerable. As you discovered, you simply need to save the Login manually if — against all security recommendations — you wish to reuse passwords.
Manually saving a Login is covered in the Welcome Guide you saw when you first installed the extension. It is also accessible at any time using the direct link:
http://help.agilebits.com/1Password3/3_minute_expert_new.html
[quote]3) Changing passwords…[/quote]
We definitely need to improve the process for changing a password. For now you can change a password entirely within the extension. Most sites do not require you to input your current password, but if you need to, you can temporarily turn off autosubmit by clicking the "Fill and Submit Login" header and then select the Login to fill the current password. Alternatively you can copy it from within the Login item's details as described in the User Guide:
http://help.agilebits.com/1Password3/change_password.html
We really do appreciate your feedback and are working to improve 1Password to make changing passwords easier. I can't share the details, but it is definitely on our radar.
Please let me know if you're still having trouble with selecting text in the extension or if there is anything else I can help with.
Cheers!Flag 0 -
[quote name='khad' timestamp='1348523244' post='62377']
Welcome to the forums, Darrell! Thanks for taking the time to contact us. You've written quite a bit, so I hope I am able to address everything you wrote. Let's give it a go. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
I'm not able to reproduce any trouble using CTRL+A to select all in the title (or any) field of a new (or existing) Login item in the extension. When I position my cursor in the title field while editing an item in the extension and press CTRL+A, all the text in the field is selected as expected. What versions of (1) Windows, (2) Chrome, and (3) extension are you using?
[/quote]
I can't recreate this right now either (of course), but ran into an issue earlier today that I think may be related. I logged into the Intuit eBillity site, and after clicking the submit button, the page refreshed several times, each time triggering the save login prompt to come down and then go back up. When it finally settled down and stopped refreshing there were two prompts that were showing at the top of the page to save the login. The top prompt was completely un-responsive - wouldn't even take mouse input into the title field, but the bottom one worked just fine. Thinking back to when I was seeing this CTRL+A problem, the sites I was adding all did the refresh several times thing, but they only left one login entry prompt at the top when done. It was these that I had the issue with, and I stopped trying after having the problem with a few so I can't be sure it was only limited to those kinds (though it does seem a bit suspicious). When I tried again just a little bit ago, that site I entered didn't do the multiple refreshes in that manner. I'm running Windows 7 64-bit, stable branch of Chrome, currently 21.0.1180.89 m and extension ver [color=#303942]3.9.8.39899.[/color]
[quote name='khad' timestamp='1348523244' post='62377']
As you mention, 1Password will not prompt (via the autosave bar) to save a Login with the same password for the same domain more than once. If it did, it would prompt you to save a new Login item every time you logged into the site. This is not really something most users would find tolerable.
[/quote]
I don't agree. The problem is that right now it is only taking two pieces of information into account - the site and the password. If you added the username to that uniqueness requirement, users who have already logged into the site wouldn't be prompted incorrectly (that user/pass/site combination would already be entered, so it wouldn't trigger the prompt). The only time they'd be prompted again is if one of these pieces of information change - so in this case if the user name was different. A further enhancement here would be after 1Password saved this 2nd account with the same password, there could be an additional prompt that would recommend that the user change the password on one or both of the accounts. I'm assuming they'd be doing that anyway (now that 1Password makes it so easy to manage unique ones on each site), but a reminder would be good.
This suggestion would of course only work for sites that have the user name and password on the same page, which is the majority of sites in my experience. Maybe I'm over-simplifying the problem due to that.
[quote name='khad' timestamp='1348523244' post='62377']
As you discovered, you simply need to save the Login manually if — against all security recommendations — you wish to reuse passwords.
[/quote]
I think the user most likely to run into this is a new user who bought the software to help manage an out-of-control password strategy. I was definitely in this camp, I knew this was a bad security practice but I had far too many passwords to remember, so had to make some compromises like this to keep it straight in my head. Now that I'm using 1Password, this won't happen again - but this restriction made it harder for me to get to the point where I could even do this. I just kept logging in and getting frustrated when the prompt didn't come up for me to save the second account. Looking back, if I had changed the password immediately after adding each login, I never would have ran into the issue (since the 1st instance would have had a different password already), but my strategy was to first get all the logins into the system, then go back and change each one. Perhaps the issue was more my strategy for entering the current logins, but it still seems like something that 1Password could have easily managed better.
[quote name='khad' timestamp='1348523244' post='62377']
Manually saving a Login is covered in the Welcome Guide you saw when you first installed the extension. It is also accessible at any time using the direct link:
[url="http://help.agilebits.com/1Password3/3_minute_expert_new.html"]http://help.agilebit...expert_new.html[/url]
[/quote]
I did find this later, I read it initially but didn't really understand what it was talking about until I got more familiar with the product and then ran into the issue, then I went back and thought to myself, "oh, that's what that meant". Perhaps I read through this too quickly.
[quote name='khad' timestamp='1348523244' post='62377']
We definitely need to improve the process for changing a password. For now you can change a password entirely within the extension. Most sites do not require you to input your current password, but if you need to, you can temporarily turn off autosubmit by clicking the "Fill and Submit Login" header and then select the Login to fill the current password. Alternatively you can copy it from within the Login item's details as described in the User Guide:
[url="http://help.agilebits.com/1Password3/change_password.html"]http://help.agilebit...e_password.html[/url]
[/quote]
Of the websites I've changed the password on so far, about 2/3 of them have the 3 password prompts (old, new and verify new). The workflow I finally settled on was to open the login item in the app, copy/paste the old password to the website. Next, generate the new password within that dialog, copy/paste it into the new and verify fields and submit the change. Once the submit is successful, go back to the 1Password app and click OK on the password dialog. I tried a few different things using the extension, but found it [i]far [/i]too clunky for this purpose.
[quote name='khad' timestamp='1348523244' post='62377']
We really do appreciate your feedback and are working to improve 1Password to make changing passwords easier. I can't share the details, but it is definitely on our radar.
[/quote]
Can't wait! I really like the product so far - the things listed above weren't really bugs, just frustrations as I began using the software that are ebbing somewhat as I familiarize myself with how the software is designed and how it expects me to work. I'm definitely glad to hear something being tweaked in the password change area though.
Thanks for the quick reply BTW. I've definitely had a great customer service experience here, with both you and another Engineer I submitted a crash report to. It is greatly appreciated.Flag 0 -
[quote]I can't recreate this right now either (of course), but ran into an issue earlier today that I think may be related.[/quote]
We'll keep an eye on this and see if we get any other reports. So far I've never heard of this happening apart from this thread, but we'd love to know the steps to reproduce if you are ever able to consistently do so.
[quote]The only time they'd be prompted again is if one of these pieces of information change - so in this case if the user name was different.[/quote]
As far as I know the current behavior is very intentional as we do not want to encourage folks to reuse passwords. 1Password is designed to make the secure thing to do (have unique passwords) the easy thing to do (click to generate). What I'd suggest if you (or anyone else) are first starting out is to just skip saving your existing reused passwords entirely and just generate new passwords and save those in 1Password. That's the workflow 1Password is designed for. Reusing passwords is attempting to use 1Password in a way it was not intended. We agree with every known security expert that you should not reuse passwords, but if you wish to do so you can. It just takes bit more effort as you will need to manually save a Login in that case. 1Password will not prompt you to save one automatically.
[quote]A further enhancement here would be after 1Password saved this 2nd account with the same password, there could be an additional prompt that would recommend that the user change the password on one or both of the accounts.[/quote]
This is definitely more along the lines of what I could see being implemented. We've talked about such a prompt (either during the login process or by running some kind of "password audit" on your data at an arbitrary time), but I don't a time frame frame for when or if such a feature will be available.
[quote]Perhaps the issue was more my strategy for entering the current logins, but it still seems like something that 1Password could have easily managed better.[/quote]
I'll certainly mention your usage to the developers! There is always room for improvement. We can't change how people behave, only how 1Password behaves. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
[quote]Thanks for the quick reply BTW. I've definitely had a great customer service experience here, with both you and another Engineer I submitted a crash report to. It is greatly appreciated. [/quote]
Awesome! Thanks for the kind words. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
When we say we are "always here to help" we mean it. Enjoy the rest of your week and let me know if there is anything else I can help with.
Cheers!Flag 0
