This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Why are duplicate Login items created?

khad
khad Social Choreographer
edited December 2012 in Windows
[quote][color=#282828][font=helvetica, arial, sans-serif]I've noticed that 1Password sometimes remembers 2 or more logins for a site. This is usually because the url's are a little different (like "http://www.blahblah.com/account_management/login.php/session_[/font][/color][b]JKAFHHAGJHFG[/b][color=#282828][font=helvetica, arial, sans-serif]". LogMeIn does stuff like this, incidentally.).[/font][/color]



[color=#282828][font=helvetica, arial, sans-serif]Now, it's pretty rare that you need multiple sets of credentials for the same domain name. There are cases, but they're rare. But 1Password seems to treat this as the default. Here's one annoying thing I've seen 1Password do.[/font][/color][list]

[*]I go to [url="http://blahblah.com/order_checkout.php"]http://blahblah.com/order_checkout.php[/url] and enter a username and password, and tell 1Password to remember it.

[*]Later, I go to [url="http://blahblah.com/account_management.php"]http://blahblah.com/..._management.php[/url] and enter the [b]same[/b] username and password. 1Password asks if it should remember it, and tell it to do so.

[*]1Password saves them as separate logins.

[/list]

[color=#282828][font=helvetica, arial, sans-serif]Why doesn't 1Password... 1) realize that I'm entering the [/font][/color][b]same[/b][color=#282828][font=helvetica, arial, sans-serif] login credentials for a different document path at the same domain and then, 2) offer to adjust the saved URL for the login to be the [/font][/color][b]longest common piece[/b][color=#282828][font=helvetica, arial, sans-serif] which appears in both URL's (in this case, "http://blahblah.com/")? The thing about 1Password which eats up the most of my time is that I have to, periodically, go through my list of logins, find duplicates, make sure they all have the same username/password, delete all but one, and then change the URL stored in it so that it applies site-wide. And it's silly that I have to do this when, as I said, the vast majority of the time, you only need one username/password for an entire domain name.[/font][/color]



[color=#282828][font=helvetica, arial, sans-serif]One nice thing is that 1Password would only have to ask this once per domain, and then it could save that as a flag for that domain. If you have a login saved for "http://www.blahblah.com/AAA" and, later, you manually enter another username and password at "http://www.blahblah.com/BBB", then 1Password could ask "Use these same credentials for all logins at { www.blahblah.com }?". If you say "Yes", it would mark the login as being "site-wide" and/or adjust the saved URL to be "http://www.blahblah.com/" and update the saved username and password. If you say "No", then 1Password would mark the existing saved login as being for a site with multiple logins, and then offer to save the one you just entered (and will mark [/font][/color][i]that[/i][color=#282828][font=helvetica, arial, sans-serif] as being for a site with multiple logins). Then, if you go back to that site and enter a third set of credentials, it wouldn't even have to ask you if you wanted site-wide credentials; it would know that you didn't, and it would just offer to save that username/password as a new login.[/font][/color][/quote]



I split this post from [url="http://forum.agilebits.com/index.php?/topic/11422-okay-help-me-with-the-concept-of-generated-passwords/"]the other thread[/url] since it is a separate topic and I want to make sure you get the attention you deserve. I hope you don't mind. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



There are a couple factors at play here.



1. The 1Password extension will never automatically save a Login item without your explicit instruction.



2. If you already have a Login saved for a given domain (not just a specific URL, but the entire domain) and [crucially] [b]use 1Password to fill the Login [/b]then 1Password will not prompt you to save a Login again.



If you have duplicates it is because you are saving them. That said, 1Password shouldn't be prompting you.



Can you confirm for me that you have disabled your browsers' own password manager as we recommend in the User Guide? If your browser is filling in the data rather than 1Password, then 1Password won't be able to check to see if it has already been entered.



Leaving your browsers' password manager enabled[color=#333333] makes things both more confusing (“I thought I already saved that!”) and less secure (for more information on the security implications, try Googling for ”[/color][url="http://www.google.com/search?&q=browser+password+manager+security&ie=UTF-8&oe=UTF-8"]browser password manager security[/url][color=#333333]”).[/color]



Please let me know if you're still having trouble.

Comments

  • [quote name='khad' timestamp='1356131310' post='66165']There are a couple factors at play here. 1. The 1Password extension will never automatically save a Login item without your explicit instruction.

    [/quote]



    Noted. But I don't keep a manual log of which logins I've had 1Password save and which ones I haven't. I'm kind of relying on 1Password to alert me to ones which it considers to be new. This gets back to my original point about how 1Password, when I tell it to save a password for a [b]different[/b] URL but the [b]same[/b] host address (meaning that only the path-info is different) as a password which it already has stored, then its first suspicion should be that I'm visiting a site which has a few different URLs for logging in... and that I might want to "promote" that saved username/password to be site-wide for that host address... so it should [u]ask[/u] me if I want to do that (as opposed to saving the same username/password info for two different URLs at the same site).



    [quote name='khad' timestamp='1356131310' post='66165']

    2. If you already have a Login saved for a given domain (not just a specific URL, but the entire domain) and [crucially] [b]use 1Password to fill the Login [/b]then 1Password will not prompt you to save a Login again.



    If you have duplicates it is because you are saving them. That said, 1Password shouldn't be prompting you. Can you confirm for me that you have disabled your browsers' own password manager as we recommend in the User Guide? If your browser is filling in the data rather than 1Password, then 1Password won't be able to check to see if it has already been entered.

    [/quote]



    Well, that may be the issue. I'm still using Chrome's auto-fill, for a few reasons:

    1 - It already knows all of my passwords to the sites I visit. The easiest way to train 1Password was to just visit all of the sites I know of and let Chrome auto-fill as I log in and then tell 1Password to save the login that it just saw happen.

    2 - I sometimes visit these sites from my iPad or iPhone, and Chrome can auto-fill on those platforms (yes, I know that the new 1Password has a little browser in it, but I don't want to part with some of the features in Chrome). In order for Chrome on [b]iOS[/b] to have all of my passwords, I need to have Chrome on my [b]PC[/b] saving them. I had just assumed that Chrome wouldn't [b]store[/b] form contents unless [b]auto-fill[/b] was enabled (I figured that they were a package deal), but now, looking at the settings in Chrome, I realize that I can turn auto-fill off while still leaving form-content-saving on.

    3 - I didn't think that 1Password did un-prompted form filling. When I visit a site that 1Password has in my database (like, ebay.com, say) and if Chrome does [b]not[/b] have saved info for that site (and, so, doesn't fill in any form elements), 1Password doesn't [i]either[/i]. I end up having to go up to the 1Password plugin drop-down menu, and specifically click on the "ebay.com" listing at the top of the drop-down.



    But I want to touch on something you drew attention to: "...[color=#282828][font=helvetica, arial, sans-serif][size=3] If you already have a Login saved for a given domain ([b]not just a specific URL, but the entire domain[/b])...".[/size][/font][/color]



    Now... I'm not sure if you've actually [i]watched[/i] users using your product, or if you've asked them what is going through their head, but here's how it goes:[list]

    [*]User visits site for first time. The URL is something like www.store.com/checkout.php. When submitting their new password, 1Password offers to save it as "www.store.com". User wants it site-wide so they tell 1Password to save it as "store.com" (which, it seems, doesn't change anything about how 1Password matches the URL, it just changes the human-readable name it's listed under).

    [*]A few weeks go by. User decides to check on their order or whatever. They go to www.store.com/myaccount.php and are prompted for a username/password.

    [*]User thinks "Hmmm. I thought I saved a username/password for this. Guess I was wrong".

    [*]So, they open up 1Password and look and they [b]see [/b]"store.com" listed there... and they think "Hmph... that's odd.".

    [*]They open up the "store.com" entry in 1Password and copy the password to the clipboard and then paste it into the web-form they're currently on.

    [*]1Password prompts them, [b]again[/b], if they want to save the form contents.

    [*]User doesn't want to do this cut-n-paste thing in the future, so they tell 1Password to save... again, editing the "www.store.com" down to "store.com".

    [*]A few weeks go by, and the user goes back to store.com a third time. This time, they're viewing a product and they want to add it to their wishlist, so the site wants them to login, so they get a login form at www.store.com/login.php?return-to=product:37245.

    [*]Again, 1Password doesn't fill in the form.

    [*]User opens 1Password to get it manually and, now, they find [b]two [/b]entries for "store.com".

    [*]Now... [b]which[/b] one should they pick?

    [/list]

    Anyway, I'll turn off Chrome's auto-fill feature for a little bit and see if 1Password does a passable job of form-filling.
  • khad
    khad Social Choreographer
    [quote] I'll turn off Chrome's auto-fill feature for a little bit and see if 1Password does a passable job of form-filling.[/quote]

    It should work just fine once you disable your browser's password management.



    [quote]User thinks "Hmmm. I thought I saved a username/password for this. Guess I was wrong".[/quote]

    If you are viewing [i][b]any[/b][/i] page on the [font=courier new,courier,monospace][b]example.com[/b][/font] site any already-saved [font=courier new,courier,monospace][b]example.com[/b][/font] Login item is listed at the top in the "Fill and Submit Login" section. One click fills and submits.