This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Understanding Generated Passwords

zeplin
zeplin
in Mac
I was using 1PW 2 with my G4 mac running OS 10.4.



I logged in at many sites and had 1PW generate strong passwords (20 digits)



A short time later my G4 died and I bought a new mac with OS 10.6 and upgraded to 1PW 3.



To my surprise, when I logged in at my sites, I was able to do so with my old PW rather than the strong PW I thought these sites now had.



What happened to the strong PW's generated by 1PW?



Do they change?



How can they revert back to the old PW?



If the supposedly "strong" PW's are going to change back to the old PW's, what's the use of using 1PW??



zeplin
Flag

Comments

  • khad
    khad Social Choreographer
    edited December 2010
    Hi zeplin,



    I'm sorry that you are having this problem. The Generated Passwords are stored in the Generated Passwords section in 1Password. If the password is not actually changed on the website, your old password will still be in effect. If the password is changed on the website, 1Password should prompt you to update your Login item (separate from the Generated Passwords section which is more like a history of your Generated Passwords).



    Ideally, those three things will line up: the password the website expects, the password stored in your login, and the most recently generated password (if there is more than one) for that particular site.



    The most important is the first since you will not be able to log in to the website unless you know the password it is expecting. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    It is possible to generated many passwords from within 1Password and never visit the website to make the change. In this case, your generated password might only be stored as a generated password and not in the login or on the website.



    1Password will never and can never change your password on a website for you or behind your back. You must log in to the website and manually visit the appropriate page on the site for changing a password.



    It is here that it is best to invoke the Strong Password Generator since the password will be filled [i]on the website[/i] and 1Password will have the opportunity to update your login with the newly generated password [b]in addition[/b] to saving it in the Generated Passwords history as a safety net.



    So the short version is that it sounds like your passwords might never have been changed on the website(s). For example, if I generate a new password in the 1Password application (File > New Item > New Password…), I can label it Amazon, but unless I visit Amazon's website and change my password, that newly generated password exists only in my Generated Password history.



    I hope that helps. Please let me know.
    Flag
  • brenty
    brenty
    That was a very detailed explanation!



    It can be easy to get kind of overwhelmed by the process and practice of good security, so I like to kind of think of it in terms of metaphors:



    Just imagine I want to better secure my home. My old lock is pretty primitive by todays standards, so I buy new ones and get some really sophisticated keys made. That's all well and good, but if I don't [i]install[/i] the locks so I can use my fancy keys, it doesn't really do much good.



    I have done exactly this. Fortunately, I didn't get robbed before I got off my butt and installed them. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />
    Flag
  • zeplin
    zeplin
    edited November 2010
    Ok, I'm glad to hear your logical explanation.



    Looks like its my rookie error. At least it can be corrected.



    I will go back and fix it.



    Thank you very much.





    zeplin
    Flag
  • khad
    khad Social Choreographer
    Love the analogy, brenty!



    zeplin, I hope you get everything sorted out just the way you like it.



    As I have said elsewhere in these forums, I don't actually [i]know[/i] any of my passwords. I have long since changed every single one of my passwords for every item saved in 1Password to a Generated Password. Well, I do know [b]one[/b] of my passwords. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />



    It did take the effort to visit each website and change each password individually, but I did it over time and was not in any hurry. You can sort by password strength in Traditional View (View > Layout > Traditional, then click the Password Strength column header) to get an idea of which passwords you need to change quickest. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/laugh.gif' class='bbc_emoticon' alt=':lol:' />
    Flag
  • brenty
    brenty
    [quote name='khad' timestamp='1290560206' post='15780']

    Well, I do know [b]one[/b] of my passwords. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />

    [/quote]



    Aha! You are the weak link in the security chain! Give us your credentials! Resilience is infantile!



    Or something.



    [quote]

    You can sort by password strength in Traditional View (View > Layout > Traditional, then click the Password Strength column header) to get an idea of which passwords you need to change quickest.

    [/quote]



    Der. Why didn't I think of that? Maybe you have nothing to fear from me and my [url="http://googlemapsmania.blogspot.com/2010/05/army-of-pigmen-on-google-maps.html"]army of pig men[/url] after all... (Aw, the videos don't work any more!)



    Anyway, great to pass the time while listening to audiobooks on a rainy day. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
    Flag
  • thightower
    thightower &quot;T-Dog&quot; Agile&#39;s Mascot Community Moderator
    Very much a over time thing. I am finally breaking the wifes bad habits of reusing passwords. I had some free time a month or so ago, I used the search feature and changed all of them to random generated.



    I'll go a little farther and say I know 4



    1PW and 1PW Touch

    MobileMe and Gmail



    I couldnt remember my Dropbox, DynDns, or Logmein, passwords if my life depended on it they are maxed at 50 characters. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



    zeplin, good luck on changing them and take a little bit at a time you'll get there just don't get overwhelmed and get flustered.
    Flag
  • brenty
    brenty
    [quote name='thightower' timestamp='1290572801' post='15799']

    1PW and 1PW Touch

    MobileMe and Gmail

    [/quote]



    The only thing stopping me from going all out is the handful of iPhone apps that i need to be able to login to quickly without having to mess around with copy/paste.



    Also, 1Password needs a recursive mode (which came first?) so it can login to itself. I hate having to remember that Master Password! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />
    Flag
  • khad
    khad Social Choreographer
    I know — or at least am pretty sure — you were joking about that recursive mode, but you can enable "Never prompt for master password" (Preferences > Security) if you're into that sort of thing. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Then again, all this talk of generated passwords makes me think you are much too security-concious to do that. Haha!
    Flag