The title of this post represents a paraphrase of e-mails that we often receive from users of 1Password who are wondering about the process of changing a weaker password to a stronger secure password. This topic was actually one of the original topics in our original user guide and we have referred people to this article on many occasions. However, since the time it was written we've added some more tools to 1Password that simplify the process and make it easier to do. Therefore, I wanted to expand on the original article and throw a real-world example into the mix.
Some of the features I will mention are covered in my previous blog post about "Dealing with Rejection" so check it out if you have not already done so. However, this post presumes no previous reading. Before we get started I do want to point out a couple of points of confusion in this area. First, you still have to follow the web site's normal password change procedure. These can vary greatly from site to site. Next, 1Password will not automatically update any previously saved web forms you may have for the site. You will need to manually update them or use the procedure I am going to use below. Finally, the process is not automated by 1Password so you will still need to do a little work but it is will be very easy as I will show in my example.
So, let's get started!
For our example, I will use our own support forums at http://support.agilewebsolutions.com/.
Step 1 - Login to the site
The login for the forums is located at the top right of the page:
Shown closer here:
The first thing I will need to do is login to the site. If I already have a working web form saved for this site then I can click on the 1Password icon in my favorite browser, select Restore Form, and choose the login. Personally, I use the Command-\ keyboard to do this.
Step 2 - Use the web site's password change procedure
Once logged in, I start my navigation to the password change page. On our site you click on the User Control Panel first:
Then click on Edit Email & Password:
I am then presented with the Change Password page below.
Step 3 - Fill the current password
The first field in the screen above is asking for my current password, so I have typed it in.
Power Tip: If you already have a web form saved for this site it is possible that you can use Restore Form to fill in the current password for you. It depends on the field names and the site. Try using the Restore Form feature to see if it will fill. In this case, it did not fill the current password in because the field name is currentpassword and my form has the password saved in a field named vb_login_password. (from the login page)
If you do not know your current password but have a web form saved in 1Password, you can look it up in the main 1Password application. You can then copy it to the clipboard and paste it in the field. The easiest way to do this is to use the search feature to locate the form. For example. use the domain name as shown here:
In the bottom pane, hover your mouse to the right of the password and a copy button will appear. Click on button to copy the password to the clipboard.
Step 4 - Generate a strong password
Now that we have used one of the above methods to get our current password filled on the page, we will let 1Password generate our new strong password for us. First, click on the 1Password icon and select Strong Password Generator.
The Strong Password Generator window will appear:
I am going to maximize the strength of this password so I have moved all the sliders to the right since this site allows 50 character passwords. Some sites will not allow a password of this length or may have other rules for the password. Using the customization window you can adjust it to fit the needs of the site.
Since this is a password change I am going to click on the Copy to Clipboard button first so that I have it in on my clipboard for pasting later. The reason for doing this first will be more apparent in a few more steps.
Next, I click the Fill button to populate the generated passwords into the fields on the web site.
The web page now looks like this:
(Note: I blanked out my personal e-mail address, but it was populated before I submitted it)
I click on the Save Changes button and my password has been changed.
However, we still have an issue to deal with in order to finish the process because 1Password does not have a web form with the new password.
Step 5 - Save a new web form (or overwrite the existing one)
So, I log out of the site and return to the front page again.
First, I type in my username in the top field. I copied my newly generated strong password to the clipboard back in Step 4 so I would have it handy. I can now use Edit >> Paste or Command-V to paste the new password into the login page. I do not click on the Login in button yet.
Instead, I click on the 1Password icon and select Save Form from the menu.
If I already have a web form saved for the site, then I want to replace it with the new information. When the Save Form window pops-up:
I use the pull down menu at the top to replace my existing form. If I do not have a web form saved at this site then I create a new one:
In either case, I click on the Save button to save the web form.
Step 6 - Test the new web form
I now blank out the the fields I just populated on the page so that it once again looks like this:
I then user the Restore Form feature to fill and submit my credentials:
and verify that I am logged in successfully:
I completed the entire process without ever loading the main 1Password application and handled everything directly in the browser. I took a very weak password at this site and made it very strong and used 1Password to do the hard work. When you get comfortable using this process it takes less than a minute.
How to handle a potential "Gotcha" in the process
In Step 4, I copied the password onto the clipboard before I filled it. I then pasted it in Step 5. However, what happens if I forget this step? Am I out of luck? Absolutely not. Anytime you click the Fill button on the 1Password strong password generator window the password is saved to the Password History section in the main 1Password application. In order to retrieve the new password, I can load the main 1Password application and click on the Password History section:
Search for the domain to find the entry.
Hint: If I keep the Password History sorted by the Modified column then most recently generated password will always be on top.
I can then copy the password to the clipboard my moving by mouse just to the right of the password field in the bottom pane and clicking on the copy button:
If you have questions or comments about the process, we would love to hear them.