Apple Passwords reliably updates passwords in its database before the password is confirmed to be actually changed. I've been locked out of accounts many times to this. They really need to focus on these basic UX issues.
All that data is lost when you migrate accounts though. I went from an old to a new 1P account and did the official way to copy (NOT exporting it to a text file and re-importing that way, actually copying it from the interface) and no version history persisted :/
Huh, yeah, I’m not seeing it there either. The macOS app is what I checked previously. iOS-only users might be able to see it at 1password.com. Weird inconsistency.
Still does not. My approach is to keep the file in OneDrive. On windows / mac it's just a file, on android it's via custom onedrive protocol handler but also seamless.
Yep. I get anxious when Safari starts to offer a new password for an existing account. Having access to previous passwords would be such great UX, but no, no such thing.
There's a 0% chance it will work. Most websites I've seen have one or all of:
* Force you to use email or SMS as a "second factor" to unlock changing password even if you know the old password
* A stupid idea of password complexity usually requiring one of a finite set of 5-8 "special characters" which is often only revealed after you've chosen a password that doesn't have them. Or in some cases even banning characters other than the ones they check for. There's a standard for this where you put a regex on the password field, which a good password manager will always use, but the kind of idiots who think limiting the entropy of passwords to increase security is the correct way to do things almost NEVER implement this.
* A maximum password length, even as short as 16 characters in many cases
* CAPTCHA etc.
Any effort spent on this would be better spent elsewhere, including even educating other companies on how passkeys should be used.
> Force you to use email or SMS as a "second factor" to unlock changing password even if you know the old password
Apple has detectors for codes sent via email or SMS, if your email account is one that is configured with the OS mail client.
> A stupid idea of password complexity usually requiring one of a finite set of 5-8 "special characters" which is often only revealed after you've chosen a password that doesn't have them. Or in some cases even banning characters other than the ones they check for. There's a standard for this where you put a regex on the password field, which a good password manager will always use, but the kind of idiots who think limiting the entropy of passwords to increase security is the correct way to do things almost NEVER implement this.
An AI agent can read the failure message and craft a new password
> A maximum password length, even as short as 16 characters in many cases
Same deal
> CAPTCHA etc.
While there's always the complex solution of scanning the image and trying to detect what is going on or slide the puzzle with enough of a curve to act like the motion of a human limb, there's also Private Access Tokens, supported by both Cloudflare and Google-provided captcha systems now IIRC. The OS uses an anonymous system to assert a single bit that there's proper browser chain-of-custody.
> Any effort spent on this would be better spent elsewhere, including even educating other companies on how passkeys should be used.
There are proposals as well to provide API to do upgrades from passwords to passkeys as well automatically. Nobody said the feature has to always use AI - but it may help the feature be robust enough for people to seek it out and try it.
Don’t forget those sites/apps that split the sign in process across five screens for bow good reason or those with mislabeled fields that password managers can’t pick up on.
I don’t think I’ve seen a single category of UX fail as hard and as often as auth screens do. It’s like at some point after 2015-2017 developers were struck with mass amnesia and forgot how to build decent login UIs.
Limiting the character set is done to reduce the frequency of "can't enter my password" support calls, not to increase security directly. Same with the maximum password length.
I don't think firms like the electric company or (payroll company) ADP are worried that I'll churn.
Also, the Venn diagram of "memorable" and "reasonably secure" really only intersects in the region of "Correct horse battery staple" phrases -- and the problematic sites I'm talking about nearly always limit length, which thwarts that type of password terribly. What is the purpose of maxlength on a password?? These shouldn't be stored in any form other than a hash, so unless long enough to pose a DoS threat during the hashing process, length is truly none of their business.
1Password has been able to do this for five+ years. Frankly, it doesn't even really need agentic AI, although a talented team could probably make it perform better with agentic AI.
I don't really believe in Apple being that quality team.
I mean every api/app/website has a different way to do this. If there was a standardized api that everyone could conform to to allow this automation I would be all for it. I assume 1p does this by writing custom code/rules for dealing with the most popular sites out there and then erroring out for anything else.
AI could potentially help solve those unpopular site/app/whatever edgecase.
Haven't you heard? Prompt engineering is dead. The cool kids are making Claude prompt itself. They're writing loops, not prompts. It's all about optimal tip-to-tip efficiency now.
“I don’t prompt Claude anymore. I have loops running that prompt Claude and figuring out what to do. My job is to write loops”.—Boris Cherny
heh I merely said prompt engineering because their efforts amounted to writing a prompt and sending it off to a model somebody else created to create some awful images