Jump to content
HQJaTu

Cannot copy password while editing in 6.20

Recommended Posts

New 6.20 dropped password copying while editing. I observed same change in macOS and Windows 10 store versions. Maybe this affects also iOS and Android versions.

A typical workflow for changing an existing password is:

  1. Copy old password using Copy-button, old password is usually required during change
  2. Edit the entry
  3. Generate new password
  4. Click Show to reveal the newly generated password
  5. Copy the provisional new password from edit field
    • Sometimes generated password isn't valid and manual editing is required. Reasons for this could be too long password containing invalid characters, etc.
    • At this point old password is not yet lost. It is possible to cancel the change.
  6. On successful password change, Save the updated entry

IMHO returning the previous functionality enabling editing and copying the password is absolutely necessary.

Share this post


Link to post
Share on other sites

Hi HQJaTu,

is it possible that you mean version 6.2.0? In this version I have the same problem. I opened the ticket ECS-1966. But the second level support is absolutely incapable! Instead of working on the problem, it closes the ticket for the 2nd time without answering or commenting. I find the behavior absolutely impossible.

Regards

Klaus

Share this post


Link to post
Share on other sites

I am using 6.2.0 on Windows Desktop, iPhone, and iPad, and the option to copy and test the new password is still there! See screenshot. Its in the upper right in the "Generate" window.

enpass1.JPG.6cf6c68e93cade2bbb7e15d2cdc8d3cd.JPG

Share this post


Link to post
Share on other sites
On 10/21/2019 at 9:09 AM, Red0210 said:

I am using 6.2.0 on Windows Desktop, iPhone, and iPad, and the option to copy and test the new password is still there! See screenshot. Its in the upper right in the "Generate" window.

Sure. It is there.

Now start editing your entry. While editing, go to password and copy first three characters of it.

You cannot. Not anymore. Any password copying must be done using the copy-option you showed in your screenshot. This will effectively destroy the previous password in your database. What if the newly generated password won't be accepted and you need to re-paste the old password to retry the password change. You cannot. You just destroyed the old password information.

Share this post


Link to post
Share on other sites

I am not sure if I understand you right...

This is valid for Enpass 6.2 on Win 10 and Win 7.

The password in your database is only "destroyed" if you use the "Fill" button in the Generate Password dialog and write the new password into the database. Don't do that if you're not sure the new password is accepted. As long as you do not "Fill", you can press escape or X, close the Generate Password dialog, and get the old unchanged password entry back into the clipboard.

enpass2.JPG.00688572dddc9df6da982d0a90b1ffb8.JPG

 

Your old password cannot be destroyed unless you klick deliberately "Save" in the Edit dialog. Unless you have found a bug.

Even if you wrote a new password into the database accidentally, did you discover the Password History function Enpass has? In read mode (not edit mode), make a right click on the line with the password, choose History, and you can see all past passwords, even with a copy function.

 

Share this post


Link to post
Share on other sites
1 hour ago, Red0210 said:

I am not sure if I understand you right...

Yes. I get that a lot.

Did you:

  1. Edit a entry having a password
  2. While editing, copied first three characters of a password

I'm 100% sure you did not. If you would have done that, you would understand what I mean.

And I have to disagree. A password will be "destroyed" by overwriting it. This would happen when you either are forced to or decide to change the password. During the process of changing, you WILL need both the old and the new password at the same time.

Old version made password change process easy and smooth. This 6.20 does not.

Share this post


Link to post
Share on other sites
11 minutes ago, Red0210 said:

Sorry I have to drop out here. I am using Enpass different than you.

Ok.

If you wouldn't have left this conversation, I'd be curious about the exact steps you take to change a password. Given the circumstances, I guess I just assume you never change passwords and never need to copy passwords in edit-mode.

Share this post


Link to post
Share on other sites

Ok, as you ask, I'll stay.

First, of course I do change passwords. And I am using long cryptic passwords generated by Enpass.

I think I am getting now what your point is. Actually I also cannot copy the password while in edit-mode! So far I agree now with you. But I never came across this issue.

My personal flow of action is as follows:

- I log on to the website where the password (pw) should be changed. If I am not using the fill in function, I use the copy button on the right side in Enpass read-mode for username, fill it in on the website, go back to Enpass, copy password in read-mode, fill it in on the website, log on.
- then navigate to the password change area on the website
- there are 3 fields normally: old pw, new pw, repeat new pw
- provide old pw, either it is still in the clipboard because time has not run out (I have increased the time a bit), or I go back to Enpass, copy password in read-mode, fill it in on the website
- I go to Enpass, only now I go into edit-mode, and klick the "Generate" button
- I copy new pw via the copy button from Enpass as in my screenshot above and place the new pw in the field on the website
- when I put the cursor in the "repeat new PW" field, the website normally tells me already if there is something wrong with the new pw
- if new pw is not accepted, I go to Enpass and press the "Again" button (circular arrow) in the still open Enpass Generate dialog. I repeat this as long until a pw comes up that is without the faulty character. Then I copy to the website and the new pw is accepted.
- only if the change is done successfully on the website, I klick on "Fill" and "Save" in Enpass. Only now the old pw is overwritten.
- end of action.

I only came across websites where you need the old pw only once in the pw change dialog, and you could enter different sets of new pw, without entering the old pw again, because the website would tell you that the new pw is not accepted, without asking for the old pw again.
IF the website wants the old pw again, ok then there is some work:
- if you have not saved yet, exit the Generate dialog with Esc, exit the edit-mode with Esc, use the copy button in read-mode to copy the old pw again
- if you have saved, go to read-mode, right click on pw, check pw history for old pw and copy from there

---> I am going into edit-mode later than you. This is the difference. Maybe you give it a try.

And I was asked for the old pw always only once when changing the pw.

Share this post


Link to post
Share on other sites
8 hours ago, Red0210 said:

Ok, as you ask, I'll stay.

Thank you.

8 hours ago, Red0210 said:

First, of course I do change passwords. And I am using long cryptic passwords generated by Enpass.

Naturally.

I think that's the reason we love Enpass, it enables me to ignore the actual password. All I need to know is how to access the password and know that it is long and complex. Personally, I tend to go for waaaaaaaay too long passwords, 60+ characters if possible.

8 hours ago, Red0210 said:

I think I am getting now what your point is. Actually I also cannot copy the password while in edit-mode! So far I agree now with you. But I never came across this issue.

Nice!

8 hours ago, Red0210 said:

My personal flow of action is as follows:

- when I put the cursor in the "repeat new PW" field, the website normally tells me already if there is something wrong with the new pw
- if new pw is not accepted, I go to Enpass and press the "Again" button (circular arrow) in the still open Enpass Generate dialog. I repeat this as long until a pw comes up that is without the faulty character. Then I copy to the website and the new pw is accepted.
- only if the change is done successfully on the website, I klick on "Fill" and "Save" in Enpass. Only now the old pw is overwritten.
- end of action.

What you're describing there is a sunny-day-scenario. Your rainy-day isn't very realistic for me, as my passwords tend to be very long. I cannot keep clicking regenerate and wish for a lottery win. To get the job done, I need to edit.

Typical failures in password change include:

  • Length: Some sites announce the max. length of a password, some don't. Some of those who doen't announce the max. length secretly enforce it. The "best" sites enforce the lenght limit by not telling you until next login attempt.
  • Complexity: Some or none of the special characters are not allowed.
  • Prohibited paste: There are web developers who don't care about your security. They insist you on typing the same password for all sites.

How I approach the above problems:

  • Length: Since I never left edit mode, I can backspace some characters out of the generated password and go again.
  • Complexity: I can remove some characters from the generated password, or go to generate dialog and uncheck special characters.
  • Prohibited paste: Go for something sort with not-too-many special characters.

For an Enpass UX-designer/developer I'd love to hear what they have to say about password change process. Now we have two users voicing their approach. I'd love to see/hear how Enpass will help us users in that.

 

Share this post


Link to post
Share on other sites

Ok, I understand now :)

51 minutes ago, HQJaTu said:

I think that's the reason we love Enpass, it enables me to ignore the actual password. All I need to know is how to access the password and know that it is long and complex.

Absolutely! Same with me! :D

 

52 minutes ago, HQJaTu said:

Personally, I tend to go for waaaaaaaay too long passwords, 60+ characters if possible

Wow... I did not expect that. And you already see your issue yourself... "too long". Don't you think that's a bit over-ambitious? ;) (Just kidding, that's all your decision!)

 

1 hour ago, HQJaTu said:

Typical failures in password change include:

  • Length: Some sites announce the max. length of a password, some don't. Some of those who doen't announce the max. length secretly enforce it. The "best" sites enforce the lenght limit by not telling you until next login attempt.
  • Complexity: Some or none of the special characters are not allowed.
  • Prohibited paste: There are web developers who don't care about your security. They insist you on typing the same password for all sites.

Well said and fully agreed. Especially the last point drives me nuts if I encounter it (fortunately only rarely). Every news magazine and computer magazine writes about the importance of Password Management tools and how they work, how can a developer dare to ignore that?

 

1 hour ago, HQJaTu said:

For an Enpass UX-designer/developer I'd love to hear what they have to say about password change process. Now we have two users voicing their approach.

I see your point in your process flow. The only thing that makes me do "hmmm..."  is (and you may totally disagree to that!), is your over-ambitious pw length. Sure, 60 characters are extremely secure, but what is the difference between e.g. 68 billion years or 70,000 years to crack it? The only thing, in my view, is, that you make your life hard.
But ok, even with 20 characters you still have your copy problem.

Furthermore, I am afraid that a publicly available software like Enpass will always be produced with the 80:20 rule, or maybe 90:10 rule, meaning 90% of the use cases will be covered, and 10 % not - due to economical reasons. 

What I want to say is: I understand you, but I am not sure you will be helped. But keep up the good mood! B| 

Share this post


Link to post
Share on other sites

No change in 6.3.

Lots of confusion for the new Enpass-account, but no real change to allow copying of passwords while in edit mode.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...