In order for us to store your two-factor authentication token, we need to access the system keychain. On Gnome, this is Gnome Keyring and on KDE, this is KWallet. Since different Linux distributions vary in their desktop environments, there may be cases where 1Password can’t access this system keychain. For example, if you have your account to login with biometrics, Gnome Keyring will not automatically unlock your system keychain.
If 1Password tries to interact with the system keychain and finds that it is locked, a system prompt will appear, asking you to unlock the keychain. If you dismiss the prompt, 1Password will only be able to hold onto the 2FA token until the app locks.
If your keychain service isn’t running or has problems, 1Password will fallback to a prompt for 2FA. If you find this happening to you, double check that you have a keychain service installed, and the keychain service is running.
If you have multiple accounts with the same password, 1Password will try to unlock both of them. If both of these accounts have 2FA enabled, and if the keychain isn’t currently available or unlocked, then TOTP prompts for both accounts will appear side by side. Our designs do not yet show which account each prompt is for, so the application can get stuck with a 2FA prompt that cannot be closed. To avoid this, please make sure the system keychain is already unlocked, or unlock it when first prompted to do so after unlocking your account(s).
If you run into any issues around 2FA, please leave a comment on this post so we can help out, or contact support.
In order for 1Password to store an accounts 2FA token when installed via Snap, an extra permission must be enabled first. This permission allows 1Password for Linux to access the desktop environment’s keychain (Gnome Keyring and KWallet, for example). A reboot may be required after enabling the permission. To do this, please follow the steps below:
Step 1. Open the Snap store and search for 1Password
Step 2. Click on the Permissions button
Step 3. Enable the “Read, add, change, or remove saved passwords” permission. 1Password only interacts with the 2FA tokens that we store in the keychain.