1Password for Linux 2FA FAQ

ag_Christianag_Christian

Team Member
edited September 2020 in Linux Beta

Keychain issues

In order for us to store your two-factor authentication token, we need to access the system keychain. On Gnome, this is Gnome Keyring and on KDE, this is KWallet. Since different Linux distributions vary in their desktop environments, there may be cases where 1Password can’t access this system keychain. For example, if you have your account to login with biometrics, Gnome Keyring will not automatically unlock your system keychain.

If 1Password tries to interact with the system keychain and finds that it is locked, a system prompt will appear, asking you to unlock the keychain. If you dismiss the prompt, 1Password will only be able to hold onto the 2FA token until the app locks.

If your keychain service isn’t running or has problems, 1Password will fallback to a prompt for 2FA. If you find this happening to you, double check that you have a keychain service installed, and the keychain service is running.

If you have multiple accounts with the same password, 1Password will try to unlock both of them. If both of these accounts have 2FA enabled, and if the keychain isn’t currently available or unlocked, then TOTP prompts for both accounts will appear side by side. Our designs do not yet show which account each prompt is for, so the application can get stuck with a 2FA prompt that cannot be closed. To avoid this, please make sure the system keychain is already unlocked, or unlock it when first prompted to do so after unlocking your account(s).

If you run into any issues around 2FA, please leave a comment on this post so we can help out, or contact support.

Snap Issues / Extra setup:

In order for 1Password to store an accounts 2FA token when installed via Snap, an extra permission must be enabled first. This permission allows 1Password for Linux to access the desktop environment’s keychain (Gnome Keyring and KWallet, for example). A reboot may be required after enabling the permission. To do this, please follow the steps below:

Step 1. Open the Snap store and search for 1Password

Step 2. Click on the Permissions button

Step 3. Enable the “Read, add, change, or remove saved passwords” permission. 1Password only interacts with the 2FA tokens that we store in the keychain.

Comments

  • Hi there,
    I am trying out 1Password beta on openSUSE Tumbleweed with KDE (5.20.5), and I cannot get 2FA to work properly - it seems that 1Password is not registering with KWallet, as it does not appear in the list of authorized/connected applications.

    Using the Snap version, even with the password-manager-service permission enabled, 1Password keeps asking for 2FA codes after each restart.

    Using the AppImage version, 1Password rejects all 2FA codes and login is not possible.

    I'm happy to provide additional information if needed. Thanks in advance :-)

  • Dayton_agDayton_ag

    Team Member

    Hey there @starfox, welcome to the 1Password Community! :smile:

    Thanks so much for writing in with this error - we're able to reproduce it on our end and are digging into it now. We'll make sure to update the thread with our findings. :+1:

  • Thanks for the reply @Dayton_ag !
    I have been encountering the same issue with another snap (standard-notes) and it seems to be a common one for KDE/KWallet users. I have started a thread on the snapcraft forum, feel free to comment and relay your findings over there as well :-)

  • Dayton_agDayton_ag

    Team Member

    @starfox Not a problem! Thanks so much for the additional information, it's very helpful. :smile:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file