"New 1Password sign-in from Safari" email EVERY time I start Safari

XIII
XIII
Community Member

To protect my privacy I use Cookie to automatically clear cookies when I quit Safari.

However, with 1Password 8 this means I get a "New 1Password sign-in from Safari" email EVERY time I start Safari...

This is SUPER annoying (in particular because I use Pushover to get a push notification for such email...) :cry:

Please fix (it worked fine in 1Password 7).

Comments

  • Gilles9
    Gilles9
    Community Member

    Yes this is the problem with the Cookie app

    at least if we knew which cookie needs to be identify as "favorites", (not to be deleted), so we do not get those emails

    the only way I found is "not to use Cookie app" at all, yes this is annoying

  • XIII
    XIII
    Community Member

    Makes me also wonder about 1Password security…

  • XIII
    XIII
    Community Member
    edited November 2021

    I did not get one today...

    However, I did also not get one when I logged in on the web (<account>.1password.com).

    Did you remove this functionality?

    (nothing in Spam; no DDOS reports from Fastmail today)

  • riffraf
    riffraf
    Community Member

    I too use cookie, but have marked 1password.com as a favorite. I - and others whose vaults I share - nonetheless continue to repeatedly get these irksome "new sign-in" messages. Is there a fix?

    Thanks,
    Rob
    Loyal 1Password user since v1, but getting very annoyed.

  • Hey @riffraf / @gilles / @XIII:

    The extension sign in for Safari is separate from marking 1Password.com as favorites. To be 100% clear, only the account holder should be receiving the email, so if you're signed into other individual's 1Password accounts, that would trigger the sign in email.

    I've done some checking, and by default Cookie shouldn't be removing 1Password for Safari's database, which is what triggers a fresh sign in, however if you've allowed Cookie to delete extension preferences, that would likely be the cause of the trouble. When 1Password for Safari has the database deleted, it will start as a fresh "sign in" the next time, triggering the notification email. Open Cookie, select Safari, and scroll to the Safari row in the sites list, and ensure that it is marked as a favorite. Let me know how you all get on with that.

    Jack

  • nNfEfRtqUHrmDWYdocjh
    nNfEfRtqUHrmDWYdocjh
    Community Member

    This also happens, when using safari in private browsing mode or simply delete all cookies and history. Maybe there could be another option to „verify“ known devices which have also the app installed, e.g iOS or macOS App. Could there be a link to those apps, to „confirm“ that the device the safari extension is running on is already known and signed in to the 1Password app?

  • Hey @nNfEfRtqUHrmDWYdocjh:

    Thanks for following up. The short version that we store which "install" of 1Password in the browser it is, and resetting the browser does wipe out our data we use to keep track. That's an interesting thought of using the shared lock state to prevent from triggering a authorization notification though, so I'll bring it up to the team!

    Jack

  • riffraf
    riffraf
    Community Member

    Hi Jack,

    I've done what you suggested, and this continues to be a problem. Although I have marked Safari as a favorite, the new sign in emails persist. I note that an ever changing bunch of safari-web-extensions keeps appearing. Even if I check them, it doesn't help. More thoughts? This is a problem as I am a member of several other 1Password databases, and every time I use 1Password, all the other people are notified.

    Rob

  • Hi @riffraf:

    As an additional note, do you have Safari set to clear history after a certain period of time? Safari clears more than just "history" (as in the list of previously visited pages) when the clear history option is selected, and 1Password for Safari's data is included in what Safari clears during that process.

    Additionally, as I mentioned above, only the email address on the 1Password account would receive a new sign-in notification. For example, if I sign into a new device with my email address, Secret Key, and account password, other members of my family account wouldn't receive a notification, as they're using an entirely separate email address, Secret Key, and account password.

    Jack

  • hjb00
    hjb00
    Community Member

    I too use cookie. I paused the automatic removal, and watched what happen when restarting the browser. On first launch of Safari, some localstorage is created, with a name of safari-web-extension_-and-some-random-hex-number_. When exiting Safari, this localstorage is not deleted. However, on the next launch of Safari, the localstorage is either renamed or deleted and recreated with a different name. This makes it impossible to mark it in Cookie as a favorite that should not be deleted. See sample image of the entries after 1st and 2nd launch below.
    Please fix this by not changing to a unique name on each launch.

  • Apologies for the delayed reply, @hjb00. I feel like I'm playing "spot the differences" and losing. 😄 Did you by chance post the same screenshot twice?

    Maybe there could be another option to „verify“ known devices which have also the app installed

    @nNfEfRtqUHrmDWYdocjh we've actually been talking about updating things to make this possible. We want to make sure we do it right, and I think we'll get there.

  • hjb00
    hjb00
    Community Member

    Sorry, I apparently managed to send the same screenshot twice. So, here we go again:

  • Sorry for the delay here, @hjb00. I asked our browser experience team to take a look here, and @oliverdunk confirmed what I suspected:

    Safari randomizes extension UUIDs each time the browser is loaded, which I can’t find any documentation for but is intentional behaviour they implemented.

  • XIII
    XIII
    Community Member

    Haven’t had such a mail in quite some time!

    Did you solve this?

  • Hi @XIII

    The issue is still open on our end, but I'm glad to hear it hasn't caused trouble for you in a while. 👍️

    Ben

    ref: dev/core/core#10342

This discussion has been closed.