"New 1Password sign-in from Safari" email EVERY time I start Safari

Yes this is the problem with the Cookie app

at least if we knew which cookie needs to be identify as "favorites", (not to be deleted), so we do not get those emails

the only way I found is "not to use Cookie app" at all, yes this is annoying

Makes me also wonder about 1Password security…

I did not get one today...

However, I did also not get one when I logged in on the web (<account>.1password.com).

Did you remove this functionality?

(nothing in Spam; no DDOS reports from Fastmail today)

I too use cookie, but have marked 1password.com as a favorite. I - and others whose vaults I share - nonetheless continue to repeatedly get these irksome "new sign-in" messages. Is there a fix?

Thanks,
Rob
Loyal 1Password user since v1, but getting very annoyed.

Hey @riffraf / @gilles / XIII:

The extension sign in for Safari is separate from marking 1Password.com as favorites. To be 100% clear, only the account holder should be receiving the email, so if you're signed into other individual's 1Password accounts, that would trigger the sign in email.

I've done some checking, and by default Cookie shouldn't be removing 1Password for Safari's database, which is what triggers a fresh sign in, however if you've allowed Cookie to delete extension preferences, that would likely be the cause of the trouble. When 1Password for Safari has the database deleted, it will start as a fresh "sign in" the next time, triggering the notification email. Open Cookie, select Safari, and scroll to the Safari row in the sites list, and ensure that it is marked as a favorite. Let me know how you all get on with that.

Jack

This also happens, when using safari in private browsing mode or simply delete all cookies and history. Maybe there could be another option to „verify“ known devices which have also the app installed, e.g iOS or macOS App. Could there be a link to those apps, to „confirm“ that the device the safari extension is running on is already known and signed in to the 1Password app?

Hey accordionmelody:

Thanks for following up. The short version that we store which "install" of 1Password in the browser it is, and resetting the browser does wipe out our data we use to keep track. That's an interesting thought of using the shared lock state to prevent from triggering a authorization notification though, so I'll bring it up to the team!

Jack

Hi Jack,

I've done what you suggested, and this continues to be a problem. Although I have marked Safari as a favorite, the new sign in emails persist. I note that an ever changing bunch of safari-web-extensions keeps appearing. Even if I check them, it doesn't help. More thoughts? This is a problem as I am a member of several other 1Password databases, and every time I use 1Password, all the other people are notified.

Rob

Hi @riffraf:

As an additional note, do you have Safari set to clear history after a certain period of time? Safari clears more than just "history" (as in the list of previously visited pages) when the clear history option is selected, and 1Password for Safari's data is included in what Safari clears during that process.

Additionally, as I mentioned above, only the email address on the 1Password account would receive a new sign-in notification. For example, if I sign into a new device with my email address, Secret Key, and account password, other members of my family account wouldn't receive a notification, as they're using an entirely separate email address, Secret Key, and account password.

Jack

I too use cookie. I paused the automatic removal, and watched what happen when restarting the browser. On first launch of Safari, some localstorage is created, with a name of safari-web-extension_-and-some-random-hex-number_. When exiting Safari, this localstorage is not deleted. However, on the next launch of Safari, the localstorage is either renamed or deleted and recreated with a different name. This makes it impossible to mark it in Cookie as a favorite that should not be deleted. See sample image of the entries after 1st and 2nd launch below.
Please fix this by not changing to a unique name on each launch.