1Password chrome extension keeps getting locked because an update is available
1Password chrome extension keeps locking out every few minutes due to this!
—
Sometimes there is actually an update available for chrome (I use their canary channel so updates are very frequent), but a few times I've noticed this coming even when Chrome says there aren't any updates.
This makes the extension almost unusable for me since it's used not just for passwords, but also used for autofill. Why should 1Password stop working every time chrome has an update? It doesn't make a lot of sense.
1Password Version: 1Password for Mac 8.5.0
Extension Version: version 2.1.4
OS Version: Mac 11.6.1
Comments
-
Hey @pastelsky ,
This happens because the extension is integrated with your 1Password desktop app. The integration breaks when the browser has a pending update because its code signature is invalidated. If something else alters your browser's files and changes the code signature, this message might show up again.
If you'd like to keep working with the extension even when there's a pending update or with an invalid code signature of the browser, right-click the extension's icon -> Settings -> Turn off the "Integrate with 1Password app" option there.
0 -
That's correct.
Turning off integration will separate the extension from the desktop app so it will run in standalone mode, meaning you will have to unlock it separately from the desktop app, and unlocking with Touch ID/Windows Hello will not be possible.I'll forward this to the team and see if there's anything else we can do to make things easier though :chuffed:
0 -
Turning off the integration unfortunately makes the integration worse, and I need to type in my master password more frequently then ever. This basically makes 1Password unusable on my primary browser — Chrome Canary.
That's a little unfortunate considering other password managers I've tried — NordPass and Lastpass seem to not have this problem. I wish there was a fix for this.0 -
You're right, this is not ideal. However for 1Password to maintain a secure connection to your desktop app, it needs to be able to validate the code signature of the browser. Without this, integration will not work. I'll be happy to pass along your feedback to our development team, hopefully we can improve things here in the future!
0 -
However for 1Password to maintain a secure connection to your desktop app, it needs to be able to validate the code signature of the browser
That does make sense, however, it's something that I would expect to happen when I actually hit update on Chrome. Chrome dev/beta / canary download updates quite frequently in the background — may be several times a week, however, I may only hit update less often.
Currently, 1Pass invalidates the session as soon as a background upgrade is downloaded.
0 -
Currently, 1Pass invalidates the session as soon as a background upgrade is downloaded.
We only invalidate after we attempt a reconnection with the desktop app. But I can see how the two might coincide if the browser updates multiple times in a single day/session. As Yaron suggested, disabling integration might be the best approach for your case in the meantime. We'll continue to work with our development team to see if we can find ways to improve the experience here. Apologies for the disruption.
0 -
Given how often Chrome is being updated, this headache is causing me to seriously considering going back to using LastPass.
0 -
Same - this is a really annoying behaviour even with a standard Chrome installation - Updates are too frequent. I'm considering switching to another app too.
0 -
Is there no way to have 1Password be aware of the code signature of both the old and new versions of the browser? This security feature makes using 1Password + Chrome + Touch ID really frustrating given how often Chrome updates. Turning off the desktop integration is not a solution because then I lose the Touch ID support. Hope you can come up with a user-friendly solution for this one that doesn't sacrifice security!
0 -
I'd like to add my name to this issue. I often keep several dozen tabs open, so I can't update Chrome every time a new version is available. It's a major pain to restart the browser. Having 1Password require the master password every few minutes is just as big of a pain. I'm also considering looking for a new solution if this can't be resolved. From the comments above, it seems there are other options that don't have this issue. I have the annual family plan and I don't want to change services, but this problem is going to force the issue.
0 -
Not ready to post in detail about this yet but just want to say I'm very interested in this discussion: how the 1Password Application PC/macOS, 1Password Chrome Extension, and Chrome/'Google Update' interact with each other and present challenges to efficient-use/workflow.
0 -
I'd like to add my voice to this as well -- there has to be a better way to handle this, while still maintaining security.
0 -
I also find this behavior very frustrating, but having looked into it I don't think there's much 1Password can do here without compromising security. Presuming it's even possible, end-running MacOS' code signature checks would be hacky and prone to vulnerabilities.
It seems clear that Chrome's method of overwriting the static (disk) copy of the code violates the expectations of MacOS' SecCode framework, so it really is on Google to conform to the platform on which Chrome is running. (FWIW it seems like writing a new Chrome to disk and only moving it into place when it's about to be run would do the trick, but it begs credulity to imagine the Chrome devs haven't thought of that; so there must be some non-obvious problem with it.)
It would be nice to have some confidence that Agile Bits are actively in touch with Google and actively pushing them to resolve this issue. Google is aware of, tracking, and implementing workarounds to multiple bugs rooted in Chrome overwriting itself on disk while it's still running, but 1Password isn't in the list. There is one public Chrome bug specific to 1Password, but it's 6 years old and hasn't had any activity in it for 3.5 years. Which gives the appearance that Agile Bits are resigned to it as intractable, when it can (and should) be fixed. Squeaky wheel…
1 -
This is really painful. Browser updates happen too often and I have to close all my tabs.
1 -
Same here, about to cancel my subscription. I have a rather long master password. Chrome extension makes me enter my pass ~10 times a day. If I cancel integration with desktop app, it asks constantly.
Any solid plans to address this issue?
1 -
Same, this is super annoying
1 -
This is very annoying and I think part of the ultimate solution here is the same thing that will help on other platforms: Make the browser extension fully capable on its own.
The annoyance of 1Password locking at every turn is something that happens:
- When Chrome is ready to update
- When using a browser that 1Password doesn't know about like Ghost
- When using a platform that doesn't have a native app, like Chromebooks (ChromeOS)
- When using iOS, though fortunately Touch/Face ID reliably unlocks 1Password
In all of these cases, we could lower the annoyance-factor to zero if the 1Password browser extension was fully capable on its own, able to set the same Security preferences as the Mac app.
0 -
Bumping this. If there isn't a way to validate both the pending and old signature, I'd like a way to disable signature validation.
If someone can replace my chrome binary without me noticing or otherwise inject code, for my purposes, they might as well have access to my 1Password (and I'll probably sign in anyway). I understand this being the default but please make it configurable.
1 -
I'm deploying 1P to a small business of about 35 people and this issue is making me rethink the process. My personal 1P account has an easy to remember password. So when Chrome updates 2-3 times a week, no problem. But for the business account I set up a strong password policy. This is not an issue...unless you have to type it in 2-3 times a week. As it stands, every time Chrome updates I'm forced to dig up the emergency kit for the password and the secret key or I'm only able to use my personal account. The only practical solution seems to be to dumb down the security on the business side to something easy to remember, which sort of defeats the purpose. I can only imagine what our users are going to choose as their main password to get around this issue ("password"). I love 1P which is why I chose it for our business but I'm not willing to deal with this potential headache. We may just be better off with the shared Google Sheet we use now.
1 -
In my company MacBook, I have a similar problem using 1Password.
Since I'm not an admin user by default, Brave browser is always asking for admin to update (https://github.com/brave/brave-browser/issues/11288) to fix this I moved the Brave browser to my user application folder, in this way it auto updates.
But by doing so, 1Password on Brave browser is always saying: "Brave has an update available. Restart Brave to install the update and reconnect with 1Password."
1 -
Hi @pluhin, I'd like you to send over the following so we can take a closer look at what may be going on:
- The extension console log: https://support.1password.com/cs/extension-console-log/
- A diagnostics report: https://support.1password.com/diagnostics/
Attach the logs and diagnostics to an email message addressed to support+forum@1password.com.
With your email please include:
- A link to this thread: https://1password.community/discussion/comment/667544#Comment_667544
- Your forum username: pluhin
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks!
0 -
That's magic! Right now after the email 1password desktop app updated and extension start integrating with desktop app.
0 -
Hey @pluhin,
We have just published a fix for an issue where 1Password couldn't connect to the browser, it sounds like you may have been experiencing this.
I'm sorry for the disruption, let us know if there's anything else we can help with.
0 -
Hi @steph.giles
It works well right now. Thank you!0
