1Password on Mastodon

1Password asking for permission each time

2»

Comments

  • sitepodmattsitepodmatt
    Community Member
    edited December 2022

    Unfortunately they are being die hard that their processes are the one-way and only-way, the 1password devs run a persistent tmux session and on the occasions they are prompted they thumb that little button on their macbooks...

    So everyone else is screwed by "new processes always require approval" (I suspect your case vscode is calling git from a new bash shell each time - so the parent process is different)... between this and the v8 iOS faceid fiasco im seriously considering going back to keepass-xc - paid for a year though so quite annoying

  • scottawscottaw
    Community Member
    edited December 2022

    if you have git configured to use an ssh key for signing or you do a push to GitHub or something using ssh, then yes, you'll have to approve it the first time you do a commit or a push in a vscode terminal. it also happens again after some timeout period.

    Personally I don't see the issue. Until recently I had a 2015 iMac and I had to type in the password on these occasions. I did. I did not get mad.

    Now I have an M1 Pro MBP and I can either use my watch to approve or use Touch ID to approve. I do. I do not get mad.

    The timeout period always seems reasonable to me. It doesn't require it each time, and I'm using it for ssh, for git signing, and for GitHub.

    I also haven't had any issues with Face ID on iOS using 1Password 8, but maybe I'm just lucky.

  • sitepodmattsitepodmatt
    Community Member
    edited December 2022

    My terminals are ephemeral and I'm happy with the setup - I'd need a strong reason to change than 1password telling me this is the way - also TouchID and iWatch approval aren't available in Ubuntu (most fingerprint readers dont have drivers). I connect to dozens of endpoints per day and having to retype password possibly 100+ times a day is extremely annoying. The point being the suitability of the ssh agent product is narrowly scoped to a specific workflow and seems heavily biased to mac users - if you have a persistent process (vscode) and some timeout period then sure you might not be bothered but otherwise it can be a major PITA. There is no good reason for "new processes always require approval" not being toggleable. If only Keepass-xc had a cloud version..

  • N33TN33T
    Community Member

    Hi all, the addition of asking per application is great.
    However I noticed that 1Password isn't saving this settings, every time 1P is killed (either by reboot or stopping it completely).
    I am currently running: 1Password for Linux 8.10.0 (81000009)

  • sitepodmattsitepodmatt
    Community Member

    Unfortunately, and rather insanely, it's not "per application" as they suggest, there's a per process check that overrides this - each new process requires approval - they had this warning in an earlier version "this is what we do.... insanely" now that's gone leading to more confusion.. I literally have no idea how they can support this stance unless they are avid tmux users with air fingerprint readers

  • julemandjulemand
    Community Member

    As a paying client and a fan boy, I absolutely say that we need a far easier alternative, even if it means less secure, for people sitting on Ubuntu as their main development machine. Not server. But also not a Mac laptop featuring easy fingerprint unlock.

    Imagine having to type ubuntu password 5 times just to open project in vs code, run docker and run composer install (private packages). It kills me to the point that I might just as well use the good old static file.

    I think less safe option of whitelisting or just unlocking ssh agent for all, or unlocking once with password and then simply asking yes/no to confirm would be better. It really sucks that big time.

    PS. I was on windows, but as amazing WSL 2 is, running developing natively on ubuntu just flies. And finally it unlocks the opportunity to use safer things. But not at this price where I'm actually wasting time typing the password...

    Unfortunately there are no fingerprint drivers for me.

  • sitepodmattsitepodmatt
    Community Member

    Abandoning this joke agent but grr for now still using 1pw. For now reading key out via "op read op://Personal/key2022-wrk/..." and seeding a working ssh-agent that doesn't have this silly workflow.. What a waste of a potentially solid product just because they want to enforce the macbook air myway or the highway

  • Jack.P_1PJack.P_1P

    Team Member

    Hi @sitepodmatt / @julemand:

    Thanks for your feedback on this. While I can't promise anything, we're exploring additional options.

    @N33T:

    Would you mind sharing which channel of 1Password you're using (production, beta, nightly)?

    Jack

  • N33TN33T
    Community Member
    edited January 19

    Hey @Jack.P_1P, I am on the beta channel.

    I share the same sentiment as @julemand and @sitepodmatt, without a fingerprint scanner like Macs have it's quite the hassle to have to enter the password so often.

  • Jack.P_1PJack.P_1P

    Team Member

    Hi @N33T:

    I've just double checked, and today's beta release contains a fix for the setting not persisting after 1Password is quit. After updating, let me know if you're still running into trouble.

    Jack

  • N33TN33T
    Community Member

    Hey @Jack.P_1P, I just updated to 1Password for Linux 8.10.0 (81000012) and the setting does persist now.
    Thanks!

    This at least saves some time entering passwords when working in tmux.

  • Jack.P_1PJack.P_1P

    Team Member

    Hey @N33T:

    Glad to hear it!

    Jack

  • sitepodmattsitepodmatt
    Community Member
    edited January 20

    Moved to BitWarden. Enough of the "you're holding it wrong"

    I had intended to stay with 1pw tbh, and workaround their strict ssh agent ideologies of prompt prompt prompt, run the usual ssh-agent and populate ssh-agent with "op read" cli however it doesn't maintain a local cache so each lookup takes a second to populate 6 ssh keys each startup is expensive time wise. using bitwarden cli I can populate ssh-agent as it maintains a local cache (does pass through writes and has bw sync - to collect remote writes), working beautifully...

    It's been fun, but ultimately this fingerprint/macbook via tmux obsession of 1pw devs has lead me to a better place, basics like new entry fields are masked by default too, and cheaper too (but we are talking dollars a year still).

    Thanks

  • repolesrepoles
    Community Member

    This prompt requesting my approval to access a SSH key every time I open an application is really, really, reeeeeally annoying!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file