Critical Bug Report: Passkey Loss During Edit

peterfritz

I encountered a critical bug in 1Password twice, but it was only on the second encounter that I understood the root cause of the issue. Here's a detailed breakdown of the problem:

Steps to Reproduce:

1. Use the browser extension to register a passkey on a website.
2. Click the extension to save the website's provided backup codes in the same item where the passkey is stored.
3. Click the kebab menu (three vertical dots) and select "Edit".
4. (The desktop app opens)
5. Paste the backup codes into the notes field.
6. Click "Save."

Expected Outcome: The backup codes are saved alongside the existing passkey within the same item.

Actual Outcome: The backup codes are saved but the passkey is gone.

Impact: This is a critical issue for user experience and data integrity. Losing a passkey can be a major inconvenience, potentially requiring account recovery procedures to regain access. In some cases, it could even result in permanent account loss if recovery options are unavailable.

This is what I believe leads to data loss:

1. The desktop app, upon receiving the edit request from the extension, retrieves a local copy of the item. This local copy might not be the latest version, and could be missing the passkey information if it hasn't been fully synced yet.
2. You paste the backup codes into the notes section of this outdated local version.
3. When you click "Save," the app updates this item to include the codes, essentially overwriting the more recent version that contained the passkey.

Proposed Solutions:

• Unified Vault: Utilize a single vault for both the browser extension and desktop app. Being linked on the same device, they shouldn't have separate vaults causing syncing issues.

• Real-time Sync: Implement a system that instantly notifies all open vaults when an entry is updated, ensuring immediate synchronization and preventing inconsistencies.

• In-Extension Editing: Allow editing entries directly within the browser extension instead of requiring the desktop app launch.

• Frequent Sync: Automatically sync the vault whenever the app/extension opens, receives focus, the user attempts to edit an entry, or the extension opens the app for editing.

• Conflict Resolution: During edits, prioritize merging new information with existing data. If conflicts arise, notify the user for resolution.

Additionally, I think the version history should be given more importance and updated to be able to handle passkeys better. Here's why improved version history is crucial:

• Limited Functionality: The current version history only shows password field changes on the 1Password desktop app. If something goes wrong, I would like to be able to see the complete item history, including all fields, especially passkeys.
• Improved Version Comparison: I would also like to compare versions to see what changes were made between them, especially when restoring a previous version of an item.

By implementing a more robust version history system, 1Password can empower users to recover from mistakes and accidental data loss more effectively.

---

1Password Version: 1Password for Windows 8.10.28 (81028034)
Extension Version: 2.22.1 (22200104)
OS Version: Windows 11 Home Single Language 23H2
Browser: Chrome

TimG1P

Hi @peterfritz

This does not sound like expected behaviour and I'd like to investigate this further. The team may request additional details such as logs and diagnostics as part of the troubleshooting process so I recommend continuing this discussion via email.

I'd like to ask you to send an email to support+forum@1Password.com with the following details:

• A link to this thread: https://1password.community/discussion/145281/critical-bug-report-passkey-loss-during-edit
• Your forum username: peterfritz

You should receive an automated reply from our BitBot assistant with a Support ID number.  Please post that number here.  Thanks very much!