To protect your privacy: email us with billing or account questions instead of posting here.

New guy with login question

Options
2»

Comments

  • 1Al
    1Al
    Community Member
    Options

    Got it, thanks. And wow, 50 characters! And you've never had (or heard from someone who has) a glitchy problem with a lengthy password as I previously mentioned, even when your password meets a given site's requirements?

    In the meantime, another question has arisen, because of course one has, ha! I set up 1Password as an authenticator on a gmail account. All the steps went fine, but when I logged out, then went to log back in, I wasn't asked for a code. Same thing on my Android. I saw online directions to remove trusted devices, under Two step verification, but there is no sign of an option regarding trusted devices. Incidentally, since I'm trying to learn everything I can, for now, I want to have this option off, so I can test the login process. Thanks. At least I am making modest progress, thanks to your advice.

  • ag_tommy
    Options

    Nope, no issues, though occasionally, there are sites that even have their description wrong. I had one site last night incidentally saying they allowed 32 characters. It took some trial and error, but the only one they accepted was 28. Haha.

    As to Google you may need to investigate that with them. This is what I found (below). You would not be removing trusted devices from 1Password. https://support.google.com/accounts/answer/2544838

    Yes, you're making great progress, and your questions have the added benefit of helping others, so you're doing just fine. Keep em coming.

  • 1Al
    1Al
    Community Member
    Options

    This is most annoying...I cannot find the option to remove trusted devices from my Gmail anywhere. I can find the 2-step verification section, but the step of "Under "Devices you trust," select Revoke all." is not there. I guess I'll have to join a Google forum.

  • 1Al
    1Al
    Community Member
    Options

    Okay, so here's a curious thing regarding my "Trusted devices" issue...I have a 2nd Gmail account set up with 1Password, and when I launch it, the Gmail login page has the option to trust my device. And by leaving that box unchecked, after my user name and password are entered, I'm asked for 1Password's authenticator code (which works). However, Trust/Revoke options are not present on the account options. So for my 1st Gmail account, I must have clicked the trust box at some point. And apparently, once trusted, said trust cannot be revoked. Still waiting for an answer on the Google forum...

  • 1Al
    1Al
    Community Member
    Options

    New question. I've been changing some passwords on some site in my vault. There were points were I was making screenshots to keep track of my changes. When I went to check one of the screenshots, it was one saying that I was creating an NBC Profile using a "private overlay.appleid". However, I don't have an account with NBC, nor was I working in their website. I did not take a screenshot of the information which appeared in the screenshot. I know this doesn't make sense, so I'm wondering what it all means? This is probably a question for Apple, but I hoping someone here knows something about this. Did I somehow discover a security breach? I believe when this happened, I was trying to add 1Password as an authenticator to site which monitors my security, and in order to do that, was prompted by my computer to enter my computer's password so as to authorized the change. Thanks.

  • 1Al
    1Al
    Community Member
    Options

    I'll add to my post above, that while doing the work I mentioned about, I found that the Safari browser had opened. I never use that browser, so somehow it was launched. I think it is the default browser for something I was doing, maybe when I entered my computer's password?

  • ag_tommy
    edited May 25
    Options

    It sounds like maybe Apple private relay. I don't recall any other mentions like this. Off-hand it could be something related to the NBC family of companies. It might help to have you talk to our saving and filling team. They might be able to offer some insight. If you like you can email us using support+forum@1password.com. Be sure to use the email address tied to the account in question. I just can't guarantee anything substantive at this point.

  • 1Al
    1Al
    Community Member
    Options

    Thanks, agt! I'll check in with the saving and filling team. I spoke with Apple, and they didn't have an answer, but they didn't think it was a security issue either. I changed my computer's password, and will be changing my Apple password as well. Then watch my bank account to see if a charge shows up at some point.

  • 1Al
    1Al
    Community Member
    Options

    Okay, here's something which just occurred to me...while it's more convenient to use 1Password as an authenticator, one could make the point that having a code sent to your phone would be more secure, if you're launching 1Password from a different device? The bad guys would need both devices to crack into an account. Thoughts?

    A second thing I was wondering about is, if when peppering a password, does it make it safer not to put the "pepper" in the same spot. E.g., if you were adding two extra characters, would putting both at the end be more secure than putting one at the front, and one at the end? Or is there no difference? The more items I add to my vault, the more consistent I'm trying to be when possible. :-)

  • ag_tommy
    edited May 30
    Options

    Yes, you are correct. It all comes down to your personal needs and desires. I prefer to have mine in 1Password for ease of use. You may prefer the second device method.

    I always recommend that you fully allow 1Password to generate the entire password, if at all possible. I will generate one repeatedly if needed. This may be a topic of interest - https://1password.community/discussion/137371/password-salting-peppering-double-blinding-or-whatever

  • 1Al
    1Al
    Community Member
    Options

    Thank you, agt. No pun intended, but that salt and pepper discussion is certainly food for thought. I'd forgotten that 1Password doesn't store our information, so as the post indicates, salt and peppering does not add to its security defenses. So the more encrypted characters in the hands of 1Password, the better.

  • 1Al
    1Al
    Community Member
    Options

    By the way, I have not been able to crack the nut that is Google not offering the option to revoke trusted devices. It doesn't ask for a 2FA of any kind when one is in place. Also, I have 1Password set as an authenticator, but it just signs me right in with user name and password. Very frustrating.

  • ag_tommy
    Options

    @1Al

    I just skimmed your postings and I think I see the key. You mentioned an Android device. This is likely why you're unable to remove it. That's because the device is trusted to a higher degree (personal opinion). I'm not sure if that device would show up in the listing. Nowadays, I do not use Google that often. I'm sorry I'm no much help in this regard. Maybe one of our users who is more versed in it will know more.

  • Tertius3
    Tertius3
    Community Member
    Options

    I'm able to deauthorize any session in my Google account except the current session. No matter if the session is on one of my Android devices or Windows PC, everything else can be deauthorized.

    As default, Google asks for a password. However, next to the "Next" button there is a link called "Try another way", and after choosing this I am offered to use Passkey, and 1Password is providing the passkey fine.

  • 1Al
    1Al
    Community Member
    Options

    Thank you both for your responses. While my phone is an Android, I also have tried this on a couple of Apple devices (desktop and MacBook Air), and it doesn't matter. Tertius, are you able to share screenshots of what you're talking about? What I'm looking for is the specific location in Gmail where one can revoke a trusted device. According to multiple sources online, these are the steps (the "Devices you trust" is the part which doesn't appear on my accounts):

    Open your Google Account. You might need to sign in.
    Under "Security," select How you sign in to Google.
    Choose 2-Step Verification.
    Under "Devices you trust," select Revoke all.

  • Tertius3
    Tertius3
    Community Member
    Options

    In my Google account management, under Security, there is a category "Your devices" and a link "Manage all devices", where I can unauthorize every session individually. Actually, it's called "sign out". A link to revoke all isn't found anywhere.

    This is all kind of off-topic here, since it's about Google, not about 1Password. If you have issues with your Google account, I suggest you consult Google support.

  • 1Al
    1Al
    Community Member
    Options

    Thank you, Tertius3. On my laptop, I signed my Android out, then tried to login on the latter again, and was asked for a code. However, when I tried to repeat the process, my phone wasn't asked for a code. And, while I could sign out my laptop from my phone, my laptop wasn't asked for a code when I went to login in again. So I'm not sure what's going on, and how to get this to work consistently. I tried Google support, but never got a response back.

  • 1Al
    1Al
    Community Member
    Options

    So, I thought I would get around my Gmail security problem by simply creating a Yahoo account instead. However, after just one attempt to make the account, Yahoo gave me a "Too many attempts. Can't create account at this time" message. This has nothing to do with 1Password, but perhaps someone here has had a similar experience? I've tried different browsers and devices after the first attempt, and on different days. I'm mystified...

  • ag_tommy
    Options

    I encountered that same sort of message yesterday while attempting to use my test account. You are not alone. My timer is up in a few hours and I can try again... I hope.

  • 1Al
    1Al
    Community Member
    Options

    Good luck!

  • 1Al
    1Al
    Community Member
    Options

    Still no luck for me. I don't get it. Yahoo couldn't have stopped issuing email accounts, could they? I'm looking into other companies, ones which are known for having superior security.

  • ag_tommy
    Options

    Turns out mine had been deactivated due to inactivity with no way to reactivate it. :( Best of luck.

  • 1Al
    1Al
    Community Member
    Options

    Ah, I see, not making a new account in your case. This is so frustrating. First the problem with Gmail not revoking devices, then not being able to make a new Yahoo account. I haven't had a chance to look into other email companies, but it's on my to do list. :-)