New guy with login question

1Al

Got it, thanks. And wow, 50 characters! And you've never had (or heard from someone who has) a glitchy problem with a lengthy password as I previously mentioned, even when your password meets a given site's requirements?

In the meantime, another question has arisen, because of course one has, ha! I set up 1Password as an authenticator on a gmail account. All the steps went fine, but when I logged out, then went to log back in, I wasn't asked for a code. Same thing on my Android. I saw online directions to remove trusted devices, under Two step verification, but there is no sign of an option regarding trusted devices. Incidentally, since I'm trying to learn everything I can, for now, I want to have this option off, so I can test the login process. Thanks. At least I am making modest progress, thanks to your advice.

ag_tommy

Nope, no issues, though occasionally, there are sites that even have their description wrong. I had one site last night incidentally saying they allowed 32 characters. It took some trial and error, but the only one they accepted was 28. Haha.

As to Google you may need to investigate that with them. This is what I found (below). You would not be removing trusted devices from 1Password. https://support.google.com/accounts/answer/2544838

Yes, you're making great progress, and your questions have the added benefit of helping others, so you're doing just fine. Keep em coming.

1Al

This is most annoying...I cannot find the option to remove trusted devices from my Gmail anywhere. I can find the 2-step verification section, but the step of "Under "Devices you trust," select Revoke all." is not there. I guess I'll have to join a Google forum.

1Al

Okay, so here's a curious thing regarding my "Trusted devices" issue...I have a 2nd Gmail account set up with 1Password, and when I launch it, the Gmail login page has the option to trust my device. And by leaving that box unchecked, after my user name and password are entered, I'm asked for 1Password's authenticator code (which works). However, Trust/Revoke options are not present on the account options. So for my 1st Gmail account, I must have clicked the trust box at some point. And apparently, once trusted, said trust cannot be revoked. Still waiting for an answer on the Google forum...

1Al

New question. I've been changing some passwords on some site in my vault. There were points were I was making screenshots to keep track of my changes. When I went to check one of the screenshots, it was one saying that I was creating an NBC Profile using a "private overlay.appleid". However, I don't have an account with NBC, nor was I working in their website. I did not take a screenshot of the information which appeared in the screenshot. I know this doesn't make sense, so I'm wondering what it all means? This is probably a question for Apple, but I hoping someone here knows something about this. Did I somehow discover a security breach? I believe when this happened, I was trying to add 1Password as an authenticator to site which monitors my security, and in order to do that, was prompted by my computer to enter my computer's password so as to authorized the change. Thanks.

1Al

I'll add to my post above, that while doing the work I mentioned about, I found that the Safari browser had opened. I never use that browser, so somehow it was launched. I think it is the default browser for something I was doing, maybe when I entered my computer's password?

ag_tommy

It sounds like maybe Apple private relay. I don't recall any other mentions like this. Off-hand it could be something related to the NBC family of companies. It might help to have you talk to our saving and filling team. They might be able to offer some insight. If you like you can email us using support+forum@1password.com. Be sure to use the email address tied to the account in question. I just can't guarantee anything substantive at this point.

1Al

Thanks, agt! I'll check in with the saving and filling team. I spoke with Apple, and they didn't have an answer, but they didn't think it was a security issue either. I changed my computer's password, and will be changing my Apple password as well. Then watch my bank account to see if a charge shows up at some point.

1Al

Okay, here's something which just occurred to me...while it's more convenient to use 1Password as an authenticator, one could make the point that having a code sent to your phone would be more secure, if you're launching 1Password from a different device? The bad guys would need both devices to crack into an account. Thoughts?

A second thing I was wondering about is, if when peppering a password, does it make it safer not to put the "pepper" in the same spot. E.g., if you were adding two extra characters, would putting both at the end be more secure than putting one at the front, and one at the end? Or is there no difference? The more items I add to my vault, the more consistent I'm trying to be when possible. :-)

ag_tommy

Yes, you are correct. It all comes down to your personal needs and desires. I prefer to have mine in 1Password for ease of use. You may prefer the second device method.

I always recommend that you fully allow 1Password to generate the entire password, if at all possible. I will generate one repeatedly if needed. This may be a topic of interest - https://1password.community/discussion/137371/password-salting-peppering-double-blinding-or-whatever

1Al

Thank you, agt. No pun intended, but that salt and pepper discussion is certainly food for thought. I'd forgotten that 1Password doesn't store our information, so as the post indicates, salt and peppering does not add to its security defenses. So the more encrypted characters in the hands of 1Password, the better.

1Al

By the way, I have not been able to crack the nut that is Google not offering the option to revoke trusted devices. It doesn't ask for a 2FA of any kind when one is in place. Also, I have 1Password set as an authenticator, but it just signs me right in with user name and password. Very frustrating.

ag_tommy

@1Al

I just skimmed your postings and I think I see the key. You mentioned an Android device. This is likely why you're unable to remove it. That's because the device is trusted to a higher degree (personal opinion). I'm not sure if that device would show up in the listing. Nowadays, I do not use Google that often. I'm sorry I'm no much help in this regard. Maybe one of our users who is more versed in it will know more.

Tertius3

I'm able to deauthorize any session in my Google account except the current session. No matter if the session is on one of my Android devices or Windows PC, everything else can be deauthorized.

As default, Google asks for a password. However, next to the "Next" button there is a link called "Try another way", and after choosing this I am offered to use Passkey, and 1Password is providing the passkey fine.

1Al

Thank you both for your responses. While my phone is an Android, I also have tried this on a couple of Apple devices (desktop and MacBook Air), and it doesn't matter. Tertius, are you able to share screenshots of what you're talking about? What I'm looking for is the specific location in Gmail where one can revoke a trusted device. According to multiple sources online, these are the steps (the "Devices you trust" is the part which doesn't appear on my accounts):

Open your Google Account. You might need to sign in.
Under "Security," select How you sign in to Google.
Choose 2-Step Verification.
Under "Devices you trust," select Revoke all.

Tertius3

In my Google account management, under Security, there is a category "Your devices" and a link "Manage all devices", where I can unauthorize every session individually. Actually, it's called "sign out". A link to revoke all isn't found anywhere.

This is all kind of off-topic here, since it's about Google, not about 1Password. If you have issues with your Google account, I suggest you consult Google support.

1Al

Thank you, Tertius3. On my laptop, I signed my Android out, then tried to login on the latter again, and was asked for a code. However, when I tried to repeat the process, my phone wasn't asked for a code. And, while I could sign out my laptop from my phone, my laptop wasn't asked for a code when I went to login in again. So I'm not sure what's going on, and how to get this to work consistently. I tried Google support, but never got a response back.

1Al

So, I thought I would get around my Gmail security problem by simply creating a Yahoo account instead. However, after just one attempt to make the account, Yahoo gave me a "Too many attempts. Can't create account at this time" message. This has nothing to do with 1Password, but perhaps someone here has had a similar experience? I've tried different browsers and devices after the first attempt, and on different days. I'm mystified...

ag_tommy

I encountered that same sort of message yesterday while attempting to use my test account. You are not alone. My timer is up in a few hours and I can try again... I hope.

1Al

Good luck!

1Al

Still no luck for me. I don't get it. Yahoo couldn't have stopped issuing email accounts, could they? I'm looking into other companies, ones which are known for having superior security.

ag_tommy

Turns out mine had been deactivated due to inactivity with no way to reactivate it. :( Best of luck.

1Al

Ah, I see, not making a new account in your case. This is so frustrating. First the problem with Gmail not revoking devices, then not being able to make a new Yahoo account. I haven't had a chance to look into other email companies, but it's on my to do list. :-)

1Al

Greetings again! I recently changed my password oto1Password. However, while the new password works on most of my devices, my macbook air will only accept the old one. Any suggestions as to how to fix this will be appreciated.

ag_tommy

@1AI

Welcome back.

Do you see a vault named Primary on the MacBook?

1Al

Thank you for your response. I don't see that vault listed under All vaults, but here's a funny thing: The problem resolved itself all on its on. BUT... I added this site to my vault about a week ago, changing both email and password, and when I launch it from my Macbook air this site doesn't accept the data. But it works from my Andoid and Mac desktop. Very odd!

ag_tommy

@1AI

If the login is working from the mobile device and the desktop theoretically there is no reason I can think of for it not to work on the other device. Assuming of course they are configured correctly. Are you sure that the password is coming from 1Password and not the browser password manager? Because you've had some trouble with Google services in the past I'm inclined to think maybe the browser password manager is getting in the mix. It happens to a lot of folks. I was also not immune to this back when I started using 1Password. We all seem have it happen at one time or another.

It may be that it's saved one way in one location (1Password) and the other device is using the browser password manager. You'd want to ensure you do not see a Primary vault on any device.

If you need to disable the browser password manager it can be done by following these instructions.

Turn off the built-in password manager in your browser

Perhaps the best thing to do is ensure the correct password is in 1Password.

Open the site in question and do not fill the password. Instead copy the username and paste it into the site from 1Password. Copy the password and paste it from 1Password. Are you able to login?

• You can also use drag/drop if copy/paste is not available or you'd rather not use it.

1Al

Thanks for the response. I was not able to sign in after copying and pasting my username and password. However, even though the URL in 1Password was taking me to this site's log-in page, I noticed that it didn't match the sign-in URL that was in 1Password. So I updated the URL in 1Password, and now it works!

ag_tommy

So I updated the URL in 1Password, and now it works!

Sounds good.

when I launch it from my Macbook air this site doesn't accept the data. But it works from my Andoid and Mac desktop. Very odd!

I can't help but feel something is possibly off. If the data is provided by 1Password and all is well and filling correctly you can ignore this message.

1Al

Just found this below, looks like I never sent it. I haven't had a chance to troubleshoot any further on this particular matter, but I do appreciate your input, will refer to it if the problem persists.

Thanks for your response. I'll try some things and let you know. :-)