User/Passwords login filled via Safari extension are not accepted

fisherg

Hello,
When entering the user & password via Safari extension on iPhone 5 iOS 8.0.2 (Safari → Share button → 1Password → Master Password → Tap Login item) the user & password combo are not accepted.

However, if I copy paste the user and password combo from 1Password app into safari web page login fields, the password is accepted.

Any ideas why?

Jasper

Hi @fisherg,

When you fill the login using the extension, does it appear to fill the correct data? Is the username correct, and does the password appear to be the correct length?

If you also use 1Password for Mac, you could try saving a new login manually for the site on Mac and see if that helps on iOS (once it syncs over): https://guides.agilebits.com/1password-mac-kb/4/en/topic/saving-a-login-manually

If you're still not able to get it working, could you please let me know the URL of the page so we can investigate further?

fisherg

I think i figured out the issue. Seems some web sites will let you use a password that starts with symbols or numbers, but then have difficulty using those passwords on other login screens.
Any way to prevent 1Password password formula from beginning with numbers of symbols?

Also, if I don't like a password, how can I tell 1password to regenerate another one for a particular login?

Thank you,

Ben

Any way to prevent 1Password password formula from beginning with numbers of symbols?

Not at this point, but we appreciate the suggestion.

Also, if I don't like a password, how can I tell 1password to regenerate another one for a particular login?

You'd simply use the password generator to create a new password and then go through the change password process again.

fisherg

Ok. I actually did find a website that the extension doesn't work well but copy pasting the password does work oddly enough.

http://m.banggood.com

If you scroll all the way to the bottom and tap account it brings you to login screen and using 1password extension the user is right but password seems too long.

Any ideas why?

Ben

Hi @fisherg‌

It seems to fill fine for me. What I did is went to this page on my Mac, filled in some dummy credentials, and used the manual save procedure to save the login:

• https://guides.agilebits.com/1password-mac-kb/4/en/topic/saving-a-login-manually

Then I let this login sync over to my iPhone and used the Safari extension to fill the details onto their login page.

Thanks.

Ben

fisherg

I don't have Mac version.
The iOS Safari extension seems to fill in a password that's double the length.

Megan

Hi @fisherg,

Sometimes sites will have a default number of bullets used to obscure the password that appears either longer or shorter than your actual password. Is the site telling you that your password is incorrect or does it simply look too long?

If you are seeing an error that the password is incorrect, I wonder if this site might have some hidden restrictions on password length. Sometimes, sites will allow you to type as many characters as you want, but only record 10 or 12. For users who log in by typing their password in manually this isn't a problem, because the site just ignores the extra characters, the same way it did when the password was originally created. Copy and paste works the same way. 1Password's filling, however, is different - if your password exceeds the maximum allowed, you will see an error message when using 1Password to fill.

fisherg

I tried using the extension again on this website.
The user field is filled in correctly.
The password field shows the content for a very brief moment before changing to bullets.
It seems that it gets my user name rather than the password.

Ben

Hi @fisherg‌

You can download the demo of the Mac product (or the Windows product) to try saving the login manually there, which may give you better luck than trying to save it through the iOS app.

The desktop apps have the ability to capture the form fields directly from the website, whereas on iOS it is strictly a best guess effort.

https://agilebits.com/downloads

Thanks.

Ben

fisherg

What's the difference between this version and the one that costs $50 in the App store?

I purchased the iOS version, $10 is a reasonable price.
I find $50 price tag for the Mac in its App store a little steep

Megan

Hi @fisherg,

There are a lot of great things about the desktop app, including slick browser integration, a clean interface to organize your items and a helpful 'mini' that's available from the menu bar at any time, whether the main app is open or not.

But, at the end of the day, it is up to us to demonstrate that this product is worth your hard-earned money. I think it might be a good idea for you to take Ben's suggestion of downloading a free 30-day trial. If you don't love the app by the end of the trial, there's no need to buy a license.

Personally, I think it's more than worth it, but I'm of course a bit biased. :)

fisherg

Hi,
Downloaded and installed the Mac application as well as the Safari extension.
When I launch the application on the Mac and click [I've used 1Password before] button it asks which sync option to use, I select iCloud.
Then is says "iCloud is not enabled on this Mac".
If I click the [Enable iCloud] button the settings confirm that iCloud is up and running.

If I click on iCloud → iCloud Drive → [Options ...]
I see there 1Password mini.app and it is checked.

However, if I navigate to iCloud folder: ~/Library/Mobile Documents all I see there are 3 folders: Pages, Scanner by Readdle, Numbers.

Confirmed the 1Password on iPhone is syncing to iCloud and last sync was a few seconds ago ?????

Even tried in Settings on Mac to uncheck iCloud → iCloud Drive, so that it deletes all iCloud drive files, then re-check it then theoretically it should re-write all the iCloud drive files. This didn't help either.

fisherg

Seems for iCloud sync to work on Yosemite, I have to buy the Mac app.
I tried Wifi sync, also no go. On the Mac: Window → Wi-Fi Sync: says "Please unlock 1Password to change sync preferences".

Leave this window open and then Wifi sync on iPhone, tapping "Refresh List" in Wi-fi sync window, does not bring up my Mac ????

MrRooni

Good afternoon @fisherg. Sorry for the trouble you're running into with syncing between 1Password for Mac and iOS. You're correct that, as of OS X Yosemite, we're unable to offer iCloud syncing in the direct download version of 1Password. From your description of the problem it sounds like you may be using version 4.5. Can you open 1Password on your Mac and click on Check for Updates... under the 1Password menu in the menubar? Once you're using 1Password 5, Wi-Fi syncing is located under 1Password 5 > Preferences... > Sync.

Let me know how that works out and if there's anything else I can do to help.

fisherg

It was 1Password 5 for Mac.
However, as the App Store version has been offered at a promotional price of $35, I went ahead and purchased it.
iCloud syncing now works.

The only very weird thing was I changed the Master Password on y iPhone, and even after syncing, the master password on the Mac still stayed the previous one.
I had to change the master password again on the Mac. I thought Master Password was required to decrypt all the info ???????? How can it decrypt same info with different master passwords? I'm a little concerned as to the safety can you explain this please?

Thank you,

Ben

@fisherg‌

@jpgoldberg has an excellent post explaining how/why this works the way it does here:

• https://discussions.agilebits.com/discussion/20236/why-doesnt-a-master-password-change-sync-to-my-mac/p1

Thanks!

fisherg

Hi,
When I try to click on the link you provided, I get "Permission Problem. You don't have permission to do that." message

(see attached screen shot).

Ben

Ah, sorry about that. I see why. It is contained within our old knowledgebase which is no longer public. Some of the terminology here is a bit dated, but the meat should still be relevant. I'll repost the info here:

(per @jpgoldberg)

As stated in the Known Issues for 1Password 4 on Mac

Changing Master Passwords do not sync to other Macs. Once you change it on one Mac, you'll need to change it manually on the other Macs.

The overall explanation of this requires an understanding of how 1Password works behind the scenes. We try to design 1Password so that people do not need to know those sorts of subtleties to use 1Password safely and effectively. But every now and then, including this Master Password change synchronization issue, can only be understood with a deeper, behind the scenes look.

Furthermore, the explanation that follows will also take some shortcuts and present a simplified version of things. So some of the things stated here still don't reflect the full inner workings, but describe approximations with only the details necessary to explain the Master Password synching issue.

There will be two aspects of the inner workings of 1Password that I will need to introduce.

1. The relationship between your Master Password and the keys used to encrypt your data.

2. The distinction between 1Passwords "local" data format and the ones used for synchronization.

Master Passwords and master keys

Your data is encrypted with a randomly chosen encryption key, a large number that is created when you first set up your 1Password data for the first time. Let's call this your "master key". Your master key is what gets encrypted with your 1Password Master Password. When you change your Master Password, you are changing how the master key is encrypted. You are not actually changing the master key.

If you are synching using the Agile Keychain format, then a Master Password change only changes the contents of the encryptionKeys.js file within your 1Password.agilekeychain. If you are synching using the 1Password 4 Cloud Keychain Format, then the change is to the profile.js file within the opvault data. (This isn't the full story; and you should never be playing with those files manually anyway.)

There are good reasons for designing things this way. You will find that other high security systems, such as PGP, SSH, SSL certificates, and disk encryption systems all work the same way. A random key is generated when people first set things up, and then their passphrase is used to encrypt that key.

Local and Sync formats.

1Password 4 does not use the Agile Keychain nor the 1Password 4 Cloud Keychain formats directly for its regular operations; instead it uses a local data format that is optimized for quick searches and so on. On iOS and the Mac that local format is actually an SQLite database. Again, the data within that is encrypted.

1Password 4 does "import" and "export" changes to and from this local format to the 1Password.agilekeychain (or .opvault). So it uses these sync formats indirectly. The local and sync formats will use different parameters for encrypting the master key that are best suited for their different environments. So the encrypted key can't just be moved from one to the other.

When you change your Master Password

When you change your Master Password, it will make the change in your local format, and also in the sync format you are using. It can do this only when your data is unlocked because it needs to re-encrypt your master key with the new Master Password. Roughly speaking, "being unlocked" means that 1Password has your decrypted master in its memory.

The sync format (e.g., 1Password.agilekeychain) will then have its master key encrypted with the new Master Password. That will spread to other systems that you sync with depending on your synchronization channel (e.g., Dropbox). What 1Password cannot do is actually "import" the Master Password change from the sync format into the local format.

So what we are seeing on the Mac when you change your Master Password on some other system is that the local format is keeping the master key encrypted with the old Master Password. 1Password is still able to read and write changes to the sync format because it is able to decrypt the master key (from the local format), even though it isn't able to decrypt the master key in the sync format.

Why do Master Password changes make it to iOS?

1Password on iOS is able to use some data security features of iOS along with the fact that we interact with the sync formats through a restrictive API instead of the sync formats living anywhere on the filesystem to pull a trick not securely available to us on the Mac. In trying to explain this, I realized that the background to explain that trick gets into even more complicated stuff about key management with data synchronization.

For example, in my discussion above, I pretended that the master key is the same for all data formats. That pretense makes it easier to explain data synchronization. To explain how we get these Master Password changes through to iOS requires delving into the very fine details of key management for synchronization, among other things.

So for now, let me just say that it happens by magic, and it isn't clear whether we can yet use the same magic securely on a desktop.

More details

For those who would like to learn even more about what goes on beneath the bonnet, the key derivation section of the 1Password data format specification explains, in gory detail, the relationship between your Master Password and the actual encryption keys. The distinction between the local format and the synchronization formats is discussed more fully in the "key concepts" section of the data format migration document.

fisherg

This is great for helping understanding the security of this system.

Thank you,

Ben

You are most welcome. Thanks!