Safari Extension Not Saving Master to Keychain

compilingEntropy

Steps to reproduce:
*Reboot your device
*Log in to a website in safari with the extension (will be prompted for master pass)
*Log out
*Log back in to website with extension (will be prompted again for master pass)

Expected result:
Will not be prompted for password upon logging in the second time

I don't know if this is a bug or a feature request, but I hope it's possible.

Megan

Hi @compilingEntropy ,

Thanks for taking the time to write in, and for providing detailed steps on what you're seeing. I do have a question for you. In 1Password 5 for iOS's security settings - do you have 1Password set to lock on exit?

[Deleted User]

Anytime you log out of anything you are going to be asked for password again.
As far as extensions goes you are asked for your master password for every different website.
In the future I here that could change for extensions.
Now once you enter your master password using extentions and then select your login info you will stay signed into that website depens on the website cookie and when it times out or you log out your self.

ag_kevin

Hi @kunder and @compilingEntropy ,

It should only ask for the master password every time if you select "Lock on Exit" in the Security Settings. Otherwise, it'll start asking again after the Auto-lock value set in the Settings. It shouldn't matter if you go to the same or a different web sites.

compilingEntropy

All--
I should have been more clear with regards to the expected result. Specifically, I have a device with TouchID enabled; on the second login, I would expect to be prompted for my fingerprint rather than having to type in the master password again (my settings are such that I only type it in once after reboot.)

Ben

@compilingEntropy,

Do you see this same behavior with the main 1Password app as well or just the extension?

compilingEntropy

@bwoodruff The main iOS app does function as expected, with my password only being prompted for the first time. After the first time, my fingerprint is sufficient. This is not the case with the browser extension, although if I sign in to the app, the browser extension only prompts for the fingerprint (as expected). Going back to the title: I suspect that the browser extension, while it does check the keychain to check if the master password is cached, does not save the master password in the keychain itself.

AGAlumB

@compilingEntropy: Ah, thanks for clarifying! In fact, the way you expect it to work is the way it should.

Unfortunately we've had reports of some issues with Touch ID not functioning properly. You may be able to simply restart the device or re-set Touch ID to get it working, but there were a few other tips that worked for myself and others. Just follow these steps:

1. Launch Settings on your iPhone or iPad
2. Tap on Touch ID & Passcode
3. Enter your Passcode or Password
4. Toggle Touch ID to OFF
5. Press the Home button to return to the Home screen
6. Shut down and restart your device
7. Enter your Passcode or Password at the Lock screen
8. Launch Settings on your iPhone or iPad
9. Tap on Touch ID & Passcode
10. Enter your Passcode or Password
11. Toggle Touch ID to ON

I hope this helps. Be sure to let us know how it turns out! :)

compilingEntropy

@brenty I tried these steps, and unsurprisingly, they didn't help. Is there a better place to report bugs? I don't think you're quite understanding the issue here yet. My fingerprint works just fine in the app once I've typed my password correctly after reboot. To recap:

Working:

reboot
type master pass in app
use fingerprint in app

Working:

reboot
type master pass in app
use fingerprint in browser extension

Not working:

reboot
type master pass in browser extension
use fingerprint in browser extension

Not working:

reboot
type master pass in browser extension
use fingerprint in app

Instead of being prompted for my fingerprint in the browser extension or app, I am being promoted for my master password every time until I go into the app itself and type the master password there. Even though I have typed the master password already in the browser extension. The browser extension has a bug. It is not saving the master password to keychain like the app does. Can you please report this to one of the developers?

nathanvf

Hi @compilingEntropy,

You are correct, the extension does not behave the same way as the iOS application at this time. We are looking into some technical solutions to have it so you don't have to put in your Master Password each time you use the extension.

ref: OPI-1851

AGAlumB

@compilingEntropy: I'm sorry if I was misunderstanding.

On my iPhone 6 with 1Password 5.3 (and now 5.4):

1. I open the extension in Safari
2. I authenticate using Touch ID
3. I open the extension again
4. I authenticate with Touch ID

I thought you were expecting that you would only be prompted to authenticate the first time, but with the extension it is essentially launching a new instance each time which therefore requires authentication -- because it has no way of knowing it isn't being launched for the first time. But if you have 1Password set to Lock on Exit, the extension will prompt for Touch ID each time it is invoked as well.

So that brings us to the Master Password issue. The closest I could come to reproducing what you seem to be describing is that after iOS is restarted, if you only use the extension you will be prompted for your Master Password every time it is invoked...because 1Password itself requires the Master Password the first time after restart. So until you unlock the 1Password app, the extension will be in the same state, requiring the Master Password. Once you do this though, you should be prompted for Touch ID instead, based on your Security settings (for me, this is after 10 minutes). SO it will look like this:

1. Restart iPhone
2. Open the extension in Safari
3. Authenticate using Master Password
4. Open the extension again
5. Authenticate using Master Password
6. Open 1Password
7. Authenticate using Master Password
8. Open extension in Safari
9. Authenticate with Touch ID

Essentially, the extension is a 'child' of the 'parent' 1Password app, so it isn't able to authenticate fully until 1Password itself has. This is just a byproduct of the fact that extensions are not independent apps themselves, but hopefully it will be possible to have more flexibility in the future (cmon, WWDC!)

I hope this helps clarify things a bit -- for me too! Be sure to let me know if you have any questions. :)

compilingEntropy

@nathanvf
Glad to hear you're looking into it; obviously it's a small thing with a simple workaround, but I wasn't sure if it had been acknowledged yet so thanks.

@brenty
Yeah that's exactly what I was getting at, where only using the extension after reboot necessitates a re-entry of the password each time. I'm sure there are some technical limitations that make it difficult to achieve any type of complex behavior in a browser extension, and certainly caching the master password to the iOS keychain requires certain entitlements that may not be available in that environment. Having never developed a browser extension I wasn't sure of this, however, so I thought I'd drop a bug report / feature request to find out what was going on. Didn't mean for this to be so confusing. :P Thanks for your time.

AGAlumB

@compilingEntropy: Okay, great! I'm glad I got it right this time. Sorry for my earlier misunderstanding! :+1:

And I certainly don't blame you for the confusion. It is a bit confusing after all! It may be technically feasible in the future to improve the way the extension works, but we need to make sure that we don't do so at the expense of security or usability. Thanks for the feedback, and pushing us to make 1Password better. :)