1Password for Windows 10 Chrome Browser Extension Not Accepting New Secret Key during Autofill
Hi there, I am new to this awesome product. I changed my Email, Secret Key and Master Password today and have access to 1Password on my Windows 10 desktop program and iPhone6+ app. However, the Chrome browser extension is not filling in the correct and new Secret Key (new email and master password are autofilled correctly) when I try to login to my.1password.com account online. It keeps autofilling the old Secret Key. Then the message I get is: Cannot sign in. The email address and Secret Key are not correct for my.1password.com.
I have checked my iPhone and desktop program that 1Password has saved my new Secret Key and Master Password correctly, but it seems to not be transferring to my Chrome extension. I have tried deleting the extension then reinstalling it, but to issues persists.
To login I need to manually copy and paste the Secret Key in the field and therefore defeats the wonderful function of autofilling. As you imagine typing in the Secret Key each time is not fun.
Please help resolve.
Thanks
1Password Version: 6.6.439
Extension Version: Chrome 4.6.7.90
OS Version: Windows 10
Sync Type: Not Provided
Referrer: forum-search:not filling in new secret key
Comments
-
Greetings @VitaminC,
The extension is actually just a bridge between 1Password and the browser. It has no actual access to your vault but instead performs two very specific roles. The first is to describe the open page to 1Password and the other is to accept a set of instructions on what to fill and where.
What it sounds like is maybe a bug server-side as after you log in with your new details I would have expected the browser to retain those details, not the old ones as it seems to be doing. I'll have to ask but while I do I think the following should help work around Chrome remembering the old and out of date details.
- Manually visit our login page in Chrome and confirm the secret key field is already filled. As you haven't used 1Password this confirms the browser is remembering it.
- Click on the padlock just to the immediate left of the URL.
- In the pop-up you should see a list of site options. Just under Cookies it should say 2 in use and that should be clickable, please click on it.
- This will bring up a new window. Select them both and click the Remove button. Here's an image of what I see on my Mac when I'm here and have selected the two for deletion (just for context)
- Reload our login page.
You should now be asked for all three details again. Can you log in, close Chrome and then visit the login page again. Does Chrome correctly remember the new details now?
-- Edit--
Just to elaborate, when I said server-side what I meant is the code supplied by the server and loaded into your browser that should be saving the details locally in the browser for you.0 -
Thanks for the quick reply. Your above workaround did the trick and now the URL keeps my new Email and Secret Key when I go back to use autofill. If I clear the login form and then try the autofill with Ctrl \, it still populates the old Secret Key.
Hope to hear from you soon on a resolution to the server-side bug so that I can use the Ctrl \ function to complete all three fields.
Thanks again.
UPDATE: I just install both the Windows 10 program and Chrome browser extension on my work laptop and logging into 1Password it also fills in my old Secret Key. Thanks.
0 -
@VitaminC: Ah, it sounds like you've just got your old Secret Key saved in the login item in 1Password...or you've actually saved it in the browser itself and it's autofilling. I don't believe 1Password should be filling the Secret Key at all. Definitely check your 1Password.com login in your vault and make sure it has the correct information saved. If you changed your Secret Key, it won't have the new one unless you update it there. And whether that's it or not, you may want to disable the browser's autofill to avoid having it squirt sensitive information into websites without you telling it to do so. 1Password is nice not only because it can securely store and fill this stuff, but also because it gives you control over when it's filled. Cheers! :)
0 -
Thanks for jumping in on other areas to check. I can confirm my Chrome autofill and settings and manager passwords functions in Chrome are disabled with no information stored there (don't trust it, that's why I use 1Password). I can also confirm my Secret Key in website login of 1Password and the Windows program are the same is my new one.
I have also tried clearing all my browser history from the beginning of time in Chrome and the old Secret Key is still there.
On the website login page I clicked on the "Find your account" button to try something different. An email was sent to me with the first several characters of my Secret Key and it was correct (new one). I have not tested all of my login/passwords, but there are no issues with the 20 or so I have logged in with using the browser extension. It seems for some reason the browser extension only cannot "forget" the old Secret Key. I have minimal understanding of technology in general, but it seems like only the Secret Key is not interfacing with the rest of 1Password to be updated.
Seems strange this is only happening to me despite following exactly both your above suggestions (and doing it again). Any other suggestions I can try?
Really appreciate the continued support here.
0 -
Hey @VitaminC,
Sorry for the trouble, I have a hunch as to what is going on.
Thanks for the quick reply. Your above workaround did the trick and now the URL keeps my new Email and Secret Key when I go back to use autofill. If I clear the login form and then try the autofill with Ctrl \, it still populates the old Secret Key.
Thanks for mentioning this - this confirms that the Login item within your 1Password vault contains the old information. When you use the
Ctrl \
keyboard shortcut, 1Password goes through a process of finding the right Login item with which to fill based on the web address in the active browser tab. Once it finds the right Login item it then proceeds to use it's contents to fill.In your first post you mentioned that you had changed your Email, Secret Key and Master Password. Changing these details would not have updated the Login item that contained your original Email, Secret Key and Master Password. Usually people don't need to change these details which is why this scenario isn't as smooth as the other more common scenarios.
To find the Login item that is filling the 1password.com web page:
- Open the https://my.1password.com web page in your browser.
- Click on the 1Password extension in your browser to open 1Password Mini.
- You should see a single Login item appear called something like "1Password Account (Insert your name here)"
Right-click on this Login item and choose "View in 1Password" (see screenshot below):
Then the main 1Password app should open up and display the Login item details. This should look something like this (see screenshot below):
This is likely the Login item that was automatically created when you originally created your 1Password Account. It is part of what's known as the Starter Kit and will have automatically been created with your original Email, Secret Key and Master Password.
If this contains your old details then please try updating them to your current details by clicking the "Edit" button in the top-right of the screen.
- Once updated, you should be able to use
Ctrl \
to fill your details correctly.
Hopefully this helps, do let me know how you get on with it.
Best regards,
Matthew0 -
Hi Matthew - sorry to report that going into 1Password via the Mini method above correctly shows my new Secret Key in the app.
Not sure if this really does anything, but I tried deleting my Secret Key in the app and replaced it with just 1234. Removed the cookies as instructed from the first responding post and then rebooted the computer. Then went to the login page again and hit Ctrl \ but it auto populated my old Secret Key again.
It was mentioned above the browser extension is just a tool that pulls information from the Windows 10 app, so going with that logic, right or wrong shouldn't it have populated the 1234 as the Secret Key on the login page instead? But it did not and still filled in the old Secret Key. Could the extension some how have a "memory" (unable to update) or be pulling in my old Secret Key from the 1Password archives or something?
It is weird that for my work laptop - which was a brand new laptop where I had a fresh install of both the Windows 10 app and the Chrome browser extension - is still auto filling the old Secret Key. Are you/your colleagues able to test out my scenario (with Windows 10) by generating a new Secret Key and see if you run into the same issue?
By the way, the reason why I changed the Secret Key was because I was just testing out this program before I commit - not familiar with encryption (still don't completely get it), new to password managers, definitely not an early adopter of any new technologies - to see whether a password manager would make sense for me (my previous method was a password protected Excel file with all my logins (don't laugh) and a peer in the Cyber Defense industry recommended 1Password). I was soon comfortable with the program and understand why everyone needs to get this. So I purchased it and decided to start brand new by generating a new Secret key to be extra safe since my Emergency Kit file was just sitting on my Deskop for a couple of weeks while testing.
Note I have since replaced the 1234 with my new/correct Secret Key and it is still auto filling the old one.
Thanks everyone for your customer service. I hope this is not taking up too much of your time. I have always been skeptical of customer service via the web (versus talking live - old school, I guess), but your daily responses shows you really do care about your customers and want to help me out. Any other options to try here?
0 -
Is your item for my.1password.com showing similar to what @matthew_ag showed where there's an emoji next to "secret key". If so, I think I know what is going on. If you edit the item and then click into the web form details, I'm guessing that you'll see your old secret key listed there. Only fields listed in the web form details are used for filling. I think this is something of a regression because we had code in place for a long time to avoid this kind of inconsistency that now seems not to be preventing this confusion. I am going to open a bug about this to hopefully avoid it in the future.
Let me know if that turns out to be the case or if we need to expand the investigation. :)
--
Jamie Phelps
Code Wrangler @ AgileBits
Fort Worth, Texas0 -
I am sorry, I am not exactly understanding the question. When you mean emoji do you mean that key icon next to the Secret Key header?
If so, this is what I see in my.1password:
This is what I see in the app:
But both the web and app have the same new/correct Secret Key.
I did a similar test and edited the Secret Key from the web (my.1password.com) to be 1234, saved it then tried to auto fill again, but it still pasted my old Secret Key. I have since changed it back to my new one.
Unfortunately, it seems like the investigation needs to continue...
Have a great weekend. Look forward to other suggestions. Thanks.
0 -
Hi @VitaminC,
I apologise for not picking up on this earlier. I was assuming your browser was remembering bad information rather than all three fields being cleared every time. Default browser settings mean for the vast majority of people once they've logged in once the browser remembers the email and secret key for them. People like myself that purge routinely browsers cookies and cache are a lot more rare.
When it comes to 1Password there are two kinds of data, the kind it will use to fill and the data that is there for the user. When you just look at a Login item the two fields you can assume 1Password will use to fill are the username and password fields. If other data is visible it falls into what we refer to as custom section and custom fields and these are for storing details you want to keep but they won't get used by 1Password for filling.
Of course you are now quite rightly thinking "well 1Password is filling that field from somewhere, are you sure you know how your program works?". The answer is something that is referred to as web form details. On the Mac and in Windows you should see a show web form details button and you're going to see three fields. Two will contain the same details as the always visible username and password fields. Indeed when you edit these you're actually editing the fields in the web form details section, it's just 1Password has been designed to kind of hide that from you. You're also going to see another field and we're pretty confident that you're going to see your old secret key there. As you can now surmise, this is the field that 1Password is filling with.
So a Login item is designed so that normal editing of a username or password is reflected in the web form details because the two are linked to be one and the same. This special link only exists for these two fields at the moment though. The item that was created for you essentially contains two copies of the secret key and they aren't connected. There was the always visible one so, so that you could see your secret key was stored and easily copy it if needed and then there was the field in the web form details that is used for filling. If you edit one and don't even realise about the other then you end up thinking everything is broken and understandably so.
We're still trying to feel out the best approach here. There are some who think this design is a terrible idea because of exactly what you've faced. There are others that feel it's important that the user can see the secret key stored otherwise they either get worried that it isn't there or don't even know they have a secret key (we have a very diverse range of users). Longer term I think we need a way of having more of the fields that we fill being visible but in a way that doesn't suddenly have 100 fields with rubbish being foisted on the user. This scenario is because the web form details normally represents a fingerprint of what a page looks like and some pages... wow. We've seen login pages with over 500 input fields hidden from the user and nobody suddenly wants that all staring them in the face.
The 1Password accounts should make this more easier to handle in theory. Part of the issue was always backwards compatibility with older versions but for now this isn't a problem with 1Password accounts.
If none of this explains what you're seeing please do let us know. I'm pretty convinced though that if you edit the Login item and then click the show web form details button you will find the old secret key and once edited there things will start to behave better. Please do keep us informed though. Apologies for all of the confusion if it does indeed turn out to be this.
0 -
Yes great. Under the web form details it does have my old Secret Key. So how exactly do I edit that field though? The only option is Copy. If I click Edit that field no longer shows up to edit. Hopefully one more response will resolve this issue. Thanks all.
0 -
Greetings @VitaminC,
In your first post you indicated you were running so can you try the following for me please.
- Select the Login item.
- Enter edit mode.
- Click the show web form details
- Click on the now visible old secret key.
You should find you can edit it this way. When you enter edit mode it does hide the web form details if they were visible prior to entering edit mode. Whether this is the right behaviour or not it is at least consistent between 1Password for Mac and 1Password 6 for Windows.
If you're still finding you can't edit please say but I have version 6.6.439d open as I wrote those steps so I would hope you could too. Please do keep us updated :smile:
0 -
YES SUCCESS!
So turns out I can only edit the Show Web Form Details in the app, but not in the online site.
I have tested it out and now multiple times and it auto fills in the new Secret Key.
Thank you all for your daily support and quick responses. You guys are awesome.
This is a great program - keep up the great work.
0 -
Hi @VitaminC,
I apologise, I didn't make that clear. I've been using 1Password since 1Password 3 for Mac so I just instinctively go for the application rather than log into the web interface. In fact the only times I ever seem to log in are to verify the location of a specific function or menu option when answering queries. I'm sure the web interface is handy but I don't use it much myself. I'm glad you managed to overcome that omission in my posts and get things working properly.
If you run into any other blips at all please do let us know. Fingers crossed though things run smoothly now.
0 -
@VitaminC We're looking into this a little further, and I hope I can get some more information from you. Do you remember how you went about regenerating the secret key for your account? Did you go through account recovery in a Family or Team or did you simply go to the Profile page and click Manage to regenerate the secret key? This should help us understand better where things might have gone wrong for you.
0 -
Sure. I used the regenerate secret key function from the Profile page when I logged into my.1password.com.
0 -
Hm… I tried this myself because the special item that gets created for you with the secret key is supposed to be updated in both spots when you use that feature. It worked for me, but I don't know why it didn't for you. If a reset of the secret key wasn't so disruptive since it has to be re-entered on all your devices, I would be tempted to ask you to try it again and see if the issue reproduces. For now, I think we'll just keep an eye out for more instances of this to see if there's a larger trend.
--
Jamie Phelps
Code Wrangler @ AgileBits
Fort Worth, Texas0