1Password chrome extension keeps getting locked because an update is available

pastelsky
pastelsky
Community Member
edited November 2021 in 1Password in the Browser

1Password chrome extension keeps locking out every few minutes due to this!


Sometimes there is actually an update available for chrome (I use their canary channel so updates are very frequent), but a few times I've noticed this coming even when Chrome says there aren't any updates.

This makes the extension almost unusable for me since it's used not just for passwords, but also used for autofill. Why should 1Password stop working every time chrome has an update? It doesn't make a lot of sense.


1Password Version: 1Password for Mac 8.5.0
Extension Version: version 2.1.4
OS Version: Mac 11.6.1

«13

Comments

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @pastelsky ,

    This happens because the extension is integrated with your 1Password desktop app. The integration breaks when the browser has a pending update because its code signature is invalidated. If something else alters your browser's files and changes the code signature, this message might show up again.

    If you'd like to keep working with the extension even when there's a pending update or with an invalid code signature of the browser, right-click the extension's icon -> Settings -> Turn off the "Integrate with 1Password app" option there.

  • pastelsky
    pastelsky
    Community Member

    Thanks @ag_yaron . I understand that, but given that evergreen browsers update often, its a little annoying. What are the consequences of —
    Settings -> Turn off the "Integrate with 1Password app"
    I guess this means that I can't use some other features?

  • ag_yaron
    ag_yaron
    1Password Alumni

    That's correct.
    Turning off integration will separate the extension from the desktop app so it will run in standalone mode, meaning you will have to unlock it separately from the desktop app, and unlocking with Touch ID/Windows Hello will not be possible.

    I'll forward this to the team and see if there's anything else we can do to make things easier though :chuffed:

  • pastelsky
    pastelsky
    Community Member

    Turning off the integration unfortunately makes the integration worse, and I need to type in my master password more frequently then ever. This basically makes 1Password unusable on my primary browser — Chrome Canary.
    That's a little unfortunate considering other password managers I've tried — NordPass and Lastpass seem to not have this problem. I wish there was a fix for this.

  • @pastelsky

    You're right, this is not ideal. However for 1Password to maintain a secure connection to your desktop app, it needs to be able to validate the code signature of the browser. Without this, integration will not work. I'll be happy to pass along your feedback to our development team, hopefully we can improve things here in the future!

  • pastelsky
    pastelsky
    Community Member
    edited January 2022

    However for 1Password to maintain a secure connection to your desktop app, it needs to be able to validate the code signature of the browser

    That does make sense, however, it's something that I would expect to happen when I actually hit update on Chrome. Chrome dev/beta / canary download updates quite frequently in the background — may be several times a week, however, I may only hit update less often.

    Currently, 1Pass invalidates the session as soon as a background upgrade is downloaded.

  • @pastelsky

    Currently, 1Pass invalidates the session as soon as a background upgrade is downloaded.

    We only invalidate after we attempt a reconnection with the desktop app. But I can see how the two might coincide if the browser updates multiple times in a single day/session. As Yaron suggested, disabling integration might be the best approach for your case in the meantime. We'll continue to work with our development team to see if we can find ways to improve the experience here. Apologies for the disruption.

  • mciagala
    mciagala
    Community Member

    Given how often Chrome is being updated, this headache is causing me to seriously considering going back to using LastPass.

  • stringout
    stringout
    Community Member

    Same - this is a really annoying behaviour even with a standard Chrome installation - Updates are too frequent. I'm considering switching to another app too.

  • cherrydrpepper
    cherrydrpepper
    Community Member

    Is there no way to have 1Password be aware of the code signature of both the old and new versions of the browser? This security feature makes using 1Password + Chrome + Touch ID really frustrating given how often Chrome updates. Turning off the desktop integration is not a solution because then I lose the Touch ID support. Hope you can come up with a user-friendly solution for this one that doesn't sacrifice security!

  • Mark14
    Mark14
    Community Member

    I'd like to add my name to this issue. I often keep several dozen tabs open, so I can't update Chrome every time a new version is available. It's a major pain to restart the browser. Having 1Password require the master password every few minutes is just as big of a pain. I'm also considering looking for a new solution if this can't be resolved. From the comments above, it seems there are other options that don't have this issue. I have the annual family plan and I don't want to change services, but this problem is going to force the issue.

  • objectwork
    objectwork
    Community Member

    Not ready to post in detail about this yet but just want to say I'm very interested in this discussion: how the 1Password Application PC/macOS, 1Password Chrome Extension, and Chrome/'Google Update' interact with each other and present challenges to efficient-use/workflow.

  • jocke
    jocke
    Community Member

    I'd like to add my voice to this as well -- there has to be a better way to handle this, while still maintaining security.

  • thebrant
    thebrant
    Community Member

    I also find this behavior very frustrating, but having looked into it I don't think there's much 1Password can do here without compromising security. Presuming it's even possible, end-running MacOS' code signature checks would be hacky and prone to vulnerabilities.

    It seems clear that Chrome's method of overwriting the static (disk) copy of the code violates the expectations of MacOS' SecCode framework, so it really is on Google to conform to the platform on which Chrome is running. (FWIW it seems like writing a new Chrome to disk and only moving it into place when it's about to be run would do the trick, but it begs credulity to imagine the Chrome devs haven't thought of that; so there must be some non-obvious problem with it.)

    It would be nice to have some confidence that Agile Bits are actively in touch with Google and actively pushing them to resolve this issue. Google is aware of, tracking, and implementing workarounds to multiple bugs rooted in Chrome overwriting itself on disk while it's still running, but 1Password isn't in the list. There is one public Chrome bug specific to 1Password, but it's 6 years old and hasn't had any activity in it for 3.5 years. Which gives the appearance that Agile Bits are resigned to it as intractable, when it can (and should) be fixed. Squeaky wheel…

  • vjpr
    vjpr
    Community Member

    This is really painful. Browser updates happen too often and I have to close all my tabs.

  • kirbiyik
    kirbiyik
    Community Member

    Same here, about to cancel my subscription. I have a rather long master password. Chrome extension makes me enter my pass ~10 times a day. If I cancel integration with desktop app, it asks constantly.

    Any solid plans to address this issue?

  • griffincox
    griffincox
    Community Member

    Same, this is super annoying

  • Joy_1P
    Joy_1P
    1Password Alumni

    Hey @kirbiyik, are you asked to enter your Account Password even when there are no updates needed in Chrome? If so, then it might be a totally different issue. Let me know more about what's happening and I will do my best to help.

  • Hobyvh
    Hobyvh
    Community Member

    This is very annoying and I think part of the ultimate solution here is the same thing that will help on other platforms: Make the browser extension fully capable on its own.

    The annoyance of 1Password locking at every turn is something that happens:

    • When Chrome is ready to update
    • When using a browser that 1Password doesn't know about like Ghost
    • When using a platform that doesn't have a native app, like Chromebooks (ChromeOS)
    • When using iOS, though fortunately Touch/Face ID reliably unlocks 1Password

    In all of these cases, we could lower the annoyance-factor to zero if the 1Password browser extension was fully capable on its own, able to set the same Security preferences as the Mac app.

  • kirbiyik
    kirbiyik
    Community Member
    edited November 2022

    Hey @Joy_1P, I think it's connected. So in my case, if there is a waiting update it asks password almost every time. Likewise I have a lot of tabs open, only restart my browser once in a few weeks. Is there a workaround to this?

  • Bumping this. If there isn't a way to validate both the pending and old signature, I'd like a way to disable signature validation.

    If someone can replace my chrome binary without me noticing or otherwise inject code, for my purposes, they might as well have access to my 1Password (and I'll probably sign in anyway). I understand this being the default but please make it configurable.

  • Teaspun
    Teaspun
    Community Member

    I'm deploying 1P to a small business of about 35 people and this issue is making me rethink the process. My personal 1P account has an easy to remember password. So when Chrome updates 2-3 times a week, no problem. But for the business account I set up a strong password policy. This is not an issue...unless you have to type it in 2-3 times a week. As it stands, every time Chrome updates I'm forced to dig up the emergency kit for the password and the secret key or I'm only able to use my personal account. The only practical solution seems to be to dumb down the security on the business side to something easy to remember, which sort of defeats the purpose. I can only imagine what our users are going to choose as their main password to get around this issue ("password"). I love 1P which is why I chose it for our business but I'm not willing to deal with this potential headache. We may just be better off with the shared Google Sheet we use now.

  • b3rnardo
    b3rnardo
    Community Member

    In my company MacBook, I have a similar problem using 1Password.

    Since I'm not an admin user by default, Brave browser is always asking for admin to update (https://github.com/brave/brave-browser/issues/11288) to fix this I moved the Brave browser to my user application folder, in this way it auto updates.

    But by doing so, 1Password on Brave browser is always saying: "Brave has an update available. Restart Brave to install the update and reconnect with 1Password."

  • pluhin
    pluhin
    Community Member

    Hey @Joy_1P.
    I don't have any pending updates to chrome, 1password extension or 1password desktop application. And it still saying that Chrome has pending updates and I need to restart it. Every time.

  • Joy_1P
    Joy_1P
    1Password Alumni

    Hi @pluhin, I'd like you to send over the following so we can take a closer look at what may be going on:

    Attach the logs and diagnostics to an email message addressed to support+forum@1password.com.

    With your email please include:

    You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks!

  • pluhin
    pluhin
    Community Member

    Hi @Joy_1P
    The support ID is #KLD-59574-285

  • pluhin
    pluhin
    Community Member

    That's magic! Right now after the email 1password desktop app updated and extension start integrating with desktop app.

  • Hey @pluhin,

    We have just published a fix for an issue where 1Password couldn't connect to the browser, it sounds like you may have been experiencing this.

    I'm sorry for the disruption, let us know if there's anything else we can help with.

  • pluhin
    pluhin
    Community Member

    Hi @steph.giles
    It works well right now. Thank you!

  • Joy_1P
    Joy_1P
    1Password Alumni

    @pluhin Glad to hear that!