chrome extension stopped working.

I click on the 1Password icon in the upper right corner of the chrome window and nothing happens.
Updated chrome and reloaded 1Password extension several times.
Chrome Version 72.0.3626.96 (Official Build) (64-bit)
Windows 10, version 1803
1Password 4 for Windows


1Password Version: 4.6.2.626
Extension Version: latest upload
OS Version: Windows 10, version 1803
Sync Type: DropBox
Referrer: forum-search:chrome extension not working

«1

Comments

  • I click on the 1Password icon in Chrome and nothing happens.

    I've tried reinstalling the extension several times. I've also rebooted several times.

    Chrome Version 72.0.3626.96 (Official Build) (64-bit)
    Windows 7
    1Password 4 for Windows


    1Password Version: 4
    Extension Version: Not Provided
    OS Version: Windows 7
    Sync Type: Not Provided

  • Greetings @ruchida,

    A change to the code signature for Chrome means 1Password 4 for Windows can no longer verify Chrome using the hardcoded list of signatures built into the application. When we learned of the change 1Password 7, the current version was updated to ensure continued support but 1Password 4 is no longer under active development.

    While not ideal, 1Password 4 for Windows does allow for the code signature check to be disabled via the menu option Help > Advanced > Verify web browser code signature. Unfortunately this means the check is then completely disabled for all browsers.

    Unsurprisingly we do recommend checking out 1Password 7 and considering the update. We still support both licences as well as the newer 1Password accounts, our subscription based service where as well as hosting your encrypted data the subscription includes access to the current 1Password client on all supported platforms. For 1Password 7 our support page What's New 1Password 7 for Windows should be informative and our 1Password website is a good place to start for 1Password accounts if you're curious.

    If you have any questions about 1Password 4, 7 or our 1Password accounts please let us know.

  • Hi @BadPsychic,

    As your separate query was for the same version of 1Password for Windows, version 4, I've merged your query with ruchida's post as my answer to them will be the same for you. If you have any questions please let us know.

  • Okay, you've convinced me to upgrade to 1Password 7. However, while I was waiting for your reply, I downloaded and paid for 1Password X. In reading the 1Password 7 docs, it says 1Password X comes with the the 1Password 7 subscription. How do I apply the $35 1Password X license fee to the 1Password 7 subscription? What's the procedure for upgrading everything? I currently use 1Password on 2 laptops, 1 iPhone, 1 iPad, and I'm buying an AppleWatch.
    Thanks

  • Hi @ruchida,

    1Password X requires a 1Password account which is our subscription based service. The way it works is any copy of 1Password, whether it's 1Password X or one of the native applications (macOS, Windows, iOS or Android), once it's connected to the 1Password account then all the features are enabled. Our support page Get the 1Password apps details steps for the various platforms and is based on the assumption of a 1Password account existing. So it sounds like you've already got your 1Password account set up and all you would need to do is download 1Password 7 for Windows and sign into the new account to use the current native client there.

    If any of that wasn't clear for any reason please let me know.

  • I've had the same issue in the last couple of days. In Chrome, the 1Password extension login window no longer appears.

    A couple of questions:

    1. Will 1Password 4 be updated to address the code signature change for Chrome?
    2. Is there a risk when disabling the "verify web browser code signature" option?

    Thanks.

  • EsbenKHEsbenKH
    edited February 13

    If you want to EOL a product, that's NOT the way to do it: from one day to the next without any warning! You should be more professional than that, given the central role that your product has in the daily workflow of your users.

    How hard can it be to update the extension with the appropriate certificate, and then do a properly planned EOL, with sufficient notifications months in advance?

  • Hello @frosty,

    1Password 4 for Windows is no longer under active development and will not be receiving an update to address the code signature change in Chrome. I can't find when we stopped selling 1Password 4 licences but it was a little while ago now. The last update to 1Password 4 for Windows was September 2017.

    The check is there to ensure that the browser you're using is a legitimate copy of the known browser and that it hasn't been tampered with. If the check is disabled that protection is gone and anything claiming to be a browser with our extension installed could connect to 1Password. The choice of whether to disable the check is with the user but beyond as a temporary measure it isn't one anybody here would recommend. That's why I do recommend looking at 1Password 7 but the choice is with the user.

  • Thanks for the reply @littlebobbytables. I really don't want to move to a subscription product (though as a former software developer, I understand why you folks are pushing for it). I'll have to review what my options are.

    @EsbenKH was there no EOL announcement for 1Password 4? I haven't been following closely.

  • Hi @frosty,

    1Password 7, on both Mac and Windows does still support a standalone vault with a licence for those that don't feel the subscription based offering offers value. It's true that we do emphasise the account option but the option for a licence is still there. I can't say what might happen after 1Password 7 but at least for now I'm happy to say one-off purchase of a licence is still there.

    @EsbenKH,

    I'm not sure what EOL announcement we made or didn't make. Let's assume we didn't make a planned announcement though, is that any different from most software? Now I only have personal experience with a few offerings but from what I've seen when a new version is released that means I can expect no further updates to the previous version. Now maybe my selection of software means I'm seeing something other than the norm but I don't think that's the case. If the issue was updating the extension then we wouldn't be having this conversation as the same extension is used by both 1Password 4 and 1Password 7 for Windows (as well as 1Password 4-7 for Mac). The list of code signatures is hardcoded inside the application and only a published update to the application can see it change. That was true in 1Password 4 fo Mac/Windows and is still true in 1Password 7 for Mac/Windows.

    I'm sure we can all think of at least one example where a subscription service has replaced a licence for just the software with no service and I would expect most people to have the same sort of opinion of that move. While the 1Password account does also include continued access to the current version of 1Password on all supported platforms there is a service in the background as well so I would hope 1Password isn't seen in quite the same context. Nevertheless some people don't want that which is why I am glad we still have a licence option.

  • @littlebobbytables Well, if you're not even sure what your EOL procedure is, that really confirms my point. That's just not professional for a product like this! Your product management team should read up on EOL procedures for business products, if this is how they see this, too. There are tons of examples of how to handle this - it's piece of cake and doesn't cost much to do. Any serious vendor of software does this, from Microsoft down to one-person shops! You're not selling a fart app for Android, you are selling a serious application that businesses use for mission critical purposes! I don't know what you guys are thinking with this attitude, it's so out of line with who I thought you were.

    I don't care about the change of license/subscription, that's fine and fair. I care about knowing that an application that I use for something as critical as this will continue to work until I receive notification from the vendor that it will stop working at a specified date, preferably both as email and in-app notifications. I've stayed on 1Password 4 because I want a local vault (which is a fair requirement I think, given how many breaches happen), and 1Password 6 didn't support that, as I understand it. So, until recently, 1Password 4 was what you had to offer me - I had no other options! It's not my job as a customer to keep close track of when you release a new version that matches my needs, so that I can hurry to upgrade before the version I'm currently using stops working from one day to the next without warning. It's YOUR job - if you take your role seriously - to inform be about that. By doing so, you also make me much more likely to actually do the upgrade, because I feel that you look out for me and address my needs as a customer.

    Even if you don't care about EOL, just from a strictly financial point of view, I'm sure you'll find out that you really shot yourself in the foot with this approach here, and that you alienated a lot of potential upgrade customers, which you could have kept with just a minimum amount of effort (either by having clearly preannounced the EOL well in advance, and/or by having taken the few days of development time to release an update to 1Password 4 - I'm a developer, so I know this is easy to do, not matter if this is an old codebase, there are no execuses here!!). I for one would have upgraded to 1Password 7 without blinking, no matter the price, if you had given me sufficient warning, and had explained clearly that it involved no risk of losing my vault or having sync problems with other devices, despite the vault conversion needed. But now, I will make a product search from scratch before doing that, given how you've handled this! And judging from all the other angry posts here in the forum, I'm not alone.

    Again, I just don't know what you guys are thinking here. I'm utterly surprised, in particular of your attitude after the fact. This serves as a prime example of how NOT to handle a version upgrade, how not to EOL a product. And it's hard for me to continue to trust the most security-sensitive data I own to a team that shows an attitude like that. Let alone consider uploading to a server that you're running. I hope you're more professional when it comes to security than EOL'ing a product!

  • +1 to everything that @EsbenKH said.

  • @littlebobbytables I'm reviewing my options - stick with 1Password or go elsewhere. You said, earlier in this thread, "1Password 7, on both Mac and Windows does still support a standalone vault with a licence for those that don't feel the subscription based offering offers value. It's true that we do emphasise the account option but the option for a licence is still there.".

    On a quick search, I cannot see anything on the website that discusses either a) standalone vault or b) non-subscription licence. Where do I find the info on these please?

  • dtearedteare Agile Founder

    Team Member

    You’re right, @EsbenKH, we could have handled things much better here. There are many reasons for how and why we ended up at this point, but at the end of the day we left you and others in a tough position and forced to react to changes in a short period of time. I’m sorry to have put you in that position.

    One of the challenges we have is we purposely do not collect usage information on our users. Perhaps we take things too far but when we live in a world where the vast majority of companies collect way too much information and often sell it to third parties, we wanted to rail against that. We want you to purchase our product instead of turning you into being the product like so many other companies do. As a result we literally have no idea who is using older versions of 1Password and we like it that way. During times like these this works against us, but for the majority of situations we’re happy not knowing as we cannot misuse or abuse or lose information that we don’t have. As great as this is for your privacy, it does leave us in a bind during times like these.

    I don’t mean any of the above to be misconstrued as an excuse or justification for where we’re at now. There are some things we could have done years ago to allow version 4 to alert you while preserving your privacy. I wish we had been able to do so.

    Again I’m sorry for the rude surprise you had when updating Chrome. In the short term I recommend copy-and-pasting your passwords into sign-in forms. It’s certainly not as convenient but I highly recommend avoiding disabling the code signature verification feature as that opens you up to attacks and greatly weakens your security.

    Take care,

    ++dave;

  • @dteare Thank you very much for your reply, I appreciate it.

    I can see where you're coming from on this. However, I don't see that you made any decisions in the past that would prevent you from having an EOL procedure in place now. You could have set up such a procedure even just a few weeks ago. If you had, you would have:

    1) Made a clear decision on when you no longer want to update 1Password 4.

    2) Kept updating 1Password 4 until that date.

    3) Well in advance of the date, made an update of 1Password 4 that enabled you to notify your users in-app of the date.

    I know it's an old codebase, but that's no excuse. These things would be doable with a small amount of effort, in a matter of days or weeks. If you think that's too much to spend on this, your priorities are wrong.

    I hope this experience makes you set up an EOL procedure now, covering all of your product versions that are still alive and working. If not, I'm 100% sure I'm not going to continue as a customer.

    As for the short term solution, I just can't live with manually copy-pasting, and I also consider that highly unsafe, since there's no verification that I'm on the right URL when doing so.

    If I understand it correctly, if I disable code signature verification, the only vector of attack that I open is that if somebody manages to install a malicious version of Chrome on my machine, then 1Password 4 wouldn't detect it. Is that correct? If so, I can live with that. I'd be in huge trouble no matter what if somebody were able to install code on my machine like that.

    Thanks,

    Esben

  • Hello @EsbenKH,

    The code signature check would cover at least three scenarios.

    1. Installation of a malicious copy of Chrome.
    2. An otherwise good copy being compromised by another piece of software.
    3. Another process that attempts to connect to 1Password by claiming its our extension.

    The attack vector this is designed to help protect against is certainly something running locally to the machine and not anything external. Whilst there isn't anything 1Password can do to safeguard against a completely compromised machine (1Password relies on the operating system to be trustable) we do attempt to add protection where we can to eliminate as many possible opportunities. An example is the shift to native messaging and the everything 1Password and the extension does in the background to pair the extension which came as a result of a proof of concept supplied to us for a local-only attack.

  • @EsbenKH: I agree with you about all of this now that I have more context. If there wasn't a proper EOL announcement, then I don't see what this has to do with data collection or past decisions. Seems like EOL best practices and pure, decent best respect for customers wasn't given enough thought. There seems to be an unruly stampede to the golden paradise of a subscription model.

    @timhall: Good question. I see mention of a standalone version but I don't see proper information about that either.

    In the meantime, I signed up for the trial version of the subscription and... well, it sure hasn't been smooth. The migration guide points out that a data migration option should have popped up in the new app, but it didn't. And now the Chrome extension opens the new, empty 1Password vault, so I'm having to go back to 1Password 4 and copy and paste logins and passwords. I've reached out to support via the website and Reddit but it's been two days and I haven't received a reply. I expected that the additional revenue of the subscription model would mean better support -- like maybe half a day, or a day response times -- but nope.

    So yeah, I have a bad taste in my mouth over this.

  • Greetings @frosty,

    I don't feel I can confidently speak as to why things didn't work for you but there is a way to complete the import process if it didn't successfully occur during the initial setup.

    1. Choose 1Password > Import and select the Agile Keychain or OPVault folder option.
    2. Click Select a folder and point 1Password to the Agile Keychain or OPVault folder.
    3. Enter the vault password.
    4. Select the vault in your 1Password account where you want to import your data and click Import.

    That should see all of your data imported into the 1Password account vault and hopefully things work a lot better. If you run into any further trouble please let me know.

  • @littlebobbytables: that worked, thanks.

    In the meantime, I still haven't heard from support about this. It's been three days. Is that typical of support timeframes on the subscription product? I sure hope not.

  • Hi @frosty,

    We certainly don't want it to be and I'm sorry it took reaching out to us in the forum. I see somebody has independently replied and they're trying to make amends. I can only hope we haven't squandered too much faith in us through all of this.

  • Are there any special upgrade pricing for those forced to upgrade to 1Password 7 from 4 to continue using with the latest versions of Chrome?

  • Hi,
    In a beautiful coincidence of timing, I just read this report (https://www.securityevaluators.com/casestudies/password-manager-hacking/) that was released yesterday, which shows that 1Password 7 has rather worse protection of the data it manages than 1Password 4 does.

    This makes the effective EOL of 1Password 4 even more acute, and the probability of me deciding to upgrade to 7, rather than go elsewhere, even lower.

    Would someone ( @littlebobbytables @dteare ?) please comment on your plans to address these security issues.

  • @littlebobbytables I finally did get a reply. But this experience taints me toward the new subscription version. What am I paying for every month, if not comprehensive, responsive support and development? It's like going on a bad first date and hoping that things get better.

    @littlebobbytables Can someone answer @timhall 's and my question about where details of the standalone version of 1Password 7 can be found?

    @timhall: Interested. I've always wondered about the security of password managers. I mean, if I was a hacker, I'd be focusing on password managers to access a motherload of data. I'll be real curious to hear what AgileBits has to say about that study, especially the decreased security of 1Password 7 vs 1Password 4.

  • Greetings @timhall,

    I couldn't start to do such a complicated discussion justice so I hope you don't mind if I refer you to the ongoing discussion that is taking place in Article just published in Washington Post is saying 1password and others have security flaws. Our security expert jpgoldberg is doing his best to explain the issues there. If you have questions about the report that would be the best place to ask them so that those who may be able to answer see them.

  • @rvs007,

    There is no special upgrade price in place for existing users I'm afraid. I believe a special launch price is still in effect despite the fact that it launched back in May of 2018 but that is irrespective of whether a user has an existing licence and I cannot offer any commitment as to how long that will be in place. I'm surprised it still is but for those purchasing a licence that's a good thing.

  • @frosty,

    Beyond the reference to a licence being an option on our support page Upgrade to 1Password 7 for Windows I don't believe there is anything I can link or quote. The following is a reply I used elsewhere on this topic.

    You won't find the ability to purchase a licence for 1Password 7 for Mac/Windows promoted as we do believe the best option for the majority of our users is the 1Password account offering. The only reference you'll find to a licence is on our Upgrade to 1Password 7 for Windows page which briefly mentions the two options as well as steps for how to migrate your data from 1Password 4 for Windows either into a 1Password account or a standalone vault.

    The ability to purchase a 1Password 7 licence is handled inside of the application itself although 1Password 7 for Windows will eventually send you to a web page (it's handled internally in 1Password for Mac). Whilst the 1Password account does take centre stage the screen will have a link for those that do not wish a 1Password account. Roughly speaking the steps are:

    1. After launching 1Password 7 for the first time select the option titled Sync using folder to create a standalone vault.
    2. In the splash screen that appears after setup click the Need a licence? We have those too. link.
    3. Select the Buy Licence option.

    The normal price is $64.99 USD and that price does not include any country or state specific taxes. I think that covers what you're looking for, please let me know if you have any other questions.

    I haven't referenced the launch special price there because I cannot make any guarantees as to how long it may be in place. I don't imagine anybody would be upset at discovering a discounted price but I could certainly appreciate that somebody would be unhappy if they found a higher price than expected.

  • Just to clarify, that is only applicable for 1Password accounts, they will not work when purchasing a licence.

  • Shame, I liked supporting local businesses. Off to LastPass it is I guess. I am not paying a subscription model, sorry.

  • ag_michaelcag_michaelc

    Team Member

    @DrMcNasty, thanks for reaching out in our forum. 🙂 We'd still love to have you as part of the 1Password family. If subscriptions aren't for you, you can still purchase a standalone license for 1Password 7, as @littlebobbytables described. As of right now, our licenses are still on sale for the sale price of $49.99 USD. I think for the security, design, and experience we offer, what we charge, for a license or a subscription, is a very fair price. The subscription gets you improved security and sync reliability over the license model, not to mention that you get access to 1Password across all your devices and never have to pay for upgrades again. But for those who prefer the standalone model, that is still an option. 👍

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file