Android app stuck in a sign-in loop, tried everything I could think of, please help!

I have a 1Password family account for my wife and me. We each have a laptop and an android phone (Galaxy S9+). 1password works great on both laptops and on my phone, but on my wife’s phone (same model, same networks as mine) there are a few very strange issues that have left it unusable.

This is what she had to do, in order to open her 1Password app on her phone:
1.Open the 1password app and get prompted for her fingerprint, enter the fingerprint (At this point the app on MY phone opens every time, but on hers the list goes on...)
2.The app prompts for her master password ONLY. Enter the master password.
3. The app now prompts for the OTP so she has to navigate out of the app to open AUTHY and copy the OTP numbers.
4.Go back to the app and enter the fingerprint again, enter the master password again, enter the OTP.
5. If the OTP is already invalid it is rejected and we have to do steps 2, 3 & 4 again. If it's valid, after accepting the OTP the app asks for the OTP again.
6. Only after entering the OTP twice, she could access her vaults.

Note that this login process is ridiculous for each and every use, and is not normal. And I noticed that the app seemed not to be updating passwords, so beyond the tremendous inconvenience, it was not functioning properly so this is what I did:

This is how I already tried to solve this (and made things worse):
1. Since my phone works perfectly I placed them both side by side and went into all the settings and confirmed that they were all the same. They were, both in all phone network settings and on the app.
2. Resetting her phone did not work. Uninstalling & reinstalling the app did not work. Go into settings, then apps, then 1password, delete all data & cache, then uninstall app, then restart phone, the reinstall app did not work.
3. After re-installation, while trying to login, the app tells me it found one saved (family) account, so I try to log in there, it prompts me for her master password and after entering it I get a prompt saying : Error Unable to communicate with the server. Check your network connection and make sure sign in address is correct. (Note that network connection on this phone is fine, and I tried this both on WiFi and 4G)
4. Completed a restore of her account from mine (TWICE). This did nothing but change her secret key for a new one. I also changed her master password. Still nothing.
5. Since using the saved account returned a “network” issue, I tried to add her account on the android app back from scratch by using the “add other account” option using the QR code (even thou I’m actually adding back the same account). This has me scanning the QR code to auto fill the account data, asks me for the master password and the OTP and then… it immediately goes back to the login part of the app, so** I’m stuck in a loop and can’t login.**
6. I made sure there are no VPNs on the phone (I have a VPN mounted on the home router that I flashed with DD-WRT, but that’s invisible to the app and the phone and of course my phone is using this same tunnel with no issues). I even disabled Samsung's bloatware “free” VPN that intercepts the first 250MB/month.
7. I made sure that everything else was working, that networking was fine, that there were no antivirus apps nor anything else on the phone that could somehow mess with the app’s connectivity. Also everything else connects fine and all third party tests reveal no network issues (I’m running on 73Mbps download and 11Mbps upload)
8. I tried logging in on her phone using my account, same result.

I very much appreciate any help and suggestions as to what I can try next. Thank you!


1Password Version: 7.1.5
Extension Version: 1.15.3
OS Version: Android 9
Sync Type: Not Provided
Referrer: forum-search:android sign in network

Comments

  • brentybrenty

    Team Member

    @Tortuguita: Thanks for sharing those details! For what it's worth, we see these kinds of connection issues more with 1Password because we've got very strict controls in place for security, most applicable being TLS settings to prevent downgrade attacks. Anything preventing a direct, secure, end-to-end connection between client and server will result in the connection being rejected.

    That said, I'm not certain there isn't something else going on here.

    On your wife's phone, #5 and #6 in particular jump out at me that something is really wrong. 1Password only does authentication on account sign in. If you've already signed into the account on the device, there are only three reasons you should have to again:

    • Device was deauthorized and/or account was deleted on the server side
    • Account credentials were changed
    • App data was reset / app was reinstalled

    Put more simply, you shouldn't be asked to authenticate at all in normal use after setting up the app with your account. If you or she are not making changes to the account or resetting 1Password's data on the device, that shouldn't happen.

    I'm curious if you have the same model phone as her, and if there's an difference in how you set them up. But the other thing that sticks out to me is that we've had reports of strange behaviour specifically with Samsung devices (or other devices migrated from a Samsung device), where settings/data seem to be getting carried over when perhaps they shouldn't, resulting in some features breaking. But it could also be something else we haven't seen before.

    I'd like you to restart the device, reproduce the same issue, and then generate a diagnostic report so we can look at the logs to see if we can determine what is happening:

    https://support.1password.com/diagnostics/

    Please send it to [email protected] and add the following Support ID (including the square brackets) to the subject of your diagnostics email before sending:

    [#KCN-29881-982]

    If you’re reading this and you are not Tortuguita, this Support ID is for Tortuguita only. Please ask us for your own if you also need help.

    This will link it to our current conversation. Once we see it we should be able to get a better idea of what's going on. Thanks in advance!

    ref: KCN-29881-982

  • Thanks for the prompt response! I'll do what you instructed, later this afternoon, and will send the logs trough email, using the case number provided.

    Regards.

  • edited July 8

    Do you have any reason to believe that her phone might be compromised? Should I start changing credentials everywhere (starting of course with 1 password)?

    BTW I did check the list of login locations on both her account and mine and didn't notice any unauthorized logins.

  • brentybrenty

    Team Member

    Thanks for the prompt response! I'll do what you instructed, later this afternoon, and will send the logs trough email, using the case number provided.

    @Tortuguita: Sounds good. We'll be here. :)

    Do you have any reason to believe that her phone might be compromised? Should I start changing credentials everywhere (starting of course with 1 password)?

    I really don't have enough information to say one way or the other. You'd be in a better position to determine that, knowing where it originated, what's been done to it, and what you experience using it.

    BTW I did check the list of login locations on both her account and mine and didn't notice any unauthorized logins.

    That was a good move. You also get email notifications for new device sign ins.

    If you have reason to believe the device is compromised, I would stop using it for anything sensitive. And if you have reason to believe that someone else has some or all of the account credentials, it would be prudent to change them:

    https://start.1password.com/profile

    There is no harm in doing so. Just be sure that you save a new Emergency Kit in case you ever need it.

  • Well, I finally got around to it, and noticed that, per the instructions provided in the link, the first step to providing you with Android logs, is to log in.

    Since my problem is that I can't login (read, "Android app stuck in a sign-in loop"), I can't provide you with logs :(

    What would you suggest I could try next?

  • brentybrenty

    Team Member

    Since I see that you've already been in contact with Mica via email, I'll close this and we'll continue the conversation there to avoid confusion and duplication of effort.

This discussion has been closed.