Enabling 2FA requires a repeated login on Chrome browser and ChromeOS.

alanhoylealanhoyle
edited July 19 in 1Password X

I have a 1Password Family subscription. I am running 1PasswordX (1.15.6) on the latest Stable Chrome (75.0.3770.142) on a number of computers (macOS 10.14.5) and Ubuntu Linux 19.04, and the Beta channel ChromeOS on a Chromebook. I enabled 2FA yesterday and added a couple security keys as well.

I have two issues:

1PasswordX requires multiple auth attempts to re-enable

As expected, I've had to reauthenticate to all of my previously set-up devices. Setting up 1PasswordX has been slightly problematic.

  1. Go to machine which previously had 1PasswordX set up on it.
  2. Bring up Chrome and try to use 1PasswordX
  3. It pops up a new window with the 1Password online service, but it appears to have lost my email and secret key
  4. Enter email, secret key, and unlock passcode
  5. Pop-up window with "Insert your security key and press the button" instructions.
  6. EXPECTED BEHAVIOR: The pop-up disappears and the home screen appears.
  7. OBSERVED BEHAVIOR: The pop-up disappears and the previous screen stays up with the "spinner" spinning forever.
  8. WORK-AROUND: return to step 2. and reauthenticate. then I get the "EXPECTED BEHAVIOR"

I've tested this, so far, on two Macs, the Linux box, and a Chromebook. The Chromebook and Linux box were especially annoying as I don't have a 1Password native app installed and so had to retype the long secret key twice. I can test this on a windows 10 machine late tonight.

1PasswordX requires a U2F key if one has been enabled for the account, while apps require an app-generated passcode.

This is unlike the behavior I've seen to reauthenticate on apps, where it asks me for a 6-digit passcode, and has no option to use a U2F key. There seems to be no option to use the authenticator app code on 1PX on Chrome if a key has been set up. Note that I did not attempt to enable any additional devices between setting up the passcode app, and adding U2F keys.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • kaitlynkaitlyn

    Team Member
    edited July 19

    Hey @alanhoyle! Thanks for bringing this up. In an attempt to reproduce the first issue, I enabled 2FA on my own account, then followed out the steps you mentioned. What's different about my setup is that I wasn't asked to enter my email and Secret Key, but rather only my Master Password. After that, I was prompted for 2FA as you'd expect. I'm curious if you cleared your browser's cache at any time during those steps. Or perhaps the fact that you added a couple of security keys is what sparked 1Password to ask for all of that information again, but I'm not sure on that. One more thing – if you have a Family account, you'll want to sign in withe specified sign-in address that you would have chosen upon signing up. Do you recall what website URL you were signing in with on step 3? If it's personal to you, there's no need to share it on a public forum, but I'm wondering if it was https://my.1password.com or if it was a different domain.

    As far as the U2F issue goes, I'm not as familiar, so I'm going to see if one of my colleagues has a better answer for you. I'll get back to you as soon as I can!

  • kaitlynkaitlyn

    Team Member

    @alanhoyle – Just a quick update before I head out for the weekend. Most of the 1Password native apps aren't going to support U2F yet, so that's why you're being asked for the 2FA code rather than a U2F key when you re-authenticate in the apps. In the 1Password web app, U2F is supported, so you'll be asked for a U2F key. That being said, if you decline the U2F prompt, you should be asked for a 2FA code instead. I, personally, don't have a Yubikey to test it out (although I did just order one).

  • I did not clear my browser cache. I was logging into our personal 1Password site https://$SITENAME.1password.com/, which is what 1PasswordX redirected me to for reauthentication.

    Just now, on my Chromebook (running the Chrome OS Beta channel: 76.0.3809.68) 1PasswordX was failing to sync. I was able to login to the personal site, but the extension was displaying old cached data from a few days ago. Disabling/re-enabling the extension didn't help, nor did rebooting and reauthenticating so I ended up doing the following:

    1. Turn off Chrome OS Sync All.
    2. Turn off Chrome OS Sync Extensions.
    3. Remove the 1PasswordX extension
    4. Add back the extension
    5. Reauth 1Password X
    6. Observe that data is now updated
    7. Turn on Chrome OS Sync All.
  • I had to follow that "remove and reinstall extension" procedure on a Windows 10 machine and another Ubuntu Linux machine this morning. (actually the same machine, but dual booted.)

  • When I arrived back at my work this morning, 1PasswordX had gotten out of sync with my account again on my two computers there (Mac and Ubuntu), and I had to remove/reinstall the extension to bring things back into sync.

  • I have a similar issue. I use a chromebook, (Browser Version 75.0.3770.129 (Official Build) (64-bit)). When I use shift-control-x, I enter my 1Pass password and can see list of passwords for that site but it then kicks me to a new tab where I have to go through 2FA process (yubikey works, or if I canx I can use authentication code).

    But I can go back to website I'm trying to login to, I can now click login box and autofill login/password

    And I can open a new tab and go to https://SITENAME.1password.com/home myself, and I can get right in.

    So for me, I just have to ignore the tab being opened up for my vault and go back to the site I'm trying to login to.

  • kaitlynkaitlyn

    Team Member

    @alanhoyle – It's normal for you to need to re-authenticate each account once after making a change (enable/disable 2FA, change Master Password, update email, etc.). If that's happening multiple times, then something else is going on and we'll want to take a look. Would you mind sending us an email to [email protected] if you're consistently needing to sign into your account on the same device in order for it to sync up?

  • kaitlynkaitlyn

    Team Member

    @Dig4Fire – Thanks for chiming in here! We had a similar issue a while back, but it's since been resolved. Could you try removing 1Password X and reinstalling it to see if that's enough to reset things for you? You should only be asked to authenticate one time unless you make any changes to your account while signed in – in that case, you should be asked to re-authenticate only once.

  • It's happened twice on a couple of machines. Am I correct in thinking that I should only expect to use the 2FA when I set up a new device or reauthenticating after a change?

  • kaitlynkaitlyn

    Team Member

    @alanhoyle – That's correct! Another time I can think of is if you were to clear your cache/cookies.

  • @kaitlyn - Thanks. I removed and reinstalled the extension and I am no longer seeing the issue.

  • If it happens again, I'll ping the [email protected] address. Thanks @kaitlyn.

  • kaitlynkaitlyn

    Team Member

    @Dig4Fire – That's great news! Keep a close eye on it, and let us know if you run into any more trouble.

  • kaitlynkaitlyn

    Team Member

    Sounds good, @alanhoyle! Don't hesitate to get in touch if it does act up again.

  • So, this morning I tried to bring it up on an incognito window, and it prompted me to login again. I closed the incognito window, made sure I was logged into 1PX outside of incognito, and then opened an incognito window again and it worked without reauthenticating.

  • kaitlynkaitlyn

    Team Member

    @alanhoyle – When you say that it worked without re-authenticating, do you mean that you were able to access your fresh data or did you notice 1Password X was displaying cached data from the last time you authenticated? One way to check this is to attempt to save a brand new Login and ensure it reflects on other devices. Let me know!

  • apologies for missing this. Lately, the 1PX has been stable in retaining login. About once a week or so, it'll pop up a blank window that prompts me to add the secret key, but refreshing seems to bring it back to the expected logged-in state.

  • kaitlynkaitlyn

    Team Member
    edited August 12

    @alanhoyle – No worries about the delay! Even once a week is too often for that to be happening. You should have to re-authenticate your account only once (per browser/device) after you make a change (update Master Password, change Secret Key, enable/disable MFA, etc.). When you are prompted to enter your Secret Key, do you do so or do you quit the additional tab?

  • I just quit the additional tab. So it seems like there's a glitch where it thinks it doesn't have the info momentarily, but it actually does.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file