1Password saying "Your master password is required to reauthorize Touch ID" too often

jpotisch
jpotisch
Community Member

I'm running 1Password 6.8.6 (686004) on macOS 10.13.3 on a 2017 15" MacBook Pro with Touch Bar.

Twice today after waking my computer from sleep I see that 1Password has locked, which I expect, but shows "Your master password is required to reauthorize Touch ID", which I did not expect. I believe this is the case most mornings as well. I checked the Security tab under Preferences and "Require Master Password every" is set to 1 week, so I don't know why Touch ID authentication seems to be getting disabled in some cases after literally 15 minutes.

Perhaps relevant: before posting this comment I used the Cmd + \ shortcut in Firefox to login to the support forum. A Touch ID dialog appeared! I provided my fingerprint and the form filled out and the 1Password window that was still insisting I needed to provide my master password unlocked!


1Password Version: 6.8.6 (686004)
Extension Version: 4.6.12.90
OS Version: macOS 10.13.13
Sync Type: Dropbox
Referrer: forum-search:"Your master password is required to reauthorize Touch ID"

«1

Comments

  • Hi @jpotisch ,

    I'm sorry for the inconvenience this is causing. To help diagnose the issue, can you try something. Next time this happens, quit and restart the main 1Password app. Let me know if it then allows TouchID to unlock or not.

    Thanks,
    Kevin

  • jpotisch
    jpotisch
    Community Member

    @ag_kevin thanks for your reply. I think I did that and it did not resolve the issue but I will post the definitive answer next time it happens.

  • jpotisch
    jpotisch
    Community Member

    @ag_kevin Okay, so I just woke my computer up after an overnight sleep and the main 1Password app said "Enter master password" and gave no option for Touch ID. I quit and restarted the app and Touch ID was an option again, so I guess the problem is with the visible app and not 1Password Mini. Let me know if you need any additional info to help you find the issue.

  • Thanks @jpotisch. We have plans which should hopefully fix this as a side benefit. :)

    Ben

  • pjollain
    pjollain
    Community Member
    edited March 2018

    I am also having this issue since several months... I already posted about it in September 2017 (https://discussions.agilebits.com/discussion/82217/1password-is-requesting-master-password-instead-of-using-touch-id). And I don't have it only from time to time, I have it at least 10 times a day.
    As I have a quite long master password, I quit the app and relaunch it, and I am then able to use Touch Id to unlock 1password.

    With each new release, I hope that the issue will be solved, but no. Honestly, I don't understand why an issue that is so easy to reproduce has not yet been solved. If you need me to provide you with logs, debug information, or whatever, just ask, but do something!

  • AGAlumB
    AGAlumB
    1Password Alumni

    @pjollain: It's not easy to reproduce. I'm sorry that you're still having trouble with this, and also if Ben's earlier response gave you the impression that the work we're doing which should help with this is easy or will happen overnight in a minor update. It won't. We're working on it, but it's a fairly major change that will require a lot of development and testing before it's ready for public consumption. But if and when it is, we'd love to have you test it yourself to see if it helps in your case, since it sounds like it is, unfortunately, easy to reproduce on your system. Thanks for your patience.

  • jpotisch
    jpotisch
    Community Member

    @brenty I've had the new version installed since it came out last week and figured I'd post an update. I had hoped this would fix the bug (not due to any impression Ben gave me, just because I hoped it would be fixed) but alas it still happens extremely frequently.

    In case this helps, when my computer wakes it sometimes does allow me to click the fingerprint icon to use Touch ID, other times says my master password is required, and other times it informs me that Touch ID is not available when my laptop lid is closed, which it is not. Touch ID being available definitely happens much less often than the other options. When it's either of the latter cases, closing and reopening 1Password always fixes it, so while this is a frequent annoyance, I can work around it with a few keystrokes.

  • jpotisch
    jpotisch
    Community Member

    Here's some more info. I just had my laptop closed for a few hours. When I opened it up and unlocked it via Touch ID the 1Password window told me I could not use Touch ID because the lid was closed (which again, of course, it was not). I did not touch the 1Password window and I selected Sleep from the Apple menu. After ~15 seconds I woke it up and unlocked it via Touch ID. This time the 1Password window said my master password was required to reauthorize Touch ID. I ignored 1Password again and did Apple > Sleep > wait 15 seconds > unlock the computer with Touch ID and this time the 1Password window showed Touch ID unlock as an option. Did sleep/wake again and it said my master password was required to reauthorize. On a hunch I tried sleep/wake again but this time waking almost immediately so it would not ask me to login again (I have Security & Privacy set to require a password 5 seconds after sleep or screen saver begins. This time the 1Password window allowed Touch ID!

    I tried several times and while I have not been able to predict which 1Password lock screen I will get (Touch ID works, 1Password thinks the lid is closed, or 1Password says master password is required to reauthorize Touch ID) when it has slept or had the screen closed for more than 5 seconds, 1Password works properly 100% of the time when sleeping or closing the lid for under 5 seconds.

    I understand that it's difficult to fix a bug that is not reproducible for anyone at Agile Bits, even if it's easily reproducible for at least me and the other poster above, but hopefully these symptoms that seem to point strongly to the sleep/wake state changes can help you find the culprit.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @jpotisch: Wow. Thank you! That's an interesting find. I think that can help us narrow down the cause, if not reproduce it, given the specificity. If you don't mind, I'd like you to generate a diagnostic report immediately after both a failure and 5 second sleep-wake where it works, if you can, so we can look at the logs to determine exactly what is happening:

    https://support.1password.com/diagnostics/

    Please send it to support@agilebits.com and add the following Support ID (including the square brackets) to the subject of your diagnostics email before sending:

    [#PLB-24661-952]

    If you’re reading this and you are not jpotisch, this Support ID is for jpotisch only. Please ask us for your own if you also need help.

    This will link your diagnostics to our current discussion. Let me know once you've sent it. Once we see it we should be able to better assist you. I've also passed on your comments above to the development team, so no need to include any of that unless there's something else you want to add. Thanks in advance!

    ref: PLB-24661-952

  • AGAlumB
    AGAlumB
    1Password Alumni

    @jpotisch: Actually, before you bother with that, I have a quick question for you that might clinch it: When the main 1Password window says the lid is closed (but it's not), are you seeing the same thing if you open 1Password mini (menu bar, or ⌘ ⌥ \)? Thanks!

  • jpotisch
    jpotisch
    Community Member

    @brenty Sorry, didn't read your second message until after I sent the two diagnostics reports - the first one was sent after 1Password showed I needed to reenter master password to reauthorize Touch ID. The second one was after I slept the computer for a second right after that (having not entered my master password) and 1Password correctly reenabled Touch ID.

    Next time I get the message about the lid being closed I'll let you know. That seems to happen the least of the three outcomes but I'm sure it will happen soon enough.

  • Lars
    Lars
    1Password Alumni

    @jpotisch - sounds good; we've received your emails with your diagnostics reports attached, let's keep the conversation going over there instead of discussing details in this public forum. Someone will be with you shortly. :)

  • jpotisch
    jpotisch
    Community Member

    👍

  • Lars
    Lars
    1Password Alumni

    :) :+1:

  • SecureInCali
    SecureInCali
    Community Member

    I'm experiencing the same problem with the same symptoms. Please follow up when you have a fix.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @SecureInCali: Depending on the specific issue you're experiencing (I really can't tell without any details), the issue may vary. Did you read my suggestion above? We've been looking at diagnostics some folks sent and discussing internally, and there seem to be multiple issues we're tracking here with similar symptoms. In one case, some changes we're making under the hood should render it a thing of the past in the coming months. There's a pretty simple test for that: If, when prompted that "Your Master Password is required to reauthorize Touch ID" in the main 1Password window, you open 1Password mini ( ⌘ ⌥ \ ), are you able to unlock with Touch ID there? If so, once we're finished with the work we're doing behind the scenes that should resolve this issue for you. And in the mean time, that can serve as a workaround. Let me know if that's also true in your case.

  • SecureInCali
    SecureInCali
    Community Member

    I haven't seen the lid message in a couple of days. I do see a message saying "Your master password is required to reauthorize Touch ID". I am inside the "Require master password every ..." window. Using CMD-Option-\ has the mini window come and I can use Touch ID there.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @SecureInCali: Thanks for the update! Would you be interested to try the 1Password 7 beta to see if that helps? We're not seeing any reports like this there since it uses a new unified 1Password/mini setup we've built from the ground up.

  • Yoms
    Yoms
    Community Member

    Hi,

    I'm running 1Password version 6.8.9 (689000) Mac App Store on macOS 10.14.2 on a 2018 15" MacBook Pro with Touch Bar.

    I've been following this topic for quite some time now. It's now January 2019 and I still face the exact same issue as no correction has been provided. It's more than frustrating.

    As the OP, I checked the Security tab under Preferences and "Require Master Password every" is set to 1 week.

    Also, in my situation closing the lid or going to sleep mode are not required conditions to trigger the "Your master password is required to reauthorize Touch ID" issue. Waiting enough time while still using the computer is a sufficient condition to trigger the issue.

    For example: I used 1Password just fine, then I'd been coding some JS in VSC for 3 hours or so (so no lid closed, no sleep mode, nada) and when I got back to 1Password, I was asked for the master password. Therefore to me, it has nothing to do with the lid, the sleep mode or any energy-related topic.

    The workaround works, yes, but after 1 year, having to still rely on this workaround is a real PITA, sorry.

    When will there be a fix?

    Thanks,

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2019

    @Yoms: 1Password 6 was discontinued long ago though and there are no plans to resurrect it. Our focus is on the current version. We made the changes we could to help people with issues like this last year, but ultimately there is only so much we can do since Touch ID is handled solely by the OS and hardware; all we do is make a call to an API and receive a response. We don't know and have no way of determining why the Touch ID "secret" might be cleared prematurely on some Macs; it's not something 1Password handles itself. Sorry. :(

  • Yoms
    Yoms
    Community Member

    @brenty

    A few points here:
    1) No, you did not discontinue 1Password 6 long ago: 1Password 7 was introduced in late may 2018, it's barely 7 months.

    2) Who said anything about resurrecting 1Password 6? It's about maintaining a software that many people still use (reminder: I paid for it). If the cumbersome workaround using 1Password Mini did not work, this bug would literally preventing access to the app. You do realise that, right? It's not just a font-size-mismatch issue we're dealing with!

    3) As as developer myself, the provided excuse isn't convincing at all. Actually, it's even wrong. How do you explain that all you do "is make a call to an API and receive a response" works with 1Password Mini and not the main 1Password app whereas using the same API? If this issue was on Apple's side only, the bug would be observed on both 1Password Mini and the main 1Password app.

    But sure, an old 1Password 4/5/6 client's complaint is obviously not going to change anything.

    What has been discontinued long ago is caring about customer satisfaction.

  • No, you did not discontinue 1Password 6 long ago: 1Password 7 was introduced in late may 2018, it's barely 7 months.

    I suppose "long" is subjective.

    It's about maintaining a software that many people still use (reminder: I paid for it).

    We updated 1Password 6 for about 2.5 years. Additionally the last time we had a paid upgrade on Mac was the v3 -> v4 upgrade, meaning v7 is the first upgrade we've charged for since 2013. We're not going to update v6 further; I'm sorry.

    this bug would literally preventing access to the app

    I must be missing something. I don't see how that is true? The issue being discussed is people needing to enter their Master Password more frequently than expected... not that entering the Master Password doesn't unlock the app as expected.

    Ben

  • Yoms
    Yoms
    Community Member

    I love those answers where you pick some stuffs, but actually "forget" to reply to an important comment. What about my 3rd point? Still rejecting the fault on Apple's API only whereas it works ok with 1Password mini?

    I suppose "long" is subjective.

    LOL. Constructive comment.

    We updated 1Password 6 for about 2.5 years.

    And that's normal. Nothing to brag about here. It was the latest version until 1Password 7 was released, so that's just normal behaviour to update it and correct bugs. And usually, the customer-friendly practice is to maintain the previous release and correct issues.

    I must be missing something.

    No you're not. You know that I'm talking about access via Touch ID and not that entering the Master Password doesn't unlock the app as expected. BTW, it's because there's Touch ID that many of us went for a Master Password of 20+ chars.

    Additionally the last time we had a paid upgrade on Mac was the v3 -> v4 upgrade, meaning v7 is the first upgrade we've charged for since 2013.

    It's good that you come up with that thing. Because as far as I remember, we received a bunch of e-mails from the 1Password creator in the past stating how a perpetual license will always give us access to the latest version, how subscription plan was actually not a good idea, how users only shall be responsible for holding their password and not trust a tier, how 1Password will therefore not go into that direction, etc. And that's exactly why I did not upgrade, because in the end, you lied.

  • we received a bunch of e-mails from the 1Password creator in the past stating how a perpetual license will always give us access to the latest version

    I'd be interested to see such an email. I've been here for 10 years, and as long as I can remember our licensing policy has been per-version:

    https://web.archive.org/web/20111008093410/agilebits.com/home/licenses (snapshot from 2011)

    because in the end, you lied.

    I understand you're frustrated with the situation, and I can empathize with feeling that way, but that is a pretty serious claim without having shown any evidence. We have said licenses are perpetual in that they never expire (which is still true), but not that they will always grant access to the latest offering. As far as I'm aware we have never sold a license that grants access to all future upgrades. That's one of the benefits of membership.

    I love those answers where you pick some stuffs, but actually "forget" to reply to an important comment. What about my 3rd point? Still rejecting the fault on Apple's API only whereas it works ok with 1Password mini?

    I didn't see the point in arguing as the fact of the matter remains: 1Password 6 has been retired and we do not have plans to update it further.

    If you'd like help moving forward we'd be happy to help. I'd strongly encourage you to reach out to our sales team at sales@1password.com and include a link to this thread. It would also be helpful if you could please include receipts for any past 1Password purchases. When you email in you'll get an automated reply from BitBot that will include a support ID. Please post that ID here so that we can follow up. Considering the issues you are having with it and the fact that it is retired, it doesn't seem sticking with 1Password 6 is going to provide a good outcome. Rather than arguing, which seems quite unproductive, I'd like to see if we can reach a solution that is agreeable to both parties.

    Ben

  • danco
    danco
    Volunteer Moderator

    I'ld like to add that life changes, what was recommended at one time may not be recommended several years later.

    When I first got 1PW, I chose it partly because my passwords were only held locally, so not liable to attack in the way web-based password managers might be. But at that time I only had a Mac, and did not need to sync with other devices.

    Later on I got an iPad and then a smartphone (I've had both Android models and an iPhone). Now I needed to sync, and that was not easy to do except using some cloud-based approach (Dropbox). With multiple devices, getting rid of manual sync and relying on 1password.com felt like the best answer.

  • That's a good point @danco. Situations evolve. In the past we did talk about how we weren't fans of the hosted password manager approach, but that was before standards like Web Crypto existed, at least in the forms they do now. Some of the technology critical to 1Password.com's success only became widely available within the last few years.

    Ben

  • Yoms
    Yoms
    Community Member

    Yeah I wish I had kept those emails along with his comments about hiking or camping (I can't remember exactly what personal leisures he used to mention when he sent those emails). But honestly, I don't keep these e-mails. Why would I? Should I have anticipated the fact that I would have needed to reproduce them later as "evidence"?

    And you know what bothers me most is when I see an answer that says it's Apple's API fault when you can actually make it work in 1Password mini. This is inappropriate.

    Installed 1Password 7 to see. For those interested in perpetual license, there's not even a discount for upgraders. LOL !!!

    @danco

    Now I needed to sync, and that was not easy to do except using some cloud-based approach (Dropbox).

    Well to me, it was damn easy and always worked flawlessly.

    It's ok if you trust a tier to hold your passwords. But talking about "web crypto", well... what is THE ONE important rule crypto/blockchain/bitcoin? Keep your own private keys! So no, sorry have to disagree again and go on with the previous

  • Yoms
    Yoms
    Community Member
    edited January 2019

    And I also add something else: when the issue was open, 1Password 6 was still the latest version. So it's even less acceptable as a behaviour towards your customers not to handle this issue in the backlog.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2019

    @Yoms: You can disagree all you want, but when you're in disagreement with the facts that's a pretty intractable problem. No one here -- Dave or otherwise -- has ever said that "a perpetual license will always give [you] access to the latest version". We've never sold anything called "perpetual", "lifetime", etc., and while a license never expires, it's valid only for the specific version purchased. Even if you didn't keep the newsletters (I may be able to produce the one you're thinking of if you give me the date), I'm guessing you kept your license email. That should show what you purchased. If there's some discrepancy there, send the details to support@1password.com and post the Support ID you receive here so we can get you sorted.

    And you know what bothers me most is when I see an answer that says it's Apple's API fault when you can actually make it work in 1Password mini. This is inappropriate.

    That isn't what I said. For the record:

    Touch ID is handled solely by the OS and hardware; all we do is make a call to an API and receive a response. We don't know and have no way of determining why the Touch ID "secret" might be cleared prematurely on some Macs; it's not something 1Password handles itself.

    All of that is true. The words you're attributing of a number of people are not. That's inappropriate, and, frankly, not acceptable behaviour, here in the forum, or, really, human civilization. Please keep that in mind before posting further:

    Forum guidelines*

    *(which you agreed to when joining)

    It's ok if you trust a tier to hold your passwords. But talking about "web crypto", well... what is THE ONE important rule crypto/blockchain/bitcoin? Keep your own private keys! So no, sorry have to disagree again and go on with the previous

    I'm not sure what you're even talking about here. 1Password has nothing to with "blockchain" or "bitcoin", and each 1Password user is the only one with the "keys" to their data: everything is encrypted locally on the device, only encrypted data is transmitted, and the "keys" needed to decrypt it -- the Master Password which the user has chosen and the randomly generated Secret Key -- are never sent to us. You can learn about how 1Password works in the security white paper.

  • Yoms
    Yoms
    Community Member
    edited January 2019

    @brenty
    I stand by what I said: rephrase it the way you want, but when you write "it's not something 1Password handles itself.", you clearly say the bug is not your fault. But you do make it work with 1Password mini. And also you do make it work apparently with 1Password 7. How can you possibly imagine that you couldn't correct the issue on your side when you managed to do it in Mini and 7?

    Trying to make me believe this is actually trying to take me as a fool. Is that appropriate? Is that OK with your forum guidelines?

    And also, yes you didn't get my latest point about security, but it's not important, it's out of the scope of the topic.

This discussion has been closed.