1Password X logging out when restarting Firefox: intended behavior?

I'm brand-new to 1Password X, so I might have made a simple mistake. I'm on Firefox 62.0 and I'd like to stay logged into 1Password X, even when my browser closes (but I'm still logged into Windows). I close/open Firefox often (dual-monitor setup) and each time, 1Password X logs me out, always claiming a network error.

Screen recording of the issue: https://streamable.com/63bbg

Just one "accidental" closing of the browser and I'm forcibly logged out. Is that supposed to happen? I definitely have internet, but 1PX claims, "Could not unlock 1Password: Please check your internet connection and try again." if I hover over the box.

For sure, I turned off "Automatically lock 1Password" immediately.

Thank you in advance.


1Password Version: N/A
Extension Version: 1.10.3
OS Version: Windows 10 Pro x64 (1803)
Sync Type: 1PX

Comments

  • ikjadoon
    ikjadoon
    Community Member

    OK, after further research, I believe this is a limitation of 1Password X: because it is wholly contained in the browser extension area (and not in a cookie), it will always be locked when the browser opens.

    Is that correct? If so, will using the Windows app keep me logged in between browser restarts? I'm confused: does the Windows App need the 1P Firefox extension or the 1PX Firefox extension? Is there a difference?

    I picked "1PX" because it seemed like the solution that worked "in the cloud", so I could get syncing with my iPhone. But, honestly, I'm a bit overwhelmed: 1Password X Firefox extension, 1Password Firefox extension, Windows App, and standalone vaults.

    I'm just looking for one vault that's always synced between my systems and their browsers <---> my iPhone.

  • ikjadoon
    ikjadoon
    Community Member

    All right, 1PX and the Windows App = no go. Same issue.

    Is there a reason the 1P Extension is not available on the official Mozilla Firefox Add-ons page? Nothing against self-hosting on principle, but seems a tad weird I can't find it (but I can find 1PX on FF AMO).

  • ikjadoon
    ikjadoon
    Community Member
    edited September 2018

    OK, I tried out 1P ("requires desktop app") Firefox extension and it's definitely a different extension: does not even have a 1P icon inside login boxes, so it seems like a much more passive password manager.

    Is there a way for the 1Password desktop app to communicate with the 1PX extension that I have not left my computer and not log me out after I close Firefox accidentally or otherwise?

  • AGAlumB
    AGAlumB
    1Password Alumni

    I believe this is a limitation of 1Password X: because it is wholly contained in the browser extension area (and not in a cookie), it will always be locked when the browser opens.

    @ikjadoon: I'm sorry for the confusion. That is correct.

    If so, will using the Windows app keep me logged in between browser restarts?

    Yes.

    I'm confused: does the Windows App need the 1P Firefox extension or the 1PX Firefox extension? Is there a difference?

    Yes. The 1Password desktop extension works with the Windows (or Mac) app:

    Use the 1Password extension to save and fill passwords on your Mac or Windows PC

    1Password X is a self-contained extension for folks who cannot use the native apps:

    Get to know 1Password X

    I picked "1PX" because it seemed like the solution that worked "in the cloud", so I could get syncing with my iPhone. But, honestly, I'm a bit overwhelmed: 1Password X Firefox extension, 1Password Firefox extension, Windows App, and standalone vaults. I'm just looking for one vault that's always synced between my systems and their browsers <---> my iPhone.

    A 1Password.com membership offers that, and works with both 1Password X and the native apps.

    All right, 1PX and the Windows App = no go. Same issue.

    What's the issue? Please be specific.

    Is there a reason the 1P Extension is not available on the official Mozilla Firefox Add-ons page? Nothing against self-hosting on principle, but seems a tad weird I can't find it (but I can find 1PX on FF AMO).

    1Password X was developed very recently and we have a process for building and submitting it there. It's something we'd like to do for the desktop extension as well, but currently that isn't possible for historical reasons.

    OK, I tried out 1P ("requires desktop app") Firefox extension and it's definitely a different extension: does not even have a 1P icon inside login boxes, so it seems like a much more passive password manager.

    I dunno, have you tried the keyboard shortcut? ;) Ctrl \

    Is there a way for the 1Password desktop app to communicate with the 1PX extension that I have not left my computer and not log me out after I close Firefox accidentally or otherwise?

    No. 1Password X is entirely self-contained. It runs solely with the browser.

    I hope this helps. Be sure to let me know if you have any other questions! :)

  • ikjadoon
    ikjadoon
    Community Member

    What's the issue? Please be specific.

    1PX logging out while I'm still logged into my PC. I think we've concluded that 1PX does not have the same features as 1Password or vice-versa. They're actually quite different products. I mistook 1Password X as "the new standard", while the old versions (desktop app) were on their way out. But, there's a substantial 1P-only user base still, so the two products have and still actively serve different markets.

    1Password X was developed very recently and we have a process for building and submitting it there. It's something we'd like to do for the desktop extension as well, but currently that isn't possible for historical reasons.

    Ah, makes sense. I had thought it had been publicly released for a year, but maybe, compared to the original, it's quite recent.

    Yes. I think I'm understanding, finally, the historical 1Password lineage, which I think users have to understand before they can decide which version of 1P to use, heh.

    I dunno, have you tried the keyboard shortcut? ;) Ctrl \

    brenty, this yields the exact same problem: the hassle of 10-20x a day reminding 1PX via keystrokes that "Yes, still me here" or 1P "Yes, please fill in this password now: I'm ready for you to begin working." That is, more like a "pick your poison": either always re-type your Master Password every browser restart or always press Ctrl+Alt+\ to pull-up 1P Mini every time you want to use the service.

    Maybe the functionality I expected is not 1P's mindset: log in and out alongside my Windows login state (i.e., the double-walls seem funky to me; if I don't want unauthorized access to 1PX, then I absolutely do not want unauthorized access to the PC; this is the same reason given by 1P why there is no support for "re-prompt for Master Password for certain logins", I believe) + and have the 1P logins easily accessible by a mouse inside login fields for a quick click.

    Maybe the keyboard shortcuts are big for other users, but, at least for me, I browse the web primarily with a mouse so I (maybe peculiarly) expect browser functions to be mouse-first.

    Thank you for the reply and explanation, brenty. I'll keep exploring and learning.

  • ikjadoon
    ikjadoon
    Community Member

    What's the issue? Please be specific.

    1PX logging out while I'm still logged into my PC. I think we've concluded that 1PX does not have the same features as 1Password or vice-versa. They're actually quite different products. I mistook 1Password X as the "new version that will replace old versions", but I believe not. The two products still actively serve different markets.

    1Password X was developed very recently and we have a process for building and submitting it there. It's something we'd like to do for the desktop extension as well, but currently that isn't possible for historical reasons.

    Ah, makes sense. I had thought it had been publicly released for a year, but perhaps, compared to the original, it's quite recent.

    Yes. I think I'm understanding, finally, the historical 1Password lineage, which I think users have to understand before they can decide which version of 1P to use, heh.

    I dunno, have you tried the keyboard shortcut? ;) Ctrl \

    brenty, this yields the exact same problem: the hassle of 10-20x a day reminding 1PX via keystrokes that "Yes, still me here" or 1P "Yes, please fill in this password now: I'm ready for you to begin working." That is, more like a "pick your poison": either always re-type your Master Password every browser restart or always press Ctrl+Alt+\ to pull-up 1P Mini _every time you want to use the service__.

    Maybe the functionality I expected is not 1P's mindset: log in and out alongside my Windows login state (i.e., the double-walls seem funky to me; if I don't want unauthorized access to 1PX, then I absolutely do not want unauthorized access to the PC; this is the same reason given by 1P why there is no support for "re-prompt for Master Password for certain logins", I believe) + and have the 1P logins easily accessible by a mouse inside login fields for a quick click.

    Maybe the keyboard shortcuts are big for other users, but, at least for me, I browse the web primarily with a mouse so I (maybe peculiarly) expect browser functions to be mouse-first.

    Thank you for the reply and explanation, brenty. I'll keep exploring. I appreciate the notes. :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    1PX logging out while I'm still logged into my PC. I think we've concluded that 1PX does not have the same features as 1Password or vice-versa. They're actually quite different products. I mistook 1Password X as "the new standard", while the old versions (desktop app) were on their way out. But, there's a substantial 1P-only user base still, so the two products have and still actively serve different markets.

    @ikjadoon: I think we'll continue to move more in the direction of 1Password X, but our other apps are very much under active development. While 1Password X definitely is visually different as well, a lot of the big stuff we're doing there is behind the scenes with filling logic, and that's stuff we're actively working to bring to the other apps, though you won't see any change right away. ;)

    Ah, makes sense. I had thought it had been publicly released for a year, but maybe, compared to the original, it's quite recent. Yes. I think I'm understanding, finally, the historical 1Password lineage, which I think users have to understand before they can decide which version of 1P to use, heh.

    No no, you're totally right! It's been about a year! That's really funny to me, because in technology a lot of times stuff from a year ago seems really old...but I guess in this case, since we've been developing 1Password's browser integration for over a decade, 1Password X still seems super new. You make a great point! :lol:

    brenty, this yields the exact same problem: the hassle of 10-20x a day reminding 1PX via keystrokes that "Yes, still me here" or 1P "Yes, please fill in this password now: I'm ready for you to begin working." That is, more like a "pick your poison": either always re-type your Master Password every browser restart or always press Ctrl+Alt+\ to pull-up 1P Mini every time you want to use the service.

    I hear you, but we can't very well not have 1Password secure your data, and the way that happens is by encrypting it with the Master Password, and therefore it is also needed to decrypt it. There are only two ways around that: for you to enter it (not fun) or for us to store it (NOT good at all). So we're definitely sticking with the former. We are, however, investigating ways to make it possible in the future to use biometrics. That may be a long way off, and we will only do it if it can be done securely (and your browser will need to keep 1Password "running" of course), but it's something we want as well.

    Maybe the functionality I expected is not 1P's mindset: log in and out alongside my Windows login state (i.e., the double-walls seem funky to me; if I don't want unauthorized access to 1PX, then I absolutely do not want unauthorized access to the PC; this is the same reason given by 1P why there is no support for "re-prompt for Master Password for certain logins", I believe) + and have the 1P logins easily accessible by a mouse inside login fields for a quick click.

    That's a really good way of describing the user experience, and I don't disagree with you. But in order for signing into the OS to keep 1Password unlocked for you, the OS would need to be storing your Master Password somehow. We have a great, secure way to do that on iOS, but other places not so much.

    Maybe the keyboard shortcuts are big for other users, but, at least for me, I browse the web primarily with a mouse so I (maybe peculiarly) expect browser functions to be mouse-first. Thank you for the reply and explanation, brenty. I'll keep exploring and learning.

    Sounds good, and you're very welcome! I use my mouse a lot too, but for certain things, like filling a login with 1Password or closing tabs in the browser, which take a lot of mouse movement and several clicks otherwise, I really enjoy using keyboard shortcuts. Saves me a lot of time in aggregate — and probably some RSI too. Anyway, if you have any other questions at all along the way, just let us know. Cheers! :)

  • ikjadoon
    ikjadoon
    Community Member

    I hear you, but we can't very well not have 1Password secure your data, and the way that happens is by encrypting it with the Master Password, and therefore it is also needed to decrypt it. There are only two ways around that: for you to enter it (not fun) or for us to store it (NOT good at all). So we're definitely sticking with the former. We are, however, investigating ways to make it possible in the future to use biometrics. That may be a long way off, and we will only do it if it can be done securely (and your browser will need to keep 1Password "running" of course), but it's something we want as well.

    You mean only 1Password X, brenty. 1PasswordX doesn't retain decryption between browser restarts, while 1P does retain decryption between browser restarts (by interacting with a Windows application) Having two behaviors for two extensions was a design choice made by Agile Bits, not an inherent security risk. Surely if interacting with Windows was inherently something "NOT good at all", 1P wouldn't have ever allowed that in the original extension.

    One extension talks with Windows. And it was decided the other would not have that same functionality.

    That is, the quoted post above is re-iterating the current technical limitation between the two applications, not an underlying security risk. Right? It's not a question of "fun" or "not good", but I'm afraid you may be confused, so I want to clarify.

    Good luck with the biometrics or, barring that, adding an optional connection between 1PX and your Windows application. And bringing filling logic to the entire 1P ecosystem.

    I'll check back in due time.

  • AGAlumB
    AGAlumB
    1Password Alumni

    You mean only 1Password X, brenty.

    @ikjadoon: No, I'm talking about 1Password in general. Since we never write your Master Password to disk, 1Password must be running in order for it to remain unlocked. Period.

    1PasswordX doesn't retain decryption between browser restarts, while 1P does retain decryption between browser restarts (by interacting with a Windows application) Having two behaviors for two extensions was a design choice made by Agile Bits, not an inherent security risk.

    Nope. When you close your browser, you're killing all extensions running within it, including 1Password X. When you're using the 1Password desktop app, which is running outside of the browser, quitting the browser does not kill the app.

    Surely if interacting with Windows was inherently something "NOT good at all", 1P wouldn't have ever allowed that in the original extension. One extension talks with Windows. And it was decided the other would not have that same functionality.

    I think you're reading a lot into my comments above. That's not at all what I said. I'm sorry if something I said was unclear to you. Let me know if you'd like me to clarify anything.

    That is, the quoted post above is re-iterating the current technical limitation between the two applications, not an underlying security risk. Right? It's not a question of "fun" or "not good", but I'm afraid you may be confused, so I want to clarify.

    I don't see where I said anything about "fun" or "not good". Can you tell me what you're referring to? Regarding the security risk, that's the issue with saving the Master Password to disk, which would be necessary to not require the user to enter it after quitting 1Password completely — whether running in the OS or browser. Definitely a bit confusing, but important nonetheless.

    Good luck with the biometrics or, barring that, adding an optional connection between 1PX and your Windows application. And bringing filling logic to the entire 1P ecosystem. I'll check back in due time.

    I think we will probably do both, if we can. Thanks for letting us know this is something you'd like us to work on. :)

This discussion has been closed.