1Password 6 for Mac incompatible with Brave browser

The 1Password extension no longer works with the official Brave Browser (if you are running 1 password 6).

The brave team has stated that a change is needed by AgileBits in order for the extension to work with Brave browser and 1Password 6: https://github.com/brave/brave-browser/issues/1730

When you try and use the extension with Brave, the icon blinks and fails to connect to the desktop 1Password application.

This issue was previously only relevant to the Beta Brave release: https://discussions.agilebits.com/discussion/97240/1password-extension-not-working-in-brave-beta-browser.


1Password Version: 6.8.9
Extension Version: 4.7.3.90
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:1Password Extension Brave

Comments

  • Hello @stickney84,

    Starting with 1Password 6.8 the browser code verification check became an enforced part of 1Password meaning the copy of 1Password that you're running must have a record of the code signature of a given browser for it to allow the extension to connect. Brave made some changes to to their bundle IDs that required 1Password update its list and these changes first appeared in version 7.1.2. As a result anything older than 1Password 7.1.2 for Mac will be unable to verify the current version of Brave and so will refuse any connection originating from it.

    While there remains the possibility that I could be proven wrong, I do not foresee any update being made to 1Password 6. As it was 6.8.9 almost didn't happen and that was when version 6 was technically still the current version. I'm afraid it will be either a choice of using a browser known to 1Password 6 or considering updating to 1Password 7 and taking advantage of all the changes that have been made there.

  • Thanks @littlebobbytables for the update.

    If that's the case than the issue should be trivial (ish) to address! I mean, I'm sure it involves a bunch of testing and what not, but at least it's not an unknown issue...

    I guess the question I have is - what is the official AgileBits stance on support for anything other than the most recent version of their desktop app? 1Password6 is just one version away from the latest version - does that mean AgileBits doesn't care about it anymore? I know how hard it can be when you tell the engineering department they are done working on a particular version, and then later come back to them and tell them "well ... actually there's just one more thing", but at the end of the day these decisions should be made from the customers perspective.

    1Password6 is effectively broken for me now.

    I'm not sure how the signature check works exactly, but if another major browsers push an update, will this break things as well?

    @littlebobbytables if AgileBits has an official legacy support policy could you point me to it? Many thanks!

  • cybomancyboman
    edited October 2018

    Hi @littlebobbytables,

    The Brave Beta browser uses Chromium at its core (and will going forward). Do you see any issues with this from 1Password's end of things? I would assume "if it works in Chrome, it should work work in Chromium-based browsers" - is this a fair assumption?

    (to be clear, I'm using the Brave Beta) Now using stable build.

    Update: This now affects the stable, primary Brave browser as well.

  • Hi @cyboman,

    I'll do my best to address the various points.

    Being based on Chromium merely means that the Chrome extension should work in terms of being installable and running without error. The extension being able to run in a browser does not mean that 1Password will accept the connection attempt. The code signature check I referred to is a check that 1Password performs on both itself and its various components as well as the originating process connected to the extension i.e the browser. Like 1Password's own components the browser must have a valid code signature, the copy in memory must be the same as on disk and the code signature must be one known to 1Password.

    That brings us to the second point. 1Password contains a hardcoded list of known browsers. This list must be updated as browsers change but only in terms of the signing certificate. Signing certificates change infrequently compared to updates to the browser and any certificate can last for a number of years. So it isn't that Brave issued an update and the mere act of updating broke things, its that certain details about the certificate and the bundle ID changed. As these no longer match the hardcoded details the browser no longer conforms to a known signature. As a result 1Password cannot differentiate between this and a compromised browser and so refuses the connection.

    1Password 6.8.9 is an example of this. The only difference between 6.8.8 and 6.8.9 are updated details relating to Opera. While I cannot offer any reasonable prediction, I would assume most of the supported browsers in 1Password 6 will be able to connect for some time to come. That is a vague assertion and it's about the only one I can make.

    While the changes are not massive, once we release a new major version of 1Password it is rare for there to be updates to the older code. A critical security issue for example would be something we would look to address but incompatibilities creeping in over time are almost never addressed. This is a relatively extreme example, it hasn't been a long period since we released 1Password 7 and I would have hoped that it wouldn't have been so soon before we started to see changes in either the operating system or browser meaning 1Password wasn't performing as expected. Brave updated the bundle IDs for the various versions they release (stable, beta, dev etc.) and that just happens to be one of the points connected to the code signature verification. This still leaves several browsers that will work with 1Password 6 for Mac though including:

    • Safari
    • Firefox
    • Chrome
    • Vivaldi
    • Opera

    The next browser that I anticipate will be lost will be Safari. We have no schedule but Apple are making the older style extensions as found in their Safari Extension Gallery obsolete. Safari 12 only supports older extensions downloaded via their Safari Extension Gallery, at some point Safari will go Safari App Extension only at which point only 1Password 7.2 or newer will have support.

    It is worth remembering that we haven't had a paid 1Password update since 1Password 4 for Mac back in 2013. Somebody purchasing 1Password back in 2013 has had 1Password 4 through to 6. Some people will have experienced fewer free updates depending on when they purchased 1Password of course, that's not specific to 1Password, it holds true for any licences or at least ones I've had experience with.

    1Password 6 will continue to work but the only guarantees are with software as it was when development on version 6 ceased. Changes that will disrupt 1Password 6 should start off as being rare and over time the potential will slowly creep up, Brave was just unlucky in terms of the timing.

  • Dear 1Password team,

    Reading that makes me sad.
    I cannot upgrade from 10.11, so I cannot use 1PW7 (also, I prefer a non-subscription variant, which existences seems to be unclear for 1PW7).
    I want to use Brave but without my 1PW6-Vault, its nearly useless.
    It seems time for a good bye :(

  • edited October 2018
    • Unlucky that Brave updated so soon after 1p6 became legacy
    • There are other browsers you can still use
    • Some of you got previous updates for free

    I'm not satisfied by the response but I do appreciate that you're just the messenger.

    I hope AgileBits considers taking on this work.

  • brentybrenty

    Team Member
    edited October 2018

    Unfortunately Brave is a very niche browser, and 1Password 6 is half a year gone now, hasn't been touched since then and isn't likely to be. I rather like Brave myself, and am pretty excited for the new stuff that's coming there...but at the same time it isn't feasible for us to update legacy stuff and work on the current version. And since Apple appears to be done with El Capitan as far as releasing even security updates, I'm not sure we could justify propping up it or other unsupported OSes by continuing to work on an old version of 1Password, especially for something that would benefit so few people. 1Password 6 was only updated for similar changes in Opera this year due to its larger userbase and the fact that 1Password 7 was still in beta at that time. It doesn't seem reasonable to try to push out an update at this late hour just for Brave.

    Sorry that's not the answer you were hoping for, but there are plenty of other great browsers out there which work just fine with 1Password 6: Firefox is very privacy-focused, and Vivaldi also has a ton of great power user features — and a big new release.

    P.S: Just to clarify, 1Password 7 has supported both standalone licenses and 1Password memberships since it was released toward the beginning of this year.

  • edited October 2018

    fwiw I'm tied to using Brave, and I really love 1P but now I'm considering other options because I don't have the resources to upgrade at this time, and I'm concerned that in the future I'm likely to receive similar treatment for using a niche browser.

    I agree that it probably doesn't make sense for the business to invest resources for such a small user base that is affected by this issue (brave users who purchased 1P6 recently enough to not want to pay again to upgrade to 1P7).

    But that's not the only way to address our situation...

  • brentybrenty

    Team Member

    @stickney84: I hate to be a wet blanket here, but there's a long, long list of browsers that 1Password has never and will never support. Brave is supported, but we can only do that on an ongoing basis in the current version of 1Password, as that involves not only development but also testing, support, and coordination with the browser vendor. We have to be picky about what browsers we support in the first place, and we've only been able to support Brave at all thanks to its development team. We're never going to be able to support all browsers both backwards and forwards in perpetuity. Sorry. :(

  • I understand, what I meant to insinuate was would we be able to get some kind of discount towards an upgrade to 1P7?

  • brentybrenty

    Team Member

    @stickney84: Ah, thanks for clarifying. Indeed, 1Password for Mac version 7 (or Windows) licenses are available at a discount currently.

    Or, if you'd prefer to get all of the apps as part of a 1Password.com membership I'm sure we can help with that too. Just shoot us an email at [email protected] and post the Support ID you receive here. :)

  • edited October 2018

    thanks!! I did not realize the 1P7 discount was still active. I also didn't realize the membership still allows you to have local vaults which don't sync with 1P cloud.

  • brentybrenty

    Team Member

    thanks!! I did not realize the 1P7 discount was still active.

    @stickney84: Yep! As of this writing, it is. :)

    I also didn't realize the membership still allows you to have local vaults which don't sync with 1P cloud.

    It does! But it's not something we advertise or encourage, since it's a great way for people to run into confusion and trouble since those are completely separate from a 1Password.com account and therefore data would not be available through the browser app and also each local vault would need to be configured separately on each device in order for it so sync at all. Cheers! :)

  • Looking to upgrade to 1P7 for this (Brave) and some other reasons. I don't see anything about a discount anywhere when following that link or in the licensing screen in 1P7. Has it ended now? I've been using 1P for many, many years and would hope I can still get a discount on the upgrade.

  • rudyrudy

    Team Member

    @DigitalOxygen.ca,

    Nope, it should still be active. Though depending on where you are in the world you may see a different price in the storefront than $49.99 USD. I believe it ends up being something like $65 CAD versus post-launch pricing which will be approximately $85 CAD.

  • Just to expand on Rudy's reply. Part of any difference will be converting to different currencies but also look out for any VAT applicable for your country. When we quote the likes of $49.99 USD or $64.99 USD that's before any VAT which seems to be state specific in the likes of Canada and the US and country specific elsewhere. I see a 20% higher price for example being based in the UK. Any added VAT will be detailed on the page and is already included in the main price displayed.

  • Seems to have worked now. Might have been a timing / cache issue. Just took a bit after entering my license info for it to show the discounted pricing.

  • brentybrenty

    Team Member

    :) :+1:

  • I have the same problem - I've downloaded Brave and I really like it, but it doesn't seem to work with the 1Password extension I've just installed in it. I'm using 1Password 6.8.9 here.

    I'd love to upgrade to 1Password 7 - which I've already bought, but not using currently - but that one doesn't work correctly with my Safari... so I've downgraded to 6 until this problem goes away: https://discussions.agilebits.com/discussion/89505/safari-tech-preview-extension-bug-invoke-hotkey-and-safari-is-launched

  • Greetings @mackuba,

    If you need to routinely jump between Safari and Safari Tech Preview and use Brave then there isn't an option available that ticks all the boxes. 1Password 7 can work with Safari Tech Preview if it's the default browser and any combination of supported browsers if you're using Safari. It just doesn't allow for seamless jumping between Safari and STP. I'm not sure if that will change any time soon either but if it does any changes will likely need to come from Apple based on what the developers have told me.

  • I guess I might settle for Safari + Brave + 1P7 on one machine and Safari + STP + 1P6 on another… I really hope you guys somehow figure out a way around this though, because I wouldn't count on Apple making all necessary updates to the extension API soon :unamused:

  • @brenty:

    "And since Apple appears to be done with El Capitan as far as releasing even security updates, I'm not sure we could justify propping up it or other unsupported OSes by continuing to work on an old version of 1Password"

    And here's the crux of it all, and I really mean It All:

    AgileBits is simply another black-hooded whipmaster on Apple's treadmill of "upgrade or die".

    Like xipon, I, too, cannot go past 10.11. Oh, I could--by swapping out equipment and rearranging quite a bit of my setup, all to the tune of some not inconsequential amount of money. I'd rather not.

    Apple built the treadmill, then declared that any devs who want to benefit from users of Apple's equipment must grab a hood and a whip and take their place in line. The devs get continued access to Apple's dev tools and Apple's end users, as long as they're doing things that push people to upgrade the OS--which means upgrade the hardware, by Apple's definition--and therefore benefit Apple.

    At least I have an answer, which is what I came here for today.

    On the bright side: 1P on Android 8 and up is brilliant. Thank you. Works very well, now that you have access to the Android bits you needed. Currently using it on Android 9 beta for Samsung Galaxy S9+, and all is well.

  • Oh come on, you make it sound like they're in some kind of conspiracy. All systems work like this, old Windows versions stop getting updates after some years, Ubuntu stops getting updates after 2 years or 5 for long term support versions, same for everything else. Software constantly evolves and gets more complex so it needs better hardware. Apple is doing a pretty good job IMHO supporting old Macs and iPhones for many years.

    And for devs, new OS versions mean new APIs which often simplify coding, so if you can save yourself work while abandoning some tiny percentage of users, the choice is often very easy.

  • brentybrenty

    Team Member
    edited December 2018

    @adam1991: I'm glad to hear that you're enjoying the work we've put into 1Password or Android. There's plenty more to come there, and to all of our apps. :)

    I have to agree with mackuba. Many of my old Apple devices have found good homes with friends and relatives as I've upgraded to new ones, and are still up to date since Apple has continued to support a lot of old devices -- much more so than in the past -- with OS upgrades in recent years, even putting a lot of work (which really made a difference for my older devices) into making them perform better.

    As for 1Password, the reality is that we're a security company, and the way to be secure is to stay up to date. Otherwise you're exposing yourself to unnecessary risk, when vulnerabilities have been patched to protect against exploitation. It sounds like you're one top of that on Android (as much as one can be, given many devices have to wait for updates or never get them at all), but it's no different on Apple platforms. All vendors benefit when people purchase new devices, not just Apple. And you're missing a lot if you think that's the only factor that goes into this. You're free to do as you wish, but for us to recommend or condone doing other than staying up to date would be naive or negligent. If you were responsible for the security of millions your customers, I'd hope you'd do the same. :blush:

  • Another customer who purchased 1Password 6 not too long ago and really like the new Brave browser but after reading this it seems i cant have both. Guess this is good by to 1Password...

  • brentybrenty

    Team Member

    I'm sorry to hear that. It just isn't feasible for us to update old versions indefinitely. Our focus is on the current version of 1Password, and that does support the new Brave though. I'm a fan myself -- especially since they've done their "reboot" with Chromium at its core.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file