1Password 6 Beta: Can't login to 1Password, corporate root CA?

edited September 2016 in Windows Beta

While at work, when I attempt to sign into my 1Password account within the windows beta 6 app, I get an error... "Unable to sign in, please check details provided and your network connection." I've double and triple checked my codes and have also used the qr code. I'm able to login directly on the website just fine.

A common problem that I have at work is with their firewall re-encrypting traffic. They do this using their own Root Certificate Authority. So this company root certificate is imported into my windows certificate store. Does 1password read from the windows keystore?

I've been able to work around this by importing the CA into various apps. I'm wondering if it's similar with 1password. Do you maintain your own rootCAs?


1Password Version: 6.0.245 (Sept 29)
Extension Version: Not Provided
OS Version: Windows 7
Sync Type: 1Password account

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @gordonchil,

    I've moved your thread to our Windows Beta forum.

    That essentially means they're capable of listening to all of your secure traffic and we can't verify the security of our connections, which means we will reject it to keep your data protected.

    Just to make sure it is not something else, can you email us your 1Password diagnostics log, so we can see why it is rejecting you. Here's how:

    1. Click on the start button to search for Event Viewer, open it.
    2. On the left sidebar, expand Applications and Services Logs, 1Password should show up below here
    3. Right click on 1Password to select Save all events as and save it as 'logs.txt', set Save as Type to Text (tab delimited) (*.txt)
    4. Email that file to us at [email protected] and in the email, also include the link to this thread along with your forum username.

    Let us know here when you've sent the email, so we can confirm we got it.

  • Hi @MikeT
    Thanks for your quick forum response! I've sent an email to that address with the logs.

    Assuming that this might be the issue...

    I recognize that the IT department at my work will be able to see my passwords. I understand that this is a matter of trust. I trust my employer with work-related passwords, but not personal items such as bank accounts, credit cards, etc.

    I have a family account so I created a new "family member" for the work account and moved all my shared passwords out to private vaults. Any work related password is stored in the work-related vault. (BTW, the family accounts and separate vaults are a brilliant idea!)

    But at the same time, I understand that there might be some risk associated with any other customer that might have a machine with a compromised OS keychain. I just wonder if there could be a possibility for an exception via a feature of some sort..

  • MikeTMikeT Agile Samurai

    Team Member
    edited September 2016

    Hi @gordonchil,

    We have third party anti-malware solutions doing the same thing here, performing MITM attacks and so on, so we have to be aggressive about protecting against these things.

    However, a quick look at the logs says it just can't resolve the domain, which could be a proxy issue. Does your work also use a proxy server?

    ref: FNA-17913-571

This discussion has been closed.