Multiple sign-in notices

When I first set up the Chrome extension in Chrome 60.0.3112.113 on Fedora, I received two "New 1Password sign-in from Chrome" emails. My order of events was:
1. Navigated to the Chrome webstore direct link to the beta extension and installed it
2. Clicked Sign In, entered my 1password URL, and entered my login details (email, secret key, master password)
3. A new tab opened to say 1Password is ready to go
4. I received two emails, one saying "from 1Password.com" and the other "from 1Password for Chrome"

It makes some sense to provide notifications for each (since a user could have already logged into 1Password.com previously and then would only get a single notification for the extension), but when setting things up from a clean start, would it make more sense to send only a single email?


1Password Version: Not Provided
Extension Version: 0.8.4
OS Version: Fedora 26
Sync Type: Not Provided

Comments

  • beyerbeyer

    Team Member

    Hey @EricKerby,

    Thanks for reaching out!

    Although we've spent a lot of time and effort in making 1Password for Chrome incredibly easy to set up by utilizing the same login page as 1Password.com, they are in fact, two different clients (which results in two emails). If you sign in to 1Password.com from any new web browser, Chrome profile, or after resetting your web browser – you will receive a notification via email. Since 1Password for Chrome is an entirely separate application and authenticates with the 1Password servers separately, you'll also receive an email notification alerting you during its first login.

    This is relatively the same experience for someone who is using a Mac or Windows computer. For example, if I'm setting up a new Mac and I install 1Password 6, I could then log in to 1Password.com and receive a notification from 1Password Mini to add my 1Password account. This would result in two email notifications, one from my login to 1Password.com and one after adding my account to 1Password 6.

    We will make sure 1Password for Chrome and authentication from the web client on 1Password.com are easier to differentiate in both the notifications and under the Authorized Devices section of your profile page on 1Password.com.

    There are certain reasons someone might want to leave their Emergency Kit with a lawyer or family member should something happen to them. Our notification emails could be the difference between knowing if that trust has been violated or not. I hope that helps shed some light on the two emails and from a security standpoint it will most likely remain this way.

    Have a great week and stay safe out there!

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • As a follow up consideration (this issue really isn't a big deal, but just in case...), if the extension is indeed a completely separate application, why does it need to have the web browser authenticate with 1Password.com in addition to the extension during the setup process?

  • beyerbeyer

    Team Member

    Great question @EricKerby!

    From a technical standpoint, the extension doesn't need to use the 1Password.com sign-in page at all, but we felt that was a nice and easy way for users to add their account. This also allows users with multiple accounts to add them by just signing into them using 1Password.com. Theoretically, in the future, we could change this to operate more like our native applications. Nothing is truly set in stone, and I'm sure you'll see almost every aspect of 1Password for Chrome evolve as we try new things and see what works best for the majority of users.

    Have a great weekend! :)

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file