iCloud session expired [select "Keep me signed in" to authenticate with iCloud less frequently]

2»

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    Hi there, Unfortunately clicking "Remember me" only helps for a short while. I'm still having to sign in every day, or at most every other day. Is there a better fix in the works for this issue Thanks!

    @johnclay: We can't fix this. iCloud is owned and operated by Apple, and authentication is handled by them. If you're really having to sign in every day even when checking the "keep me signed in" box (please double check), the only thing you can do is disable iCloud sync completely for 1Password, and then set it up again to ensure you get a new token. Otherwise you'll need to contact Apple for assistance with that, or use another sync method.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I'm trying to switch back to the Mac App Store version to avoid this annoying iCloud sync issue. I am using two-factor auth, and the "keep me signed in" option makes no difference.

    @bergdesign: That really shouldn't be the case. Definitely try disabling iCloud sync completely and setting it up again. Some folks have found that ensures they get a brand new token.

    I have a Mac App Store purchase from the past that appears to install the latest version and properly access my iCloud sync'd vault, however it cannot see a second vault that I have access to when using the AgileBits website version.

    It sounds like you just need to setup the second vault there. The App Store version has its own separate database per their rules for sandboxing.

    I have quit both the AgileBits website version app and its 1P Mini helper before launching and using the Mac App Store version, so I believe that I am following the suggested "rules." But there is no mechanism in the preferences for accessing the location of my additional vaults nor can I sync an additional vault with iCloud in hopes that the Mac App Store version would see it/them. And none of the support docs reflect a move from the AgileBits website version to the Mac App Store version, and the location of vaults is absolutely not intuitive to say the least.

    These are stored internally unless sync'd somewhere. And secondary vaults cannot be sync'd with iCloud, only the Primary.

    So either I wish to have a permanent fix for the iCloud sync problem when using the AgileBits website version, or a good answer for moving/copying my second vault to the Mac App Store version.

    Try my suggestions above. We can probably help you move to the Mac App Store version, but it's complicated and an AgileBits Store license will not work there. So it's best to try alternatives first.

  • Lars, we're all fans, and nothing is more important than the security of your customers' confidential information. I've been a customer for years, and think highly of your work and commitment to building and maintaining a superior product.

    I understand why it is happening; having to sign into the apple store to use your product, for any reason, feels jerry-rigged, and is de facto the only app of any kind demanding this.

    Hoping you'll find a solution soon.

  • (and yes checking the box only works for eight hours, before indeed I'm compelled to do something that is an aberration for any normal Mac operation)

  • AGAlumB
    AGAlumB
    1Password Alumni

    Lars, we're all fans, and nothing is more important than the security of your customers' confidential information. I've been a customer for years, and think highly of your work and commitment to building and maintaining a superior product.

    @Kevin in San Francisco: Thank you for the kind words, and your support! We couldn't do what we do without you and the rest of our awesome customers. :blush:

    I understand why it is happening; having to sign into the apple store to use your product, for any reason, feels jerry-rigged, and is de facto the only app of any kind demanding this.

    Indeed, as far as I know, no other non-App Store apps are able to talk to iCloud at all. iCloud was for a long time a requirement for this. It still is in a sense, as Apple doesn't offer a way for non-App Store apps to integrate. But when Apple announced CloudKitJS, we created AgileCloudSDK to interface with it. Otherwise it still wouldn't be possible for the AgileBits Store version to sync with iCloud at all.

    Hoping you'll find a solution soon. (and yes checking the box only works for eight hours, before indeed I'm compelled to do something that is an aberration for any normal Mac operation)

    Unfortunately this isn't something we can fix. That's definitely not how Apple has told us it should work, and not what I'm seeing here in my own use either. Did you try disabling iCloud completely to ensure you're getting a new authentication token? You should be getting one for 8 hours without checking the "keep me signed in" box.

  • Hi Brent,

    Please list the instructions so that iCloud doesn't have to be involved whatsoever, and I can cease to get this odd demand, or are you saying it's necessary for 1Password to function with Apple having made the change it did, with no work around?

    Having to authenticate your product using my iCloud password is just uncomfortable.

    Thanks for giving it a noodle!

  • @Kevin in San Francisco

    If I understand correctly, you're looking to remove iCloud from the equation entirely? If so, yes, that is possible. We offer a few different options which you can review here:

    Sync your 1Password data

    I hope that helps!

    Ben

  • Lars
    Lars
    1Password Alumni

    @johnclay -- there's no better fix in the works for this, because we don't control iCloud timeouts. Clicking "keep me signed in" should solve the issue for you -- but "remember me" isn't the same option. Are you clicking "keep me signed in" on the actual Apple sign-in page (as opposed to any kind of pop-up you may be getting)? You may have to perform this more than once for it to "take" across Apple's iCloud servers -- I am not sure why this is the case. Can you make sure you're checking this every time, and if it persists on the same user account on the same Mac more than once or twice, let us know? Thanks, and sorry for the trouble.

  • johnclay
    johnclay
    Community Member
    edited September 2017

    @Lars

    I'll monitor and update. I've noticed it happens in particular if I use another browser, or if I login on another computer. Perhaps iCloud is invalidating other logins when a new system logs in?

    Here's another idea, given that Apple is only likely to make this situation worse. What about offering a sync-only (no apps) option of the 1Password sync service for a nominal fee? I've been a 1Password customer since 2008, and after having bought all the updates since then (admittedly not many), I don't really want to switch to a subscription for the apps. Wouldn't mind paying $1/month to sync everything in my single vault smoothly though.

    I've implemented 1Password for Teams at my company, and it's been fantastic since the beta phase. Just can't justify the cost for my personal stuff.

  • Lars
    Lars
    1Password Alumni
    edited September 2017

    @bergdesign - you shouldn't have both the Mac App Store version and our version installed on the same Mac at the same time. They store their data in different places in your ~/Library folder, but more than that, it can cause inconsistencies in 1Password's behavior.

    The reason your Mac App Store version cannot "see" your secondary vault is because iCloud has always only synced your Primary vault. You can sync a single vault via iCloud. If you have more than one vault, you'll need to either choose a different sync solution for all vaults, or sync your Primary via iCloud and choose another method for all additional vaults. If you would like a better way to sync all vaults (and much more), you may want to go with a 1Password membership.

    If you don't want a 1Password membership, and you would like to switch back from our version of 1Password 6 for Mac to the Mac App Store version, you'll need to figure out what alternate method of sync you plan to keep this secondary vault in sync across your devices, and let us know; we can assist you with the best method of getting your data moved back to the Mac App Store version.

  • Lars
    Lars
    1Password Alumni

    @johnclay - it's not a bad idea at all...except that it's not quite how 1Password.com accounts work. The sync engine that's built into 1Password.com is predicated upon us hosting your data. That's how we're able to do all the things with it that we can't do with the more-generic, limited APIs of other sync solutions. Dropbox and iCloud are great, but there are limits to what we can do with their APIs. That's why we can't just "lift out" the sync section from 1password.com code and have it function with iCloud or Dropbox, because those APIs don't allow us to do what we're able to do when we can design both ends of the sync transaction.

    1Password memberships give you access to not only all this but also unlimited access to all four 1Password apps (Mac, Windows, iOS and Android), so that no matter what configuration of devices you have, there will be a 1Password app for you -- and you'll receive not only all incremental updates, but also all full-version upgrades, included right in with your subscription. That means the upcoming paid-upgrade 1Password 7 apps on all platforms you use will be as simple to manage as download, install, and go. No buying additional licenses or keeping track of them. We haven't charged a full-version upgrade for 1Password for Mac, for example, since version 4...but that is changing with the upcoming 1Password 7, and I suspect we will be on a more regular upgrade cycle in the future (though that's too far off and I don't make those decisions anyway). What I'm getting at is that good software costs quite a bit to develop, maintain and support, and users pay for that one way or another - via initial purchase and subsequent upgrades to new versions over time, or now, via a much simpler 1Password membership. With the former, you get the ability to purchase standalone apps a la carte and manage your own sync, backups and other aspects of using 1Password -- as you see with Apple having changed the timeout rules/conditions for iCloud. With a 1Password membership, you get not only those 1Password apps you enjoy using, but all the advantages of a hosting/sync system designed by the same people, specifically for 1Password. The choice remains yours, of course, but I hope I've explained why the sync solution isn't something we can offer a la carte. :)

  • johnclay
    johnclay
    Community Member
    edited September 2017

    @Lars

    I'm certainly not suggesting you "lift out" the sync functionality and apply it to iCloud. I was suggesting that you offer a 1Password.com-based sync service, specifically excluding the added cost of the application licenses.

    Many people, including myself, prefer to own perpetual software licenses, but would still like to use your syncing service. Good software certainly does cost money to develop and maintain, and I have no qualms about paying for application upgrades. I'm just not a fan of the subscription model for the software license for personal use. On the business side, it makes far more sense.

  • Lars
    Lars
    1Password Alumni
    edited September 2017

    @johnclay - thanks for the clarification. I can file an issue for this internally, but I have to be honest with you when I say I don't know how much traction such a concept will get. 1Password began life as a standalone app with "perpetual licenses." I put that phrase in quotes because I think for some people it's misleading. Although any license purchased from AgileBits throughout our history is technically "perpetual" in the sense that it can be used to license the version for which it was purchased forever, time marches on. Very few people are still using the same computers or versions of OS that they used in 2010. For those who are, their original license of 1Password 3 for Mac would still work, no upgrading required. But the phrase "perpetual license" makes too many people think that the version 3 license they purchased in 2010 means (or should mean) they're entitled to 1Password perpetually, i.e. - forever -- and that means it should work on whatever devices they're using, regardless of when they purchased their license or what version they're using.

    I can see you don't think this way, and it's not my intention to harp on word choice; I know that phrase has become industry standard. But my larger point is that we took a fork in the road when we introduced 1Password memberships. Actually, we took two: we elected to keep the older license and local vault model for those of our users who know exactly what they need/want to purchase and are comfortable managing their own sync solutions. And we introduced a much easier and more comprehensive (not to mention robust and secure) option for users who want the ease and powerful features that come with a 1Password membership. I could be wrong, but I don't think we're likely to muddy the waters further by adding a hybrid of these two methods. But I'll pass along your suggestion; thanks for bringing it up!

  • bergdesign
    bergdesign
    Community Member

    Thanks @brenty and @Lars.

    You shouldn't have both the Mac App Store version and our version installed on the same Mac at the same time. They store their data in different places in your ~/Library folder, but more than that, it can cause inconsistencies in 1Password's behavior.

    @Lars, I was going to move back to the Mac App Store version and use only that version because its iCloud sync should be more robust than the authentication mechanism that the AgileBits website version uses (and I have a license for each version... I had the App Store version and then bought the AgileBits website version at the 6 upgrade). I used Dropbox for a long time, but the perceived security of iCloud is much better since Apple probably has users' backs more so than Dropbox, and I have this lingering fear of Dropbox being hacked before iCloud ever will be. Good point about the data locations... As a dev myself, I know that the Mac App Store stores its data inside its sandbox container and the AgileBits website version stores it in the Application Support folder, then if for example they're both set to sync their primary vault to iCloud, I could see one or the other getting confused as to which has the most current data :/

    As for the second vault, I wasn't looking to sync it but rather to move or copy it so that the other 1P could use it. Since a vault is a singular item as far as a user is concerned, I was looking for "export vault" and "import vault" functions, but after not finding those and reading numerous support articles, it appears that the way to move a vault's data is either to sync using a folder or USB drive, or to use the export "All Items" option. I'm still not confident that my tags will be maintained using "export all items", so this subject is really ripe for a support article that clarifies copying vs syncing and how you move an entire vault's data and metadata between the App Store and AgileBits website versions. I think I've found two dozen articles that touch on the fringe of what I'm looking for, but none clarifies the functional differences between exporting/importing .1pif files and syncing a .opvault file.

    Because the term "vault" is a metaphor for a singular collection or container, I think users expect to be able to copy/move/sync a vault in it's entirety - I know I do :) And this comes into play when you have at least one secondary vault and are restricted by iCloud's syncing of a singular vault. If I can't manipulate a vault singularly between versions and/or devices and I have to deconstruct a vault by exporting all items and reconstruct a new one by importing them, I'd love to see a knowledgebase article that clarifies this or offers the best alternative to use like syncing to a local folder.

    Thanks,
    Brock

  • Lars
    Lars
    1Password Alumni

    @bergdesign - hi Brock. Thanks for the thoughtful reply. We do in fact have export/import features -- a very robust format called .1pif. You can switch to the vault you wish to export, then in the File menu choose Export > All Items. You'll be asked to select a format, make sure it's set to .1pif. WARNING: this will export an UNencrypted copy of your data. Don't worry, it'll be around on your Mac only briefly, but remember to securely delete it afterwards.

    Once you've got the .1pif export of your secondary vault exported to your Desktop (or wherever you chose), Quit 1Password and the Mini by typing ^⌥⌘Q (or just holding down the Control and Option keys as you choose Quit from the 1Password menu), then open up the Mac App Store version, create a new vault and give it a name, and choose Import from the same location (File menu). Your data should import perfectly. Don't forget to trash the exported .1pif file afterwards!

    A second method of doing this that doesn't involve an unencrypted export would be to (in our version of 1Password for Mac), go to Preferences > Sync and choose to sync the vault in question with Folder in the drop-down menu. Create a folder on your desktop for the sync keychain to live in temporarily, and let it complete a full sync. Quit our version of 1Password for Mac fully (including the Mini), and open the Mac App Store version. Then Control-click on the OPVault sync keychain you created on your desktop in the previous step, and choose to open it in the Mac App Store version of 1Password. Once it's imported, you can turn off the folder sync in Preferences > Sync if you wish and delete the OPVault file.

    Let us know if that still doesn't fit your needs; both of those methods should work :)

  • puzzleduser
    puzzleduser
    Community Member

    This same problem is driving me crazy. It just started this week. I recently upgraded to High Sierra, but the problem did not occur immediately. I have every problem everyone else does, and I have tried all the fixes. I just disabled the sync to iCloud and then signed in again. Maybe that will do the trick. I certainly do have keep me signed in checked, as I am sure every other person who has written has done. That is very obvious. I do think Agile bits should be able to do some sort of fix. We can't do anything on our end--and this is sooo annoying. I am signed into iCloud on my mac and it just won't last with 1Password. This is the first bad annoying problem I have ever had with this app, and I have had it for many years. Please think of some sort of fix.

  • Lars
    Lars
    1Password Alumni

    @puzzleduser Thanks for reporting, and I'm sorry for the inconvenience. I'm glad to hear this is the first problem you've had in many years. Obviously, we'd like to keep that number at zero for all users, but in the software world, that's perhaps an unattainable goal -- even if it is one we still strive for.

    Here's the main thread for this, if you're interested: https://discussions.agilebits.com/discussion/85158/icloud-session-expired-new-issue-with-repeated-sign-in-prompts-when-syncing-with-icloud#latest

    The problem here isn't as obvious as it sounds. If you are using 1Password for Mac from us (as opposed to the Mac App Store version), then iCloud sync isn't done directly through the OS hooks themselves, like with other apps that come from the Mac App Store. Instead, third-party apps (which is anything not downloaded from the Mac App Store, even if that same app is also available in the Mac App Store) use something called CloudKitJS, which is of course similar to - but functions differently than - native iCloud support. That's where the trouble lies currently. This didn't exist until recently, which means something about the way in which we implement CloudKitJS or the way in which Apple processes such authentication request has changed, causing the issue. We're working with Apple to figure out what that might be, but it's not something we're likely to be able to solve on our own. However, as soon as we do have a solution that's tested to work, we'll definitely be making it available.

    In the meantime, if it's driving you nuts, you can switch over to Dropbox or WLAN sync either permanently or temporarily, and depending on your setup and wishes. Barring that, please bear with us; we want this solved as quickly as you do! Thanks for your patience.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Closing this discussion, as all updates will be posted in the announcement here:

    iCloud Session Expired: New issue with repeated sign-in prompts when syncing with iCloud

This discussion has been closed.