Touch ID stopped working after Keychain reset

gabem
gabem
Community Member
edited April 2023 in 1Password 3 – 7 for Mac

Hello,

I ran into a problem with my keychain today and ended up having to reset my login and system keychains. Afterwards, once I re-enrolled my fingerprints in Touch ID and had everything set up again, I noticed that 1Password was requiring me to enter my master PW every time I triggered an event that would require it (sleep, switch users, etc.) despite "Allow Touch ID to unlock 1Password" being enabled. I even went so far as to Help > Reset all 1Password Data, delete and reinstall, etc., and I'm still unable to unlock with Touch ID. How do I resolve this?

Thanks in advance.


1Password Version: 7.0 Beta 16
Extension Version: 4.7.1.4
OS Version: macOS 10.13.4
Sync Type: 1Password.com

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @gabem: It sounds like you're in a bad state because you destroyed the information in the Keychain. You should be able to get it sorted by disabling Touch ID on your Mac and the setting it up again in both the OS and 1Password (which should recreate things), but if not you'll probably need to contact Apple for assistance. 1Password just doesn't have control over Touch ID, and cannot use it if it doesn't receive an affirmative response when querying.

  • gabem
    gabem
    Community Member

    I tried totally deleting the app again, found some files and backups that I didn't see before, killed everything, and re-installed from scratch again. Thank the great space ghost, it works finally. That was a super lousy ordeal. Would be awesome if there was some sort of un-install option or un-installer app that could completely nuke all traces of the app (including keychain mentions, vault backups, and misc. app support files) for a true fresh start. Not sure that Joe-Average-User would be able to recover this situation on their own without it.

  • @gabem,

    Thanks for the feedback. I’d hope this would be an infrequent enough case where that wouldn’t be necessary.

    Ben

  • jtarrio
    jtarrio
    Community Member

    @Ben well, apparently it isn't because I'm having the exact same problem.

    @gabem can you share what files exactly you had to delete after you had removed the app? I would like to give it a try to see if I can get Touch ID to work again for me. Thanks!

  • AGAlumB
    AGAlumB
    1Password Alumni

    @jtarrio: Given about two months between reports, I'd still have to go with "infrequent". What did you do exactly to get into this state? That may inform any suggestions.

  • jtarrio
    jtarrio
    Community Member

    I had to go through a Keychain reset as well, like @gabem.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @jtarrio: Thanks for clarifying. Ultimately you may need to seek assistance from Apple since they're the ones that develop Keychain, but this might help:

    1. Open Keychain Access
    2. From the list of keychains on the left side of the window, select "login."
    3. From the Edit menu, choose “Change Password for Keychain 'login.'”
    4. Enter the current password
    5. Enter a new password of your user account in the New Password field
    6. Click OK and quit Keychain Access.
    7. Open System Preferences
    8. Select the Touch ID preference pane and Delete any fingerprints

    Also, while 1Password doesn't store Touch ID data on disk, clearing its preferences may help:

    ~/Library/Containers/com.agilebits.onepassword7/Data/Library/Preferences/com.agilebits.onepassword7.plist

    Using a "cleaner" app is generally not recommended, because they can delete your 1Password data, but if you have a backup of it on another device you could use one to start over with a clean slate. It would probably be best to hear if gabem has any suggestions, or to contact Apple first for help with Keychain since that's not something we have insight into.

  • kyleolivo
    kyleolivo
    Community Member

    I'm facing the same issue on my machine at work (macOS keychain was reset and now Touch ID will not work with 1Password). I've already tried removing/re-adding fingerprints for Touch ID and reinstalling 1Password. Tomorrow I'll attempt to follow @gabem 's suggestion and completely uninstall 1Password again (searching for and removing any hidden files I find). I suspect a preferences file or some other cached data (like @brenty suggested above) is to blame.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I'm facing the same issue on my machine at work (macOS keychain was reset and now Touch ID will not work with 1Password).

    @kyleolivo: Can you elaborate? What did you do exactly? We're not experts on Keychain itself, but perhaps we can point you in the right direction with some more details. It's weird that this is coming up more and more recently, and it's something I'd like to understand better. Touch ID is still relatively new, so there isn't a lot of information out there. This really sounds lie a much deeper issue than 1Password. I know that many people experiencing Touch ID issues ended up having to reinstall macOS. A corrupt Keychain can necessitate that as well, so certainly issues with both don't bode well. But I'm curious to learn more in case it can help others.

  • kyleolivo
    kyleolivo
    Community Member
    edited July 2018

    @brenty The IT department at my company created a new keychain on my MacBook while attempting to reset my password on our corporate network. After they changed the password directly in Active Directory, they selected the "Create new keychain" option on my MacBook as shown in the dialogue box here (it appeared automatically after the next login): https://techfaq.smumn.edu/index.php?action=artikel&cat=29&id=455&artlang=en

    I've been unable to use Touch ID in 1Password since then. It works in the rest of macOS though.

  • kyleolivo
    kyleolivo
    Community Member

    @brenty I just uninstalled 1Password and all associated files (via find / -name *agilebits* and find / -name *1Password*) and then performed a reboot. But after re-installing 1Password, I'm still unable to use Touch ID.

  • kyleolivo
    kyleolivo
    Community Member
    edited July 2018

    @brenty @Ben @jtarrio I was able to resolve this issue. Here is what I did:

    [edited by 1Password team to add spoiler; running these commands can risk unintentionally removing too much data]

    sudo find / -name *1Password* 2>/dev/null -exec rm -rf "{}" \;
    sudo find / -name *agilebits* 2>/dev/null -exec rm -rf "{}" \;
    sudo rm -rf /Users/kolivo/Library/Keychains <-- WARNING: will obviously delete keychain data!

    Then I performed a reboot and reinstalled 1Password.

    I'm not exactly sure which of these deletions fixed things. I'm betting you could do the first two deletions and leave the Keychain alone. Hope this helps someone! (Also hoping the 1Password team can identify which file is responsible for this problem so it can be cleaned up in a more user friendly way for future users with keychain resets.)

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited July 2018

    @kyleolivo: Thank you for sharing that! I'm glad that resolved your issue, and it may help others, though I'd caution messing with the Keychain. :scream: I don't think it's a good idea at all for 1Password to do that. It's meant to use Apple's APIs to store and retrieve data from there, not do anything destructive. And we wouldn't recommend doing any kind of "Keychain reset" in the first place without consulting Apple, as there may be a better, less fraught solution anyway.

  • @kyleolivo,

    I'd actually bet that you could leave off the first two and only do the 3rd one.

  • jtarrio
    jtarrio
    Community Member

    @brenty well I've been busy and have not had a chance to try to fix this until now. I tried to follow your procedure:

    1. Open Keychain Access
    2. From the list of keychains on the left side of the window, select "login."
    3. From the Edit menu, choose “Change Password for Keychain 'login.'”
    4. Enter the current password
    5. Enter a new password of your user account in the New Password field
    6. Click OK and quit Keychain Access.
    7. Open System Preferences
    8. Select the Touch ID preference pane and Delete any fingerprints

    Unfortunately, I struck out at #3. The option "Change Password for Keychain 'login'" is not available (greyed out)...

    Tbh I'm afraid to try out @kyleolivo's solution and screwing up my Mac's keychain. What exactly happens if you delete your entire keychain?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited October 2018

    @jtarrio: Thanks for following up. I'm sorry for the delay. I'm guessing you're using Mojave. Turns out this won't work there like it did on High Sierra and earlier. In that case, the only option seems to be getting rid of the existing keychain so that the OS recreates it. This Terminal command should work, but should only be done if you have a full disk backup, just in case:

    Open Terminal and enter this command: sudo mv ~/Library/Keychains ~/Desktop

    The OS should recreate it after rebooting, so that it includes the Secure Enclave data that Touch ID support depends on. If all is well, you can Trash the keychain that was copied to the Desktop.

  • jtarrio
    jtarrio
    Community Member

    Well, I was NOT using Mojave when this issue first popped up, nor when I attempted what I described above. I am, however, using Mojave now. That said, deleting the keychain worked, and TouchID is working once again. Thanks for your support!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed, this problem isn't specific to the OS version (though I see how my comments above might give that impression — sorry!), but rather just a matter of information needed for Touch ID support in 1Password 7 being missing from the system Keychain.

    Anyway, thanks for the update! Glad to hear that all is well now. Cheers! :)

This discussion has been closed.