Touch ID on Macbook Pro not working after upgrade to 1P7

Options
13

Comments

  • Lars
    Lars
    1Password Alumni
    Options

    @cap10morgan - thanks for the additional information. :)

  • joymmart
    joymmart
    Community Member
    Options

    I recently update to Mojave and updated 1Password to 7.2.1. Prior to the updates, I had 1Password set up to allow unlocking with Touch ID.

    The 1Password preferences still shows that I have Allow Touch ID to unlock 1Password turned on, but when I open 1Password, I have no way to use Touch ID; the lock screen just gives me an input box for the Master Password.

    I've confirmed that I'm on the latest version of 1Password, tried turning the Touch ID option off and on under preferences, and restarted my computer, but I still am not able to unlock with Touch ID

    1Password Version: 7.2.1
    Extension Version: Not Provided
    OS Version: 10.14
    Sync Type: iCloud

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @joymmart: I'm sorry to hear that. It sounds like some information 1Password 7 needs to be able to interface with the Secure Enclave is missing on your system. Another user mentioned that running Cocktail helped, but that's not something I can confirm. We have had success with regenerating the Keychain though. None of this is something 1Password can do for you though, since this is all handled at the OS level.

  • mrclary
    mrclary
    Community Member
    Options

    I've tried:

    • Running Cocktail and rebooting
    • Renaming ~/Library/Keychains and rebooting (reset Touch ID required)
    • Renaming /Library/Keychains and rebooting (reset Touch ID required)
    • Setup new user

    Creating a new user is the only thing that restored Touch ID functionality to 1password.
    I need to keep my username, which would require me to create a new user (different username), migrate my files over to the new user, delete my current user, recreate my current user (fresh user account, same username), and migrate my files back over. I don't know how practical this is. Anyone have experience doing this?

    I am on a company owned laptop with IT managed profiles, though I do have administrative privileges. Reinstalling the OS would require IT intervention, which is just another layer of hassle.

    MacBook Pro (15-inch, 2017), Mac OS 10.13.6, 1Password 7.1.2

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @mrclary: Interesting. It makes sense that creating a new user would work, though I don't believe others have tried that before. Probably necessitated by the restrictions on your account, which likely caused the other methods to fail. Sorry, but I'm not sure of a way around that. Failing help from your IT department, only Apple may be able to offer guidance.

  • mrclary
    mrclary
    Community Member
    Options

    @brenty: Well, I decided to take the dive into recreating my user account after reading this article about changing the user shortname. The short of it is that Touch ID now works with 1Password 7. Following are the steps that I took.
    1. Create a dummy admin user account
    2. Logout of original user account and login to dummy account
    3. Rename original user account and original user account home directory (instructions in link above)
    4. Create new user account with original user account username and home directory
    5. Restart computer and login to new user account with original username
    6. 1Password 7 in this user account now works with Touch ID. Start copying files from renamed original user account (Desktop, Documents, etc.) but NOT the Library directory
    7. When this is complete, be sure to repair permissions: sudo diskutil resetUserPermissions / `id -u`
    8. Comb through the Library directory of the renamed original account and copy over known safe items. For example, I had texmf, fonts, scripts, etc.
    9. At some time in the future, when one is sufficiently comfortable, delete the extraneous user accounts.

    In hind sight, this may have been too excessive. I may have been able to skip steps 1-7 and instead simply rename my Library folder and logout and login again, effectively refreshing my user account. Then do step 8 only if necessary. If one doesn't have any known Library subdirectories that require preservation and is okay with manually resetting user and application preferences and such, then one may not even need step 8.

    Hope this helps.

  • Lars
    Lars
    1Password Alumni
    Options

    @mrclary - thanks for the update! I'm glad to know things worked out for you ultimately. My suspicion is that the result of many of these methods discussed in this thread depend pretty heavily on the particulars of the individual users' setup (whether your original user was an admin or not, what method you used to transition from older device to new, etc), so what worked for one may not work for everyone. But I'm glad you were able to find a way that worked for you.

  • offby1
    offby1
    Community Member
    Options

    For me, this happened after I did an install from scratch of macOS Mojave, followed by a migration assistant run that pulled in my old prefs off of a Carbon Copy Cloner backup. I don't know how relevant any of that is to the issues you've seen, but that's how I got into this mess. I'm going to try Cocktail and see if it helps.

  • rudy
    rudy
    edited December 2019
    Options

    @offby1,

    Most likely the migration assistant is what triggered it. At least from what i've seen for most things these detached keychains work fine, you can save things to them and fetch things from them. Unfortunately there is some internal interaction between the Secure Enclave Processor (SEP) and the Keychain that just isn't there. Touch ID itself works fine in other situations because it isn't making use of the SEP to create a key pair to encrypt your credentials. This is how 1Password's use of Touch ID and the Secure Enclave differ from most other uses. We're asking the SEP to create a key pair, it uses the Keychain to make that happen and if the keychain isn't associated with the SEP in the system it can't do that.

  • offby1
    offby1
    Community Member
    Options

    So am I best served exporting my keychain in some way, wiping out the (presumably login?) keychain, and then re-importing?

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @offby1: That's worked in most cases, yes, and it's much less involved than what mrclary described above, or reinstalling the OS. So I'd say it's worth a shot.

  • offby1
    offby1
    Community Member
    Options

    That does not appear to work. I:

    1. closed 1Password completely, Ctrl-Cmd-Q
    2. backed up my login keychain
    3. deleted my login keychain
    4. created a new keychain, "login", with the same password as before
    5. re-opened 1Password

    I'm gonna try a reboot in the middle of all that; it can't hurt at this point.

  • offby1
    offby1
    Community Member
    Options

    It teases me with working; after wiping my keychains completely... fun!, 1Password shows tells me I need to enable Touch ID to start -- meaning, add fingerprints again. So I do. And then the first time I unlock it, it shows the "You must enter your master password to enable Touch ID" below the passphrase text box...

    But then, on subsequent unlocks it still requires a passphrase and doesn't offer touch ID. Mind you, this is after locking with Ctrl-Opt-Cmd-L... if that does something different, then maybe there's more there.

  • offby1
    offby1
    Community Member
    Options

    Nope. Even after closing the clamshell and opening it again, it's locked, but needs words and not fingerprints.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @offby1: I think you're making things more complicated than they need to be. And I suspect that you trying to create your own Keychain is your problem. Just let the OS do that. Only attempt this if you have a full backup:

    1. Open Terminal and enter this command: sudo mv ~/Library/Keychains ~/Desktop
    2. Restart the Mac. Note: THIS WILL REMOVE ALL OF THE KEYCHAIN DATA!

    The OS should recreate it after restarting, so that it includes the Secure Enclave data that Touch ID support depends on. It’s worthwhile to retain the Keychains folder that was moved to the Desktop in case it has any data that needs to be recovered.

  • offby1
    offby1
    Community Member
    Options

    I have no idea if this counts as "progress" but now it shows me the touch ID "fingerprint" on the locked 1Password window... but still doesn't let my fingerprint unlock the app.

    However

    The 1Password browser extension DOES! 🎉

    So, yeah. Nuke the keychain from orbit seems to be the key... pun intended.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @offby1: I can't imagine why it would work in 1Password mini but not the main app window. Definitely try dragging it to the Trash, restarting, and installing a fresh copy: https://1password.com/downloads/

  • Keifer
    Keifer
    Community Member
    edited November 2018
    Options

    I'm having the same issue many have had in this thread. I've tried checking and unchecking the 'Allow TouchID to unlock 1Password', as well as removing and re-adding my finger for TouchID in MacOS Preferences. I've also tried uninstalling and reinstalling 1Password.

    TouchID works on my Mac for unlocking it and buying stuff online via Apple Pay, so I know my information is stored in the secure enclave properly - 1Password can't seem to get to it for some reason as it always requires me to input my Master Password after locking.

    I will add that I too see the Touch ID icon in the Touch Bar on my laptop when prompted to input my password into 1Password, but it is grayed out as pictured. Neither my 1Password extension/mini nor the main 1Password app allow me to log in using Touch ID, despite Touch ID having been setup.

    Lastly, after trying all of this, I went to the Keychain Access app and performed the 'Reset My Default Keychains' feature, then logged out of MacOS and back in with my regular admin password, in case my Keychain data was corrupted somehow, requiring me to re-setup Touch ID after I performed this step and a restart.

    Still - after all this - no dice. No matter what I try, I cannot for the life of me get 1Password to use TouchID to unlock the app.

    Details below - any help is much appreciated - this has been an incredibly frustrating experience. And formatting the drive and re-installing the OS is not an option for me (and, arguably, shouldn't be offered as a solution to a bug like this that very likely doesn't exist at the OS level).

    MacOS 10.14.1 (18B75), 2017 MacBook Pro

    1Password 7
    Version 7.2.1 (70201001)
    Mac App Store

  • Keifer
    Keifer
    Community Member
    edited November 2018
    Options

    Sorry, this latter comment was posted as a duplicate as I didn't see that it had saved before posting. Feel free to delete (this) one :-D

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @Keifer: I'm sorry to hear that. But just as it isn't possible for 1Password to cause this issue in the first place (it's all handled in the OS, and tied to the device's SEP -- or at least it should be), it isn't something that 1Password can programatically fix either.

    The only workarounds we're aware of are those discussed above: have the OS regenerate the Keychain entirely, or reinstall the OS. It doesn't sound like you've done either of those, so it's worth considering.

    I'd be curious to know the steps you took leading up to encountering this issue though, in case those details are something that we could share with Apple to help find a way to prevent it.

  • Keifer
    Keifer
    Community Member
    edited November 2018
    Options

    When you say ‘let the OS regenerate the keychain’, do you mean restart the computer immediately after resetting it? Because that is something I did.

    If there is another way to let the OS create the keychain, if you could provide instructions, I’d be happy to attempt that instead. I assumed that is what I did, but maybe I’m wrong.

    Additionally, I still can’t see how the OS could be at fault. If Touch ID had an issue, it wouldn’t work at all, not just stop working with 1Password. In addition to using it to log into my Mac and using it for Apple Pay in Safari, I use Touch ID with other third party apps and those Touch ID integrations work fine (even now) another case that makes the issue being far less likely to be at the OS level.

  • Keifer
    Keifer
    Community Member
    edited November 2018
    Options

    And to answer your question, the only two things that ‘happened’ leading up to Touch ID not working is after updating 1Password (although maybe you could argue it was the update to MacOS Mojave as I installed both updates around the same time within a few days of one another and don’t remember when it exactly it broke).

    Again, this feeds into the whole ‘is the OS at fault’ or the 1Password integration at fault.

    To be honest, as a customer, I don’t really care who is at fault, I just want it fixed :-D

    But I can’t contact or coordinate with Apple to test third party integrations with Touch ID (even if I was trying to expose a bug in the OS).

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    When you say ‘let the OS regenerate the keychain’, do you mean restart the computer immediately after resetting it? Because that is something I did. If there is another way to let the OS create the keychain, if you could provide instructions, I’d be happy to attempt that instead. I assumed that is what I did, but maybe I’m wrong.

    @Keifer: It doesn't sounds like it. I just linked the instructions to you, which are in this same thread, in my last reply.

    Additionally, I still can’t see how the OS could be at fault. If Touch ID had an issue, it wouldn’t work at all, not just stop working with 1Password. In addition to using it to log into my Mac and using it for Apple Pay in Safari, I use Touch ID with other third party apps and those Touch ID integrations work fine (even now) another case that makes the issue being far less likely to be at the OS level.

    No. Please see Rudy's comments in this thread above.

    And to answer your question, the only two things that ‘happened’ leading up to Touch ID not working is after updating 1Password (although maybe you could argue it was the update to MacOS Mojave as I installed both updates around the same time within a few days of one another and don’t remember when it exactly it broke). Again, this feeds into the whole ‘is the OS at fault’ or the 1Password integration at fault.

    We haven't changed anything in 1Password relating to unlocking or Touch ID since version 7 was released with SEP support. Some people seem to be finding that an OS update causes this, but the majority of cases I've seen are due to restoring from a Time Machine backup, or using Migration Assistant.

    To be honest, as a customer, I don’t really care who is at fault, I just want it fixed :-D

    Totally. I hear you. But as I mentioned, this is not something we have control over, and therefore cannot fix for you. I suggest you try the things I mentioned in my previous reply. If there are any other options, we're not aware of them.

    But I can’t contact or coordinate with Apple to test third party integrations with Touch ID (even if I was trying to expose a bug in the OS).

    If we can narrow down what's causing this to happen, we'll be happy to share the information with Apple.

  • Keifer
    Keifer
    Community Member
    edited November 2018
    Options

    Ah I see. I did view the link in your initial reply, but the terminal command was hidden in the ‘spoiler’ section, apparently...

    I’ll give that a shot and let you know if it works. Thanks and cheers.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @Keifer: Ah, indeed. Sorry to make it annoying like that, but there is potentially damage that can be done (hence the backup), so I don't want anyone who happens upon this thread to find those instructions and follow them blindly unless they've read the discussion and are certain they're having the same problem and want to try it. Thanks for bearing with me. Hopefully that will work for you as well!

  • Keifer
    Keifer
    Community Member
    edited November 2018
    Options

    Just wanted to report the good news - after inputting the terminal command you suggested and restarting (and re-setting up Touch ID since the data was removed/moved to the Desktop), 1Password and Touch ID are working again for me, so thanks for the help.

    If this is a bug in MacOS somehow after upgrading the OS that messes up the keychain data such that it interferes with 3rd party integrations to Touch ID and the Secure Enclave (and its related log-in info in the Keychain), is there a way for us to report the problem to Apple? I've heard of at least 5 other people I know at work who have the same issue with Touch ID an 1Password, who all have different Macs and we've been feverishly trying to resolve the issue, so I know this hasn't only happened to some small, isolated case of users.

    I guess I could report it to Apple in one of their generic 'feedback reports', but they'd probably pay attention to you guys a lot better rather than coming from little ol' me ha.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @Keifer: That's great! Thanks so much for the update! :)

    I've only seen a few reports of this happening after an OS update, but certainly you can contact Apple with the details:

    https://support.apple.com/contact

    If your colleagues have all experienced the exact same thing, I'm sure they'd appreciate any info you can provide. We'll see if we can offer them any information they might need as well, but we're a relatively small company so it isn't as if we have a direct line to their software engineers or anything -- and given that none of us are able to reproduce the issue we're pretty limited in what we have to offer ourselves. It sounds like you folks might (unfortunately) be a good test case. :blush:

  • jnm3
    jnm3
    Community Member
    Options

    Hi. I stumbled on this thread b/c I’m considering a migration from DASHLANE to 1P.

    Reason? Dashlane appears to have similar issues with TouchID... ‘Extremely Frustrating.

    Discourse here seems to have gone silent in Fall of 2018. Should I infer the TouchID issue is resolved and now’s a great time to jump right into 1P?

    I use a 2018 MBP and Mojave 10.14.4.

    Thanks for any words of wisdom!
    JM, Denver

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2019
    Options

    @jnm3: I'm not sure what you're asking or how to answer you. It really depends on the specifics. The Touch ID issues described in this thread are, I believe without exception, caused by there being a mismatch between the macOS Keychain and the Secure Enclave for Touch ID. In all of the cases I've seen, that's caused by migrating Keychain data from another Mac, restoring from Time Machine, or otherwise making modifications. Probably the best thing to do is to just try it to see if Touch ID works as expected on your system, and let us know the specifics if it doesn't so we can investigate. There isn't really any other way to say for sure. :)

    Edit: For what it's worth, I'm using a 2018 15" MacBook Pro, and haven't encountered any issues with Touch ID. That said, I didn't copy/restore system data from another Mac; I set it up as new when I got it.

  • thightower
    thightower
    Community Member
    Options

    @brenty

    For what it's worth, I'm using a 2018 15" MacBook Pro, and haven't encountered any issues with Touch ID. That said, I didn't copy/restore system data from another Mac; I set it up as new when I got it.

    Not that you need it confirmed from me, but.... I also never had issue with my 2017 MBP, and I also setup as new. Same goes for the Wife 2017 MBP.

This discussion has been closed.