Forum Discussion
1Password 80800170 stealing focus all the time -> unusable!
Looks like you re-introduced a super annoying bug in the 80800170 Nightly (from the early days of version 8 for macOS): 1Password 8 is stealing the focus when browsing.
This means I have to quit 1Password until this is fixed. I can't do my work like this.
1Password Version: 80800170 Nightly
Extension Version: 2.3.6
OS Version: macOS Monterey 12.4
Browser: Safari Version 15.5 (17613.2.7.1.8)
27 Replies
Turned out the suggestions in this message so far have fixed the issue! Why don't you try and see if it fixes your issue too!
THANK YOU! This seems to have worked.
I think I originally overlooked the solution because it seemed specific to the Safari extension, and I use Firefox--however, following these steps appears to have resolved the issue.
@rpallred I too was running into huge focus issues with standard released 1Password 8.9.4 and Safari 16, with the latest browser extension.
Turned out the suggestions in this message so far have fixed the issue! Why don't you try and see if it fixes your issue too!
https://1password.community/discussion/comment/653630/#Comment_653630
Nope--it's back. Trying to zoom on a webpage, and I notice that instead of the active FF tab I'm working in zooming, 1Password on the other monitor is zooming...
1Password for Mac 8.9.6 (80906032)
(...or pasting the version number. I click to activate 1P. Copy the version number. Click the open text box, the cursor appears, and then as I hit
command-vfocus switches back to 1P, so I have to repeat the process.)1P_Ben --This is a major issue. I just had to log into the web interface to restore a critical entry that was moved to archive (probably when I was deleting emails and 1P kept stealing focus)--which wasn't showing up in the archive on my local database:
1Password for Mac 8.9.6, 80906007, on NIGHTLY channel; macOS 12.5.1
I can't be the only person with this issue!
...and remains in 1Password for Mac 8.9.6, 80906006, on NIGHTLY channel.
Persists after restarts. Seems to only occur when the main app is unlocked. Very awkward as I am reviewing and deleting emails and 1P keeps stealing focus and asking me to confirm that I want to archive items.
(GAH! and happened as I'm trying to edit this comment, click in the box in Firefox, now I'm typing in 1P!)
1P_Ben1Password Team
😁
Ben
I'll switch to Beta then (until the SSH team comes with something nice again 😉).
Is there any update about the availability of the passkey at Microsoft 365 work/school accounts?
It looks like people have said that iOS 18 Beta includes the ability to have at least 3 Passkey-enabled apps including their own, which would allow 1Password and the Microsoft Authenticator app to co-exist as Passkey providers on the same iPhone. Yay! At least, when iOS 18 goes GA this Fall...
(Note, I happened to be on page 1 on an old open tab when I started this, and didn't see the replies just above from alcyone7 and duscu and others with similar information, but I gathered a few more details (and words, haha) even though they appear to be just as accurate, so the below is an "also" and not entirely new to the thread--wish I'd seen the above replies before my conversation with JefTek, it would have helped clarify a bit!)
I wanted to update this to let folks know that Microsoft has enabled Passkeys as a preview for Microsoft 365/Entra ID accounts, BUT only "device-bound" Passkeys and ONLY initially using the Microsoft Authenticator app on iOS and Android. You also need to make the Authenticator app, on iOS at least, your "primary" additional Passkey app (other than iCloud Keychain, which can also be simultaneously enabled), but you can only have ONE non-Apple Passkey app. And 1Password is mine. Which means I can't use Microsoft 365 Entra ID Passkeys yet, because I'd have to make MS Authenticator the Passkey provider on iOS and not 1Password.
However, Microsoft said that before the end of 2024 they will also roll out "syncable" Passkey support (the kind that 1Password uses, along with many other password managers and some of the platform tools/browsers. However, they will need to be explicitly enabled (as device-bound ones do now) by an administrator.
And, you'll have to/need to determine which "AAGUID" values you'll accept--every Passkey provider generates a unique AAGUID for authenticators with the same features. So Yubico's Yubikeys (which also can save device-bound Passkeys and have worked with Microsoft Entra ID for years as FIDO2 keys) have AAGUIDs per "family" depending on the features of each key. You can authorize as many or as few AAGUIDs as you want for a particular Microsoft tenant (or even a Custom Authentication Strength you can define and assign to particular groups/users or even certain applications), so administrators have control over which Passkeys they will accept instead of usernames and passwords. I think this control for business accounts is a good thing, but I'm disappointed I can't enable the 1Password AAGUID yet! (Well, I can and did, but it doesn't work since Microsoft only enables those for Authenticator--you actually have to add iOS and Android Authenticator App AAGUIDs to your allow list explicitly even to test the public beta!).
If you're curious, you can see a list of known password manager AAGUIDs here, including 1Password's:
https://passkeydeveloper.github.io/passkey-authenticator-aaguids/explorer/
That is generated from this GitHub repository collecting them for easy use, and they are available in several programmer-friendly formats also: https://github.com/passkeydeveloper/passkey-authenticator-aaguids
And you can see how Yubikeys have various AAGUIDs based on which model/features each hardware keys has from Yubico's own list, here: https://support.yubico.com/hc/en-us/articles/360016648959-YubiKey-Hardware-FIDO2-AAGUIDs
The Microsoft information above was pulled from a reasonably long discussion I had in the last few weeks with Jef Kazimer (JefTek) of https://jeftek.com/ (he's a Principal Project Manager for Microsoft Entra ID at Microsoft) in an Entra-related Discord server, and is a summery of a longer discussion. I really hope (and asked for) syncable Passkey support ASAP!
Oh, and Microsoft's official documentation to enable Passkey support is located at https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-passkey-fido2 and the purple callout near the top does (if you know what they are!) explicitly list that device-bound Microsoft Authenticator Passkeys (in addition to physical security keys) are the only ones supported now but that synced passkey is being worked on:
For reference I have a screenshot of the iOS Passkey app configuration screen showing where you can enable or disable iCloud Keychain (I have it disabled in the screenshot) and ONE other Passkey app--I have 1Password selected, but if I choose Authenticator, 1Password switches to disabled and vice-versa:
I don't know if there's a way for 1Password to detect if a credential that's saved for login.microsoftonline.com right now is for a Microsoft Personal/Family account (used to be a Live ID many years ago), or if the credential is for a Microsoft 365 Work/Entra ID business tenant account. If they can tell automatically, it would be nice for their "Passkey is available!" alert at the top of a saved item for Microsoft to be smarter about not presenting that alert for Entra ID accounts until synced passkeys are supported in Entra ID, and when they are, to link to the setup page (like the above document) because each tenant will need explicit configuration before 1Password Passkeys (or any!) will work--maybe they should write a blog post at that time and walk people through the steps for 1Password at least.
Oh, and one more thing, and you can do this now! I went to https://www.apple.com/feedback/iphone/ and submitted the following feature request to Apple about allowing multiple secondary (non-iCloud Keychain) Passkey apps in a future iOS update, and you can easily submit the same request so they get more feedback! Mine looked like this as an example:
Ideally 1Password should be able to spoof any kind of passkey through the browser extension, given than it can be registered even on websites that require physical removable security keys and reject Windows Hello / Face ID.
Passkeys for Microsoft 365 will depend on a couple of factors - the main being where the authentication comes from at Microsoft. If this is coming from Entra (Work/School users) then the rollout for passkeys has been pushed several times since it was announced back in Sept '23... but the partially good news is that they have announced recently that they expect to globally rollout passkey support by end of the April '24 and be completed by May '24. The caveat is that Microsoft will only allow DEVICE-BOUND passkeys, so 1Password will continue to be rejected (as per the OP screenshot) as the 1Password passkey system is considered transportable (the AAGUID will be blocked by MS).
If your authentication is for a personal account, then passkey support has been available for some time, both device-bound (Yubico 5/ WebAuthn keys) as well as PWM-based passkeys.
Unfortunately, this is NOT a 1Password issue to resolve - it is how MS have specificialy/purposefully designed it; and nothing in any of the developer (or Entra ID) notices to admins suggest they are likely to support non-device-bound passkeys in a non-personal MS account any time soon.
I think the confusion comes from the different kind of passkey types: "Device-bound" (currently supported) and "Synced or multi-device" (not yet supported and 1password would be in this category).
I gave up hopes for now when I read this blog post where it's well explained:
https://www.corbado.com/blog/entra-passkeys#synced-passkeys-at-microsoft
Microsoft have confirmed on Reddit that this still isn't supported yet:
https://www.reddit.com/r/entra/comments/1bvmn5m/comment/ky345v5/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_buttonCurrently you'll see the following error:
An unknown error occurred during passkey registration. Try again or contact your administrator for support.
This contradicts MC690185, it's all rather confusing.
I came across the same AAGUID.
Although we have now the option to select "passkey (preview)", it still errors when trying to add a passkey, no matter what kind.
