1Password chrome extension keeps getting locked because an update is available

steph_giles @jamesbull has nailed the issue. Restarting Chrome is an ordeal. As an agency many of our customers are providing Google Accounts for our employees. The easiest way to manage these multiple Google Workspace accounts is to use multiple Chrome profiles. Users will frequently keep Chrome open for 3-4 weeks at a time with 5-6 Chrome profiles with 5-6 windows per profile with 20-30 tabs per window (yes, the machines are beefy and people are using tab suspension) and only restart when an OS Chrome when an OS update is pushed.

People even take this a step further by using multiple virtual machines and then facing this problem with multiple instances of Chrome running on virtual machines all on one physical machine... Yes, this is probably not a common use case but you'd be surprised with software devs... Also, it would be almost impossible to measure if people are doing this, it's just going to look like one account being used on many machines...

Additionally, people are using 5-6 1Password instances due to being given accounts on client 1Password instances. This experience has gotten way better so props on that 1Password. Still not there yet though... I'd still like to see an experience like Slack Connect for 1Password to make working with external businesses easier but I imagine that'd be amazingly difficult to do with a secure architecture... And it would lead to a significant reduction in paid user accounts for 1Password. Our employees can basically have 6 accounts, one paid for by us and 5 by clients....

It's still painful using multiple 1Password instances though where those instances have unique passwords, I know 1Password will unlock all instances if they share the same master password and that because of the unique architecture of the 1Password Master Password password reuse doesn't have the same negative implications it does elsewhere... That still breaks most users brains though "oh, don't reuse passwords anywhere, it's really bad... Oh except the most important password you have, your 1Password Master Password, it's fine to reuse that... But remember, only as a Master Password on other 1Password instances...

The irony (whilst technically sound) of 1Password deploying password reuse to solve a UX problem does not seem to have been lost on the community and was thoroughly discussed here: https://1password.community/discussion/comment/608291/#Comment_608291

Realistically one should close out their browser and update it quickly to be as secure as possible. That's best practice. It's just not always realistic if it needs to be done weekly or daily.

The current user experience feels like 1Password is getting opinionated about what people's update habits should be around other apps beyond 1Password. That feels like overreach and and a holier-than-thou attitude. It just leaves a bad taste.

I don't think that's actually what's happening here, I think it is a genuine architecture of the browser extension/desktop app relationship but that won't matter to a user who doesn't care to understand the nuances of the architecture. They just see 1Password having opinions about how up to date their browser is and see functionality being restricted in order to force behaviour change and not monthly or quarterly, sometimes weekly or daily depending on how frequently Chrome updates rollout (which is not to their stated fortnightly schedule btw, that's an aspiration, it usually whenever something urgent needs patching).

Imagine if Chrome started restricting access to Google Products if the browser was out of date and this happened daily or weekly... Yeah nah.

1Password is a critical tool that gets used hundreds of time per day by our users.

Using that power to force people to reboot other applications by restricting access to that tool and doing that multiple times per week (even if unintentionally) feels like negligence at best and abuse of power at worst.

This is part of a broader issue for the tech industry (Google is going to face it with Chrome and their 'traffic light's update system in Chrome) which is that users will revolt if core applications start needing full restarts daily or multiple times per day. There is going to need to be a concerted architecture effort by most applications to enable live patching wherever possible and keep the requirements for full restarts to the absolute bare minimum.

Applications that manage this engineering challenge will inherit the users of applications that choose to prioritise engineering ease over UX.

What I'm saying is that 1Password have made architecture tradeoffs that cause a poor user experience, that's fine but I imagine 1Password is flying close to the sun on this and is getting to the point where they're crossing the line of what they can force users to do... I mean only 1Password have access to user churn data but if I had to guess, this sort of thing would be driving it up.

It feels like a Steve Jobs moment is required where he comes in, says that he doesn't like the way the bounce animation works on iPhone scroll and holds the entire iPhone project until the bounce animation feels just right.

Yeah it's a good damn engineering pain in the backside but it's what makes for iPhone level UX driven success.

If 1Password wants that level of success, keep prioritising the UX. Keep refusing to ship product with a solid engineering solution but a bad UX.

Don't ship until the engineering is genius and the UX is best in class.

There are plenty of other password managers out there...

Don't mess up your USP.