Forum Discussion

mgrobins's avatar
mgrobins
New Contributor
2 months ago

Browser req pw always, instead of using biometric & windows hellow

Hi,

I use 1 password on my windows 11 PC. I have a fingerprint reader and my motherboard has TPM 2.0. 

I have setup 1pw to use windows hello to unlock when I use the app or browser and yet every time I need it in Edge or Chrome it wants the password. Every time. 

It used to be that my fingerprint would be requested and pw occasionally based on my settings. Now it just seems stuffed and it's down right annoying. 

Windows hello on login to Windows - it uses my fingerprint... so that's functioning. 

I have tried resetting my TPM data, checked my TPM is functioning properly using CLI.... I'm thinking it's just that 1pw is screwed and this is a long standing bug now.

Am I required to open the 1pw app every time I start my PC as a workaround? I think that will allow the browser plug in to work properly or is that method broken too? 

It used to work so I'm hoping not to be told I have to open the app and login to it each time I boot in. 

I've searched all over for advice and reddit is full of posts with this issue talking about it being broken for months. No one really explains how it's meant to work in detail... just instructions written for people who already know what they are doing or a list of steps that don't explain anything about what the actions trigger.

browser extension
windows

10 Replies

  • 1P_Dave's avatar
    1P_Dave
    Icon for Moderator rankModerator
    2 months ago

    Hello mgrobins​ and TataruTaru​! 👋

    I'm sorry that you're being prompted for your account password more often than expected. So that I can better understand the situation can you tell me the following: 

    1. When you're asked for your account password in the browser, can you still unlock the 1Password desktop app using Windows Hello? Or does that also prompt you for your account password?
    2. Do you have the "Use the Trusted Platform Module with Windows Hello" option turned on in the desktop app's settings: Manage your settings
    3. Do you have TPM 2.0 enabled: Enable TPM 2.0 on your PC
    4. Are you using the beta MSIX installer? Or the EXE installer?


    I look forward to hearing from you.

    -Dave

    • mgrobins's avatar
      mgrobins
      New Contributor
      31 days ago

      Good day Dave,

      I have done more testing following Tataru's outcomes. I now have a functional setup. 

      1. Clear TPM and re-register it.

      2. Uninstall Beta and reinstall standard channel for windowsx64. 
      NOTE: I changed to MSIX to try and fix this issue.

      3. Tested TPM and it reports:
      AMD version 6.32.0.6, specification 2.0
      PPI Spec v1.3, TPM Spec sub-version 1.59 (Thurs Jun 18 2020), PC Client spec version 1.05.
      Attestation and storage= ready.

      When I load the 1pw app or browser extension I am now asked for the PW once, and the biometric check for fingerprint is shown. Then on reboot it only asks for biometric. 

      I can't offer advice on what has changed. 

      I did make another system change: Under Device Security I enabled "Local Security Authority Protection" (both it and core isolation were disabled due to an unrelated driver).

      I hope this helps identify the cause because this did arise out of nowhere and it still seems it's an issue on MSIX unless the act of reinstallation was the fix. I'll reinstall MSIX at some near time and see.

      • 1P_Dave's avatar
        1P_Dave
        Icon for Moderator rankModerator
        31 days ago

        mgrobins​ 

        I'm glad that things are working now with the stable version. There is an issue with the beta MSIX version where Windows Hello may not work and our team is currently working on a fix which will be released in a future update.

        -Dave

        !30260

    • mgrobins's avatar
      mgrobins
      New Contributor
      2 months ago

      Sorry - forgot to answer your points in number.

      1. No it requires Password.
      2. Yes, I have the TPM option activated.
      3. Yes TPM is enabled in bios and my windows hello is functioning therefore I presume windows sees it.
      4. I was using the normal release, and am now trying the beta release to see if it helped. Same problem for both (I don't know what you mean by MSIX... is that your current Beta or MS App store?).

    • mgrobins's avatar
      mgrobins
      New Contributor
      2 months ago

      Dave, I am the individual who initiated the thread and I appreciate your input so far - as well as Tataru who has the same problems I have had.

      I am prompted for both the app and the extensions. 100% of the time - not "more often than expected". 

      I have tried every combination of system changes I Can manage to no effect. I'm currently even trying the Beta strain of 1PW and that makes no difference. 

      1Password for Windows 8.10.78

      81078039, on BETA channel

      I was on the standard release when I wrote this bug report.

      Windows hello is active. My fingerprint reader functions for logging me into windows. 1PW is simply not working with my TPM it seems. 

  • mgrobins's avatar
    mgrobins
    New Contributor
    2 months ago

    I thought a workaround may be to have the 1PW app start on windows boot. This only results in the app requesting my fingerprint... then requesting the password /facepalm. 100% of the time.

    Whatever is happening it is definitely an app problem and possibly associated with the TPM / TPM driver. 

    I have an Asus x870 Tuf Wifi Gaming motherboard. Latest bios and drivers. Latest windows 11 install. Windows Hello active and working. I use a "Local account" for windows (by necessity) and sync my browsers. 

    This problem is present on Edge and Chrome.

  • TataruTaru's avatar
    TataruTaru
    Dedicated Contributor
    2 months ago

    I have the same problem and I followed the same steps, even pulling a diagnostic report, it seems to make mention of Biometrics, but it feels like it's not saving to TPM, only using Windows Hello, once you've added the master password on a new startup.

    Even if we could find out where to check, would be a step to see what's possibly causing this issue.

    I am currently running the MSIX version, so it could have an effect on that.

    2025-05-18T07:48:31.342+00:00 [1P:data\op-account-system-unlock\src\lib.rs:806] Adding system unlock key. Verifying keysets can be decrypted.
    2025-05-18T07:48:31.344+00:00 [1P:data\op-account-system-unlock\src\lib.rs:812] Adding system unlock key. Encrypting muk.
    2025-05-18T07:48:31.344+00:00 [1P:data\op-account-system-unlock\src\lib.rs:818] Adding system unlock key. Updating account.
    2025-05-18T07:48:39.939+00:00 [1P:app\op-app\src\app\backend\lock_screen.rs:93] System unlock is enabled: true
    2025-05-18T07:48:39.940+00:00 [1P:foundation\op-system-auth\src\lib.rs:329] Biometry is available for 1 or more accounts
    2025-05-18T07:48:40.162+00:00 [1P:app\op-app\src\app\backend\lock_screen.rs:93] System unlock is enabled: true
    2025-05-18T07:48:40.162+00:00 [1P:foundation\op-system-auth\src\lib.rs:329] Biometry is available for 1 or more accounts
    2025-05-18T10:56:38.277+00:00 [1P:app\op-app\src\app\backend\lock_screen.rs:93] System unlock is enabled: true
    2025-05-18T12:29:00.745+00:00 [1P:foundation\op-system-auth\src\lib.rs:329] Biometry is available for 1 or more accounts

    •  Algorithm Name: RSA
        Name: S-1-5-{redacted}/ef8{redacted}/S-1-5-{redacted}//1Password-Enclave-Key
        Algorithm Name: RSA
    • mgrobins's avatar
      mgrobins
      New Contributor
      2 months ago

      I'm not sure what to add to this at this point. I know it worked and now it doesn't, yet my TPM is still considered live and correct. 

      I wonder if the 1PW credentials that are meant to be stored in the TPM are not being?