Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Solved
Still irregularly having trouble TouchID'ing the SSH key prompt
I setup SSH keys in my 1Password client for use on my macOS box - must've done it a year ago or more. I have SSH access setup to a variety of github repos (enterprise and cloud), and when I'm switching between a variety of VSCode windows (each open to a different repo), I'm prompted a few times a day to unlock those SSH keys so VSCode can check for any new commits to the repo.
Seems an excellent system design, giving me quick TouchID-based access to SSH keys that are portable between computers.
Trouble is, to this day I end up in situations once every 2nd or 3rd try where the TouchID prompt doesn't respond when I carefully and correctly place the designated finger on my TouchID button on the keyboard. My best guess, there's something about the "focus" of that TouchID prompt window that is very sensitive to its intended state, and if I errantly move the focus to any other window before I notice and respond to the TouchID prompt, it won't ever receive the fingerprint auth and unlock the key.
I've tried clicking on the TouchID prompt, thinking "surely if I give it primary focus and then place the finger, it'll receive the input and unlock the SSH key". No dice.
I've tried clicking on some other window (maybe the focus needs to NOT be on the window?), no dice.
I've tried clicking on another window, then clicking again on the TouchID prompt. Nope.
I've tried other click combinations followed by clicking back into the VSCode window that originated this sequence. No luck.
I can only conclude that 1Password has some unique "interim" state for this TouchID prompt, and if I don't place my finger correctly before some other window gets focus, all is lost. So I've recently started to just hit the Deny button, which causes the VSCode-github integration to throw a modal and complain it ran into an error. (no shame on the github extension, it's only doing as much as it knows to do)
I try to be very deliberate about my workflow now, knowing that I can "spook" 1Password too easily and end up in some no-mans-land of window focus where my only option is to Deny the prompt, Cancel the VSCode-github error modal, and try to sync one more time. Still it often "loses its magic focus" and I have to Deny. Usually works the 2nd or third time, but boy is this is a flow-breaker.
I'm getting to the point where, as much as I've thrown all my eggs into the 1Password basket (1000+ objects in my vaults and counting), I'm sorely tempted to just export these SSH keys and stuff them into the native macOS locations once again. I'll probably just end up storing them unsecured, so I don't have to do the sudo dance every time (which is obviously worse security than I'm achieving now), but I'm just so tired of playing this game of "tag" with 1Password's SSH keystore & agent.
Help? Is there a bugfix on the horizon - or some "cannot repro" bug I can assist with narrowing in on these semi-reproducible conditions?
The support team got back to me and confirmed that this is a known issue and that a fix is in the works, although there is no ETA for it yet.
cc MikeTheCanuck
8 Replies
Sorry for the direct ping, but this thread has gone unnoticed for almost a year now: what's the best way to find out whether this is intentional behavior or a bug? And what's the best way to report it in the latter case?
- 1P_Timothy
Community Manager
Hey plach, thanks for flagging this. I'm sorry this thread fell through the cracks.
In this case, I think it would be best for our technical support team to help dig into the issue, as diagnostic reports or other details may be helpful. When you have the chance, could you send a message to support@1password.com with a brief description of the issue, and a link to this thread (
https://www.1password.community/discussions/1password/still-irregularly-having-trouble-touchiding-the-ssh-key-prompt/154496)?
Thanks again for your patience here.
The support team got back to me and confirmed that this is a known issue and that a fix is in the works, although there is no ETA for it yet.
cc MikeTheCanuck
Here's that elusive TouchID prompt I'm chasing.
I'm experiencing the same issue and reached the same conclusion:
I can only conclude that 1Password has some unique "interim" state for this TouchID prompt, and if I don't place my finger correctly before some other window gets focus, all is lost.
I've been wondering whether this is a UI bug or a security measure to avoid something akin to a key logger stealing the fingerprint or some other critical information, or something along those lines.
It would be good to get some feedback from the 1P team.
Yeah, I’d love to know if this is deliberate. I can understand that as an intentional move.
On the other hand, over the past year of experiencing this pretty regularly, what it’s conditioned me to do is to ALWAYS throw my finger down IMMEDIATELY when I see one of these prompts. I don’t even think “is this an expected prompt, that should follow the last action I just took - or should I be skeptical and evaluate whether this is a prompt I should authorise?”
I now reflexively authorize immediately so that the prompt doesn't get "blocked" by whatever causes this to happen.
In the security UX I build for my employer, I’m very cognisant of every decision point we ask users to interact with, and I try to never make a prompt or modal something that they’ll just reflexively say yes to. It opens the door for bad actors to throw a deceptive prompt that they’ll also allow.
