iPhone app unlocks all accounts when using master password from only one

HeroTime
HeroTime
Community Member
in iOS

If it's true that the system needs my master password + secret key to decrypt my account vaults, then it would seem that the iPhone App isn't actually locking my account vaults, since logging into one account unlocks the contents of two unrelated accounts.

History:
1. I had a personal, single-user account
2. I purchased a new, family plan accounts, using a different email address
3. I added the family plan the iPhone app, using a different password
4. Now when I unlock the iPhone app using my single-user master password, the vaults of both accounts are available

This seems scary broken to me. Something's not releasing the cryptographic keys even though it looks like it's locked.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: iPhone 6s
Sync Type: Not Provided
Referrer: forum-search:iPhone app unlocks all accounts using password from one

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @HeroTime: Sorry for the confusion. The encryption keys for subsidiary vaults are stored in the first vault/account you have setup in the app, so that it can unlock those when you enter the Master Password.

This discussion has been closed.