Quick Unlock Code remains in the iOS keychain even after the removal of 1P [Confirmed, will fix]
Hi,
when a Quick Unlock Code was set and 1password is deleted from the iDevice and installed again, the same Quick Unlock Code is still valid. This can be used to gain access to the previous user's vault on another device.
Where is the Quick Unlock Code stored??
Greetings from Germany!
duong
Comments
-
I've found this to not be the case. Deleting and reinstalling 1Password from my phone removed the quick unlock code and I had to reset it.
0 -
I also find its removed on an uninstall and reinstall. I usually forget to set it up at first and then have to enter the Master Password. Again, and possibly again before I do remember.
@duongel I am wondering at the moment I only have the beta installed do you have the production and the beta installed ? When I had both installed sometimes when using another app and going to 1Password the stable will open instead of the beta and it confuses me at first. I always assumed this is due to it being official approved by the App Store.
Anyway just a few thoughts running through my head. The Agile folks may have a better idea.
0 -
Hi guys,
@duongel, This is a bug and will be fixed soon. The code is being stored in your iOS's keychain, which 1Password then reused as the quick unlock code for the app.
Note that the code can only be used after you unlock the app once with your master password, it can't be used if you haven't unlocked the app yet. In other words, if you reinstall the app with a different database, the unlock code can't do anything because you still have to enter the master password. Once you enter the master password to unlock the app, then the unlock code is reused.
0
