Critical bug: Secure Notes synced an old version of a note after a fresh Mavericks/1Password install

Options
Mike Hearn
Mike Hearn
Community Member
edited May 2014 in Mac

Hi folks,

As introduction, I have 1Password installed on: my iMac, my Macbook, my iPad and my iPhone. That's a lot of Apple devices. I have all of these synced using 1Password's iCloud support.

Syncing has worked fine thus far, but yesterday I erased my Macbook and re-installed a clean version of Mavericks. I signed-in using the same Apple ID and so on. I installed 1Password and everything immediately synced - all passwords, logins, etc.

Today I was going through and I noticed that one secure note synced to an old version of the note. The dates corroborate this: on my iMac the file was most recently modified on "April 20, 2014" – that is the latest version of the file. This is the version that also appears on my iPad and iPhone.

On my newly installed computer, the version that synced was last modified "April 1, 2014". It is an old version that does not contain the latest edit.

Why is this a big deal?

I only discovered this because I know the note's contents well, and noticed something was missing. Otherwise, I may have rightly assumed this was the most recent version.

This particular secure note contains my "2-factor backup passwords." In other words, if I ever lose my phone and need to use two-factor authentication, these codes are all I have. Without them, I will be locked out of my accounts if I lose my phone and need to authenticate.

The old version that was synced to my Macbook did not have the most recent backup password added to it. On April 20th, I added my Dropbox 2-Factor backup code – but the version synced to my Macbook, last modified on April 1, 2014, did not contain that edit.

If I had subsequently edited this file, a new version would have been synced across all my devices without the Dropbox password – that data would have presumably been lost (unless there is a versioning system inside the app; if there is, please let me know).

Accidental destruction of information is among the worst things a password management app can do. I trust 1Password to keep my data both safe from hacking and from accidental data loss. If I cannot trust that a password I put into 1Password will not be inadvertently deleted due to a technical hiccup, then my data is not safe.

So I have two questions:

  1. How can I force my Macbook version (stuck on the April 1 edit) to update?
  2. How can I make damn sure that I'm not editing an OLD version of a Secure Note which will then sync to all devices, destroying whatever data was missing from the old version?

For corroboration, here's the screenshot from my Macbook showing the most recent modified date as April 1, and from my iMac (screenshot is from a remote desktop program, which is why it's a little small) showing the April 20 modified date..

Comments

  • Mike Hearn
    Mike Hearn
    Community Member
    edited May 2014
    Options

    I did some more testing:

    I erased the 1Password app on my iPad and re-installed it, which re-synced everything from iCloud. The version of this Secure Note that synced was, once again, the April 1 version (not the April 20 version).

    This means that the canonical version of the Secure Note in iCloud is the April 1 version, despite the fact that there was clearly an edit on April 20th that somehow got synced to all devices.

    It seems like the April 20 edit got synced between devices, but never got written to iCloud's backup. iCloud still believes the most recent version is April 1.

    So now two devices have the April 20 edit (iMac/iPhone) and two have the April 1 edit (iPad/Macbook). Presumably if I edit either of those versions, the new edit will become the "canonical" version and will sync between all four devices. [Edit: I tried this, and it synced to...three out of the four. The iMac didn't update the Secure Note. Who knows why. It updated other notes edited today, but not that one.]

    It's a 50/50 shot - if I happen to edit the April 1 version, whatever contents were unique to the April 20 version will be erased. In this case, it's my Dropbox 2FA backup code. What if it was my Bitcoin private key? Or a secure file containing the latest revision to my living will?

  • Megan
    Megan
    1Password Alumni
    Options

    Hi Mike,

    I'm so sorry to hear that you've been having trouble with 1Password right now. You're right, it is so important that 1Password sync be reliable. I'd like to take a closer look at your system to determine where things are getting tangled up. Could you please send us a Diagnostics Report?

    http://learn2.agilebits.com/1Password4/diagnostic-report.html

    Then attach the entire file to an email to us: support+forum@ agilebits .com

    Please do not post your Diagnostics Report in the forums, but please do include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we see your Diagnostics Report in our inbox.

    A short note here once you've sent the Report in will help us to keep an eye out for it. :)

    Once we see the report we should be able to better assist you. Thanks in advance!

This discussion has been closed.