I changed my master password, but my phone still accepts my old one - and is in sync!

p_blomberg
p_blomberg
Community Member

I have changed my master password on my mac about a week ago. The next time I tried to log in to 1password on my linux machine (using wine), of course I needed to use the new password.

But today, when I tried to login with the new password on my iPhone (synced via dropbox), I couldn't log in with the new password. But the old password worked. So i checked an entry that I changed on my mac just a few minutes ago, and the change was synced on the phone.

As a result, if someone gets hold of my phone and has my old password, they can get all my passwords, including new ones.

What is going on? How can my old password still work? :(

Comments

  • It used to be the case that changes to master passwords weren't synchronised but they changed that a while back. You don't mention versions at all so I'm assuming you're up-to-date on all your devices. As you're using Dropbox you have two options that spring to mind. Assuming Dropbox is current and you don't have anything unsaved that exists only on your iPhone you could wipe 1Password and start from scratch (there's an option to do this in settings - haven't used it myself as of yet). The other option is to simply change the master password from the old and working one to the new one but do this directly on the iPhone.

    Both options should work.

  • p_blomberg
    p_blomberg
    Community Member

    I thought that the master password was used as an encryption key for the whole database, making it impossible to use an old password.
    Obviously that is not correct, so how does it work?

    I'm using 1Password 4.4.1 on my mac (10.9.5) and 1Password 5.0.1 on my iPhone (iOS 7).

  • Stephen_C
    Stephen_C
    Community Member

    See a very helpful AgileBits post here for a detailed explanation.

    Stephen

  • Megan
    Megan
    1Password Alumni

    Hi @p_blomberg,

    Since unlocking 1Password on your iOS device, have you tried to use the new Master Password again? Your old Master Password will be accepted until the new Master Password is verified (by being entered correctly) on a device. This is done to ensure that you don't get locked out of your database.

This discussion has been closed.