Master Password for Desktop is different than iOS password even though Synced

I installed 1Password on my iPhone and created an easy to remember password for testing purposes. After a day or so decided i wanted the desktop version as well so purchased and installed it on my PC but gave it a strong Master password. I have both synced to the same folder on dropbox and thus the same data shows up in iOS and on the PC.
the problem is or what strikes me odd, is that on my iPhone the app still accepts the old password i gave it at the beginning.
My Question: Being both apps use the same "password container" (1password file) - how come two different Master Passwords open it?

  • thanks

Comments

  • RichardPayne
    RichardPayne
    Community Member

    Unlock with the new master password and the old one should then stop working.

  • ysbaron
    ysbaron
    Community Member

    that didnt work although i tried a few times and over the period of a few hours. i finally removed then reinstalled the iOS app and it fixed it.
    thanks. i now went back to Dashlane.

  • DBrown
    DBrown
    1Password Alumni

    Thank you for trying 1Password, @ysbaron‌!

    Let us know if you decide to try it again in the future, and we'll figure out what's going on and get things working for you.

  • npotereyko
    npotereyko
    Community Member
    edited November 2014

    Same here.. Facts:

    1) I have 1Password5 installed on iOS8 (iPhone & iPad) and OS X Yosemite.

    2) Master passwords on OS X and iOS ARE different (double-checked) for same vault.

    3) Vault IS properly syncing via iCloud (I do see entries i just created on OS X in iOS).

    Now the question is: IF master password is indeed used to encrypt vault (user guide claims that) - how in the world can it sync?? How can I see new entry on iOS without typing same master password that i used on OS X?

    This is really fishy...

    Also yet another VERY strange thing. I have 2 vaults on OS X. Each vault has own, VERY distinct password. As it happens i typed in password for first vault and it - OPENED second vault!!! Let me paraphrase - I was able to open second vault by unlocking first vault and then just switching vaults in UI (UI NEVER asked me for second password).

    All this makes me wonder whether you guys really use master password for encryption of vaults.. It looks like you use master password just to unlock app itself, which is plain scary.

  • svondutch
    svondutch
    1Password Alumni
    edited November 2014

    IF master password is indeed used to encrypt vault (user guide claims that) - how in the world can it sync?

    On Mac and iOS, there is an internal database that you unlock locally. Then Mac and iOS are optionally syncing things to another database in the cloud.

    Each vault has own, VERY distinct password. As it happens i typed in password for first vault and it - OPENED second vault!!! Let me paraphrase - I was able to open second vault by unlocking first vault and then just switching vaults in UI

    On Mac, you can open your secondary vault with your primary vault master password because we store the secondary vault key in the primary vault. This is the designed behavior.

    All this makes me wonder whether you guys really use master password for encryption of vaults

    We do. Well, we actually use a (stronger) encryption key that we then encrypt with your master password. Here's a bit of tech backgrond: https://blog.agilebits.com/2011/05/05/defending-against-crackers-peanut-butter-keeps-dogs-friendly-too/

  • npotereyko
    npotereyko
    Community Member

    Thanks for reply! Link you posted describes PBKDF2 trivia, but it also contains link to https://help.agilebits.com/1Password3/agile_keychain_design.html where actual rationale is described (under Hierarchy of Encryption Keys). Quite informative.

    You mentioned that you store secondary vault key in primary vault. Can you elaborate on this? I thought each vault is independent component which is encrypted and synced individually..

    My use case was to have 2 vaults: one for regular website passwords, credit cards, etc. which i can sync between devices; and one for highly sensitive data that would never leave my laptop (and protected by different password). Imagine my surprise when i opened my "top secret" vault by opening regular vault..

    Can you explain how properly setup this on my side?

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    edited November 2014

    I'd be happy to explain @npotereyko‌!

    It can be, as you well note, counter-intuitive. And so despite our efforts, we don't always get 1Password to fully conform to the "Principle of Least Astonishment."

    For your intended usage, you would like to always need the Master Password for a secondary vault to unlock that secondary vault. As you learned, 1Password for Mac and iOS doesn't work that way, while 1Password for Windows does do what you expect. Let me first describe what is going on and then we can return to whether that is a good thing.

    What's going on with secondary vaults

    Ever since 1Password 4 (on Mac/iOS), 1Password makes a distinction between "local data" and "synching data". This fact will be important shortly.
    In a sense, 1Password on Mac and iOS actually "import" and "export" data to and from its local format to either an OPVault or Agile Keychain format.

    As you've read, your Master Password is just the starting point in a process to derive and decrypt other encryption keys. This fact is also important to understanding what is going on. I'm going to take a few shortcuts and talk about a Master Password for each vault and a master key for each vault (in truth there are actually several sets of keys for each vault, but let's just stick with "master key").

    On Mac or iOS when you first set up (or sync with) a secondary vault, you need to provide the Master Password for that vault. At this point, 1Password is able to decrypt the master key for that secondary vault using its Master Password. On Mac and iOS, 1Password will keep that key in its local data encrypted with the master key for the primary vault. So the master key for the secondary vault can be gotten at with the Master Password for the primary vault.

    But note that I said that this is only kept in the local data. That encrypted key never travels with the primary vault over the net. So when it comes to synching, each vault is independent. But once you teach your primary vault about a secondary vault on a particular Apple device, your primary vault on that device will know enough about the secondary vault to unlock it.

    "I'm a Mac." "I'm a PC"

    In 1Password for Windows, there really isn't a substantial difference between primary and secondary vaults. On the Mac, we've made them quite distinct from each other. There are things that are stored in the local primary vault on the Mac which are never designed for synching, and it really tries to have 1Password live up to its name of one password. The distinction between local and synching data is also stronger on the Mac than on Windows. This enables 1Password on the Mac to allow for more integration among vaults while still allowing them to sync in their own separate ways.

    Some of the reasons for how things work on the Mac are for efficiency reasons. This design makes it much easier to work with multiple vaults and switch back and forth among them. The stronger separation of local data versus data for synching allows for 1Password on Mac and iOS to perform some tasks very quickly. The Windows team have done remarkable things in boosting 1Password's performance on Windows, but they have had to do so without the advantages of a using a data format designed to work efficiently on the local system.

    The advantages of the way things work on Windows is that it is much more in line with user expectations. Vaults are fully separate entities. They are not just independent for synching, but they are independent locally as well. This makes the underlying data model much closer to the way that people using 1Password think of it. It is more compliant with the Principle of Least Astonishment.

    Two approaches, 1Password

    Perhaps we will converge on design model across platforms. Perhaps it will be the Windows way, perhaps it will be the Apple way. We've settled some internal disputes through dueling (water pistols). (I got thoroughly soaked, and so the boss is allowed to refer to 256 bit AES keys as "military grade encryption".) Perhaps we will continue as we have, with different design approaches for the different platforms.

    One advantage of using these multiple approaches is that we get to hear from people like you about which they prefer. I presume that you prefer the Windows approach, at least when it comes to the relationship between secondary and primary vaults.

  • RichardPayne
    RichardPayne
    Community Member

    The advantages of the way things work on Windows is that it is much more in line with user expectations. Vaults are fully separate entities. They are not just independent for synching, but they are independent locally as well. This makes the underlying data model much closer to the way that people using 1Password think of it. It is more compliant with the Principle of Least Astonishment.

    but less compliant with the Principle of Least Typing! The Windows way is a nightmare for regularly using multiple vaults because switching between them becomes painful.

    One advantage of using these multiple approaches is that we get to hear from people like you about which they prefer.

    Since you asked.... :smiley:
    I'd like to see, on all platforms, a Mac style primary/secondaries setup. I'd then like a choice between the current Mac way where you have manually switch between the vaults (without entering the MP) and a merged view where the entries of all vaults are presented as a single vault.

  • npotereyko
    npotereyko
    Community Member

    Thanks for explanation! You managed to resuscitate my trust in 1Password. You are getting "good customer support" badge.

    IMLTHO, it would be nice to have at least option to lock secondary vault while primary vault is open. I do understand "ease of use" case, but when i press lock button on something my expectation is that it will stay locked until i explicitly unlock it.

    I guess as a workaround i can switch how i use primary an secondary vaults - put "top secret" stuff in primary vault (and disable sync) and put less than top secret stuff into secondary vault (and enable sync). This way at least i can be confident that when i lock "top secret" stuff it will stay locked.

  • DBrown
    DBrown
    1Password Alumni

    Thanks again for the feedback!

    As I've written in other threads, I wouldn't be surprised to see a vault-handling model in future versions that's not exactly like either the current Mac or current Windows model, but I have no idea what such an alternative might look like.

    (To clarify a comment above, 1Password for Windows. It currently does not include even the concept of primary and secondary vaults. Vaults are independent and unrelated, and each must be unlocked individually with its own master password, even if you happen to use the same master password for more than one of them. If you create primary and secondary vaults in 1Password for Mac, for example, you can open them in 1Password for Windows, and they'll still retain their hierarchical relationship in 1Password for Mac, but you'll need to know their master passwords to open them in 1Password for Windows.)

  • npotereyko
    npotereyko
    Community Member

    I just learned that secondary vault cannot be sync-ed with iCloud.. Ehhhh. So back to old model.

    I guess i will just have to accept that my "top secret" vault will be unlocked along with my primary vault.

  • DBrown
    DBrown
    1Password Alumni

    The "normal" model (in 1Password for Mac, of course) would be to create a primary vault in which you store things you want kept only to yourself and secondary vaults in which you store things to which you want to give access to others.

    Then you share those vaults and the corresponding master passwords with the appropriate people, and they're able to unlock the vaults and use the items stored within them without having access to items in your primary vault (even if they get a copy of the vault through some sharing setup or by having access to the same computer account).

This discussion has been closed.