Master Password Changes Not Sync'ing Between Devices
I have a MacBook Pro running Yosemite, with MAS 1Password (version 5), iPad Air and iPhone 5s running iOS 8.02 with 1Password (version 5 with "Pro Upgrade"). I changed the Master Password on the MacBook Pro to a new password. I am only able to log on with the new password on the MacBook Pro. The new password has not propagated to the iPad Air or the iPhone 5s, meaning I can only login with the old password on the iOS devices. I am able to sync other items between the three devices (for instance adding new logins, or editing existing logins). I've seen other posts which describe similar problems with other levels of 1Password software however its unclear if this is a known bug and how it should be fixed.
Comments
-
P.S. I'm using iCloud sync
0 -
Does this AgileBits post help at all?
Stephen
0 -
Stephen - thanks for your post, however no success. In fact, I've tried deleting 1Password application from my iOS devices and reinstalling them, and the iOS devices still unlock with the old password!!!
0 -
In that case I suspect the only answer is manually to update (i.e., change) the password on the iOS devices.
Stephen
0 -
1Password data is supposed to be encrypted with keys derived from the master password. If that is actually the case, then how are we still able to access the data with the old password? This is very unsettling. As I look thru the forums, this issue has been reported by several users with differing configurations over a significant period of time, and there has been no official acknowledgement by 1Password whether this is an actual bug. Many things sync correctly (new logins, individual site password changes, notes, etc..) but Master Passwords don't. This gives me the uncomfortable feeling that I'm working with a different set of data on each of my devices. Hoping for an official response from 1Password on this and other similar issues soon.
0 -
Hi @Sergio77,
A master password change should sync across your devices, however, some users (like yourself) have reported that this doesn't always happen. Our developers are investigating this bug. If your new master password does not automatically unlock your data on your other devices, then you will need to update the password manually to match on each device.
How is it possible for this to occur? The explanation requires a bit of an understanding about how 1Password works behind the scenes.
Your data is encrypted with a randomly chosen encryption key when you first set up your 1Password data for the first time - this is your "master key". Your master key is what gets encrypted with your Master Password. When you change your Master Password, you are changing how the master key is encrypted. You are not actually changing the master key. There are good reasons for designing things this way. You will find that other high security systems, such as PGP, SSH, SSL certificates, and disk encryption systems all work the same way. A random key is generated when the user first sets things up, and then their passphrase is used to encrypt that key.
1Password 5 does not use the sync format directly for its regular operations; instead it uses a local data format (encrypted SQLite database) that is optimized for quick searches and so on. 1Password 5 does "import" and "export" changes to and from this local format to your agilekeychain, opvault, Cloud Keychain, or CloudKit database. The local and sync formats will use different parameters for encrypting the master key that are best suited for their different environments. So the encrypted key can't simply be moved from one to the other.
When you change your Master Password, it will make the change in your local SQLite database, and also in the sync format. It can do this only when your data is unlocked because it needs to re-encrypt your master key with the new Master Password. Roughly speaking, "being unlocked" means that 1Password has your decrypted master key in its memory. The sync format will then have its master key encrypted with the new Master Password. That will spread to other systems that you sync with via iCloud or Dropbox sync. In some rare cases, 1Password may not have "imported" the Master Password change from the sync format into the local format. So what we are seeing if the Master Password doesn't sync after you changed your Master Password on one device is that the local format is keeping the master key encrypted with the old Master Password on another device. 1Password is still able to read and write changes to the sync format because it is able to decrypt the master key (from the local format), even though it isn't able to decrypt the master key in the sync format.
So, since your new Master Password did not sync automatically, simply changing your master password manually on all devices to match should fix the issue.
Please let us know if you have any other questions.
0 -
Jasper, thanks for taking the time to provide a detailed response. It is much appreciated. If you can explain one additional item. For my configuration (shown in the original post), I deleted the 1Password app from both my iOS devices. Wouldn't this delete all local data on both devices? I then reinstalled the 1Password app and both iOS devices still unlock with the old master password. On the iPad, i manually changed the old password to the new password, however the iPhone did not pick up the change. On the iPhone, i then manually changed the old master password, to a third password. This did not propagate to any of the other devices. It seems that I am in a state that any master password changes are only valid on the device the change was made on. Deleting and reinstalling the application does not get me out of that state. Do you have any recommendations as to how I can reset my configuration so that I can have master password changes propagate correctly to all devices?
0 -
I just ran into this same problem. I'm using iCloud sync between my Mac and 2 iOS devices. I changed my Master Password on my Mac, but on my iOS devices I still need to use my old Master Password. I've confirmed sync'ing is working because I added a new record on my Mac and it appeared on my iPhone. I restarted my iPhone and it still only accepts the original Master Password.
Sorry if I'm overreacting, but this seems like a HUGE security problem:
Let's say someone takes one of my devices and is trying to figure out my Master Password. If they guess my Master Password, they would have access to all my passwords, so my first response if I thought this had happened would be to change my Master Password (so they couldn't get access to 1Password on the stolen device) and then I would start changing the passwords for my most critical accounts (so the old passwords they had access to would no longer work).
Unfortunately, this apparently won't work and I'll still be vulnerable in what I consider a very typical and real-world situation. The above advice to "change the Master Password on each device" is worthless in this situation and makes me question all claims about the security of my data using 1Password if changing the Master Password doesn't actually have a predictable and reliable affect on the other devices.
0 -
@Sergio77, if you've deleted and reinstalled the iOS app, and setting up iCloud sync still requires the old master password (and the new one doesn't work), that leads me to believe the new master password has not synced from your Mac to iCloud. You can try disabling iCloud sync in 1Password on your Mac and iOS devices, reset the 1Password data in iCloud, delete 1Password from the iOS devices (assuming all your current data is in 1Password on your Mac), and then set up iCloud sync again (and reinstall the iOS app). Try these steps:
On both iOS devices:
- Open 1Password and go to Sync > Sync Service > Disable Sync (confirm you want to disable it).
- Go to Settings > Advanced > Erase iCloud Data (confirm you want to Reset iCloud Data).
- Delete the 1Password app from the iOS devices.
On your Mac:
- Open 1Password and go to Help > Troubleshooting > Reset iCloud Data.
- Click the button for Yes, Remove Remote Data.
- You should see a message that confirms the data was reset and sync was disabled (click OK).
- Go to 1Password > Preferences > Sync, and set up iCloud sync.
On both iOS devices:
- Reinstall 1Password 5 from the App Store.
- When you open 1Password, choose Sync existing vault, then iCloud.
- When asked for your master password, it should be the new one.
Please let us know if that works, and if you have any questions.
Hi @Darkon,
First, please try my steps from this post.
If those steps don't help, you may want to try the steps I wrote above for Sergio77.
If your iOS device is stolen, you will most likely want to erase it completely. You can do that if you set up "Find My iPhone" on the device before it was lost/stolen. You can find more information about that on Apple's support site here: http://support.apple.com/kb/ph2701
0 -
Drew, yes, I followed your procedure and it indeed sync's the master password. Thanks!! Its still disconcerting that some items will sync (new logins, changes to existing logins, etc.. ) but the master password does not sync. Can 1Password team explain what is going on, and when will it be resolved. These types of issues make me nervous to trust the product with key data.
0 -
Hi @Sergio77,
Please see our security guru's response on the topic: Why doesn't a Master Password change sync to my Mac?.
0 -
Hmmm, I'm logged in but I get the following error
Permission Problem
You don't have permission to do that.
0 -
Yesterday I changed the primary vault (the only one I have) master password on my iMac, then in a few minutes I opened 1P on the iPhone and tried the new pwd. It did not work, but the old one worked however. I waited for a few hours, same story. Closed both apps completely, re-enabled 1P in iCloud Drive settings in iOS, restarted the iPhone—nothing helped. Ended up changing the master pwd manually on the iPhone.
Today I opened 1P on my MBP and the new pwd did not work, but the old one did, just like on the iPhone the day before. Restarted the app, no dice. No changes half an hour later. Not sure if should wait longer or change manually.
I know thew apps are syncing the vault contents because I added and edited various items and I could see these changes on all devices right away. The only thing that does not sync is the master password.
Using 1P 5 from MAS with iCloud sync. Both OS X 10.10, iOS 8.1.
0 -
There is a thread here about the problem and the link takes you to a useful post from AgileBits. Read on in the thread for suggested solutions (one of which is exactly what you've done).
Stephen
0 -
Same problem with password sync (https://discussions.agilebits.com/discussion/30353/master-password-not-synchronising-across-several-os-x-ios-devices). Why do I have to jump through the hoops of reinstalling and deleting the data?
In some rare cases, 1Password may not have "imported" the Master Password change from the sync format into the local format.
Well, why is that? This was a known issue in 1P 4, shouldn't this be fixed in v.5 by now?
1Password is still able to read and write changes to the sync format because it is able to decrypt the master key (from the local format), even though it isn't able to decrypt the master key in the sync format.
So am I understanding this correctly?—you allow the app to read/write the sync format (vault items are syncing) even when it "isn't able to decrypt the master key in the sync format"—shouldn't the app be decrypting both formats to test and verify it is using the most recent master password?
0 -
@Stephen_C which one? None of those are real solutions, just workarounds. I would rather not reinstall the app on all my devices. What If I had 4 or 5? Or 6. Becomes kind of cumbersome to maintain an app that I paid money for, and that's supposed to be secure and make my life safer, wouldn't you agree?
0 -
I have 2 Macs and an iPhone. I sync with iCloud. For some reason after changing the master password on my Mac, the change was not reflected on my iPhone. Instead I had to change the master password (to the same thing) on my iPhone as well. Now after installing 1Password on my other Mac, and syncing with iCloud, it asks for the master password. After a few unsuccessful tries it tells me the hint, which is the hint for my old master password.
I'm wondering how I can make a new master password once and have it affect all of my devices across the board.
0 -
I'm also experiencing this issue. After reinstalling 1Password on multiple machines/devices, the master password always reverts to the one I used when I first set up the vault. I also have to change the master password on each machine/device because changing it on one does not sync with the others. I'd really like to change the master password permanently to avoid any confusion in the future, and have the change sync across all my Macs and iDevices. Any help would be greatly appreciated.
0 -
Hi @voimala
I sincerely apologize for the trouble here.
Why do I have to jump through the hoops of reinstalling and deleting the data?
Reinstalling the app is one solution, but you can also manually update the Master Password on the device that hasn't updated.
As for your more technical questions, I've asked our security guru, @jpgoldberg to help you out here. I'm unable to say much more about it than has been previously stated in the thread.
0 -
As a new user , I also find this disturbing (in the hacker situation sense) . I view changing the Master Password as 'basic functionality'. My main concern is that I will change the password and forget my original password, making the process of setting up 1P on a new device impossible. In this sense I will always have to remember (or write down) 2 passwords: my original vault password, and my current vault password. This needs to be fixed. Nobody wants to delete their iCloud data to reset this, its too much work to get 1P setup with all of your passwords just to delete it all.
0 -
Hi @nikcbhp
Thanks for sharing your thoughts here! I can certainly understand your concerns. However, it is important to note that we do not recommend changing your Master Password. Your Master Password should stay the same, unless it is weak or used somewhere else. As stated in our User Guide, Security Preferences:
A strong, memorable, and unique Master Password should generally not be changed.
I also want to assure you that removing your iCloud data is not the same as deleting your database. In 1Password 5 for Mac (as in 1Password 4 for Mac), your database is always stored locally, in addition to in the sync location. Removing the data from the sync location simply allows 1Password 5 for Mac to re-generate a fresh copy of the data, with the new Master Password.
As we've said above, our developers are looking into just why changes to a Master Password don't always sync to all devices, and we'll do our best to improve 1Password's behaviour here.
0 -
Ok. The clarification of iCloud data vs. password database is appreciated, I definitely thought they were the same thing. I've run through the steps for resetting iCloud and they work.
0 -
Thanks, Megan! I really appreciate you directing me to this thread and Drew's instructions. Everything seems to be working/syncing as expected. Thanks again.
0 -
I experienced this problem today, and i see there are several threads related to the Master Password not syncing across devices. I see that AgileBits considers this a bug, and committed to fix it. Has the issue been resolved?
0
