Changing Master Password
Yesterday, I read the blog post "Toward Better Master Passwords" and decided to make my master password stronger (it was strong but the blog post gave me some hints to make it even stronger). My wife and I currently use 1password on three iMacs, two iPhones, and two iPads with one vault shared through dropbox. I successfully changed the master password on one of the home iMacs. After syncing the other devices (iPhone and iPad and restarting) a few times the new master password is still not working on the devices. Do I have to manually change to the new master password on each device?
Also, after changing the master password I read a post that seemed to indicate that changing the master password (even if it is stronger) actual makes the data more vulnerable. If this is true what can I do to make restore the protection I had with the previous master password? Thank you for your assistance.
Comments
-
Hi @JFK,
Assuming you're running the latest versions of 1Password (5.1 on the Mac, 5.2.1 on iOS) then the change should propagate.
Normally unlocking with the new Master Password should be enough, at worst unlocking with the old Master Password, confirming sync has occurred and then locking by way of the Lock Now option which can be found in Settings > Security.
If that's not working then we will need to look a little deeper.
As for your question regarding the Master Password. Due to how our system works if you start with a really rubbish Master Password then simply changing it to something stronger could give you a false sense of security. There is way to ensure everything is encrypted with fresh keys but it does involve a number of steps so you would want to be sure it's something you do. If your original Master Password was still strong enough that it would take centuries to break then you probably don't have much to worry about. If you've just gone from something like
passwordorlove(two popular passwords I believe) then those steps I mentioned may not be a bad idea.Do keep us informed.
0 -
Thank you for your response. I am currently using 4.5.3 on my iOS devices because the iPads and iPhones will not work well with the new iOS because of their age. We will upgrade I password when we upgrade the devices. We use 4.4.2 on the Macs because we are not ready to upgrade to Yosemite because of the reported wifi problems. Do you have suggestions for propagating the new master with the iOS and OSX devices given the versions of 1Password we are using.
Not sure if my original Master Password would take centuries to break or I wouldn't have changed. Although, I didn't use something like love or password. See attached screen shot of the strength of the old password. Not sure how accurate or relevant this is. Not sure where to go from here in regards to following the steps you mentioned. Thanks again.
0 -
Hi @JFK,
Okay, that explains your Master Password issue then. We did fix a number of sync bugs lately but if you're running 1Password 4 then sadly you won't see the benefits of those changes at the moment.
In cases like that the easiest way forward is to do as you originally suspected and simply manually change the Master Password on each device.
Sadly the attached screenshot didn't make it when you posted your reply. If you have concerns I can certainly work with you to ensure fresh encryption keys in all vaults. We can go over the steps and then you can make your decision too of course. How does that sound?
0 -
Thank you once again. I think the best thing might be for me to take the time to go through the steps that ensure fresh encryption keys on all devices. Does it make sense for me to wait to change to the new master password on all devises, until I am ready to have you walk me through the steps to ensure fresh encryption? Is there any harm in using the original master password for a couple of weeks on some of the devices? Appreciate the assistance. JFK
0 -
Hi @JFK
If you'd like to refresh the encryption keys then yes, you might as well continue using the old Master Password briefly and unless the old Master Password is pretty or embarrassingly weak (which you've said it isn't) then using it for a small period of time isn't something I'd be too concerned over.
I'll be in touch shortly regarding the process.
0 -
Thank you for your assistance again. All makes sense.
0 -
Hi @JFK,
I've messaged you here on the forums, we'll continue the conversation there for now.
0
