Is it possible to unlock without the Master Password?

jr44
jr44
Community Member
edited March 2015 in iOS

I work on my neighbors computers, one of which whose husband died and did not leave master password to 1 password.
Any suggestions?

Comments

  • jr44
    jr44
    Community Member

    its an imac

  • Stephen_C
    Stephen_C
    Community Member

    I'm afraid there is no solution except trying to guess the master password (the number of attempts you can make is unlimited: you won't suddenly be locked out for multiple attempts). The only alternative is to hunt around to see if the master password was recorded anywhere. Sorry there's no better news.

    Stephen

  • Plato
    Plato
    Community Member
    edited March 2015

    @jr44

    I get a lot of disagreement on this forum but that scenario is the primary reason why I store a physical printout of all my logins in my safety deposit box. That way, not only does my wife have access to my web sites but my sons can use their own computers to gain access.

  • @Plato,

    If you haven't already, you may want to check out the 1Password Emergency Kit (created by a 3rd party):

    Thanks!

    Ben

  • Plato
    Plato
    Community Member
    edited March 2015

    @bwoodruff

    Totally useless for me.

    1) My wife is not comfortable using 1P. She is used to entering usernames and password manually.

    2) If my wife and I are both gone, I fully expect that my sons will need to access our financial accounts using their own computers.

    3) Can you absolutely guarantee that 1P will NEVER fail to function properly? Look at the quantity of issues reported in the forum.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2015

    @Plato: Ah, I see. No worries! Others may find the emergency kit useful. It's a neat resource. :)

    "Even the wisest cannot tell. For the mirror… shows many things…" - Galadriel

    Certainly, 1Password is not perfect. AgileBits made it, and we are mortal, after all! All software of any significant complexity has bugs. And for the most part, folks don't write in to tell us that everything is working and 1Password is great (although we do get those occasionally)! Support forums are fairly self-selecting for individuals who are in need of support. ;)

    But so long as we are able, we will continue to develop 1Password and support our awesome customers. :chuffed:

  • Look at the quantity of issues reported in the forum.

    As my esteemed colleague @khad has said: A hospital is not a great place to go to judge the health of a city.

    Or something like that. :)

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2015

    @Plato: I'll also add that I don't personally have an objection to storing printed copies of important information, so long as it is secure in a place like a bank vault.

    The biggest concern in regard to this practice is that it may leave a trail if not managed carefully, since there would almost certainly be an intermediate, unencrypted file on the computer that would need to be erased securely (which is problematic), as well as stored in memory on the printer (unfortunately all too common).

    Ultimately it's just a matter of deciding what risks you are willing to accept based on how crucial the security of the information is to you.

  • Plato
    Plato
    Community Member

    @brenty

    Don't misunderstand me. I'm pleased with 1P. At the same time, I figure that my heirs will be too upset over my demise to worry about learning how to use it. In addition, they just might wish to access my financial web sites from their own computers.

    A hospital is a great place to view sick people. However, as happy as I am with 1P, it doesn't always work for me so I guess that I'm one of the sick people. Occasionally, I hit CMD-backslash and absolutely nothing happens. I haven't complained about it because 90% of the time, the resolution is simple - click on the desktop and then click back on the web page. Occasionally it's necessary to Quit/Restart Safari. I don't want to leave those sorts of instructions for my heirs and I doubt that the "Emergency Kit" covers that.

    I did specifically state that the printout is stored in my safety deposit box and is updated every quarter. The old printouts are shredded.

    Brenty does cause a minor concern. You seem to be suggesting that a "Print All Items" from 1P will leave a residual unencrypted file on the computer. If so, I consider that a failure of 1P. At the same time, however, a bad guy would need not only physical access to my computer but also the knowledge that I'm using 1P AND the knowledge of how to locate that file. I'm not that paranoid.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Plato: Sorry for not being clearer. What I was referring to is two traces that can be left of your data:
    1. Unencrypted files stored by the OS in order to print
    2. Unencrypted raw data stored in the printer itself
    Both are beyond the scope of 1Password, but it is important to keep these things in mind.

    In instance #1, your 1Password data must necessarily be decrypted in memory to be useful. We take great pains to ensure that data is only decrypted on demand as needed, but ultimately you're trusting the OS and printer software not to keep an intermediate copy that could be read if the hard drive were to be compromised. Even deleted files are not necessarily zeroed out on disk. But using FileVault2 whole disk encryption (built into OS X since Lion) ensures that anything written to disk -- even temporary files that are later deleted -- can only be interpreted as random noise unless the key is available to decrypt it.

    In instance #2, printers (and copy and fax machines) by many manufacturers are known to keep copies of data in their internal storage, often indefinitely, which could easily be accessed by an enterprising individual (or government agency).

    Both of these depend on someone malicious actually being savvy enough to bother with these, but I feel it is important to be aware of the risks, especially where a 'trail' might be left unwittingly. 1Password is secure; the bank vault is secure; but it's the in-between that can easily be overlooked, since the endpoints are so often the focus (as they should be!)

    At the same time, however, a bad guy would need not only physical access to my computer but also the knowledge that I'm using 1P AND the knowledge of how to locate that file. I'm not that paranoid.

    When in doubt, shred the printer. :p

    I haven't complained about it because 90% of the time, the resolution is simple - click on the desktop and then click back on the web page. Occasionally it's necessary to Quit/Restart Safari. I don't want to leave those sorts of instructions for my heirs and I doubt that the "Emergency Kit" covers that.

    Understood. It sounds like it may be an issue with the browser losing focus...or perhaps a certain part of a webpage that has focus is in a frame. That does sound like a nuisance, so I'm glad that it is at least infrequent. But if it continues to happen, I'd love to hear more details on the specific instances (or websites). There may be room for improvement!

    That said, we actually have some big improvements coming for form filling. Keep an eye out for updates, and be sure to let us know if you notice a difference! :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Plato: I noticed that Goldberg goes into more detail about printing in this thread dedicated to physical copy security, so I thought I'd share it here.

    As always, you need to adjust your behavior to your perceived threats.

    Knowledge is power. :)

  • Plato
    Plato
    Community Member

    @brenty

    I read Goldberg's writeup and I guess that each of us must decide how much paranoia is appropriate. Goldberg recommends a cross-cut shredder but there are individuals that reconstruct cross-cut shreddings as a career! In fact, the only reason why the U.S. government shreds classified documents is because the documents burn easier that way.

    Again, someone would need physical access to my computers and/or my printer and the technical knowledge of what to look for and where to look. That's not a worry with my iMac but I expect that I will invoke FileVault on my MBP.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Plato: Absolutely. It is much more likely for a notebook to fall into -- quite literally -- the wrong hands. I was hesitant at first to use FileVault2 after my, um...adventures with FileVault1, but Apple really nailed it this time. It actually is seamless. Cheers! :)

  • [Deleted User]
    [Deleted User]
    Community Member

    What is the difference between FileVault2 encryption and IOS 8 encryption?

  • Hi @kunder ,

    From a user perspective, not a lot. Both encrypt the entire storage with a key that is stored in the keychain. The keychain is protected by your passcode on iOS, and your administrative user account passwords, on the Mac.

    There is one key difference. An iOS device has to be able to start up before you enter your passcode, in order to be able to receive calls, notifications, and well, to start up. So part of your phone is unlocked on startup using a key in the OS, and the rest (with most of your user data) is not accessible until you unlock your phone with your passcode.

    A more detailed description is here: http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html

    With FileVault2 on a Mac, the entire startup disk is encrypted. Apple writes a small keychain to a hidden partition so it can start up just enough to ask you for your password. When you enter it, is looks up the full key and unlocks the disk for booting and using. Basically, everything is locked until you enter your password.

    I hope that answers your question.

This discussion has been closed.