New master password and Touch ID

juanes1024
juanes1024
Community Member
in iOS

I changed my master password and afterwards I was able to unlock 1Password on my iPhone with Touch ID without entering the new password. I know the vault is still syncing because new items keep showing up.

How is this possible? I expected the vault to be completely re-encrypted when I changed my master password.

Comments

  • JWeaver
    JWeaver
    Community Member

    Hi @juanes1024

    Using TouchID to unlock 1Password isn't the same as 1Password typing in your Master Password for you. Using TouchID creates a secret that is equivalent to your Master Password and is stored in the IOS keychain. Changing your Master Password doesn't automatically change this secret because they are separate.

    Here's an article from the AgileBits Knowledgebase that explains this process fully (better than I ever could :) ) including a section on time limits "Why is there no time limit?"

    Hope this helps.

  • juanes1024
    juanes1024
    Community Member

    It is not the same but it is equivalent.

    In any case, the implication is that either the vault was not encrypted with the new password, which would defeat the purpose of changing my password; or that the password is somehow being synced to my iPhone, which is something AgileBits explicitly claims they don't do and for good reason.

  • Ben
    Ben

    Hi @juanes1024:

    I believe this article may provide additional explanation:

    Geeky details: Master Password changes

    I hope that helps!

    Ben

  • juanes1024
    juanes1024
    Community Member

    Thanks, @bwoodruff . That explains most of it.

    This does seem to imply that the iPhone app stores either the unencrypted master key or an old version of the encrypted master key in the keychain.

    Which one is it?

    Where else would I find old versions of the encrypted master key?

  • rickfillion
    rickfillion

    Hi @juanes1024,

    The current implementation of TouchID in the iOS app is storing your Master Password in the iOS keychain. From this we can derive a key to decrypt the local encrypted master key.

    The question of "Where else would I find old versions of the encrypted master key?" would depend on what you're using to sync and what devices are syncing. Basically any device that's still using the old Master Password would still have the master key encrypted with the old Master Password.

    Let me know if you have any additional questions.

    Rick

This discussion has been closed.