Changed Master Password - Not Syncing
I sync 3 vaults via Dropbox - have used 1P for years and love it =) No issues ever with Syncing.
I wanted to change my master password, so I did. However, the old password still worked on other devices, even after reboot. I checked the forums, only saw older posts, where it was encouraged to login with the old password, then logout, and it should work with the new password. It didn't work. How can I fix this? Also, would I have to change each individual vault password, or will changing the master password change them all so to speak? The fix didn't work on other computers nor did it work on iOS.
1Password Version: 6.7.1
Extension Version: Not Provided
OS Version: Mac
Sync Type: Dropbox
Comments
-
@Kylereilly: It sounds like the vault isn't syncing properly then. You did exactly the right thing. The trick is that 1Password can't sync your Master Password because it isn't stored. Rather, it's syncing the data, which can then be decrypted using the correct Master Password. That's why it's necessary to use the "old" one first after chasing it on another device: the data syncs, and then the updated data can be decrypted with the new one. Please do the following:
- Open 1Password on the device where you changed the Master Password
- Create a new test item
- See if it shows up on the other device
- Create a test item there
- See if it shows up on the original
This should tell us if Dropbox is actually syncing the data in the first place. Let me know what you find!
0 -
Hi @brenty So I tested adding a new item on my laptop - it worked perfectly on my desktop. I then added a secure note on my desktop, and it also showed up perfectly on my laptop. So no syncing issues - the only issue is its 2password, not 1password :P
0 -
Any ideas?
0 -
@Kylereilly: Unfortunately we don't have any insight into Dropbox or why the key change might not be syncing when your items clearly are. The best thing to do would be to simply change the Master Password on the device which hasn't gotten the change. But I also realize that I failed to answer your other question:
Also, would I have to change each individual vault password, or will changing the master password change them all so to speak?
Individual vaults will each have their own Master Password (except with a 1Password.com account), so you'd have to change them separately if you wanted to. The app, however, will always unlock using the Primary vault's Master Password.
But that makes me think...do you maybe just have your vaults setup differently across different devices? Changing the Master Password for a secondary vault won't change the one you use to unlock. Hopefully that makes sense.
0 -
How would one change the individual vault password? Preferences only has the option to change my master password (that I can see).
0 -
Nevermind, I found it =)
0 -
Glad to hear you figured it out, @Kylereilly! I'm sorry if that wasn't clear at first.
You should be all set now, but if you have more questions or need more help, just let us know! :)
0 -
I have confirmed that a new test item (secure note) created on device A, with the new master password, is syncing via DropBox to device B, but the old master password works on device B, allowing me to access the test item from device A. This seems to be a critical security issue of the highest degree. If a master password was compromised, then this would indicate that changing the master password does not restrict continued use of the compromised master password.
Note that Device B is an Android mobile device. The master password seems to be propagating properly between my two desktop devices.
0 -
That is because of the way changing passwords works.
The new master password created on device A has to reach device B, and yet it must not be transferred in an insecure way.
So device B has to use the old master password at least once, and it will then have access to the new password. One could continue using the old password and never use the new one (which, as you say, could be a security risk), but you can also use the new password. As soon as you use the new password, the old one can no longer be used.
Maybe AgileBits have a clearer and more detailed explanation than this.
0 -
@danco: I think that's a really useful metaphor. Thank you! :)
@jaynedc: It doesn't exactly work like that, but maybe danco 's explanation helped. In truth, it's impossible for 1Password to sync your Master Password because it isn't stored anywhere. It would sort of be like trying to transport goods cross-country by sending only the empty space that would be left over in the truck. Well, not exactly, but it's fun to think about.
Did you see my earlier comments? The reality is that the Master Password is used as an input to transform your data, so when the data is transmitted, the transformation can only be reversed using the same Master Password. So if the data on your other device is still encrypted using your "old" Master Password, you'll need to enter that one to unlock so it can sync the changes to the data, which can then be decrypted using the new one.
If you're still having trouble with this, it may be that Dropbox isn't syncing everything properly. If you have all of your data on "Device A", you could delete the app on "Device B" and reinstall a fresh copy to connect to Dropbox and force it to sync everything over. from scratch. Let me know if that helps!
0 -
@brenty - to be clear, I was able to use the old password after I used the new password on the synced Android device. Looking back over the thread, I believe I am having the same issue that you addressed on May 21- something is wrong with the Dropbox sync as it relates to Master Passwords.
0 -
@jaynedc At the request of my colleagues, I thought I would jump in here to lend my expertise on the Android side of things. I'm unfortunately not able to reproduce the issue that you're describing on my devices. Instead, I see the expected behaviour...
After changing the Master Password for my vault in 1Password for Mac, I first have to unlock 1Password for Android with my old Master Password. The next time it locks, I can use my new Master Password. After that, my old Master Password fails to unlock 1Password on my Android device.
This leads me to wonder if something might be corrupted in the 1Password files that are syncing through Dropbox. If that's the case, we might find a clue to that effect contained in the sync log for 1Password on your Android device. With that in mind, I'd like to ask you to create a diagnostics report from your Android device:
Sending Diagnostics Reports (Android)
Attach the diagnostics to an email message addressed to
support+forum@agilebits.com.With your email please include:
- A link to this thread:
https://discussions.agilebits.com/discussion/comment/384649/#Comment_384649 - Your forum username:
jaynedc
That way we can "connect the dots" when we see your diagnostics in our inbox.
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here so we can track down the diagnostics and follow up with you. Once I've got that diagnostic report, I should be able to decipher any clues it contains
0 - A link to this thread:
-
I have this problem currently. Please advise concerning the best practice. I want to lock down 1password standalone access on a stolen laptop by changing the Master Password. I assume it isn't changing on the stolen laptop as it isn't changing on IOS devices. New logins sync perfectly. I cannot erase remotely.
Windows 10 operating system. Dropbox. Thanks0 -
@FRANKLAR: I'm sorry to hear that. Just to clarify, are you having an issue with not being able to use the new Master Password on a device you still have? It isn't clear from your comments if that's the case. Please let me know.
However, it's important to point out that, either way, you should assume that you can't change the Master Password on the stolen device. After all, if someone wants to try to break into your 1Password data, all they need to do is keep the device offline, and/or make a copy of the current database and continue trying to guess your "old" Master Password. Similarly, while remove erase tools exist for devices, that's also easy to thwart by keeping it disconnected from the internet so it can't get the signal to nuke everything. There's just no way around that.
Fortunately 1Password's security doesn't depend on obscurity — the encrypted data never being captured. So long as you were using a long, strong, unique Master Password you're in good shape. And 1Password also uses PBKDF2 to slow down brute force attempts. With those combined, you don't need to worry about an attacker breaking into your data until long after you're dead.
Unless you're immortal. That's another problem entirely. :sunglasses:
0 -
I'm experiencing the same issue. I changed my master password on one laptop, but the old master password still works to on a second laptop. I have created secure notes on both devices and have verified that they sync both ways.
If I understand correctly, you are saying that the masterpassword is used to encrypt the vault (or the individual items perhaps?) before synching. However, if that were the case how is it that I can open items created on one device without the master password from the second device?
0 -
The items are not encrypted directly using the Master Password. They are encrypted using a key that is generated based on your Master Password. Changing the Master Password does not cause the items to be re-encrypted. If it did that would make changing the password a very time and bandwidth intensive operation -- the time to re-encrypt plus the time to re-sync all of the data on all devices.
We get into a little more depth on this here:
How 1Password syncs changes to your Master Password - AgileBits Blog
Ben
0 -
@Ben Thanks, that was super helpful! I think the part that is a little confusing is that I expected a failure of the old master password would indicate a successful synch. When actually, the success of the new master password on the second device indicates a successful sync. Thanks a ton for your help! Happy Thanksgiving 🦃
0 -
Glad Ben was able to help. Happy Thanksgiving to you too! :) :+1:
0
