Change password option

tom223

First off, the latest betas are looking great! The Windows app has come along way in the last few months.

I noticed the option to change your password within the app has been recently removed. I understand why, as the changes weren't synced back to the cloud. However, I did use this to create a shorter 'local' password (in comparison to my longer cloud password anyway). This was quite useful as typing in a huge password multiple times a day is a bit of a pain. I still have my 'local' password for the meantime, but if I re-install or install on a new device, it'll be gone :(

Is there a plan to replace this with a PIN or something similar? The Android app has this and works well.

MikeT

Hi @tom223,

Thanks for writing in.

I know the feeling, I often use a single character password to do my testings with demo vaults and now I have to type in the longer passwords. Reinstalling 1Password does not reset your local database, it'd still be protected by the password you've given it. New device installs would create a new database that requires the first password you enter into the 1Password app.

At the moment, we don't have anything that we can confirm on our future plans in this area. We do use Windows Hello in our Windows Store version of 1Password (not available to new customers right now) and we plan to retain that in the next major update coming soon that'll be available to all Windows 10 (CU or later) customers. As for previous Windows versions, we don't know yet, we need more time to investigate the security of having this support on computers that have no TPM or SGX hardware chip to secure the data.

tom223

Thanks for the reply @MikeT - so as I understand it there's currently no secure place to store your master password when it's being replaced by a PIN/fingerprint etc?

If so, would it possible to bring back the option, maybe making it super clear what you're doing, potentially putting it in the Advanced settings?

AGAlumB

@tom223: If it cannot be done securely, we're not going to do it. The security of all 1Password users' data depends on the integrity of their Master Password, and we're not going to offer people a tool to shoot themselves in the foot here. There's understandably an expectation that 1Password will give the user tools to help make themselves more secure, and with that in mind offering a feature that does the opposite is confusing at best — and at worst, very damaging. We'll continue to explore other options though.

MikeT

Hi @tom223,

Just to clarify, we do not store your master password anywhere, we derive a local unique strong encryption key to be protected by the first password you give to 1Password and store that key on disk. To unlock 1Password, it needs that key, so you give that password, it decrypts, grab that key and unlock 1Password. When you change the password, it's basically re-encrypting the key, so it would only be decrypted with the right password. So, when you use a much weaker short password, the strong encryption key is now hindered by that password and anyone with access to your hardware will be able to guess the weaker password quickly and get into your 1Password database, regardless of how strong the encryption key we use.

There are computers with special hardware chip such as TPM or SGX that we could use to re-encrypt a key with the TPM/SGX chip (so that if someone clones the drive to another computer, you can't unlock with that key anymore) to store on the disk that's secure but not all computers have it. Windows Hello started mandating TPM since last summer and thus we will try to mandate TPM if possible for 1Password for Windows Store as well. There are secure storages, we just haven't done the work to use them yet. This does mean it would not be available for everyone.

As for your suggestion with Advanced settings, that's exactly what we did a few months ago and it still caused issues. So, we've decided to just pull it for now and bring it back in a better implementation with bi-directional password change sync to 1Password.com and hopefully, with a solution for TPM/SGX users.

tom223

Wow, a brilliant, detailed response. Thanks both @MikeT and @brenty. Appreciate your commitment to security.

AGAlumB

Likewise, thanks for bringing this up! It's good to know this is a feature you'd be interested in, and it's always fun to discuss the possibilities. Cheers! :)