Remove persistent previous accounts on iOS? (Erase All Data should actually erase all data)
I am in the process of reshuffling multiple accounts on my 1PW Families subscription in order to move different entries into the vaults of different accounts (I use multiple accounts on different systems for privilege isolation). However, when wiping and re-logging into my iOS app, I was very surprised to find this:
Nothing in the UI allows me to remove these suggestions. Furthermore I was unable to remove these account suggestions despite Erasing All 1Password Data (previously called "logging out" of subscription account), or uninstalling+reinstalling the iOS app. What's going on and how can I remove these suggestions that persist across app installs?
What bothers me in this particular case is that it appears I only need to provide my master password in order to log back in. This seems to compromise the Account Key-based key derivation and therefore all my extra bits of entropy from the Account Key that aren't supposed to be stored anywhere, let alone saved across installation sessions. How is this persistence being accomplished? I am pretty sure iOS is specifically supposed to prevent apps from having persistent data across separate installations, and it doesn't seem like you're storing in iCloud app store, iCloud Drive, Keychain, etc.
This isn't being fetched down from the server-side based on some master-password-derived server-side store, is it? I really hope it's some local storage you're using for the Account Key, otherwise this would appear to me to break the security promises of entropy-boosting via +2SKD.
And most importantly - how do I remove them? Thanks.
1Password Version: 6.7.2
Extension Version: Not Provided
OS Version: iOS 10.3.2
Sync Type: 1Password Families
Comments
-
Hi @analogist,
Thanks for taking the time to write in.
When logging into a 1Password membership from 1Password for iOS or 1Password for Mac, if you have iCloud Keychain enabled, your sign-in details (sans-Master Password) are stored in iCloud Keychain. You can prevent this by turning off iCloud Keychain. At the moment the only way to remove these items from iOS is to delete the 1Password membership they are for, and then try logging into them. When you do so 1Password will recognize the membership deletion and then remove the item from iCloud Keychain.
Thanks!
Ben
0 -
Whoa what? I use iCloud Keychain solely for syncing WiFi passwords, but otherwise as little data as possible. Is it truly impossible to remove these items from iCloud keychain without deleting my 1Password membership?
0 -
Well that's unfortunate. It'd be great to have a less-nuclear option, or at the very least have this stated somewhere semi-accessible during the setup process.
Thanks for the clarification. :)
0 -
You're welcome. I'll certainly pass the feedback along to our documentation and development teams, respectively.
:)
Ben
0 -
Thanks for the update. :)
Ben
0 -
If you have a Mac that's signed into the same Apple ID as your iPhone you can delete those saved credentials using
Keychain Access
and looking forcom.agilebits.onepassword.B5Credentials
.Rudy
0