Synchronized local vault doesn't update master password on other devices

Spythe
Spythe
Community Member

Hey guys,

TL;DR: Changed master password on Mac, but it didn't change on any other synchronised device. How come?

I had a password for years (~10?) with minor variations and I've agreed with myself to get a new password that is much harder to crack (numbers, symbols, etc.). I changed my password on my Mac, running 1Password latest. My one and only vault is synched with my iPad and my iPhone, which are also running the latest version of 1Password. I opened my iPhone via TouchID and synched the vault. It said it synced and then I had it manually locked. Instead of reopening it with TouchID, I was able to unlock it with the old password, instead of the new password.

Much alike this topic from 2 years ago (https://discussions.agilebits.com/discussion/43926/are-master-passwords-device-specific-rather-than-account-specific) I am a bit worried why the password does not change on other devices. Can anyone explain?

-

For what it's worth, I'm running the 'old school' single-time 1Password purchase version with a WLAN synced local vault, instead of using a 1Password account and/or Dropbox sync.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Spythe
    Spythe
    Community Member

    I've read this article twice now and read the infographic multiple times.. I still don't understand how the master password syncs.

    Seemingly, the infographic (and the article behind it) is an answer to my question. Let's focus on the infographic with this additional comment for now. It itself consists of 7 parts (7 parts of the scenario). The first three are quite obvious, but starting from the fourth one I'm getting confused. Let me explain how I read

    1. Dev1 & Dev2 have set 'password1' as their master password
    2. Dev1 changes it's password to 'NewPassword'
    3. The Password file (thus not the password itself) syncs with other passwords
    4. (start confusion) Dev2 tries to open the vault with 'NewPassword' and fails
    5. Dev2 tries again with 'NewPassword' and succeeds
    6. Dev2 creates a new local keyfile with 'NewPassword'
    7. Dev2 can unlock with 'NewPassword' (huh, it could @5 already?)

    From my perspective, aside from the word 'local key' and 'agileKeyfile', it seems the second device tries to input the same Password and onward from the second try it succeeds. My problem with this is the practical reality of this scenario.

    Yesterday, my situation was step one in the scenario: both devices had the same password. Now I just changed my password on my Mac (Device 1, Step 2) and synced (WLAN) with my iPhone (dev2, step3). My new password gets rejected on Dev2 (step 4) and no matter what I do, it remains unaccepted (i.e. trying again (step 5), but doesn't work).

    Reading the infographic, it seems the device/Application itself updates the master password without a manual change by the user. However, I feel resided that this is my only way to change my master password on my secondary device.

    -

    For the record, I have no trouble in changing the master password on my secondary device if I use the old password (i.e. password1) and go to settings → change password. It feels the wrong way, however. Especially after reading this article. So where am I going wrong? _Somewhere obviously.. :) _

  • Hi @spythe,

    I believe that between 3 and 4 is where the confusion lies. You need to unlock dev2 with the old password at step 3 so that it can sync. Give it a little bit to ensure that it syncs, you can confirm that it has synced by looking at settings->sync. After it syncs then you can lock (either hit the home button or settings -> security -> lock now) and now unlock with the new password.

    Rudy

  • Spythe
    Spythe
    Community Member

    Hey @rudy,

    Thank you for your reply. Perhaps I wasn't clear enough, but I could do step 3 & 4 successfully, since I have no problem logging in with the old key and syncing my phone (dev2) with my main device. I can verify it has synced, since I've made a few changes to passwords and these changes have synced over.

  • Hi @spythe,

    I've just re-tested this to make sure that we didn't maybe break this without realizing it. Here's what I did:

    • Cleared all data on my iPhone
    • Setup a new vault on my Mac with Password1
    • Configured WLAN sync on my iPhone, and enabled Touch ID
    • I force quit 1Password on my iPhone (technically not necessary)
    • I changed my Master Password on the Mac to Password2
    • I launched 1Password on my iPhone and used Touch ID to unlock it
    • I went to Settings > Security and explicitly locked the iPhone
    • I then used Password2 to unlock the iPhone, and it worked.
    • Password1 no longer works to unlock the iPhone, which is correct.

    The Master Password sync process for WLAN sync is similar to Dropbox in that before you can unlock with the new password there has to have been an unlock where sync was successful (either using the old master password, or Touch ID).

    So it sounds like what you're doing is right. I would need to see a Diagnostics Report from the iOS device to see if it can give us a reason for why the new MP wouldn't have been able to use what the Mac gave it to unlock locally. I assume you're running an up to date version of 1Password for Mac? This should be working since about 5.3 or so if I remember correctly.

    Rick

  • Spythe
    Spythe
    Community Member
    edited July 2017

    Hey @rickfillion,

    thanks for testing out! Except a clean vault on my iPhone, all our steps are identical. However, I cannot use the old password but am still able to use the old one, like I already wrote.

    How can I send a diagnostic report?

    And yes, both the Mac and iPhone are up to date; running 6.8 on each.

    Update: I've tested this on my iPad 10.5 just now. A new device, as it's been just released. I recall installing 1Password and setting up WLAN sync to sync my Macs vault to it. Opened 1Password a few seconds ago, went to sync, synced, manually locked it and was still able to unlock the vault with the old password.

  • @Spythe : go to Settings > Advanced > Diagnostics > Send Diagnostics.

    In the email message it brings up, mention me by name (Rick Fillion) and include a link to this forum thread. Let me know when you've sent it and I'll try to go take a look.

    Rick

  • Spythe
    Spythe
    Community Member

    Hi @rickfillion,

    be sure to read my previous comment, as I added a bit regarding my iPad. Nothing special, just that it also happens on a pretty new device.

    I've sent the report. Thanks!

    -

    Off-topic: Is it possible to configure 1Password being able to send the report through other mail apps? I had removed the default Mail app, since I primarily and only use Spark as my client. I had to reinstall Mail just for this :) No worries is that isn't possible.

  • rickfillion
    edited July 2017

    Thanks. I've got your email/diagnostics report. I'll read it over and send you questions via email.

    Off-topic: Is it possible to configure 1Password being able to send the report through other mail apps?

    Not as far as I know, but I'm pretty rusty in my iOS development. I'll ask a real iOS dev when I get a chance.

    Rick

    ref: VMS-64111-929

This discussion has been closed.