How is changing a 1Password.com password supposed to work?

A family member had problems remembering his 1Password.com password, so we wanted to change that. I could find no such option in the Windows App, so we changed it on our 1Password.com domain. While doing this the Windows App locked. After the password was changed on the website we could no longer log in on the Windows App! It requested a password, but both the old and the new password were rejected...

While I was sure we made no typo's I decided to try recovery (as I had never tried that before; learning opportunity). This worked pretty OK, except for the fact that the Windows App was still requesting a password and not accepting both the old and the new password... And even if it would accept it; how was that going to work now that the Secret Key was changed as part of the account recovery?

Next I had to search on the web how to start over to discover that I had to go into %LOCALAPPDATA%\1Password and rename/remove the data folder. Finally I could enter the new Secret Key and the new password was accepted.

No way this non-technical family member would have been able to do this by himself...

  1. How is changing the password supposed to work?
  2. How is account recovery supposed to work?

This was a pretty bad experience and I'm hoping this is unusual and it was me who did something wrong...


1Password Version: 6.8.496
Extension Version: n.a.
OS Version: Windows 10 1709
Sync Type: 1Password.com

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @XIII: I don't think you — or they — did anything wrong. That all sounds right to me, except for the part where you're not able to unlock 1Password after that. The good news is that, as you noted, this doesn't lock you out of the account, and you can setup the app again with the correct credentials. But you're 100% right that it shouldn't be necessary to reset the app. I'm sorry for the trouble that caused. I'm not sure we'll be able to figure out what happened exactly, but I have a few things you might be able to confirm or deny:

    1. Are you certain they were running the current stable version of 1Password for Windows?
    2. Did they perhaps originally setup the app using a much older version?
    3. Did they setup a local vault there in the past?

    It's possible we have a bug though, so I just tested this twice just now. This is what should happen when you change the password (or really any account credentials) for an account you have setup in the app through the website:

    Then all you need to do is click on that and sign in with the new credentials and all will be right again. So the question is, did you miss the notification, or was it not received or shown at all for some reason? The only other thing I can think of is that a network issue prevented the app from getting the notification in the first place, so perhaps the app isn't getting the message that the password for the account has changed. So while I'm sorry for the experience you had and even sorrier I don't have more than questions for you, maybe we can figure out what might have gone wrong and perhaps improve the app in the future.

  • XIII
    XIII
    Community Member
    edited March 2018
    1. Definitely latest current version
    2. Account has indeed been set up some time ago (we have the early adopter benefits in our Family plan)
    3. No local account on the PC (we did use Dropbox before Families, but only on iOS for this user)

    The App was locked, so I had no opportunity to see that red message...

  • @XIII: To add to brenty's explanation here, 1Password for Windows does handle one thing about Master Password changes rather differently from other apps. If 1Password is locked, it will only accept your old Master Password to unlock until you've updated it in-app as brenty described. Once you've unlocked with the old Master Password, you'll see that banner and can update the app's Master Password from there. Reason being that 1Password for Windows cannot presently check for a new key from 1Password.com while locked, so it can't check your new Master Password against what the server has after it fails locally the way other apps do. This is something we're working on improving. It's not consistent with other apps right now and is, frankly, quite confusing.

    That said, I can't think of any reason the old Master Password would have not worked unless your family member had forgotten it and/or it was being entered incorrectly. At that time, 1Password would have only been checking against the local database and that only gets updated once you've clicked that banner and entered your new Master Password to update it. There's no way to change the Master Password for this local database either in-app or remotely. Still, I've toyed around a bit to see if I can reproduce a scenario where the old Master Password doesn't work in case something is going wrong, and thus far I've been unable to do so. At this point, since you've recovered the account and reset the app, we may not be able to track down the exact cause.

    To answer your question about the Secret Key following recovery though, this process is the same in that case. Your encryption key locally will still be the one derived from your old Master Password and Secret Key, so you'd be able to unlock with your old Master Password and then update both Master Password and Secret Key after clicking that error banner. The old Master Password should have still allowed you to unlock the app and update credentials as needed to resume syncing.

    I'm afraid I have little more in the way of answers as to why this happened, but hopefully I was able to shed some light on how the process is intended to work.

  • XIII
    XIII
    Community Member

    but hopefully I was able to shed some light on how the process is intended to work.

    Yes! Thank you for that.

  • @XIII: It's no problem at all! I'm sorry we couldn't do more to solve the mystery, but hopefully you'll be well-prepared for this in the future so you won't run into trouble again (at least, until we fix it for good). :chuffed:

This discussion has been closed.