Resetting a family members password does not force logout on devices [can't access app]

newvalley
newvalley
Community Member
edited November 2018 in Families

Hi,

I just had a family member that forget their password. Once I sent the reset password and she made a new password, her iOS and MacOS App's did not log out. Meaning they are still using the old access key.

I'm guessing this must be a bug since this simply means that resetting a users master password won't really help the users get into the devices again...

Note: I do know that you can delete the apps and their application data, but this is not something that's easy to explain to a 50 year old mom I'm afraid. Must be a better solution for this?

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @newvalley: I'm sorry for the confusion. You'll find that those devices are, in fact, signed out of the account. No changes will sync to or from them until the account is signed into using the current credentials. I think what you're confusing is that the data is still there. That's expected and very intentional, as the encrypted data is cached locally. Otherwise all 1Password users would need to have an active internet connection at all times in order to access their data. We don't get a lot of requests to make 1Password "online only" (though we do get a few here and there). And of course in regard to security, though some people want 1Password to "nuke" itself when credentials are changed elsewhere, if someone malicious had the device they could just keep offline to prevent that from happening anyway. I am sorry that some of this isn't obvious, but I think you should give your mom more credit. I bet she knows how to install apps. ;)

  • newvalley
    newvalley
    Community Member
    edited November 2018

    Hi @brenty,

    Don't seem I really got an answer I'm afraid... The master password has changed, but the new password does not work on either the iOS or the MacOS app. What are the steps to login after a password reset? They are not present anywhere.

    FYI: I've always been a fan of having all the data on my own hardware;) The issue here is that the password in your online solution is not propagating to applications that have the 1password.com user logged in, meaning the apps are "useless" until they are factory installed again. This surely can't be the intended behavior?

    I understand the security aspect of locking all devices when changing the password in online solution. However, there should be a button somewhere to "logout" of 1Password when the user can't get in and needs to re-authenticate with the new access key and password. Right now that's not the case.

    She also did re-install the iOS app, it automatically linked to her old access key.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @newvalley: Sorry, you didn't ask a question originally, so I rambled a bit on the topic. Thanks for bearing with me. :)

    Don't seem I really got an answer I'm afraid... The master password has changed, but the new password does not work on either the iOS or the MacOS app. What are the steps to login after a password reset? They are not present anywhere.

    You should be prompted to sign in again, since the credentials are no longer correct. If that's not happening for some reason, signing out and then signing back in with the correct credentials will work.

    FYI: I've always been a fan of having all the data on my own hardware;) The issue here is that the password in your online solution is not propagating to applications that have the 1password.com user logged in, meaning the apps are "useless" until they are factory installed again. This surely can't be the intended behavior?

    I'm not sure what you mean by "the apps are 'useless' until they are factory installed again", so I'm not sure how to answer your question. Can you clarify?

    I understand the security aspect of locking all devices when changing the password in online solution. However, there should be a button somewhere to "logout" of 1Password when the user can't get in and needs to re-authenticate with the new access key and password. Right now that's not the case.

    That's incorrect: You can "logout" in 1Password Settings/Preferences > Accounts.

    She also did re-install the iOS app, it automatically linked to her old access key.

    No, it didn't. She would have had to select the old saved credentials, instead of entering the new ones. I can see how it might be confusing, but in the vast majority of cases people will be using the same credentials in perpetuity. It's just in this case, she had to reset them, so she'd have to enter the new ones after doing so. There's no way around that. :blush:

  • newvalley
    newvalley
    Community Member

    @brenty

    Thanks for getting back to me:)

    You should be prompted to sign in again, since the credentials are no longer correct. If that's not happening for some reason, signing out and then signing back in with the correct credentials will work.

    Not happening I'm afraid. To be able to logout she first have to login to the 1Password iOS App. She forgot her password (why we reset the password), so not possible to logout of the app.

    I'm not sure what you mean by "the apps are 'useless' until they are factory installed again", so I'm not sure how to answer your question. Can you clarify?

    Basically I'm just stating there is no place to logout of the iOS app before you login. And since we don't remember the old password she can't login to then logout and login with the new credentials.

    That's incorrect: You can "logout" in 1Password Settings/Preferences > Accounts.

    How can I access 1Password Settings without login? As said before, we have done a master password reset.

    No, it didn't. She would have had to select the old saved credentials, instead of entering the new ones. I can see how it might be confusing, but in the vast majority of cases people will be using the same credentials in perpetuity. It's just in this case, she had to reset them, so she'd have to enter the new ones after doing so. There's no way around that. :blush:

    Ah, that might be the case. I'll tell her to type in "new" credentials, but actually type the same url again I guess.

    Thanks!

  • I see. Thanks @newvalley. I'm going to ask QA to take a look at this and see if there is something that is indeed working differently than we intended.

    Ben

  • newvalley
    newvalley
    Community Member

    Thank you, @Ben!

    Thought I should mention it as it’s quite a hard workaround for users. Would be great if there was an easier way to trigger the password changes in the applications.

    Best,
    Robin

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed, thanks for the clarification, and the feedback. :)

This discussion has been closed.