Changed master password but desktop app using old password
I changed my master password yesterday via the web app yesterday. When I tried to login using the windows desktop app it let me using the old password but then gave me a warning at the bottom, but the app continued to stay open! Then when I returned home to my mac at night I tried opening that desktop app and it would only let me in with my old password. It gave me a warning and I had to type my new password into that warning box but when I lock the app it still only lets me in with the old password. First, this all seems SO insecure. Secondly, how can I get everything to reset? The only app that worked as expected was my ios app: the first time it only accepted the old password but immediately it gave a warning (and I couldn't look at the contents, something the desktop apps failed at), it forced me to type in the new password and has only worked ever since with the new password as it should.
I noticed that my mac desktop app is signed into my cloud families account but it also has syncing with dropbox. What the?
1Password Version: 7.2.2
Extension Version: Not Provided
OS Version: mac 10.14, windows 10
Sync Type: cloud, I thought
Comments
-
An edited version:
I changed my master password yesterday via the web app. When I tried to login using the windows 10 desktop app it let me using the old password but then gave me a warning banner at the bottom, but the app continued to stay open with the contents in full view! The machine was connected to the internet. I can't remember what I did but eventually it queried for the new password and then worked just fine after that meaning it only worked with the new password. Then when I returned home to my Mac at night I tried opening that desktop app and it would only let me in with my old password and all contents remained viewable. Eventually it gave me a warning dialog box into which I had to type my new password but then when I lock the app it only lets me in with the old password. That warning never appeared again. The new password is still rejected. The only app that worked as expected was my iOS app: the first time it only accepted the old password but immediately it gave a warning (and I couldn't look at the contents, something the desktop apps failed at), it forced me to type in the new password and has only worked ever since with the new password as it should.
First, this all seems SO insecure. Secondly, the inconsistency of the apps is alarming. I have used 1Password for years and this is the very first time I have felt uneasy about it's security. Thirdly, how can I get everything to reset?
I noticed that my Mac desktop app is signed into my cloud families account correctly but it also has syncing with dropbox (for my Personal vault perhaps?).
1Password Version: 7.2.2
Extension Version: Not Provided
OS Version: mac 10.14, windows 10
Sync Type: cloud, I thought0 -
I do not understand why no body at 1password has replied to this. No questions, no concern. It seems to me that anything concerning problems with the master password would get the highest attention. I have also reached out on twitter and absolutely no reply. Not only is this alarming for this particular problem but it is utterly inconsistent with my past experiences: every contact I've ever had with AgileBits has been promptly dealt with.
0 -
I apologize for the delay. We've been innundated with requests and inquiries lately and as such our usual less than 24 hour response times have stretched into days. We're not happy about it either, and are working hard to get back to our usual prompt responses.
Here is how 1Password handles unlocking:
- If a Primary vault (standalone vault) exists the Master Password for the Primary vault will unlock 1Password. Changing your membership password will have no effect. You can read about how Master Password changes are synced across Primary vaults here: https://blog.1password.com/how-1password-syncs-changes-to-your-master-password/
- If a single 1Password membership has been added (with no Primary vault) then 1Password unlocks using the Master Password associated with that membership account
- When multiple 1Password memberships have been added (with no Primary vault) 1Password unlocks using the Master Password of the first added membership
1Password only ever acccepts one Master Password. All memberships / vaults are unlocked when 1Password unlocks. In general we do not recommend having a Primary vault when using 1Password.com.
I hope that helps!
Ben
0 -
@Ben, so to use my new master password on my Mac app it sounds like I need to delete my Primary vault?
Question: if I've been really signing into my Primary vault (which is stored locally) all this time when using my Mac App, why was I able to look at all of the vaults stored in the cloud? Seems like I should have only been able to examine my Primary vault since that's the master password I was really using.
0 -
@Ben, so to use my new master password on my Mac app it sounds like I need to delete my Primary vault?
Correct.
Question: if I've been really signing into my Primary vault (which is stored locally) all this time when using my Mac App, why was I able to look at all of the vaults stored in the cloud? Seems like I should have only been able to examine my Primary vault since that's the master password I was really using.
I talked about that here:
1Password only ever acccepts one Master Password. All memberships / vaults are unlocked when 1Password unlocks.
Ben
0 -
I just started a new job where they use 1Password so I got the family stuff included with that subscription. I thought I'd check out 1P as an alternative to my other password manager (Bitwarden) and I've noticed this same situation...
I have 1P apps on Win10 and Android. To "reset" the apps' master passwords to my personal vault master password, do I just need to delete the work vaults and then re-add them or do I need to delete all vaults and re-add in the correct order (mostly, just by ensuring that the personal account is first) in both/all applications?
0 -
Removing the work 1Password account, leaving only the personal one, and then re-adding the work account should make it such that 1Password unlocks with the Master Password of the personal account. :+1:
Ben
0 -
Thank you, worked well. The only caveat now being if I change my master password later, I'll need to remove and re-add all of the accounts to reflect that change?
0 -
Nope; that shouldn't be necessary. Should be smooth sailing from here. :+1: Glad to hear that worked out. If we can be of further assistance, please don't hesitate to contact us.
Ben
0