Master Password and syncing between OSX and iOS

njeester
njeester
Community Member

I have a question relating to changing the Master Password and dropbox sharing.

In the manual it says:
You’ll need to update the Dropbox sync setup in the 1Password app on your mobile devices to use the new master password. (See the user’s guides for the 1Password apps for instructions.)

However I have changed the Master Password on the Mac and have not changed anything on the iPhone but both still work and sync between the two devices; should it?

On the mac v4.4.2 and iPhone v5.1.2

Comments

  • Hello @njeester,

    Just to clarify, you now have a separate Master Password on your iPhone and on your Mac? That does occasionally happen, though it is not intended. And by the sounds of it, all other items continue to sync normally?

    One other point, the first time you unlock 1Password on your iPhone after changing the password on a Mac you will have to unlock using the original Master Password before it will sync the new Master Password. You may want to try unlocking 1Password on your phone again if you haven't already (you may need to reboot your device if you're using TouchID or a PIN code to receive the Master Password prompt)

    Sean

  • njeester
    njeester
    Community Member

    Thanks for the reply, Sean.

    I have rebooted the iPhone and logged back in with the original Master Password. So I have different Master Passwords on the Mac and iPhone. I can also add/amend and sync between the two devices ok. (Also I have locked and unlocked 1P on the Mac to be sure that is working with the new Master Password. Also I have logged back in to 1P on the iPhone using the original Master Password a couple of time since rebooting)

    So if the system is not automatically sync'ing the Master Password do I need to manually change the Master Password on the iPhone if I want them both the same?

    Thanks, Nigel

  • Stephen_C
    Stephen_C
    Community Member

    So if the system is not automatically sync'ing the Master Password do I need to manually change the Master Password on the iPhone if I want them both the same?

    Yes, that is the current work around for the problem of master password changes not syncing via Dropbox.

    Stephen

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    @njeester‌

    We're hoping the next update will cure some of these niggles but until then Stephen_C's advice is what we recommend.

  • Dukon
    Dukon
    Community Member

    I want to second that and add some info from my experience.

    Recently I changed my master password on my Mac, and was hoping to be asked to enter the new password on my iPhone. Instead, I noticed that my 1Password on my iPhone kept using the old master password. I tried, shutting 1Password down on my iPhone, resetting my iPhone, disabling cellular data for 1Password, and even deleting local data and settings from my iPhone (under 1Password, Settings, Advanced). Even then, when I tried to setup my iPhone to use an existing database and get it from the iCloud, 1Password on my iPhone kept accepting my old master password, and only that.

    I tried adding a new entry to my Mac database, and surprisingly it appeared on the iPhone as well, even though it was using a different master password.

    To my understanding, this means the database can be decrypted using two passwords at the same time.

    Of course, I can use the work around mentioned above, but to me it sounds just creating another master password, and actually leaving the database with two (or more) old master passwords that can decrypt it.

    My next step was to start (almost) from scratch by:

    • Disabling sync on all devices
    • Deleting local storage on my iPhone
    • Deleting the iCloud database (1Password on my Mac, Help, Troubleshooting, Reset iCloud Data)
    • Re-enabling iCloud sync on my Mac
    • Starting the iPhone app with an existing iCloud database

    That said, while it seems to work for me, I am not sure that the solution to change the master password in each device is a good one. To me it looks like avoiding the issue, but still allowing another old password to decrypt the database.

    Hope it helps.

    My setup:
    Mac OS X Yosemite (10.10.1)
    1Password from the Mac App Store Version 5.0.2 (502006)
    iOS 8.1.2
    1Password 5.1.2 form the App Store
    iCloud Sync

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    edited December 2014

    Hi @Dukon‌

    If you're saying that a completely fresh copy of 1Password was still requiring the old Master Password then something went wrong in the synchronisation process. That is different from most of the Master Password related issues as they would be solved by wiping just the local database and not the sync data. As to why that thread related issue exists it's probably easiest if I simply link you to a previous thread. It's connected with encryption keys and the fact that your Master Password doesn't directly decrypt almost any of your data for security reasons. If you take a look at the thread that statement will make more sense.

    If you ever find you manage to replicate your situation I know the devs would be interested in a diagnostic report.

  • Dukon
    Dukon
    Community Member

    Hi @littlebobbytables

    I read that thread, and even a few more explaining how 1Password manage encryption keys. But it does not seems to fully describe what I am observing as exactly as you noted, wiping local data and settings should "fix" the issue in this case.

    If by "completely fresh copy of 1Password" you mean the iCloud database that has just been accessed by my iPhone after I deleted local storage, so yes. In addition, I did a few more tests:

    I just verified the following process:
    1. Changed my Master Password on my Mac.
    2. Verified that the new Master Password, and not the old one, open my Mac database.
    3. Added a new entry on my Mac.
    4. Verified it is still syncing to my iPhone (still using the old Master Password) - from what I read, until here it's a known issue.
    5. Deleted local storage on my iPhone (Settings, Advanced, Erase Data and Settings).
    6. Opened 1Password on my iPhone and asked to sync an existing vault from my iCloud.
    7. Typed my new Master Password and it did not work.
    8. Typed my old Master Password and it did work... (I also noticed that the password hint did not change even though I changed it when I changed the Master Password on my Mac).
    9. Modified the password of the new entry I mentioned above in step 3 and verified the database is still syncing both from the Mac to the iPhone, and from the iPhone to the Mac.

    In addition, I tried other ways to clear any local caching. I added the following steps just after step 5 above. After each of these steps, I was successfully able to access and sync my vault on iCloud using my old Master Password:
    5.1. Manually killed 1Password.
    5.2. Restarted my iPhone.
    5.3. Deleted the 1Password app from my iPhone and downloaded it again from the App Store.
    5.4. Created a new local vault on my iPhone with a 3rd Master Password and deleted it (did not sync it to iCloud)
    5.5. This is the best: Created a new local vault again with a 3rd Master Password. Added an item to my local vault. Asked to sync to iCloud – was asked for my oldest Master Password to enable sync. Successfully synced, including the new item appearing on my Mac vault that was using the new (but not 3rd) Master Password all this time. Following all that, 1Password on my iPhone was asking for the 3rd Master Password to open and sync (verified) the local vault.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @Dukon‌

    I'd like to better understand what is going on in your instance so could you do the following for me please (if you don't mind helping us out).

    Can you try changing the Master Password again and letting it sync. Then can you send us in a Diagnostic Report

    I'd like to ask you to create a Diagnostics Report from your Mac.

    Then attach the entire file to an email to us: support+forum@agilebits.com

    Please do not post your Diagnostics Report in the forums, but please do include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we see your Diagnostics Report in our inbox.

    Once you've sent the Report a post here with the ticket ID will help us to keep an eye out for it. :)

    Once we see the report we should be able to better assist you. Thanks in advance!

    I'm hoping the error log gives us some details as to why this isn't working. What I would say is after you've sent in the DR, if you were to disable iCloud Sync on your Mac and have it delete the sync data I would be quite horrified if it still asked for the old password once you set it up again. Assuming you don't mind though the DR before that could prove instructive. Certainly it doesn't seem to be the same issue others have experienced.

  • Dukon
    Dukon
    Community Member

    Hi @littlebobbytables

    I sent the Diagnostics Report to support+forum@agilebits.com. Ticket ID is [#HPZ-61289-979].

    Please note that your last paragraph describes the only solution that DID work for me as I described in my original post as "starting from scratch". The difference I can see between this and everything else (that is not working) I described in the following post is the actual wipe of the iCloud copy of the database. In my opinion it means that the iCloud copy also holds the old Master Password (or ability to decrypt the encryption keys file with the old Master Password). That is not coherent with other descriptions that say that the ability is only kept locally (Master Password decrypts the encryption keys file).

    Hope it helps.

  • MikeV99
    MikeV99
    Community Member

    Update Master Password on iMAC using Dropbox. New password required on iMac. New password not required on all IOS devices and MBA (still using old one). I think I will change Master Password on iMAC so that everything is using the same one. Hope this gets fixed quickly.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @Dukon‌

    Thank you for the report. Excuse my curiosity but if you were to change your Master Password now, after all the trouble you've had do you still find the same issues as before? I'm wondering if you can repeatedly reproduce the inability to change a Master Password without completely wiping out the sync data - certainly not how it should be working at all and not how many find it to.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    @MikeV99‌

    The next release contains a few bug fixes in this regard but Dukon's issue had the potential to be different from the known ones.

    Can I ask, as you're using Dropbox, what Master Password unlocks your vault if you access it via 1PasswordAnywhere?

  • MikeV99
    MikeV99
    Community Member

    I do not use 1PasswordAnywhere. To test it I would need to go back and change the PW on the iMac. I also have not tried changing it on an IOS device to see it that works. I would think Agile should be able to do those tests?

  • Dukon
    Dukon
    Community Member

    Hi @littlebobbytables

    Yes. I repeated the process above several times with the same results. The process is very repeatable on my side. I will be able to verify it on a different iPhone and Mac in a week, but as I already wiped and restarted from scratch everything, including deleting the 1Password apps and reinstalling, I am very surprised that this issue cannot be repeated by others. Again, I deliberately avoided manually changing the Master Password on each and every device as I think it just provides an additional key (Master Password) for the same locked door (vault). The only solution I found to be working is to change the local Master Password on my Mac (did not try it in the other direction - iPhone to Mac), wipe everything including the iCloud vault, and restarting the sync from Mac to iCloud, then iCloud to iPhone.

    Two more points to consider:

    1. For debugging: During all those tests described above I was using the same Primary Vault on my Mac - wiping it, and hoping that your backup/restore process is perfect, is the one step that I did not do. Wiping the iCloud copy was enough to "solve" my issue, but might also kept something (bad) in my local setup.

    2. Less interesting, but maybe: I probably wiped the iCloud vault around 10 times. One of the last times I had to sync it back did not work so well (it was a bit scary...). Both the Mac and the iPhone were reporting a successful sync (including manual syncs and app restarts), with the correct Master Password, but the database from the Mac just did not appear on the iPhone. Again, both reported a successful sync several times. An iCloud wipe did not do the job either. The final solution was to delete the app from the iPhone and restart. That said, this issue happened only once out of many syncs I did, so I can't say I think it has anything to do with the main issue of the Master Password sync.

    Best,

  • Hi @Dukon (and @littlebobbytables‌),

    This is a known issue with 1Password for Mac 5.0 and 1Password for iOS 5.0/5.1 with iCloud Sync. Changing the Master Password on one device will never update the Master Password in the iCloud vault. We've fixed this issue in Mac/5.1 and iOS/5.2 which should be released soon.

    When those are released what you'll need to do is to "change" your Master Password again on the Mac. You can make it the same value, but triggering the change will cause it to get pushed to iCloud, then will be available for your other devices.

    The workarounds that are around for Master Password syncing only apply to Dropbox/AgileKeychain syncing.

    Master Password syncing works much much better in Mac/5.1 and iOS/5.2. All of our sync solutions saw work there with that. I really like how iCloud's turned out.

    I hope this helps.

    Rick

  • Dukon
    Dukon
    Community Member

    Hi @rickfillion

    Thanks for the explanation. Looking forward to see it fixed in the new versions.

    Best,
    Dukon

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    I think we're all looking forward to the new version :smile:

  • Dukon
    Dukon
    Community Member

    Hi @rickfillion and @littlebobbytables

    Just a follow up: I have both newest versions of 1Password (Mac/5.1 and iOS/5.2), so I tested the issue discussed above. My finding are that when I update the Master Password on my Mac, it does not update on the iOS, only if I remove all data and settings from my iPhone and sync the database back from iCloud. Unlike before, after that I do need my new MP to sync.

    In my humble opinion, this is not a good way to handle a MP change. I can think of several cases where a password change would justify revoking access using an old MP (such as a lost device, somehow compromised password, etc.). I understand that the MP only encrypts the encryption keys locally, but if it is still possible to sync the database after the MP has been changed in one device, but not in another, I think there is a security risk here (again, many cases come to mind, including the case of: a compromised MP, the user change the MP on the Mac and keep using the TouchID on his iPhone, not aware that it can also be accessed using the old compromised MP).

    I think that a simple solution to handle this would be to require all synced devices to ask for the new (!) MP once a change has been done in one device. I understand that once the database goes offline, there is nothing to be done, but at least it will also not get updates (for example if I decide to change all my banks passwords etc.).

    Thanks again for the great product!

    Best,
    Dukon

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @Dukon,

    You're quite right and we were confident that we'd eliminated that. We'll have to do some testing but it's meant to be the case that this was fixed.

  • Hi @Dukon,

    Can you confirm that to test this you:

    • Have iOS and Mac syncing properly via iCloud
    • Changed the Master Password on Mac while connected to the internet
    • Waited a minute or two just to make sure the internet isn't being... the internet. (this shouldn't be needed, in theory)
    • Went to the iOS device, tried to unlock using the NEW master password, and it failed?

    Is that right?

    Rick

  • Dukon
    Dukon
    Community Member

    Hi @rickfillion,

    I can confirm everything you mentioned with the addition that to verify, after I expect a sync (like in the case of the MP change), I add or modify an entry in my database and look for it to show up in the other device. Another minor addition was that instead of a minute or two, I gave the internet (and maybe your servers) a few days to sort this out. :)

    Best,
    Dukon

  • @Dukon : so the additional changes/additions didn't show up either? Sounds like something more serious could be going on here. Do you think you could try to reproduce this again? If you can get into this state again, I'd love to get Diagnostics Reports from both sides, which will give me an idea of what's going on with sync. To do that, simply follow the instructions on this page. Email them to support+forums@agilebits.com, and include a link to this forum thread so that we can connect the dots. You should get back an email with a message identifier. Feel free to post that here in this thread as it'll help us jump between the two systems (that aren't terribly well connected, as you can see).

    Rick

  • Dukon
    Dukon
    Community Member

    Hi @rickfillion,

    Well, the thing is that changes I make in on one device DO sync back to iCloud and to the other connected device, even after I changed the MP in one of the devices, but not the other. That is what worries me. But while trying to reproduce this again, I think I found some more details that might help, and hopefully you can reproduce this as well. I noticed that after I change my MP on my Mac, the iPhone can still open the vault using the TouchID and the old MP. But once I try the new MP on the iPhone, it successfully open the vault, and then the old MP is not working any longer. My take: something is working there, but again, if the old MP was compromised and/or device was stolen etc., I would prefer to know that if I change my MP, at least new and updated passwords are safe - for that you probably need to do something like delete the local encryption keys file that is encrypted with the old MP (I do understand that 1Password must access iCloud at least once after changing the MP. This is why I added above the "new and updated passwords are safe").

    I was able to reproduce the process below several times, consistently. If you are unable to reproduce it, let me know between which steps you would like me to capture the Diagnostics Reports.

    1. Create a new test entry on the Mac (to verify sync).
    2. Verify sync on the iPhone.
    3. Change MP on the Mac.
    4. Verify sync to iCloud in settings.
    5. Change the test entry on the Mac.
    6. Verify the change synced to the iPhone. - I think this should not happen after a MP change, and until the user enter the NEW MP on the iPhone.
    7. Last two steps can be repeated in the other direction (change on iPhone and see it shows up on the Mac).
    8. Lock the iPhone vault.
    9. Open 1Password on the iPhone using TouchID (as many times as you like) - I think this should not be possible after a MP change.
    10. Lock again, and open 1Password on the iPhone using the OLD MP (as many times as you like) - I think this should not be possible after a MP change.
    11. Do another change to the test entry and verify sync.
    12. Lock and open 1Password on the iPhone using a WRONG MP - it should not work. This is expected, but I added this step to check if 1Password on the iPhone will invalidate the old MP. It did not.
    13. Lock and open 1Password on the iPhone using the NEW MP.
    14. From now on, everything should work just fine (the old MP would not work again...)

    Notice that if I assumed that everything is fine, just change the MP on the Mac and the try it on the iPhone, everything would be fine and I would not even notice an issue.

    Hope it helps.

    Best,
    Dukon

  • Hi @Dukon,

    Verify the change synced to the iPhone. - I think this should not happen after a MP change, and until the user enter the NEW MP on the iPhone.

    That's not how encryption works in 1Password and you cannot revoke a master password, even changing the master password does not equal to revoking the master password. If your database has been compromised, your option is to disable sync right away and prevent new changes from coming. If your iCloud data is stored within 1Password, then you should be focusing on changing the iCloud account credentials right away.

    The database is encrypted with the strongest encryption key we can make based on your hardware's specs and that encryption key is encrypted with your master password. When you enter your master password, it decrypts that encryption key which then is used to decrypt your database.

    Keep in mind that your master password is not stored anywhere in your data file. So, if the device is stolen, someone has to know your master password to decrypt the database. If you're using Touch ID, then he has 48 hours to clone your fingers from a valid source to get in correctly on the first try or Apple will destroy the encryption keys to your iOS keychain after a few incorrect attempts.

    You may have noticed when you change your master password, it didn't take much to sync it. That's because your database isn't re-encrypted at all, only the encryption key files are re-encrypted with the new master password. These key files are then sync'ed to your other 1Password apps.

    In order to validate your newer encryption key files are working properly (to prevent you from getting locked out in the event of sync corruption), we keep both files until you validate with your new master password. Once your new master password works to decrypt the same encryption key, 1Password knows it is a valid change, and then securely deletes the older encryption key files.

    From now on, everything should work just fine (the old MP would not work again...

    That's intentional by design, the MP change is complete once you enter your new master password.

    You should not be changing your 1Password master password once you set it up, it should be strong by default to the point that you should never change it again for that database.

    In the future, we do plan to offer an option to let you easily re-encrypt the entire database with a different encryption key via changing the master password.

  • Dukon
    Dukon
    Community Member

    Hi @MikeT,

    Got it. So this actually sounds good. But I have an idea for a small addition that might make it slightly better, clearer, and safer.

    I am aware for everything you explained above except for the validation process and the "by design" allowing the use of the old MP until the new one has been verified. I still think this might be an issue as the user might be still using TouchID for a long while (indefinitely?), and not being aware that the old MP is still valid, or use the old MP (for example after a device restart) and create confusion. Another case might be a sync corruption as you mentioned, that the user is not aware of, or maybe the encryption key files were corrupted on one device, and the user does not understand why he can't open his vault.

    So to solve all this confusion, how about once 1Password recognize it has new encryption key files, instead of just waiting for validation, actively send the user a message asking if he would like to validate the new MP right after the old MP or TouchID has been used? This way you can actively finish the process of validation much faster, cleaner, and clearer (to people that notice that they can still use the old MP), and most importantly, more secure for those that changed the MP on one device and forgot in others (I'm not sure how do you handle a MP change over shared vaults, where there are more users using the same MP).

    You should not be changing your 1Password master password once you set it up, it should be strong by default to the point that you should never change it again for that database.

    I first noticed this "issue" when I changed my MP to make it stronger and hopefully strong enough so I don't need to change it ever (after reading Toward Better Master Passwords). But my guess is that most (common) users do not have as strong passwords as advocated in that article, and some might change it more often than once in a life time. Similarly, some users will want to change their MP for various reasons, even if the MP was secure enough.

    Best,
    Dukon

  • Hi @Dukon,

    So to solve all this confusion, how about once 1Password recognize it has new encryption key files, instead of just waiting for validation, actively send the user a message asking if he would like to validate the new MP right after the old MP or TouchID has been used?

    That's a great idea, I'll file a request in our tracker to make this happen. Thanks for your suggestion!

    Improvement ID #: OPI-2315

    I'm not sure how do you handle a MP change over shared vaults, where there are more users using the same MP

    They (the person you're sharing the vault with) won't notice the password change because they can still keep unlocking with the older password. They'll notice they can't unlock when they try to sync it again on a new device or they reset the app and pull the data in.

    But my guess is that most (common) users do not have as strong passwords as advocated in that article, and some might change it more often than once in a life time.

    Yep, we have a big plan to update our vault creator to emphasize this strongly. If we could bring our diceware generator into this view, it would help a lot.

This discussion has been closed.