I am in the process of reshuffling multiple accounts on my 1PW Families subscription in order to move different entries into the vaults of different accounts (I use multiple accounts on different systems for privilege isolation). However, when wiping and re-logging into my iOS app, I was very surprised to find this:
Nothing in the UI allows me to remove these suggestions. Furthermore I was unable to remove these account suggestions despite Erasing All 1Password Data (previously called "logging out" of subscription account), or uninstalling+reinstalling the iOS app. What's going on and how can I remove these suggestions that persist across app installs?
What bothers me in this particular case is that it appears I only need to provide my master password in order to log back in. This seems to compromise the Account Key-based key derivation and therefore all my extra bits of entropy from the Account Key that aren't supposed to be stored anywhere, let alone saved across installation sessions. How is this persistence being accomplished? I am pretty sure iOS is specifically supposed to prevent apps from having persistent data across separate installations, and it doesn't seem like you're storing in iCloud app store, iCloud Drive, Keychain, etc.
This isn't being fetched down from the server-side based on some master-password-derived server-side store, is it? I really hope it's some local storage you're using for the Account Key, otherwise this would appear to me to break the security promises of entropy-boosting via +2SKD.
And most importantly - how do I remove them? Thanks.
1Password Version: 6.7.2
Extension Version: Not Provided
OS Version: iOS 10.3.2
Sync Type: 1Password Families