Remove persistent previous accounts on iOS? (Erase All Data should actually erase all data)

I am in the process of reshuffling multiple accounts on my 1PW Families subscription in order to move different entries into the vaults of different accounts (I use multiple accounts on different systems for privilege isolation). However, when wiping and re-logging into my iOS app, I was very surprised to find this:

Previous accounts found

Nothing in the UI allows me to remove these suggestions. Furthermore I was unable to remove these account suggestions despite Erasing All 1Password Data (previously called "logging out" of subscription account), or uninstalling+reinstalling the iOS app. What's going on and how can I remove these suggestions that persist across app installs?

What bothers me in this particular case is that it appears I only need to provide my master password in order to log back in. This seems to compromise the Account Key-based key derivation and therefore all my extra bits of entropy from the Account Key that aren't supposed to be stored anywhere, let alone saved across installation sessions. How is this persistence being accomplished? I am pretty sure iOS is specifically supposed to prevent apps from having persistent data across separate installations, and it doesn't seem like you're storing in iCloud app store, iCloud Drive, Keychain, etc.

This isn't being fetched down from the server-side based on some master-password-derived server-side store, is it? I really hope it's some local storage you're using for the Account Key, otherwise this would appear to me to break the security promises of entropy-boosting via +2SKD.

And most importantly - how do I remove them? Thanks.


1Password Version: 6.7.2
Extension Version: Not Provided
OS Version: iOS 10.3.2
Sync Type: 1Password Families

Comments

  • BenBen AWS Team

    Team Member

    Hi @analogist,

    Thanks for taking the time to write in.

    When logging into a 1Password membership from 1Password for iOS or 1Password for Mac, if you have iCloud Keychain enabled, your sign-in details (sans-Master Password) are stored in iCloud Keychain. You can prevent this by turning off iCloud Keychain. At the moment the only way to remove these items from iOS is to delete the 1Password membership they are for, and then try logging into them. When you do so 1Password will recognize the membership deletion and then remove the item from iCloud Keychain.

    Thanks!

    Ben

  • Whoa what? I use iCloud Keychain solely for syncing WiFi passwords, but otherwise as little data as possible. Is it truly impossible to remove these items from iCloud keychain without deleting my 1Password membership?

  • BenBen AWS Team

    Team Member

    @Aktariel,

    At present as long as iCloud Keychain is turned on 1Password will store your Setup Code information in iCloud Keychain. If you completely disable iCloud Keychain on all devices all data will be deleted from it.

    I'm sorry I don't have the answer you were hoping for.

    Ben

  • Well that's unfortunate. It'd be great to have a less-nuclear option, or at the very least have this stated somewhere semi-accessible during the setup process.

    Thanks for the clarification. :)

  • BenBen AWS Team

    Team Member

    You're welcome. I'll certainly pass the feedback along to our documentation and development teams, respectively.

    :)

    Ben

  • @Ben I did the same and saw the same, I have iCloud Keychain turned off. It showed my old family account into while I was setting up my new one.

  • BenBen AWS Team

    Team Member

    Thanks for the update. :)

    Ben

  • rudyrudy

    Team Member
    edited September 2017

    @analogist,

    If you have a Mac that's signed into the same Apple ID as your iPhone you can delete those saved credentials using Keychain Access and looking for com.agilebits.onepassword.B5Credentials.

    Rudy

This discussion has been closed.