Changing Master Password need to be more intuitive

Hi, I changed my Master Password via the iOS app (which went fine) but when I then tried to login to the Windows 10 app it simply refused. The lock icon just turned red and there was no error message or helpful hint of any kind. After trying all sorts of things I finally figured out I still had to use the OLD password to login to the Windows app. Needless to say this was a pretty frustrating experience.

At the very least, add a hint to the login UI that says something to the effect of "Invalid Password. If you recently changed your password, please login with the old password first." That would have saved me half an hour of frustration.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • PeterG_1P
    edited July 2021

    Hi @MrMoerby, first I'd like to apologize for the frustration of this experience. On the other hand, it's great that you were able to log back in! Congrats on that aspect.

    Your point about the login UI providing some kind of prompt that could help a person in this situation is well-taken. I have just passed your suggestion on to our developers. 👍

    To explain a little of why this happened: the 1Password for Windows is a "true lock" app, meaning that when you are not logged into the app, it is entirely closed to the outside world; completely incommunicado. This design partly arises from how Windows itself handles security (which is why the app responds differently to Master Password changes on other platforms).

    The upshot is that on Windows, 1Password doesn't know anything about anything until you unlock it, which gives it a chance to correspond with our servers, find out about updates, sync any new items you've created on another device, and so on. It follows then that it can't discover the validity of your new Master Password until you've entered your old one.

    I recognize that this can create an issue, as it did for you, when this is not clear to the person at the keyboard. It's for that reason that we appreciate your suggestion here, and the opportunity to do it better. Thanks for letting us know.

  • MrMoerby
    MrMoerby
    Community Member

    Thanks for the detailed response Peter (and for forwarding my suggestion)!

    It's nice to know the technical reason why the Windows app functions the way it does. Makes a bit more sense now.

  • Dayton_ag
    edited July 2021

    No problem @MrMoerby, I'm glad Peter's explanation was helpful! :smile:

    Thanks again for providing this feedback.

  • jmjm
    jmjm
    Community Member

    and so on. It follows then that it can't discover the validity of your new Master Password until you've entered your old one.

    I bet I am missing something simple but what happens if one forgets the "old one" ie the previous MP, before using it to log into 1P for Windows?

  • PeterG_1P
    edited July 2021

    Hey @jmjm! In this case, writing the password down (or recording it securely somehow, your specifics may vary) is definitely a good idea. There are a lot of ways we try to make 1Password as "safe to use" as possible - meaning that your data is protected, intact, and available when you need it - but there's not much we can do if someone forgets their account password for an individual membership.

    What makes that password useful is 1) its mathematical strength (longer password is better!) and 2) the fact that no one but you knows it, which makes life way harder for an attacker.

    In short, we don't know your password, don't have access to it, and we don't want to! We feel this creates a much better situation for your security and privacy overall, but you're correct that it can become an issue in the scenario you've described.

  • jmjm
    jmjm
    Community Member
    edited July 2021

    but there's not much we can do if someone forgets their account password for an individual membership.

    I guess I didnt explain it well enough. The title of the thread is appropriate. That is how is one to know in advance that one needs the 'older'/previous MP even after changing it?

  • ag_ana
    ag_ana
    1Password Alumni

    @jmjm:

    Our documentation mentions this, but I agree that we can make the process more intuitive :+1:

This discussion has been closed.