This happened when I installed 1P 4 on my iOS devices...

Maggie
Maggie
Community Member

This has been bugging me for months; since I had to login to the discussion forum anyway, I figured I'd ask about this.
I liked how I unlocked 1P on my iOS devices with a 4-digit code and then had to enter a more secure password to see an actual password. When I noticed this was gone, I created a six character hard-to-guess password to unlock 1P on my iOS devices and was very dismayed to discover that the master password on my Macs was changed to this same six-character code.

I have never felt entirely comfortable with the six-character code, but felt that the risk was acceptable as -- knock on wood -- I have never lost an iOS device. Due to bad vision, it is hard for me to type on my iPhone in any but the most optimal conditions. And sometimes I need to unlock 1P in a hurry.

But I might leave my Mac on and unlocked, with 1P open and unlocked at some location that's not my home. I'd like to have to type in the longer password on my Macs. Is this an option that I missed? I don't mind if all my Macs have the same password (actually, I'd prefer this), but I don't want it to have to be the same as the one on my iOS devices.

Thanks.

P.S.: This is in no way related to the urgent question about installing 1P on the new Mac that I posted a few minutes ago. Obviously I would not do anything to my master password until the first problem is solved!

Comments

  • Jasper
    edited December 2013

    Hey @Maggie,

    It is no longer possible to have a different master passwords since 1Password 4 was released, both for iOS and Mac. You can only use one master password for the same data file that you sync across devices. Using a different master password weakens the structure of the app, and the security of your data, so AgileBits has said that it's unlikely that they will ever bring it back.

    If you are allowed to choose a different password for a specific device, there must be a way for 1Password to sync back to devices with a different master password. That means your original master password must be stored in the iOS keychain, which is something that should be avoided. By sticking with one master password, it doesn't need to be stored anywhere, it will always come from you.


    I created a six character hard-to-guess password

    If you weaken your password, you're reducing the time it takes for anybody to break into your 1Password data by a huge factor. It's up to you to decide how much you value your data.

    If you're using a six character password, it most certainly isn't hard-to-guess. In April 2013, hashcat achieved remarkable speeds (300,000 guesses per second) against the 1Password 3 data format. This would likely crack your password in a matter of days.

    It's important to find the right balance of password strength and typability. You will need to type it on your iPhone, but it also needs to keep your data secure enough everywhere (iPhone, Mac, and in the cloud).


    Also, in Settings > Security, 1Password for iOS allows you to control how long 1Password should wait before it starts requesting for either the master password or the quick unlock code. Unfortunately, a quick unlock code will only work until iOS terminates 1Password in the background to free memory for other tasks. If the termination has occurred, you’ll always have to enter your master password to unlock your data.


    Hope that helps! :)

This discussion has been closed.