iPhone app unlocks all accounts when using master password from only one

If it's true that the system needs my master password + secret key to decrypt my account vaults, then it would seem that the iPhone App isn't actually locking my account vaults, since logging into one account unlocks the contents of two unrelated accounts.

History:
1. I had a personal, single-user account
2. I purchased a new, family plan accounts, using a different email address
3. I added the family plan the iPhone app, using a different password
4. Now when I unlock the iPhone app using my single-user master password, the vaults of both accounts are available

This seems scary broken to me. Something's not releasing the cryptographic keys even though it looks like it's locked.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: iPhone 6s
Sync Type: Not Provided
Referrer: forum-search:iPhone app unlocks all accounts using password from one

Comments

  • brentybrenty

    Team Member

    @HeroTime: Sorry for the confusion. The encryption keys for subsidiary vaults are stored in the first vault/account you have setup in the app, so that it can unlock those when you enter the Master Password.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file