Changing the master password and re-encrypting the database [resolved]

edited August 2014 in Mac

I have some iOS devices and a Mac using 1P and synching via iCloud

I have put this list together from various forum postings and tutorials - I think it covers changing the master password and re-encrypting the database then re-syncing - can someone tell me if this is correct please?

1/ Make sure everything is backed up

2/ On Mac export data to a 1PIF

3/ In IOS devices disable synching of 1Password Data and remove data from iCloud (http://learn2.agilebits.com/1Password4/iOS/Tutorials/ios-reset-data.html). Disable sync on Mac

4/ Erase the data in the 1P iOS app [Settings > Advanced > Erase Data]

5/ Start over with a new database/vault (http://learn2.agilebits.com/1Password4/Mac/en/KB/start-over.html)

6/ Re-import data from the 1PIF file

7/ Force 1P to create new backup

8/ Turn on sync in IOS devices

9/ Test all devices OK

10/ Secure delete the 1PIF file, old backups and the renamed (from item 5 instruction above) onepassword-osx-helper_OLD file

Comments

  • That looks a good summary to me. No doubt if anyone from AgileBits has anything to add they will chime in.

    Stephen

  • Hi @toasted,

    It looks like you've got a pretty good series of steps there! The one thing I would caution you against doing immediately is removing all existing backups. Until the freshly started version of 1Password has some time to build up its own database of backups, those older backups could come in handy. Of course, we hope that nothing ever happens with your 1Password database, but it certainly doesn't hurt to be prepared ... just in case. :)

  • edited August 2014

    Thanks very much for the confirmation. Good idea about keeping the old backups, at least for a time.
    Most appreciated.

    I think I might be getting a bit paranoid about the strength of the Master Password - but reading things like this arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ makes me realise the state of password cracking is very advanced.... seems even long random passwords (especially quotes or nonsense phrases, even with digits and symbols added) is not enough..... Hybrid attack marries a dictionary attack with a brute-force attack; combinator attacks; mentions of 350 billion guesses per second when cracking password hashes generated by Microsoft's NTLM algorithm - wow!

    Thank goodness for "slow" hashing algorithms such as that used in 1Password.

    Anyway, time to boost up the Master Password !

  • sjksjk oversoul

    Team Member
    edited August 2014

    Hi @toasted,

    While it's kind of implied, here's one more step for your instructions:

    7.5/ Reenable iCloud Sync in 1Password on the Mac, then wait until data has finished syncing to iCloud; actual times will vary.

    In general, before (re)enabling iCloud sync with 1Password on iOS devices you can check under Settings > Storage & Backup > Manage Storage to make sure onepassword data is there:

    I hope this goes, or already went, smoothly for you. :)

  • Thanks sjk.... Just plucking up the courage to get on and do it.

  • @toasted - I've done this, and it isn't a big deal. Just be sure to remember that the data you export isn't encrypted, so you will need to be careful with it. I put mine in the trash and used Secure Empty to delete it.

  • sjksjk oversoul

    Team Member

    You've got yourself covered, @toasted with the very first step:

    1/ Make sure everything is backed up

    :)

    Related to @hawkmoth's reminder, if there's a lot of "regular" stuff already in Trash it can be preferable to first use plain Empty Trash before trashing any unencrypted 1PIF data files and using Secure Empty Trash.

    Like him, I've rebuilt 1Password databases (containing multiple vaults) and it's always been easy and painless. Speaking of multiple vaults… if you're using them then each needs to be handled separately when rebuilding/reencrypting the database. Sorry for not mentioning that earlier.

  • I changed the master password per the details on this post and that seems to have worked fine with all devices functioning 100% (phew)

    The only thing that I did notice is that the 1Password Backups (on mac 1Password : Preferences/backups) when choosing "show files" only shows the latest new 1Password Backup. All the previous local backups are missing (for the previous master password) - not really a problem since I have machine backups of various types, but still.

    Anyway, so changing the master password seems to delete all the old local backups ..... Would that be right?

  • sjksjk oversoul

    Team Member

    Hi @toasted,

    Congratulations on your successful 1Password database rebuilding with a new Master Password! :)

    If you renamed your original 1Password 4 folder exactly like in the starting over instructions you'll be able to find previous backups in this subfolder of it:

    ~/Library/Application Support/1Password 4_OLD/Backups

    You can copy or move them into your new Backups subfolder here:

    ~/Library/Application Support/1Password 4/Backups

    But first, open the main 1Password application and press Control-Command-Q (⌃⌘Q) to quit 1Password and 1Password mini. Then when you reopen 1Password after the copying/moving all the backups will be listed under the Backup tab of the Preferences window.

    Changing your Master Password will never remove backups, which can still be worthwhile to retain after that.

    If anything else comes up that we can help you with please don't hesitate to ask. Cheers!

  • Renaming the 1Password 4 folder in the starting over instructions appears to apply to the Agile Store version. I have the Mac Store Version.

  • sjksjk oversoul

    Team Member

    Sorry for assuming you were using the AgileBits Store version, @toasted.

    The starting over instructions also have information about the Mac App Store version. In this case, your previous backups would be in this folder:

    ~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword-osx-helper_OLD/Data/Library/Backups

    And after quitting 1Password and 1Password mini, you could move or copy them into this folder:

    ~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword-osx-helper/Data/Library/Backups

    I hope that helps. :)

  • Perfect. Thank you.

  • sjksjk oversoul

    Team Member

    You're welcome, @toasted.

    Since you've nicely sorted this out I'll close the discussion now. If you have any further questions or concerns, please feel free to start a new forum topic or email us directly at [email protected] -- we're here for you. :)

This discussion has been closed.