Changed master password not synced
We are using 1Password Family. After my father reinstalled Windows on his computer, he couldn't log into 1Password anymore. Neither could he log into the web application (which he never used before). He said he had changed his master password last month and that he used this new password ever since.
As it turns out, he was able to log in using his old password. His password change appears not to have been synced.
There is a forum post from 2016 saying
Updating the Master Password in 1Password 6 for Windows does only update it on that device. To update it on your other devices, you need to sign in from 1Password.com and change your Master Password by clicking your account name in the top right, then My Profile. Sorry about that. We're hoping to resolve this soon.
Is this issue still unresolved? If it is, I consider this to be a serious bug which would have to be communicated better. If my father hadn't written down is old password, he wouldn't be able to log into 1Password anymore.
1Password Version: 6
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: 1Password Family
Comments
-
Hi there @bewe,
Thank you for reaching out and reporting this!
Am I right to understand that your father changed the Master Password in 1Password app on his Windows PC? If so, then I understand what happened and I apologise for this situation and overall confusion. The ability to change a local Master Password was available in previous versions of 1Password for Windows, but we decided to remove it until we implement this feature properly. Please install the latest update (6.6.439) and check if it helps you avoid further confusion. It is already available and you can install it by going to Options > Update > Check for Updates.
On a related note, if you are using a family account, you are always able to restore access for a family member if they forget their Master Password or can't find their Secret Key. Here is how it works:
Recover accounts for family or team members
Please let me know if this information is helpful. We are always here for you, so please do not hesitate to ask any questions. Thank you!
Cheers,
Greg0 -
Thank you for your reply Greg.
I asked my father to change his password in the windows client again to test the syncing, but he couldn't find the option to do so. It seems that not only the ability to change local passwords was removed from the client, but master passwords in general, is that correct? I'm on a mac and cannot find this option as well. I don't mind if it is and I think that's much better then the confusing previous situation.
So just to clarify: every user has exactly one master password for all of his vaults, and this password can only be changed from the web client?
Regarding the recovery, I actually tried to restore my fathers account, but I realized that in order to receive the recovery mail, he needed access to his mail account. This was not possible, as his mail password was stored in 1Password. What is the supposed best practice for the recovery process? Are people supposed to store their mail passwords outside of 1Password? Or use memorable passwords? It would be very useful to us if every family member could set up an emergency mail address (so that for example I could recover my fathers account my sending a recovery mail to my own or my mother's mail address).
Thanks
0 -
Hi @bewe,
So just to clarify: every user has exactly one master password for all of his vaults, and this password can only be changed from the web client?
Yes, the recommended way to change the Master Password for your account is via web-interface. Please check this guide on our website, which gives you additional info about this process.
As for the your second question. We do not want you to store passwords outside of 1Password (that is what 1Password is for). What we recommend is to print out your Emergency Kits, write the Master Password in the space provided, and keep it somewhere safe and secure. This way you won't get locked out of your 1Password accounts.
The idea of a recovery mail is interesting, but it can be tricky to implement, so we need to give it an extra thought. Thank you for your suggestion! :+1:
Please let me know if there is anything else we can help you with. Thank you!
Cheers,
Greg0 -
We all have our Emergency Kits printed out and I agree this is the best way to protect ourselves.
But I still do not completely understand how the recovery process in 1Password Family is supposed to work if we store our e-mail passwords in 1Password as well. Do you assume that people are always logged into their mail accounts on at least one device anyway?
This would be true for me, but not for my parents. They only log into their mail in a browser every few days and immediately log out again. So if they aren't logged into their mail before losing access to their 1Password accounts, they can't use the Family recovery process?
0 -
We all have our Emergency Kits printed out and I agree this is the best way to protect ourselves.
@bewe: Great! :)
But I still do not completely understand how the recovery process in 1Password Family is supposed to work if we store our e-mail passwords in 1Password as well. Do you assume that people are always logged into their mail accounts on at least one device anyway?
That's a tough call, and it's absolutely something you should take into consideration when working out the details of your setup. Ultimately it's up to you though, as we don't have any control over your email account, and I'm not sure it's appropriate for us to dictate where you access your email.
This would be true for me, but not for my parents. They only log into their mail in a browser every few days and immediately log out again. So if they aren't logged into their mail before losing access to their 1Password accounts, they can't use the Family recovery process?
If you lock yourself out of everything, then yes, 1Password probably can't help you either. There's nothing stopping you from keeping email login credentials in a safe deposit box though — or a vault shared with another person in your family — if you don't have any other means to access email. Plenty of other possibilities, but those seem to me to be the safest (no pun intended). :)
0 -
Thank you both for your replies, all my questions have been answered. Best of luck!
0 -
Likewise, thanks for the great questions! We're here if you have any more. :chuffed:
0
