Mac app, and other devices, do not accept the new Master Password changed using the recovery feature

aaronm91aaronm91
edited February 2018 in Mac

Lars,

I currently own the annual family version of your service. My mom forgot her password and I had to reset it for her using the "Begin Recovery" feature located at https://my.1password.com/people/members/(user id).

After successfully resetting the password, using only numbers and standard letters, all the devices that she was previously logged in on were not accepting the new Master Password of her account.

I did some research and there doesn't seem to be a reasonable explanation for this and instructions on how to fix it but I suspect that this is the expected result of how the apps work when the user resets the password online. If I am not mistaken, all your apps store the encrypted password locally on the device that was used to log in successfully and is not updated when the user updates the password or uses the recovery feature to reset their password. Thus, in order to update the password that was previously stored locally, the user must enter the last password that was used to log in successfully to the app. However, in my case, we do not remember the correct password that was used last which is why we needed to reset it online.

So my questions are as follows:
If this the expected result of your apps then what do I do to log in to my mom's account using the now updated Master Password on the following devices:

  • MacOS
  • iOS

Before answering the question above, please consider the following:
1. On MacOS, my mom is NOT the administrator so we cannot delete the 1password app that was downloaded from the Mac AppStore. Therefore, we cannot do this as a viable troubleshooting step.
2. When opening the Mac 1Password app, the 1Password's lock screen appears prompting us to enter the locally stored password that we forgot. When attempting to de-link the account from the app, by going into the App's Preferences window > Accounts, the options to remove the account or change the password, of the account we cannot access, are greyed out and unclickable. I assume it is because we are not logged in to the account, therefore the app prohibits unauthorized users to make any changes. So I believe this is also not a viable troubleshooting step.
3. On iOS, some apps have an advanced setting feature to clear the stored data of the app. However, the latest iOS app (7.0.5) does not include this option within the iPhone's Settings app, under the 1Password settings option.
4. On iOS, I ended up needing to delete the app and reinstall it again in order to be prompted the login URL, secret key, email, and my new password again which led me to solve my iOS issue. However, Let's consider that fact that Apple could require us to re-enter our iCloud password to redownload the 1Password app but I have a 1Password generated a password with 16 characters including symbols, numbers, and letter that I could not possibly remember as my login credential. Using the iPhone alone, what do I do then?

After evaluating my current situation, please instruct me on my next steps I should take in order to log in to the account on both devices.

Feature requests:
I believe a solution would be to have the Dev team implement instructions for the apps to check the locally encrypted password with the server side stored encrypted password everytime the app launches. If the encrypted passwords do not match with each other, the local encrypted password should be updated so that when the users enter their NEW Master Password, the app would allow them to log in again.

OR an even simpler solution would be that during the reset password process, when the password is changed successful, the service would pass instructions to the apps of all the devices the that user's logged in to update the locally stored password with the new one. Of course, the device must first be connected to the internet to retrieve the new information everytime the app launched. It should be a call to the server.

I await your reply.


1Password Version: 1Password Version 6.8.6 (686003) Mac App Store
Extension Version: Chrome extension 4.6.12.90
OS Version: 10.13.2 (17C205)
Sync Type: Not Provided
Referrer: forum-search:sdasdas

Comments

  • LarsLars Junior Member

    Team Member

    @aaronm91

    After successfully resetting the password, using only numbers and standard letters, all the devices that she was previously logged in on were not accepting the new Master Password of her account.

    Yep, that's how it works. On all devices your mother has added her 1Password account into a 1Password application, she'll still be using the previous Secret Key and Master Password. Those no longer work, obviously (because you changed them when you recovered her account -- or, I should say, the system gave her a new Secret Key and she (probably) chose a new Master Password). We actually do document this, in our support page dedicated to recovering accounts for family or team members (it's in the "Complete Recovery" section).

    If I am not mistaken, all your apps store the encrypted password locally on the device...

    No, that's not quite how it works. I can see how you'd think that, and it would make sense...but encryption of your 1Password data doesn't work that way. In order to decrypt ANY encrypted data, you must have the decryption key. In 1Password, this is an AES256 key that's derived mathematically from a combination of your Master Password and Secret Key. The Secret Key is stored locally in each 1Password app or browser after the first time you enter it, but a user's Master Password must be entered manually each time (typed into the 1Password lock screen). If we stored your Master Password locally unencrypted, that would be an enormous security issue -- anyone with remote or local access to your machine could discover it in short order, if it was unencrypted. And if we stored it encrypted, then you'd just be trading having to enter another password (the one to encrypt your Master Password) for having to enter the actual Master Password into 1Password itself.

    If your mother's ONLY 1Password data in 1Password for Mac and 1Password for iOS was from this 1Password Families account you recovered for her, then you'll need to have her follow these instructions to Start Over on all devices. Don't worry about her data; it is safe on the 1password.com servers. But she'll need to wipe out her local copy to allow her to sign back in with the new credentials.

    Apple could require us to re-enter our iCloud password to redownload the 1Password app but I have a 1Password generated a password with 16 characters including symbols, numbers, and letter that I could not possibly remember as my login credential. Using the iPhone alone, what do I do then?

    This is an excellent question. If you have a 1password.com account, your iCloud password that you can't remember can be accessed by signing into your 1password.com account via a web browser. However, in general, we recommend users remember more than just their Master Password for 1Password. At a minimum, I would remember my main email account password as well as my iCloud or Dropbox password(s), depending on what I used most. We actually wrote about this on our blog some time ago, in the wake of a Wired reporter experiencing an "epic hack."

    I hope that's explained both what to do in your mom's case, and why what you were envisioning isn't feasible, but let us know if you have any troubles getting your mom back up and running!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file