This one drove me crazy...
When the Wi-Fi Sync process starts (by running the option in 1Password for Windows then selecting Sync in 1Password for Android) 1Password for Windows asks for the Master Password. Once entered 1Password for Android does the same (i.e. asks for the Master Password). If all successful, syncing takes place.
Problem is.... you can enter any password whatsoever in 1Password for Windows when it asks for the Master Password. Then you enter that same password (which is now other than the Master Password) in 1Password for Android who is however asking for the Master Password. As long as the passwords match even if it is not the Master Password, the syncing successfully takes place. What is worse, the Master Password on 1Password for Android gets wiped out and replaced with this new password!
Needless to say I spent one hour at least trying to get my 1Password Android to unlock at no avail obviously since it seems I typed the Master Password on 1Password Windows incorrectly so this incorrect password replaced the Master Password in 1Password Android. Anyways...I had to clear the 1Password Android data to wipe the vault and start over. Luckily the changes I made in 1Password Android's vault got sync'ed so I didn't lose them...man....
First of all...please fix this. Second, this critical issue brings up some questions:
1- Does the password gets transmitted to 1Password Android in plain text? Or does it get transmitted encrypted? and more importantly,
2- If the Master Password was provided on the very first original sync (i.e. when the secret is entered in 1Password Android) and the 1Password for Android already has it why do you need to transmit the password again on every Wi-Fi Sync? This to me is another security flaw. Rather the Master Password should be provided individually in 1Password Windows and in 1Password Android without transmitting it over the Wi-Fi network. You could just transmit an acknowledgment of successful password entry which is hashed using the secret and Master Password (or whatever super duper crypto method is used now days to verify).
Please fix the issue and reconsider changing this protocol...seems flawed. The only reason I see you need to transmit the password every time over Wi-Fi before syncing is if the user changed the password on any of the vaults (Windows and/or Android). But that would defeat the purpose of "1Password" wouldn't it? The whole point is to only know guess what...One password!
I can't wait for SQRL (Secure Quick Reliable Login) to be adopted universally so we don't have to deal with passwords anymore....man...
PC OS: Windows 10
1Password Windows version: 220.127.116.114
Android version: 5.1.1
1Password Android version: 6.3.3
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided