Changed master passwordon chrome extension, but old password still works to login

matthewss
matthewss
Community Member

Hi, I change my master password via the chrome extension (1password X, though I have both extensions installed). However, my old master password still works to sign in on the desktop app, and on the Iphone app. I then manually updated my master password on the iphone app, which no only accepts the new password. However, the change has not propagated to the desktop app.


1Password Version: 7.4.2
Extension Version: 1.18.0
OS Version: osx 10.14.6
Sync Type: Not Provided
Referrer: forum-search:Changed master password, yet old password still works

Comments

  • matthewss
    matthewss
    Community Member

    Also, probably a separate issue but I see this when I type any wrong password into the chrome extension. looks like a bug.

  • ag_tommy
    edited February 2020

    @matthewss

    In your original question the issue sounds like you have a Primary vault in 1Password on Mac, can you check and see if you do? If all of the data from that vault has been migrated to your membership, then it should be removed from the application. Please verify all of data is available via https://my.1password.com

    https://support.1password.com/migrate-1password-account/#mac - see section on removing the Primary vault.

    The Mac app was designed a long time ago to use the Master Password of the 1st vault (typically Primary) to unlock. The Mac app always uses the Primary vault password to provide access to your data. If you have a Membership, and it's added to the Mac app, the Mac app will continue to use the Primary vault Master Password. Once you have removed the Primary vault, 1Password will move down the list and use the Password for the Membership account.

    In your second screenshot it appears you are using 1Password X which is incompatible with standalone vaults such as the Primary.

    I would suggest clearing up the Primary vault issue, and then do a reboot, then try 1Password X again.

    Let us know if you need further assistance.

  • matthewss
    matthewss
    Community Member
    edited February 2020

    @ag_tommy thanks for your reply.

    I don't have a vault labeled "Primary". I'm on my work computer, and have just my Stripe (for work) and Personal vaults
    I checked my phone as well - no "Personal".

    I started using 1password in February of 2019, and first set it up on my work computer. A few days later I got a personal account and synced the two by using the same master password.

    On my personal computer, I have only 1 vault called "Personal".

    I changed my master password because I was concerned about it being compromised. I just checked and I can still use my old MP on both my Iphone and my work computer. I have not yet used my new MP on either of those devices; that might stop the old MP from working, but it seems like a pretty serious flaw if in order to change my MP I have to do so on every device I use (not really "1 password" anymore). This means I could forget about updating a device and all my logins would be vulnerable on that device.

  • @matthewss

    I don't have a vault labeled "Primary"

    Thanks for letting me know.

    I just checked and I can still use my old MP on both my Iphone and my work computer.

    I started using 1password in February of 2019, and first set it up on my work computer. A few days later I got a personal account and synced the two by using the same master password.

    The devices use the Master Password of the first added account to unlock. Would it be possible that you only changed the Master Password of your personal account, and did not change the one for the work account?

    On my personal computer, I have only 1 vault called "Personal".

    Is this computer currently using the changed Master Password?

    As a test for item syncing/changes, can you create a new secure note from each account, using one of the devices? Verify it is synced the web login for each of your respective accounts. Once it's verified in your online access, can you check the other devices to see if it was synced to them?

  • ag_tommy
    edited February 2020

    @matthewss

    The extensions team has asked me to request logs for what you see during the screenshot in post 2.

    Here are the instructions for gathering those. If you could grab the logs after you can reproduce the problem - https://support.1password.com/cs/extension-console-log/

    Please send the logs to support@1Password.com Be sure to include the following information with your submission.

    Your user name here in the forum. matthewss
    A link to this topic. https://discussions.agilebits.com/discussion/111582/changed-master-passwordon-chrome-extension-but-old-password-still-works-to-login#latest

    • Please do not post the logs to the forum. This is for your privacy and security.

    You will receive an auto reply with a ticket number, please post that ticket number here.

    ref: dev/core/core/issues/1095

This discussion has been closed.