Help! Suddenly I can't access my keychain on my Mac

avihut
avihut
Community Member
edited October 2012 in 1Password 3 – 7 for Mac
I'm using 1password over a year now on my Mac, iPhone and iPad for over a year now, and it's completely awesome.

But yesterday (or maybe even a day before) I lost access my keychain from my Mac. Every time I enter my password, it says it's the wrong password, even though I know I'm putting in the correct one. Made me kind of paranoid at first about remembering my password, but I know I do, and it just doesn't accept it. Not in the App from the Mac App Store (ver. 3.9.6) nor in the browser extensions (both Safari and Chrome). The browser extensions have a red badge on them. I don't know why :/

I also tried restoring the keychain to any of the automatic restore points from the recent month, but nothing worked. It kept telling me I'm using the wrong password.

On my iOS devices everything works pitchy, but I'd love to get it working for my Mac again since typing totally random dozens of characters long strings is not my favourite MO.

I am using Dropbox to sync my keychain with my devices. I tried going into my keychain package itself to probe and see if something's changed or deleted. Couldn't find anything interesting in the Dropbox deleted files or in its cache.

I tried opening the 1PasswordAnywhere directly from the Dropbox directory to see if it can access that damn keychain, and it did gave me an interesting clue - it immediately failed saying it can't access a Key Data File. The guide it linked to in help.agilebits.com was completely, utterly and shamefully useless...

Clicking the link of the Key Data File led me to this file: file:///Users/avihu/Dropbox/1Password.agilekeychain/data/default/encryptionKeys.js
The file is accessible from the browser and contains what seems to me like some sort of JSON data with 2 big ass hashes/keys/encrypted shit. The permissions seem fine, but I don't want to play with them from fear I will ruin it some more. Again the troubleshooting guide was hopelessly useless here.

I don't know what to do. My guess is that something got corrupted, either because of a system failure during a write to the keychain or that something got structurally corrupted (permission changed, missing files, etc.)

The only recent activity I remember doing around the keychain is upgrading my 1password on my iOS devices to the latest one (3.7) a couple of days ago (as it was released I think).

I want to know is there anything I can do to fix the keychain?
Or should I create a new one from the data on my iPhone?

Thanks in advance to anyone who stuck until the end of this post :)

Update (more data but no more conclusions):
I started looking in the 1password logs. This is what the log shows when I try to enter my correct password in the Mac App:

[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:09:59 2012| Incorrect password, failed to verify key i]<removed>[/i[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:09:59 2012| Incorrect password, failed to verify key i]<removed>[/i[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:09:59 2012| Not enough encryption keys found in [file://localhost/Users/avihu/Dropbox/1Password.agilekeychain/data/default/1password.keys]: 0. The master password entered incorrectly.[/font]

This is what I get when I load Safari and try to access the keychain through the browser extension:

[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:17 2012| [ES] Extension Safari-Extension connected from safari-extension://com.agilebits.onepassword-safari-2bua8c4s2c[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:17 2012| [ES 0x7fb429474260] Connected safari-extension://com.agilebits.onepassword-safari-2bua8c4s2c [0/0][/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:17 2012| [ES 0x7fb429474260] com.apple.Safari action: hello [0/2][/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:17 2012| [ES 0x7fb429474260] safari-extension://com.agilebits.onepassword-safari-2bua8c4s2c sendAction: 'welcome' [0/2][/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:38 2012| [ES 0x7fb429474260] com.apple.Safari action: syncRequest [1/3][/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:38 2012| Failed to return databaseID, encryption key is not loaded[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:38 2012| [ES 0x7fb429474260] Cannot sync because database IDs do not match. Re-install Safari-Extension[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:38 2012| [ES 0x7fb429474260] safari-extension://com.agilebits.onepassword-safari-2bua8c4s2c sendAction: 'syncReply' [1/3][/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:38 2012| [ES 0x7fb429474260] com.apple.Safari action: unlock [2/4][/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:38 2012| Incorrect password, failed to verify key i]<removed>[/i[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:38 2012| Incorrect password, failed to verify key i]<removed>[/i[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:38 2012| Not enough encryption keys found in [file://localhost/Users/avihu/Dropbox/1Password.agilekeychain/data/default/1password.keys]: 0. The master password entered incorrectly.[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:38 2012| [ES 0x7fb429474260] safari-extension://com.agilebits.onepassword-safari-2bua8c4s2c sendAction: 'unlockReply' [2/4][/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:39 2012| [ES 0x7fb429474260] com.apple.Safari action: syncRequest [3/5][/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:39 2012| Failed to return databaseID, encryption key is not loaded[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:39 2012| [ES 0x7fb429474260] Cannot sync because database IDs do not match. Re-install Safari-Extension[/font]
[font=courier new,courier,monospace][39600.038] Wed Oct 3 12:10:39 2012| [ES 0x7fb429474260] safari-extension://com.agilebits.onepassword-safari-2bua8c4s2c sendAction: 'syncReply' [3/5][/font]

Comments

  • khad
    khad
    1Password Alumni
    edited October 2012
    Welcome to the forums, avihut! We appreciate your longtime support and kind words. I'm sorry to hear you're having some trouble now. Let's get this resolved for you. :)

    You mentioned that all your data is present in 1Password on your iPhone. If that is the case, you can do create a new data file on your Mac into which you can sync all the data from your iPhone.

    On your Mac:

    1. Backup your existing data file in 1Password. Select File > Backup from the menu bar.
    2. Quit 1Password.
    3. In Finder, move the [font=courier new,courier,monospace]1Password.agilekeychain[/font] file in your Dropbox folder to your desktop to get it "out of the way."
    4. Open 1Password again.
    5. Create a new data file from the Welcome Screen.
    6. Click "Use Dropbox" in 1Password's preferences on the General pane to set up Dropbox syncing again.

    On your iPhone:

    1. Open 1Password
    2. Tap: Settings > Sync > Dropbox > Account > Reset
    3. Then setup Dropbox syncing anew and all your data will sync to 1Password on your Mac

    We can investigate more if you [email="support@agilebits.com?subject=Diagnostics%20Report&body=Re%3A%20http%3A%2F%2Fforum.agilebits.com%2Findex.php%3F%2Ftopic%2F10919-help-suddenly-i-cant-access-my-keychain-on-my-mac%2F"]email us[/email] a Diagnostics Report, but the above should get you going most quickly.

    Also, the problem you were having with 1PasswordAnywhere is that browsers will not load web apps from local files. You need to log in to the Dropbox.com website and access 1PasswordAnywhere that way so the address bar shows https:// and NOT file:/// at the beginning of the URL. This is explained in the last section here: http://help.agile.ws...rdanywhere.html

    If you're still having trouble, please do email us your Diagnostics Report and make sure your email includes a link to this thread so we can "connect the dots" when we see your message in our inbox. Also, please tell us if you have more than one 1Password data file in your Dropbox folder.

    Please do not post your Diagnostics Report in the forums, though.

    Cheers,
  • avihut
    avihut
    Community Member
    First of all, allow me to apologise for the harsh remarks regarding the guide. I was in a bit of a mood when I saw everything starting to collapse and it just seemed the guide explained one thing while another was happening. If I would have taken the time to read it through though, I would have seen the section you pointed out and see that it'll all work better when opening from the Dropbox website.

    Second, I tried opening the keychain from the Dropbox website, and when entering the master-password it gave me an error message saying there was a problem with the content.js file.

    I tried then following the instructions you gave there, but got stuck when trying to sync the keychain back from my iPhone. It seems I haven't synced the iPhone for a while now, and it didn't have the new Dropbox password which seems to only be stored in the keychain I can't access at the moment (by the way, I see it only requires one password for dropbox on the iPhone App, how do you handle Dropbox's 2-factor authentication?)

    I'll send you the diagnostics file right-away (in a private mail of course :)).
  • khad
    khad
    1Password Alumni
    Thanks for the Diagnostics Report! At this stage it appears you may need to reset your Dropbox password. I'm not seeing any indication in the report of why your Master Password would suddenly become invalid. Usually this is related to a recent change of Master Password, but restoring a backup from prior to the change will resolve that. You said that you already tried restoring all the backups listed via 1Password's "Restore 1Password Backup" feature (File > Restore).
    20121005-g6g512g17br4qk6917pqb4aqdn.png
    We have some other tips in the User Guide which can often help if there is a problem with caps lock, a different keyboard layout, that sort of thing:

    http://help.agilebits.com/1Password3/forgot_password.html

    If none of that is working, though, you will need to "start over." In your case, however, you won't really be starting over since you can resync all the data from your iPhone as I mentioned above.

    Offhand I can't think of exactly how, but I'm wondering if Dropbox two-step verification is related to the problem. We have been recommending that users wait a bit before employing it. If you insist on using it, please be sure to read our entire blog post for details on creating a "one time password":

    http://blog.agilebits.com/2012/08/27/dropbox-two-step-authentication-1password/

    Please let me know how it goes.
  • khad
    khad
    1Password Alumni
    Ah! Also, I almost forgot: you didn't answer my question about whether you had more than one data file in your Dropbox folder or not. Do you?
  • avihut
    avihut
    Community Member
    Sorry for the late reply. I didn't visit this post, since I thought it would be a mail reply. Ooops :/

    Anyways, first of all regarding the possibility of having more than one data file in my Dropbox, then - no. I had only one data file in my Dropbox at the time this occurred. But now, since I needed to backup the possibly damaged one before recovering from my iPhone, I copied the last one aside. So I have one file under Dropbox -> 1Password (which is the new one containing the data recovered from the iPhone over Wi-Fi not Dropbox), and another under Dropbox -> 1Password backup (which is the backup of the damaged one).

    If this is a problem I can move the backup elsewhere or zip it, to avoid confusion, though at the moment everything is working great from the newly created keychain under Dropbox -> 1Password.

    I have tried recovering from each backup checkpoint I had in this menu. Though I will try again. I will also try it on another computer I have synced to this Dropbox account. To that I have a question, since now I have 2 keychain files, does replacing one with the other for the sake of trying to pry it open poses a risk to one of them? Should I just copy one aside and replace it with another?

    Another thing I forgot to mention is that I recently upgraded from the 1Password standalone version for Mac to the App Store version. I noticed there is a difference in where they save their keychain files. The standalone version initially saved it directly under the Dropbox root, whereas when I created a new keychain in the App Store version it created it under the 1Password directory. The problem definitely did not start immediately after the upgrade. I vividly remember working with the App Store version for almost a month now without any problems. Just bought, installed, and opened my keychain immediately after it automatically found it in my Dropbox.

    I'll try the one time password thingy from Dropbox. I assume it works similarly to the Google Account. There it works great. It's just that after several security hacks that happened in Dropbox in recent memory and some shameful Wired reporter's identity theft (thankfully none of them affected me directly), I kind of want to put up the highest walls they provide at the moment.

    Thanks again for the help :)
  • thightower
    thightower
    Community Member
    edited October 2012
    The locations are correct. If you are using the MAS version it must be in ~/Dropbox/1Password

    If you want the backup to reside in a folder called ~/Dropbox/1Password backups .. for example that is no issue I have my backups residing in a similar file location.

    As to the Dropbox 1 time password I am having no issues with it I have changed devices. iPhone 4 to 5 and bought the wife a new iPad so I get the old one. Thus I have had to relink devices many many times. I personally have had no issue with it.

    I have linked and unlinked my 1Password app several times between all devices on 2 Dropbox accounts I would say 16 times. I have 7 Dropbox accounts and all of them are 2Step password secured.

    Mine, wife, 4 kids, family account (long discussion on the family account about money well)

    In my testing the 2 step works very well and each account of mine uses is as I said above. Should you have issues with it in general you can visit us at the Dropbox forums https://forums.dropbox.com

    Incidentally we have very very few issues with the 2 step verification, most of those we do see stem from a user having lost access to an email, ie no longer being employed at a specific place or losing the special emergency access code.

    Please make sure to put the emergency access code some where safe like 1Password. Thats were mine is.

    One thing I have noted and this is just my personal experience and I have not mentioned it elsewhere. On Google (which is where Dropbox's 2step is based) when you get the one time password you can omit the spaces etc. Each time I have relinked my 1Password data I have actually had to include the spaces. So keep that as a ticker in the back of your mind when using it.
This discussion has been closed.