Custom master password for iOS devices?

I was surprised to find that when I changed the master password on my iPhone to something that would be easier to type on the onscreen keyboard that it also changed the master password on the whole data file.

Is there no longer a way to have a different master password on iOS?

Comments

  • MikeTMikeT Agile Samurai

    AgileBits Team Member
    edited November 2012
    Hi,

    Yes. Starting with 1Password 4, the master password changes will now sync across all devices with 1Password apps, there won't be separate passwords anymore. This has been a major pain point for many of our customers, so we will not be supporting this anymore.

    Just to be clear, it's the encryption keys that's being transferred, there's no master password stored anywhere on any devices.

    You should take advantage of the Quick Unlock Code feature in Settings > Security to make it easier a bit to unlock the app with. There's a bug where even after the app auto-locks, the quick unlock code isn't requested, so we're working on fixing that as soon as we can.

    We're working on an article on how to pick a new master password that's easier to type on the iOS keyboard but still remain just as strong as a longer one, we should have it ready soon.
  • Okay.

    When I changed it back on the desktop, even though I've done a full sync on the iPhone from Dropbox, the master password on the phone remains unchanged.
  • MikeTMikeT Agile Samurai

    AgileBits Team Member
    Hi,

    If you quit 1Password completely, does it then use the newer master password? To do this:

    1) Press the Home button twice, it'll bring up the app switcher
    2) Find 1Password, tap and hold it for a few seconds till you see the red "-" mark shows up
    3) Tap the "-" mark to close the app
    4) Press the home button to get rid to the app switcher
    5) Open 1Password and see if it'll use the newer master password.
  • How did the "Master Password" work with 1Password 3 for iOS? I understand that the desktop and iOS versions there both used different "Master Passwords". If the iOS device could have a "master password" independent of the desktop, wouldn't that mean that there's some hashed version of the master password stored somewhere on the device? Also, with reference to 1Password 3 for iOS, when once upgrades to 1Password 4 for iOS, what happens to the old "master password" (the one that's specific to the iOS device)?
  • MikeT wrote:

    Hi,

    If you quit 1Password completely, does it then use the newer master password? To do this:

    1) Press the Home button twice, it'll bring up the app switcher
    2) Find 1Password, tap and hold it for a few seconds till you see the red "-" mark shows up
    3) Tap the "-" mark to close the app
    4) Press the home button to get rid to the app switcher
    5) Open 1Password and see if it'll use the newer master password.


    No - even if I quit the app completely.

    Actually - it looks like _both_ the old and the new master passwords work, on iPhone and iPad. (Only the new one works on the Mac.)
  • jhollingtonjhollington Junior Member
    Henry Yeh wrote:

    How did the "Master Password" work with 1Password 3 for iOS? I understand that the desktop and iOS versions there both used different "Master Passwords". If the iOS device could have a "master password" independent of the desktop, wouldn't that mean that there's some hashed version of the master password stored somewhere on the device?

    Yup, that's essentially correct. The first time you setup 1Password 3.x to sync with your data file on Dropbox you were prompted to enter the Master Password, which would be saved in the iOS keychain in an obfuscated (although not encrypted) manner. To be fair, the iOS keychain is encrypted by Apple's own Data Protection APIs, but these only take effect IF you are using a device passcode and only when the device is actually locked with that passcode. Further, they're only as secure as the strength of the device passcode, which for most people is a four-digit number.

    See http://forum.agilebits.com/index.php?/topic/10412-storage-of-master-password-on-ios-devices/ for more details and discussion on this.

    Also, with reference to 1Password 3 for iOS, when once upgrades to 1Password 4 for iOS, what happens to the old "master password" (the one that's specific to the iOS device)?

    The short answer is that it's discarded and no longer used. That does raise an interesting point about user education, however, and it will probably be necessary to ensure that this is clearly explained somewhere in the upgrade process. For most users, however, this should be less of an issue, as the method of initial access was a PIN code, rather than a password, so the prompt for a Master Password will make for a pretty obvious indication that something is different.
  • MikeTMikeT Agile Samurai

    AgileBits Team Member
    Hi fieldsnyc,

    I was able to reproduce the issue, we'll look into fixing this as soon as possible. For now, you can use the new MP if you were to erase the data in 1Password's Settings > Advanced > Erase Data and perform a new sync with Dropbox.

    Thanks!
  • MikeT wrote:

    Hi fieldsnyc,

    I was able to reproduce the issue, we'll look into fixing this as soon as possible. For now, you can use the new MP if you were to erase the data in 1Password's Settings > Advanced > Erase Data and perform a new sync with Dropbox.

    Thanks!


    It appears to have been fixed in the iPad version (new password works, old doesn't).
  • MikeTMikeT Agile Samurai

    AgileBits Team Member
    That's great news.

    I believe we're still looking into this, so hopefully, it'll work great in iPhone version as well.
This discussion has been closed.