This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Changing master password a bad idea?

Hi, I have decided to change my master password. But I read somewhere on this site that it can actually be bad for security. I don't think it was explained why and I can't find the post. Can you help me on this one?

Comments

  • khad
    khad Social Choreographer
    edited December 2012
    From the "[url="http://help.agilebits.com/1Password3/change_master_password.html"]How Do I Change My Master Password?[/url]" section of the User Guide:



    [indent=1]Only change your Master Password if it is weak and needs to be made stronger or if it is also used for something else. Your 1Password Master Password isn’t like a typical Login password, and so security advice that tells people to change passwords regularly does not apply to things like your 1Password Master Password.[/indent]



    [indent=1]In technical terms your 1Password Master Password is an [b]encryption[/b] password instead of an [b]authentication[/b] password; the advice used for one does not apply to the other. Once you have a strong, memorable, and unique Master Password you should not change it.[/indent]



    This is also reiterated in our blog post on creating strong, memorable master passwords:



    [size=5][b][url="http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/"]Toward Better Master Passwords[/url][/b][/size]



    I know Jeff's been talking about writing more on the subject as it actually gets a pretty technical. I'll see if he's around. The simple rule of thumb is mentioned above, though. "Only change your Master Password if it is weak and needs to be made stronger or if it is also used for something else." I feel it's implicit, but I should also explicitly state that you should change it if you believe it may be known by someone else.
  • Xe997
    Xe997
    edited December 2012
    I read those blog post but I'm not really sure what it means. I do understand that changing the master password regulrary is not increasing security, but I wonder about the implications of changing it once. And if there is a difference between changing the password on the same password file and create a new password file but importing the old entries. I re-created my password file last time a changed master password (my first master password was created before I know what a secure password was).



    My current password is very secure (generated from 1Password) but I fear I will forget it. I do not think anyone else knows it.
  • jpgoldberg
    jpgoldberg Agile Customer Care
    Hi Xe977,



    If you have a master password that you don't think that you can remember, then that would be a good reason to change it. But if it isn't unreasonable to type, there are some things that you can do to ensure that you do remember. One of these is to set "auto-lock" to lock 1Password frequently. This will force you to type it several times a day. Another option is to write it down and keep in the a safe place.



    It isn't a problem to change your Master Password. If it were a problem, we would have built 1Password to prevent people from changing it. You should feel free to do so if it gives you a better Master Password. You should have one that is strong, memorable, and practical to type. (I've recently shortened mine because I like to use the same one on an iPhone as I do on the desktop.)



    But other things being equal, it is better to change your Master Password only when there is a good reason to. (Having a master password that you can remember is a very very good reason.)



    The reason that we actively advise against frequently changing your master password is because the old master password can still be used to unlock an old (back up) version of your encryption key, which can then be used to unlock your data.



    Your Master Password is used to encrypt an encryption key, which in turn is used to encrypt everything else. When you change your master password, you don't get a new encryption key, you just encrypt your encryption key differently (with the new master password). So if someone has or can get an old copy of the file that contains your encrypted encryption key, then your old master password could be used, in principle, to not only unlock the old data, but also newer things.



    So, depending on what files backup files have been kept around or are available to attackers, each master password, old and new, can provide a way "in".



    So the details have to do with the subtleties of how 1Password does things behind the scenes. The short answer is that it is fine to change your master password when you have a good reason to, but merely changing it for the sake of changing adds nothing, and can slightly reduce security.



    Cheers,



    -j
  • Thanks, that answered my question. When I changed my password last time I followed your advice of auto-lock more frequently. So right now I can remember it, but because it's just some random characters I can't really "picture it" in my head but rather just rely on muscle memory. So I'm worried I will forget if I'm gone from the computer longer periods of time (say weeks or months). I've decided that Diceware is a better choice for me because then I can train my memory even while away from the computer. Also I don't have to worry about different keyboard layouts etc.



    About the backups, yes I will delete those (CDs and copies on the hard drive) when I feel comfortable with the new password.



    Anyway, thanks for a great product. It has come a long way since I first started using it just two years ago.
  • khad
    khad Social Choreographer
    It is our pleasure to help.



    It sounds like you've got a good handle on things. Let us know if there is ever anything else we can help with, and stay safe out there. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
  • Bill.
    Bill. Junior Member
    edited December 2012
    There needs to be balance between ease of use of the computer and strong password security. It is understandable that the party line is to have a very strong master password, but I've become tired of having to enter long master passwords and press even more extra keys to get special characters multiple times throughout the day. It makes the computer more tedious to use.



    1Password gives me great strong passwords for websites, and that prevents "outside hackers" from getting into my accounts very well, I think.



    As I see it, the risk of having a short easy master password is if bad people get a hold of my actual computer, AND these bad people have access to password cracking software. For that remote risk during the time between my computer becoming "lost" and the time that I change the critical passwords, I waiver between ease of use and security, but I'm leaning towards ease of use.
  • khad
    khad Social Choreographer
    edited January 2013
    Bill, if your goal is to type your master password — which you have already committed to memory — [i][b]fewer[/b][/i] times, you might want to loosen up your auto-lock settings.





    If you work on your computer all day, you might want to disable all of 1Password's auto-lock settings. That way 1Password will stay unlocked all day long. You will only need to type your master password after a fresh login to your OS X account.



    If you use a laptop, enabling only the "Lock when sleeping" option means that 1Password will stay unlocked until you close the lid on your MacBook. A convenient way to stay secure on the go!



    I myself have only "Lock when sleeping" enabled (out of the three auto-lock options). 1Password is unlocked all day while I work until I am done and close the lid on my MacBook. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
  • Bill.
    Bill. Junior Member
    Kahd,



    Your approach sounds like a good idea. When I'm at work, I'm at my computer most of the day. Locking the computer when I close the lid seems like a better approach than frequently locking 1Password during the day - but having a short master password to deal with those frequent lock-ups.



    Thanks for your input.
  • khad
    khad Social Choreographer
    Happy to help! <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



    Let me know if you have any other questions or concerns.



    Cheers,
  • [quote name='jpgoldberg' timestamp='1354942930' post='64675']

    When you change your master password, you don't get a new encryption key, you just encrypt your encryption key differently (with the new master password). So if someone has or can get an old copy of the file that contains your encrypted encryption key, then your old master password could be used, in principle, to not only unlock the old data, but also newer things.

    [/quote]



    Where does this key live? I changed my master PW because it was weak. I would like to eradicate old copies of the key from Time Machine, Dropbox version history, etc.
  • khad
    khad Social Choreographer
    It is within the the data file itself, and, thus, the daily backups that 1Password automatically creates since they are just compressed copies of your data file ([b].agilekeychain_zip [/b]files). Just be [b]extremely careful[/b] since restoring from a backup is one of the safety nets if you forget your new master password. The backups will eventually be rotated out, so the backups which can be unlocked with the old master password will eventually be gone automatically. I wouldn't advise working "without a net" before then, but if you really want to risk it against our recommendation, just remove all the [b].agilekeychain_zip[/b] files from 1Password's backup folder (and additional backups of that folder, i.e., Time Machine, etc.).



    Again, we do not recommend this since you should [i]always[/i] have backups. Proceed at your own risk.
  • Thanks, Khad, that makes sense to me. But regarding the the 1PW backup ZIPs, 1PW may rotate them out, but versions will stick around in time machine for much longer, so I figure I ought to at least remove those. One problem: I cannot find the backup folder! (I am using the MAS version and dropbox.)
  • khad
    khad Social Choreographer
    The default backup location in 1Password 3.8 (from AgileBits' website) is:



    ~/Library/Application Support/1Password/Backups



    In 1Password 3.9, the version you are using from the Mac App Store, everything is in the sandbox container, so the location of the backup folder is:



    ~/Library/Containers/com.agilebits.onepassword-osx-helper/Data/Library/Application Support/1Password/Backups
  • Steve Joyner
    Steve Joyner Customer Support Community Moderator
    [quote name='Xe997' timestamp='1354964603' post='64680']

    Thanks, that answered my question. When I changed my password last time I followed your advice of auto-lock more frequently. So right now I can remember it, but because it's just some random characters I can't really "picture it" in my head but rather just rely on muscle memory. So I'm worried I will forget if I'm gone from the computer longer periods of time (say weeks or months). I've decided that Diceware is a better choice for me because then I can train my memory even while away from the computer. Also I don't have to worry about different keyboard layouts etc.

    [/quote]



    I think that's a good decision to use a diceware password. About four months ago I changed to a diceware password and I'm glad I did.



    I decided to use a 7 word password which came out to 28 characters. In addition, I interspersed a several non-alphanumeric characters to that. I then took two months to memorize it. Of course, I could have memorized it in a shorter amount of time, but I wanted this to be part of my "permanent" memory, if you will.



    I broke things down into pairs. I visualized seeing the first two words. Then did the same with the second pair. Before falling to sleep at night, I'd quiz myself. After about six weeks, I started typing out my new password in an unsaved text document.



    At first I was relying on mind memory. But the more I practiced typing it out, the more my muscle memory developed too. Around the two-month point, I decided that it was time to deploy my new password in 1Password.



    As you can see, I first committed to memorizing the password -- thoroughly. I knew that this would be used indefinitely, so I wanted to insure that I really did know it -- and could see it in my mind. Only then, after many self-tests, did I decide it was ready to deploy.



    Some argue that once you create it and memorize it, you destroy what you had written down on paper. I take a different view.



    I have written down my password -- just the password -- nothing else. And hidden it in my house and off-site as well. I plan to include the location of this password in a codicil to my will and in an addendum to my durable power of attorney for healthcare. These documents are kept by my lawyer.



    When you die -- of fall in some unexpected coma, or get Alzheimer's disease, whatever -- you want your masterpassword retrievable by those you love and trust. I've done this by revealing the locations of the password in my legal documents.



    As increasingly our lives are digitized and locked with a password, it's important to think long term -- especially if you have a family, children, etc. After all, when you die, so does all that was within your mind.