This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Master Password Changing

Options
Penelope Pitstop
Penelope Pitstop Junior Member
in Windows Beta
I have 1PW for Mac, Windows, iPhone and iPad. I use DropBox to sync them.



Today I changed the Master Password on my Mac. Because I'm using DropBox I expected 1PW on the other devices to require the new password. It doesn't so that means I don't properly understand master passwords and how 1PW grants access to the keychain. Please can someone point me at an explanation?



Thanks



PP
Flag

Comments

  • khad
    khad Social Choreographer
    Hey PP,



    So it sounds like some of the [url="http://forum.agile.ws/index.php?/topic/1774-suggestions-how-secure-is-my-password/"]password discussions[/url] we were engaged in prompted some change. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' /> That's great!



    The master passwords used to gain access to your data on your iPhone and iPad are separate from your data file master password. We do this because many people use fairly complex master passwords on the desktop and prefer to use something even remotely simpler with the iOS onscreen keyboards.



    If you are syncing with Dropbox, you will need to update the master password stored in each iOS app in order to continue syncing.



    There really ought to be a visible error message, but there is not currently. If you change your master password on the desktop, Dropbox syncing on your iOS devices will just quietly fail. Only upon investigating will you discover the error in the Dropbox sync settings:



    [quote]Master Password was incorrect. Please enter the Master Password you used on the Mac or PC.[/quote]



    You should definitely have to input the same master password on all platforms, but the iOS devices will remember it for you and allow you to use a different one to access the data (or the same one if you choose).
    Flag
  • DBrown
    DBrown
    To be clear:

    [list]

    [*]There's the master password you defined when you installed 1Password on your Mac or PC.

    It's used to protect and encrypt your 1Password data.

    You use it to unlock your data when you launch the 1Password client on your Mac or PC or use 1Password in your browsers.

    If you're using Dropbox to sync your 1Password data, you also have to specify this master password when you set up Dropbox sync'ing in the 1Password apps for iOS and Android devices.

    If you change that master password on your Dropbox-sync'ed Mac or PC, you'll also need to set up Dropbox sync'ing in the apps again, as they'll need the new master password.



    [*]There's the master password you defined when when you installed the 1Password app on your iPhone or iPod touch.

    It adds a layer of protection (not encryption) to items marked with High security.

    It doesn't have to be the same as the master password that is used to encrypt your 1Password data.

    [/list]

    I hope that helps.
    Flag
  • Penelope Pitstop
    Penelope Pitstop Junior Member
    edited September 2010
    Khad, David,



    Thanks for your replies.



    By way of feedback, using the term "Master Password" to mean different things for different platforms is very confusing. May I suggest that new terms are developed to distinguish between them? Even though the various 1PW implementations can be used in a standalone way, I think of them collectively as an integrated system. I think the terminology and behaviour should therefore be as consistent as possible across the various platforms.



    I agree with Khad, a more obvious error message should be displayed if syncing fails instead of having to dig for it if you notice an issue.



    I changed the Master Password on my Mac but not on my Windows system. I'm surprised to find that I can create a new item on my Mac and can see it in my Windows system. Surely that can't be right? The behaviour seems to conflict with the description in the Windows help on changing the Master Password:



    "All computers that have 1Password installed and are using this same data file will also need to use the new Master Password."



    I thought changing the Master Password on my Mac was supposed to protect my data yet I seem to be able to access it using the old Master Password on the Windows computer. That doesn't seem very secure to me. What's going on?
    Flag
  • jpgoldberg
    jpgoldberg Agile Customer Care
    [quote name='Penelope Pitstop' timestamp='1284445437' post='11109']

    By way of feedback, using the term "Master Password" to mean different things for different platforms is very confusing. May I suggest that new terms are developed to distinguish between them? Even though the various 1PW implementations can be used in a standalone way, I think of them collectively as an integrated system. I think the terminology and behaviour should therefore be as consistent as possible across the various platforms.[/quote]



    Thanks Penelope. This is something that we have been thinking about, but one of the problems is that these things are difficult to change without adding additional confusion. Some of what you see is due to history. When we first introduced 1Password for iPhone, syncing was very limited. It is only recently that we really do have syncing across all platforms.



    None-the-less, we do need to look at how we can explain things more clearly.



    Just to give you some background, the data format used on iOS is different than the data format using in the 1Password.agilekeychain. The latter is very filesystem intensive and so it is appropriate for iOS. Also this gives us the ability to have different master passwords on an iPhone than on a computer with a full keyboard. My 1Password.agilekeychain master password is a pain to type on my iPhone, where instead I use a master password that is more appropriate for that keyboard.



    [quote]

    I changed the Master Password on my Mac but not on my Windows system. I'm surprised to find that I can create a new item on my Mac and can see it in my Windows system. Surely that can't be right?[/quote]



    It looks like Dropbox hasn't synced your 1password.keys file. I'm not sure why.



    Here's a little background to explain the security. All of your encrypted data is encrypted with a key. That key is a truly random 128-bit number which is picked when you first create your 1Password data file. The key itself never changes. But the key in turn is encrypted with your master password, and the encrypted key is stored in a file called 1Password.keys. When you give 1Password your master password, 1Password uses your master password to decrypt the key. It then holds on to the key for a while (depending on the timings you've set in preferences) and uses that key to decrypted specific items only as needed. This behind the scenes stuff improves security and efficiency in many ways, but I'll try to avoid the temptation to wander into a discussion of that.



    When you change a master password (on Mac or Windows) 1Password re-encrypts the key with the new master password and writes that to 1Password.keys in your 1Password.agilekeychain file/folder.



    So I would like to you do a couple of things to help figure out what is going on here. On your Mac, on your Windows system and also on the Dropbox website, I would like you to look at the file modify times of the files 1Password.keys and .1Password.keys, both of which live in 1Password.agilekeychain.



    For the Mac side of things, it will be easiest to just send us a diagnostics report. Could you please email us your Diagnostics Report? This will help us track down the issue more quickly. You can generate the report from 1Password on you Mac by clicking the Help > Troubleshooting > Diagnostics Report... menu item and then email it to support@agile.ws. So that we can connect the dots, please also include a link to this discussion on the forums.



    On Windows, use Windows Explorer to navigate to your 1Password.agilekeychain folder (which will be somewhere in your Dropbox folder) and go into the 1Password.agilekeychain\data\default folder and look for the modify times for files called 1Password.keys and .1Password.keys. Please send us those modify times (again linking to this discussion).



    Finally, do the same thing on the Dropbox website. Log into your account and navigate into 1Password.agilekeychain > data > default and look for the modify times on the .1Password.keys file and the 1Password.keys file.



    Once we see what Dropbox, Mac and Windows have to say about those file modification times, we can get a better understanding of why they didn't sync properly.



    [quote]

    I thought changing the Master Password on my Mac was supposed to protect my data yet I seem to be able to access it using the old Master Password on the Windows computer. That doesn't seem very secure to me. What's going on?

    [/quote]



    It looks like one or more of the keys files didn't sync properly. We will look into this when we see the various modify times. I hope the discussion above helps you better see what is going on.



    Cheers,



    -j
    Flag
  • Penelope Pitstop
    Penelope Pitstop Junior Member
    [quote name='jpgoldberg' timestamp='1284481826' post='11132']

    It looks like one or more of the keys files didn't sync properly. We will look into this when we see the various modify times. I hope the discussion above helps you better see what is going on.

    [/quote]

    Thanks for the comprehensive reply Jeffrey. Information emailed as requested.
    Flag