This just happened to me and I figured I’d share the pain as a warning to you all.
I’m hyper-vigilant in my online security and use 1Password for everything. Not only do I use it for 40+character, complex, & random passwords, but I generate long, complex, & random “passwords” that I use as my username whenever I can (email is too easily guessed). I use 2FA everywhere it’s supported AND I refuse to give correct answers to so-called “security” questions (which can easily be socially engineered), instead generating a random group of words using 1Password. All secured safely in 1Password and I’ve never had an issue, ever.
Until yesterday.
I had temporarily turned off 1Password sync to work on something, which then required me to restart my Mac. I did…only to hit a weird OS X bug where it didn’t accept my password (which I know was correct). Not a problem, I can reset the password using the recovery code. Oh, nuts…that recovery code is in 1Password. Which is now not syncing. Accessible only on the Mac. That I can’t get into because it’s locked with a recovery code I’ve never tried to memorize. And because I turned off sync, that code isn’t even on my iPhone.
I literally have no way to get back in. I figure I can restore from Time Machine–nope, those encrypted backups are encrypted with a password, you guessed it, now in 1Password only on my Mac. Shoot. Backblaze–nope, those encryption keys are in 1Password only on my mac. I’m dying.
Everything is gone–every single login to everything important in life is gone. I figure I can go to these websites and reset passwords and that’ll be a lot of work, but I can do it. Nope–because I don’t know my email password and even if I did, the 2FA is in 1Password along with the emergency recover codes.
I try everything I can think of, to no avail, and go to bed–of course, after something like this, I can’t sleep. And then it hits me–my bank access is 100% gone. It’s entirely inaccessible. There’s no physical bank branches and I can’t login online. I don’t know the username, the password, the 2FA, the backup codes, or the security questions. How can I even prove to my bank that I’m me?
Then I remember–I have my bank’s app on my iPad and it’s logged in. So, worst case scenario, I can at least transfer all my money out of that bank if I can’t get back in. And then I think–I had put my iPad into Airplane Mode days earlier (can’t remember why)…and maybe I hadn’t turned it off.
I get out of bed at 1:30am and rush downstairs–sure enough, Airplane Mode is still on. I unlock it, open up 1Password…and everything is there. Hallelujah, thank you Jesus. Right there is my Mac’s recovery code and with it I can reset the Mac password and regain access to my local-only 1Password vault. Praise God.
Lessons learned:
- Backups aren’t just for user error–they’re for software & hardware failures. I’ve never used backups for anything but “Oh, I shouldn’t have deleted that file,” so I’ve never prepped for catastrophic failure.
- Software & hardware failures can come at the worst possible time. “It’s not a big deal to turn off 1Password sync for a few minutes while I adjust this” = stupid bonehead idiot idea. Because of COURSE that’s when you get a software bug.
- Always, always, ALWAYS make sure that the passwords to access your device(s) are accessible while that device is locked. In my case, I had the password to my Mac but not its recovery code.
TLDR: OS X bug made me lose access to 1Password data and nearly destroyed my life and finances. Airplane Mode saved me. Don’t be like me.