Password changes while multiple apps are signed in #36
Description
If a new version of the Vault is uploaded to storage from device A after a password change process has begun but not finished on device B, data loss may occur.
We already warn users to avoid this situation but I want to document two things here:
- The long term plan to better handle this situation
We can't ever automatically know what the user intended in this edge case. At the moment we just bail out and in some circumstances the issue gets automatically resolved upon the next sign-in, or upon signing in on a different device. In most cases, (2) is required.
Longer term, we could offer the user a choice of whether to lose the data on their local device or the remote server.
Although in many cases the quantity of actual data lost will be zero or very small, it would be good to let the user fix the problem straight away because they will be the one that can understand what they did wrong and hence how to fix it.
It may even be possible to gather additional information from the user (like old passwords) and attempt some merge operation to avoid the need for any data loss.
- The workaround in the mean time
a. If the changes on device A are thought to be the most up to date:
If restarting the app and re-signing in does not help, the next step is to delete all app data from the device. On iOS that involves uninstalling the app and re-installing it. For Android, just clear the app's data through the device settings as with any other app.
Doing this will remove the copies of the vault on the local device and allow an initial fresh sign-in to re-download the Vault (KDBX file) from the server. This will have the wrong (old) password but since there is no longer any conflict between changes on multiple devices with multiple passwords, our automatic data recovery processes can kick in and fix up the password to match the account password (in typical failure situations, this will be the new password that the user was trying to change to).
b. If the changes on device B are thought to be the most up to date:
You will lose these changes unless you are able to debug your device to extract the relevant KDBX files from the app's storage folders and then re-import them again after following the steps above.
Browsing the files using adb should work for Android but app sandboxing is likely to prevent this from working for iOS users.
Unfortunately we can't offer any more assistance with this situation but we welcome any PR that would allow the files to be recovered from within the app itself as per (1) above.