1pw asking for OLD version of master password.

I can't help but wondering whether this behaviour is a potential security weakness though. Surely after resetting a password for a membership account all authorised devices should ask for the new password as it might have changed due to being compromised.

I know you can manually de-authorise devices but it's not mandatory, especially if this behaviour is not well understood by users. I know it's similar to touch-id which will continue to work after a password is changed but touch-id at least asks you for your master password after a period of time/restart etc. and this can be configured in settings. Plus its harder to steal fingerprints.

Also, if it's not sufficiently obvious to users that a membership account and stand-alone vault have separate passwords (and allowing one password to log in to both makes this less obvious) then a user might forget to modify the password for the stand-alone vault as part of routine security hygiene.