New membership - do I still have a local vault to use if I ever can't access my account?

I had been syncing my 1Password vault via Dropbox, but since the free Dropbox account now has a 3-device limit, I'm now trying a 1Password account to sync my macOS, Windows, and iOS devices. I have one basic question that I haven't been able to figure out.

When I synced via Dropbox, I was reassured that each of my devices had a copy of my vault on it - so if something happened where I couldn't get into Dropbox, or if someone hacked into my Dropbox account and locked me out of it or deleted everything, or even if I couldn't get a network connection, I knew that my devices still had a copy of my vault that had all my passwords in it. And Time Machine was making regular backups of the vaults on my Macs.

But with the 1Password account, there's no longer a local copy stored, right? If I lose my secret key, then it doesn't matter that the signup process stored a copy of the secret key in my account - none of my devices will be able to get into that account to retrieve the key. If someone hacks into my 1Password account, there are no other copies of the vault on my devices to fall back on for my passwords. And there's nothing stored locally to make Time Machine backups of.

And I see references to being able to sync to a local vault even if I have a 1Password account, but it looks like they mean that doing so would stop using the account, and would use the local vault exclusively, which isn't what I want.

Is this correct, or am I missing something? It just seems that moving to a 1Password account goes from having multiple copies of my data (across multiple devices and backups) to having a single point of failure, a single data source that can get hacked, corrupted, or locked out.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_anaag_ana

    Team Member

    Hi @bkendig!

    If you sync your data with 1Password.com, a cached copy of your items will be stored locally, so you can access it even when you are offline. From this point of view, things will continue to work the way you are used to.

    If I lose my secret key, then it doesn't matter that the signup process stored a copy of the secret key in my account - none of my devices will be able to get into that account to retrieve the key.

    If you already added a 1Password account to a 1Password app, you won't have to enter your Secret Key there anymore. You can login to the app with just the Master Password and retrieve the Secret Key from the app's settings..

    But this is why we also recommend downloading and printing the Emergency Kit when you sign up: exactly to be able to access your login information when necessary.

    And there's nothing stored locally to make Time Machine backups of.

    Backups are taken automatically on the server with a Membership, so even if your local device is compromised, you will be able to restore previous versions of the data. Time Machine should still be able to take a copy of your cached data however.

    Is this correct, or am I missing something? It just seems that moving to a 1Password account goes from having multiple copies of my data (across multiple devices and backups) to having a single point of failure, a single data source that can get hacked, corrupted, or locked out.

    Perhaps I am missing something here, but how would using 1Password.com be different than using Dropbox to sync your data? If your Dropbox account was hacked, wouldn't you be in a similar situation?

    In the meantime, remember that you are free to make your own manual 1Password backups if you want. We don't recommend doing this unless there is a real need for this (because data exports won't be encrypted) but you can certainly do it when necessary if it alleviates your concerns.

  • Thank you for your reply!

    I guess my mental hurdle is the subtle difference: with Dropbox, I know that my files (including my 1PW vault) exist on each computer in a folder where I can get at them and do things with them (like backing them up). Even if I can't get into my Dropbox account (locked out or hacked into), the vault still resides on each computer; Dropbox is only responsible for syncing changes to the vault between computers.

    But with the 1PW account, the vault resides within the 1PW service where I can't get at it directly. It's potentially a single point of failure. I can't make backups of it, and if for some reason I'm denied access to my 1PW account, or if the data in my account is deleted or corrupted somehow, I don't know whether the app will let me have access to my passwords. That concern would be allayed if I knew that I could always find the locally cached 1PW data on each of my devices in a specific place, and that it always contained the full contents of my vault, so that all that my 1PW account does is make sure the local vault is synced between devices.

    Does this make sense? Where is the local cached copy of the data kept, on Mac and on Windows?

    (And thank you in advance for your help!)

    P.S. - if I'm understanding it correctly, maybe one way to make the 1PW account easier to accept for me (and for other people, from whom I see the same sort of concerns) is to shift its focus slightly. Rather than telling people "the vault is stored in your online account, and each device has a local cache," tell them instead "a copy of the vault exists on each of your devices, and your online account keeps them synced similar to how Dropbox does it."

  • ag_anaag_ana

    Team Member
    edited April 16

    @bkendig

    I guess my mental hurdle is the subtle difference: with Dropbox, I know that my files (including my 1PW vault) exist on each computer in a folder where I can get at them and do things with them (like backing them up). Even if I can't get into my Dropbox account (locked out or hacked into), the vault still resides on each computer; Dropbox is only responsible for syncing changes to the vault between computers.

    Technically speaking, this is true even with a 1Password.com vault (data must reside on your computer too in order to access it when offline), but I understand where you are coming from, yes. From this point of view, the two sync services are not different.

    But with the 1PW account, the vault resides within the 1PW service where I can't get at it directly. It's potentially a single point of failure. I can't make backups of it, and if for some reason I'm denied access to my 1PW account, or if the data in my account is deleted or corrupted somehow, I don't know whether the app will let me have access to my passwords.

    Perhaps I am wrong here, but if you Dropbox data was corrupted, wouldn't it sync corrupted data to your devices as well?

    But in any case, this is why a 1Password Membership has automatic backups. If you still would feel better with local manual backups in addition to this, you can backup your 1Password data regularly.

    P.S. - if I'm understanding it correctly, maybe one way to make the 1PW account easier to accept for me (and for other people, from whom I see the same sort of concerns) is to shift its focus slightly. Rather than telling people "the vault is stored in your online account, and each device has a local cache," tell them instead "a copy of the vault exists on each of your devices, and your online account keeps them synced similar to how Dropbox does it."

    This is a very nice way to word it, thank you for sharing! I think it might also help to see this like an email client/server: your email is stored the server, but your email clients also have a local copy of it.

  • Yes - email is a good analogy!

    And you're right (and this also matches the email analogy) that if my data were corrupted on the server, it would sync that corrupted data down to my devices (though then I could restore my local copy from my backups). I guess, then, that the main distinction between syncing via Dropbox and via the 1PW account is that Dropbox says "your vault is right here" whereas 1PW says "your vault is cached somewhere."

    I don't like doing manual 1PW backups - they're manual, and as you said, they're plaintext. I'll look up where the vault is cached locally on Mac and Windows in case I ever need it.

    Thank you for playing the part of psychotherapist to help find out where my concerns are really coming from. :smile: I guess, at the heart of it, the idea that my vault primarily resides on an online service makes me terrified of losing all my passwords if anything ever happens to lock me out of that service. I'm just looking for anything to help allay that fear, to reassure me that no matter what happens to my account and the data in it, I'll continue to have a complete copy of my vault under my control. I guess 1PW's local cache is the solution to that, if I can rely on it.

    Here, just a few more questions:

    • If I am ever locked out of my 1PW account - if I let my subscription lapse, or if there's a server problem and I can't log in, or if a hacker changes the password on me - I'll continue to be able to use 1Password on my devices with its locally cached data, right? It's just the sync that would stop working. 1Password will never say "you can't access your account, therefore you don't have access to any of your passwords," right?
    • Is there any way that someone would be able to delete the data in my 1PW account permanently so that I couldn't get my passwords from backups? Like, if a hacker got my password and got into my account and did a Select All / Delete on my passwords, is there any way for him to nuke all of my backups as well, so that all of my data is gone? (Other than deleting my account entirely, which would put me back in the territory of my previous question.)

    By the way - I wanted to say that I really appreciate you and the other AgileBits folks I've chatted with on the forums. One of the things which, for me, really sets 1Password apart is the willingness of its staff to have conversations with its customers, to understand their concerns and to explain the reasoning behind the app. In this day and age of tech support who usually only goes as far as their script takes them, that's a big deal.

  • BenBen AWS Team

    Team Member

    I'll look up where the vault is cached locally on Mac and Windows in case I ever need it.

    With 1Password 7 for Mac the cache files are in ~/Library/Group Containers/2BUA8C4S2C.com.agilebits/Library/Application Support/1Password/Data

    This is not a backup, per se, as 1Password works on these files live. We are looking at the possibility of offering automatic offline encrypted backups but we're not ready to announce anything yet. 1Password.com does keep an encrypted item history so that you can go "back in time" with any given item that you've made changes to.

    I guess, at the heart of it, the idea that my vault primarily resides on an online service makes me terrified of losing all my passwords if anything ever happens to lock me out of that service. I'm just looking for anything to help allay that fear, to reassure me that no matter what happens to my account and the data in it, I'll continue to have a complete copy of my vault under my control

    This is easy to test. Disconnect from the internet. Continue to use 1Password. :) While disconnected from the internet there is no way that you're communicating with our servers.

    If I am ever locked out of my 1PW account - if I let my subscription lapse, or if there's a server problem and I can't log in, or if a hacker changes the password on me - I'll continue to be able to use 1Password on my devices with its locally cached data, right? It's just the sync that would stop working. 1Password will never say "you can't access your account, therefore you don't have access to any of your passwords," right?

    I think the above test pretty well demonstrates that. In the case of letting your subscription lapse you can read about what happens here:

    If your 1Password account is frozen

    Is there any way that someone would be able to delete the data in my 1PW account permanently so that I couldn't get my passwords from backups? Like, if a hacker got my password and got into my account and did a Select All / Delete on my passwords, is there any way for him to nuke all of my backups as well, so that all of my data is gone? (Other than deleting my account entirely, which would put me back in the territory of my previous question.)

    It is difficult to access a question phrased that way, as it is difficult to account for every possible scenario ("any way"). Certainly an attacker could steal your Master Password and Secret Key as well as all of your devices from you, and it would seem under that extreme circumstance they could do whatever they wanted. But I don't see how that is really different from anything else. If they have all of those things they essential have become you.

    I think it is worth considering what threats you may realistically face and what steps you can take to mitigate those threats.

    By the way - I wanted to say that I really appreciate you and the other AgileBits folks I've chatted with on the forums. One of the things which, for me, really sets 1Password apart is the willingness of its staff to have conversations with its customers, to understand their concerns and to explain the reasoning behind the app. In this day and age of tech support who usually only goes as far as their script takes them, that's a big deal.

    Thanks for saying so. We really do make an effort to offer that. :)

    Ben

  • tkatztkatz Junior Member

    I just recently migrated my Dropbox sync'd vaults over to 1password.com and then realized that there was no way to officially backup the cloud data. I found this post as I was going to ask something similar.

    We are looking at the possibility of offering automatic offline encrypted backups but we're not ready to announce anything yet.

    This would be a great feature to have. Ideally, it would be nice if the offline backups were essentially exports to local vaults (I guess similar to how the local vault backups are). An export can then happen on intervals or on demand. In the event of a disaster, then one of the backups could simply be opened up locally (and copied back to the 1pw site if need be). This is what I'm doing now in a manual way. I just created local vaults named after my online ones and will just make sure to copy any changes I make over to them. It's not very convenient (and attachments apparently don't transfer), but it works.

    I understand you guys keep histories, backups and data distributed (which is all great!) but there's always a chance of disaster. I have control if something goes wrong on my end (copies of encrypted backups could be kept off-site, in bank vaults, etc..). If a disaster situation happens on my end and I'm not prepared, then that's totally on me. If something unexpected happens on your end, then I'm basically left helpless.

  • BenBen AWS Team

    Team Member
    edited April 16

    This is what I'm doing now in a manual way. I just created local vaults named after my online ones and will just make sure to copy any changes I make over to them. It's not very convenient (and attachments apparently don't transfer), but it works.

    I would recommend against doing that. Having standalone vaults in combination with membership vaults tends to have unintended side-effects that are best avoided (primarily regarding having multiple separate Master Passwords).

    A routine export to 1PIF stored in an encrypted disk image would be what I would suggest for now, if you feel this sort of backup is essential.

    I understand you guys keep histories, backups and data distributed (which is all great!) but there's always a chance of disaster. I have control if something goes wrong on my end (copies of encrypted backups could be kept off-site, in bank vaults, etc..). If a disaster situation happens on my end and I'm not prepared, then that's totally on me. If something unexpected happens on your end, then I'm basically left helpless.

    What sort of a disaster are you thinking of, and what do you imagine the outcome would be with the current configuration? While the cache is decidedly not a backup it does protect you against our servers disappearing off the face of the Earth. For anything other than that it seems item history covers it? There is some value in offline backups, as we wouldn't be looking at the possibility of building them if there weren't, but their use case seems quite narrow.

    Ben

  • tkatztkatz Junior Member

    A routine export to 1PIF stored in an encrypted disk image would be what I would suggest for now, if you feel this sort of backup is essential.

    Does 1PW 7 support 1PIF? I only see txt and csv. I do also periodically export to csv and then store in an encrypted archive. So I'll keep that idea in mind!

    Also, it appears there's no good way of exporting Documents (unless I'm missing something). When exporting a csv/txt just the names of the files are exported. And Documents aren't able to be copied to local vaults.

    What sort of a disaster are you thinking of, and what do you imagine the outcome would be with the current configuration? While the cache is decidedly not a backup it does protect you against our servers disappearing off the face of the Earth. For anything other than that it seems item history covers it? There is some value in offline backups, as we wouldn't be looking at the possibility of building them if there weren't, but their use case seems quite narrow.

    I really like the idea that the data is cached locally, so that it's still usable in the event the server is unreachable. However, to me caches are volatile. I know that my backups will capture the cache, but is there a situation (even a remote one) where the backup may not capture the cache in a consistent state leading to corrupt data? If so, then obviously it wouldn't be as good as an actual, consistent backup.

    I agree that the use case for offline backups is narrow, and I always hope to never have to use them. Having a cache that can be used in the event of the servers going away or losing data is also a good thing, but its always good to have a safety net in the event the unforeseen happens. I am glad that you guys are looking into the possibility of building support.

  • BenBen AWS Team

    Team Member

    Does 1PW 7 support 1PIF? I only see txt and csv. I do also periodically export to csv and then store in an encrypted archive. So I'll keep that idea in mind!

    Perhaps not yet on Windows. On Mac it definitely does.

    Also, it appears there's no good way of exporting Documents (unless I'm missing something). When exporting a csv/txt just the names of the files are exported. And Documents aren't able to be copied to local vaults.

    Documents can't currently be exported or moved/copied to a standalone vault. The best I've got there right now is that you can save these items out, but that would have to be done one by one. Alternatively you could cache them locally (by viewing each one once) and then back up the cache folder. For me that is:

    /private/var/folders/3b/0x4ym5cn0kv55mz8803qj7v00000gn/T/com.agilebits.onepassword7/com.agilebits.Attachments.noindex

    But I'm not sure if that is consistent across installations.

    Ben

  • On Windows it appears the documents and everything are contained in c:\users(username)\appdata\local\1password\data\1Password10.sqlite - I watched the data folder while viewing several documents and nothing appeared to change. Do we know if that's the case?

    If so then it's very simple to just use backup software to just grab a copy of that directory and the cache is backed up (I verified it appears at least one of the consumer automated cloud backup services will grab it automatically for its regular interval backups), it's not quite as elegant as a true vault export / backup but it'll serve the purpose for now. I'll +1 the idea of a local backup option. The possibility of needing it is very remote, but I'd rather have the option and never need it than the other way around. 1PW is one of those things you come to truly depend on.

  • bundtkatebundtkate

    Team Member

    In theory, @MattW15, saving your local sqlite database could serve as a backup on Windows, but I do only recommend that with caution. There are times where we need to change the database schema so if you had saved such a database when using, say, 1Password 6.5 for Windows, that same database wouldn't necessarily be readable by 1Password 7.x for Windows. Those versions are just meant to be illustrative – I recall we changed that schema sometime in the 1Password 6 days, but my memory isn't good enough that those versions are likely accurate. This isn't something that happens frequently, but it's also not always something that's visible to y'all so the only certain way to know you'll be able to open that database is by ensuring you know which version of 1Password created it.

    Of course, if you're comfortable with those limitations and only looking at this to supplement existing redundancies in other apps and on server, this may be adequate, but I don't like to bill it as a genuine local backup. It's just more finicky than anything I think most would accept from a true backup, so it can serve as a fail-safe, but it's best to keep its limitations in mind and take any precautions you feel are necessary to ensure you'll be able to open it up in those exceedingly unlikely cases you might need it.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file