Best practice for data file

Hi all, I purchased 1Password yesterday and am currently building my accounts list in the product. Although new to the Mac world and to 1Password, I'm no stranger to password products. In my Windows PCs, I was using one of the many competitor password manager products (no need to name names here I believe) and the fundamental difference in the sync philosophy of 1Password is where my problem lies.

Regardless of everything I read in this forum about the security of my datafile in the cloud, I just don't feel comfortable having my digital life out there, at the mercy of the whole world. Yes, I know, potential hackers would still have to get into my Dropbox account and also break my master password, but still why take this chance?

I was wondering whether it's possible to copy my data file (currently at the default Mac location) on my NAS server, take all backups on NAS as well, and have all clients (MAC, Windows, iPad) syncronize their records from the NAS server. Is this possible?

Comments

  • khadkhad Social Choreographer

    Team Member
    Welcome to the forums, cutter! Thanks for taking the time to contact us.

    It sounds like you are already aware of how secure your 1Password data is in the cloud, but for the benefit of others coming across this thread, here is a link to our document which explains it in great detail:

    Security of storing 1Password data in the cloud

    The 1Password data file has been designed to withstand even sophisticated attacks such as password cracking performed using the pre-eminent password cracker John the Ripper:

    1Password is Ready for John the Ripper

    At this time the only method of syncing available in 1Password for Windows is Dropbox.

    We do not recommend or support storage of a data file on a non-startup volume (i.e. external, network, etc.) as 1Password is very read/write intensive. The concern is one of data availability, a key component of security.

    I hope that answers your question. Please do let me know if my reply has raised further ones. I'd be happy to help.
  • cuttercutter
    edited January 2013
    Thank you for your answer Khad and Happy New Year to all!

    I'm still not sold on Dropbox safety and looking for alternative ways to use 1Password. Would it be possible to enable Dropbox (just to copy the data file and effectively sync all my clients) and once that's done, disable Dropbox, delete the data file on Dropbox and revert back to local copies?

    I realize that this will create administrative overhead on my part (maintain possibly different datafile copies on each device) but I plan to add accounts only on my main home computer; the others would only be used to login to accounts, not add new ones. So, could i do that and then for backup reasons, copy my main home computer datafile from its default location to my NAS server for safekeeping and restore purposes if needed?
  • khadkhad Social Choreographer

    Team Member
    edited January 2013
    There are good solutions for Mac-to-Mac, Mac-to-iOS, and Windows-to-Windows syncing that do not rely on a central server, but Dropbox is the only solution for true cross-platform syncing. Since the data is just a file bundle (which shows up as a folder in Windows), most any file-based sync solution will work locally on the desktop.

    I'm still not sold on Dropbox safety and looking for alternative ways to use 1Password. Would it be possible to enable Dropbox (just to copy the data file and effectively sync all my clients) and once that's done, disable Dropbox, delete the data file on Dropbox and revert back to local copies?

    You can use tools like ChronoSync and rsync (DeltaCopy on Windows) to keep your data file up to date across multiple desktop machines without any Internet connection because third-party apps have access to the file system on the desktop and can sync the files directly. There are some caveats, but most of the known issues with specific sync solutions are covered in the User Guide:

    http://help.agilebit..._solutions.html

    As you may know, the situation is pretty different on mobile platforms where apps are sandboxed and don't have access to the file system. So, for example, the Dropbox iOS app can't and doesn't have any roll in syncing 1Password on iOS. Any syncing in the mobile apps needs to be built in to the 1Password app itself. The problem is that there are not really great ways to do this with the majority of sync solutions. Dropbox provides two things that are very important for syncing 1Password data:
    1. It provides the necessary programming tools (APIs) for all of the platforms that we support: Mac, Windows, iOS, Android, and Windows Phone 7.
    2. It provides syncing to truly native filesystems for Mac and Windows.

    We've gone into greater detail in our "Alternatives to Dropbox cloud syncing" support article:

    http://support.agile...-drive-skydrive

    If all you need is desktop syncing, there are many options available to you, and they are listed in the aforelinked section of the User Guide above. Please do be aware, though, that you will need a true sync solution. Storing 1Password data on a network share or external volume is neither recommended nor supported. You want to make sure that each machine has an entire copy of the data stored locally for performance and reliability. A key component of security is data availability. :)

    You can store copies of your data wherever you wish. The only issue with network and other external volumes is with using them as the location of your active data file.

    We are working on a USB sync solution on the Mac, but I don't have a time frame for when it will be available. And I am not sure what the status of it will be in Windows which is a completely different OS. It may not be possible to do it in the same way on Windows. It's too early to say for certain.

    Syncing is complex. There are a lot of moving parts. That is why we have worked extremely hard on a sync solution that is truly cross-platform and "Just Works". If you wish to roll your own, I wish you the best of success. However, we cannot provide support for custom sync solutions.

    If we can be of further assistance, please let us know. We are always here to help!
  • Hi again Khad, thanks for all your assistance. I finally decided to keep things simple, keep the data file on my workstation only and create a backup on my local NAS server. However, when I tried to change the location of the backup folder to point to my desired folder on my NAS share, I can only get to the share and everything else is greyed out and I can't navigate to the required folder.

    At first, you'd think it's unrelated to 1Password (probably a permissions issue) but I can navigate just fine to the contents of the network share and my desired folder from Finder. Can you please help?
  • khadkhad Social Choreographer

    Team Member
    Both the active location and the location of 1Password's own backup folder must be on the startup volume (or at least an internal volume). I'm sorry if my earlier post was confusing. I should have been more specific. The sort of backup you will want to have on your NAS is the kind that a third-party backup solution will provide: a copy of the contents of your Home folder or startup volume (or a subset of the files therein). So 1Password is always reading and writing to the startup volume and the files it creates are never "pulled out from under it". Rather the third party backup solution you have in place should copy the "Backups" folder, your active data file, or any other files you want backed up. Not to state the obvious, but if you only store the files on the NAS it isn't really a backup. :)

    I hope that helps. Please let me know.
  • As I understand, you are already working on an updated release (USB sync support among other things). You might want to consider adding support for the creation of backups on network locations. I understand the argument to be made regarding availability by making the location of the active location of the datafiles on the startup volume, although I was happily using similar programs in Windows for years and accessing the active datafile as well from the network. Not allowing even the backup however to be created on a network location directly by the application makes no sense, at least to me.

    Please don't get me wrong, I don't want to imply anything or undermine your app in any way. Whether or not 1Password as it currently works, fits my specific needs and purposes has nothing to do with the indisputable fact that 1Password is an overall excellent program. I'm only providing suggestions for improvements as a customer and end user, hoping that I can use it the way I thought I could before purchasing.

    Thanks again for your support and your time.
  • khadkhad Social Choreographer

    Team Member
    Thanks so much for your feedback, cutter! I will definitely pass it along to the developers.
This discussion has been closed.