Sync Login Between Two Vaults

FYIJames

A login can be shared (copied) to another vault, but there appears to be no way to keep those duplicate logins in sync?

AGAlumB

@FYIJames: Correct. This is a way to transfer information from one vault to another.

Sync is an entirely separate matter, and is meant to, well...sync the contents of a vault on one device to the same vault on another, thereby maintaining a duplicate copy in multiple places to access the same data. After all, if you're copying data from one vault to another one entirely, this isn't syncing at all. I hope this helps! :)

FYIJames

Thanks @brenty but I was just confirming that there is currently no way to sync a login between two different vaults. It appears that there isn't, so I'd like to make a feature request.

AGAlumB

@FYIJames: I guess I'm a little confused by the request, so it might help if you could elaborate further.

The purpose of having separate vaults is to have different data in each -- otherwise you'd just use a single vault and sync it to other devices, rather than duplicating the same data across multiple vaults. Please let me know what I'm missing! :)

FYIJames

@brenty It's about security and disaster recovery options if a user syncs their vault with iCloud and two-step verification is enabled.

If a user loses their trusted Apple device and their Recovery Key, even if they remember their 1Password Master Password, they will not be able to recover their 1Password data because it's locked up in iCloud.

Like many 1Password users my passwords were created by the Password Generator, and I do not keep a paper record of any passwords for security reasons.

In a worst case scenario a user would not be able to access their vault, and I was just trying to come up with a secure solution to that problem.

AGAlumB

@FYIJames: I think there might be a simpler solution here. I definitely recommend not putting all your data "eggs" in the same storage "basket" -- 1Password or otherwise. After all, it's only a backup if it's a redundant copy.

Fortunately, this problem has been solved. Rather than manually duplicating your data (copying it to multiple vaults, etc.), take your 1Password backup files (much easier to manage than individual items) and store them somewhere safe and secure, such as a Time Machine backup in addition to an offsite backup. Better safe than sorry! :+1:

Multiple vaults aren't a backup; they're there to organize your data securely. 1Password isn't backup software. It will package your data for you to make it easy to backup though -- both locally and externally. I encourage you to do both. :chuffed:

edgrsanchez

The reason I'd like to be able to sync logins between vaults is to be able to do something I was already used to doing on Dashlane before I switched over.

On Dashlane, I was able to share a login with someone simply by clicking share, typing their email, and hitting ok.

They then received a notification in their app and if they accepted the shared login, the login gets added to their "Shared" section of their app, similar to a separate Vault.

If I made a password change on that specific login, it would instantly reflect on their end. If I decided that I didn't want them to have access any more, I could just revoke the shared password and then reset the password for that specific online account.

On top of that, I could either give them limited or full rights to that shared login. Meaning that they can either only read from it or they can edit it as well, which would reflect on my end.

I know I can't compare Dashlane to 1Password, they're completely different under the hood. But this functionality would be nice to have between family members whom I share a Vault with rather than having to copy the login to the vault and then having duplicate logins, or worse, moving the login to the other vault and then someone accidentally deleting it.

littlebobbytables

Hi @edgrsanchez,

How you describe that sounds a lot like how Dropbox allows you to share a folder. This sort of concept is a lot easier when somebody else holds all of your data and can control such sharing in an invisible way. As 1Password isn't centralised we use the slightly less granular approach of a vault and leverage Dropbox's ability to share a folder with another Dropbox user.

Your best option within 1Password is a secondary vault where the items are only stored there. There is the risk that somebody will delete an item but it first goes to the Trash unless somebody specifically says permanently delete this item and don't let it pass go. Even then, each copy of 1Password for Mac will maintain a number of locally stored backups which include all secondary vaults. There would be a few steps involved but it is possible to backup your current vaults, restore a previous backup that contains the now deleted item and then re-add it back to your current version of your vaults. After that all that remains is the finger wagging to the person who purged it completely in the first place. So it is recoverable.

We don't have the ability to set a vault to read-only but I've always been a bit unsure of such a feature. The one thing to remember is that if at any point a set of login credentials are being sent to the browser then the credentials can be captured. If they can be captured then a person can change the password on the site regardless if the vault is read-only or if it is set to not show a password. Plenty may not agree with me but I prefer if we don't create a false sense of security by offering any sort of security feature if it can be easily bypassed in your average browser. That may just be my peculiar perspective though.

Does any of this help at all?

edgrsanchez

Thank you, @littlebobbytables that definitely makes a lot of sense.

What do you think about being able to "move to", "copy to", and "add to" a vault?

Adding to a vault would make a copy of the login to the other vault and it would "link" the two together so that changes made to the login in the primary vault are reflected on the secondary vault.

Of course the issue would be keeping track of the linked login in the secondary vault in case this vault gets moved, etc. That's something that would need to get worked on.

AGAlumB

@edgrsanchez: A lot of that sounds pretty cool, but it's predicated on you and your friend's data being stored centrally in the cloud by a monolithic service (say, "1Password.com") so that it could be accessible to both of you by simply 'linking' the item between accounts...and that just isn't a service we offer currently. Definitely something worth considering for the future though. Thanks for taking the time to tell us what you're looking for! :)

edgrsanchez

@brenty Thanks for listening :+1:

AGAlumB

Any time! Don't hesitate to reach out if you have any other thoughts. :chuffed:

mannvicky

Hi,
I also feel the need of this feature. I share my banking passwords with my accountant. Whenever I change my banking password I want it to be updated in my accountants vault. It saves me a lot of time.
Basically we want to share logins and keep them synced. Like edgrsanchez said "add to" option is a great addition for people like us. I want to keep all my data in my vault and share particular information with people as well as keep it synced.
Hope to see this feature in the coming updates.

:)

rickfillion

Thanks for letting us know, @mannvicky.

We want to do something better for these kinds of scenarios, we're still trying to figure out what that is and what it looks like technically.

Rick