Requests for better handling of "missing" sync server
In another thread I discussed problems related to manual syncing for 1Password 5. The goal is to sync a laptop computer to a desktop computer's sync folder without using the cloud or Dropbox. I discovered a process that works well:
- For normal use (at home), set the laptop's 1Password sync source to be the desktop computer's sync folder (shared over a network).
- Before traveling or disconnecting, disable syncing on the laptop .
- Use and edit the laptop's 1Password data freely while traveling/disconnected.
- On return home, join the shared network and enable syncing from the laptop to the desktop computer (i.e, choose the sync folder on the desktop computer)
- Select "merge" data with existing data.
The problems start when one forgets step #2.
If you don't disable sync on the laptop prior to disconnecting from the server, an error message appears (as expected) regarding not being able to find the server, followed by a notification message (some time after dismissing several error messages) asking whether you would like to "fix" or "ignore" the error. The correct answer in this situation is "fix" so that you can change the sync source to "None." But if instead you click "ignore," the dialog doesn't return, and the error messages continue to appear every few seconds (indefinitely). Unfortunately, at this point there is no way to "fix" the sync target in Preferences; the Sync panel is blank. You must force quit 1Password, restart the laptop and patiently wait for the dialog to again offer the fix options.
My requests:
- Why not just display a single message, e.g., the fix/ignore notification? (Currently the two messages are redundant and confusing.). Regardless, one shouldn't be presented with the same error message indefinitely. Once is enough.
- Always allow users the ability to fix (i.e., change) my sync target at will, even if the user (accidentally or intentionally) chose to ignore the sync problem by clicking "Ignore" in the notification message.
- Never present users with a blank Sync preference panel; that's not good from a usability perspective.
- Fix the problem that causes the software to freeze up the computer if the sync server can't be found.
1Password Version: 5.3.2
Extension Version: 4.4.3
OS Version: OX X 10.10.5
Sync Type: manual (over network)
Comments
-
Just to clarify...
I think the current method of using a notification to give the user the option to fix a network/folder sync problem is the right approach, but it's only 90% usable because it doesn't gracefully guide the user out of a user error. A few usability tweeks and coding changes could make it 100% usable.
0 -
Hi @syncrasy,
Thank you for taking the time to send us all your feedback & suggestions about that! I'm sorry this has been such a problem for you, and I can certainly forward your comments to our developers. We would definitely like to improve the way 1Password behaves in this type of situation/sync setup in the future. Part of the problem has been that there's no Apple API to notify 1Password when a network drive is no longer available, so 1Password keeps trying to sync even when it can't. (The same problem doesn't happen if you sync to a location on a USB drive, because 1Password is notified when that drive is connected/disconnected.)
However, I agree that this is something 1Password should be able to handle better, so that you don't run into all these problems when it can't sync. After all, your 1Password vault is stored locally on your Mac, so 1Password ought to be able to still function correctly even if the sync isn't working. I'm sorry for the inconvenience!
For now, instead of trying to remember to disable Folder sync in 1Password before traveling/disconnecting, there's another way you can set this up to avoid problems without needing to remember to do anything at all. What we recommend is to set up Folder sync to point to a local folder on the Mac, and then use a tool such as rsync (or another file copy tool) to copy the contents of that folder to/from the network volume/other Mac. You can find some more information about that in our Folder Sync guide.
I realize that takes a little extra work to set up, but since it will avoid the problems you've been running into with your current setup, I thought it might be helpful for you.
Thanks again for your feedback/requests, we really appreciate it! If you need anything else, please let us know - we're here for you. :)
0 -
Drew,
Thanks for the information. At the risk of pre-judging your rsync solution, my impression is that this shouldn't be necessary (and is inconvenient). After all, if I use my described folder sync method correctly, 1Password's existing merge function syncs both Macs perfectly (whether I'm traveling or not). So I'd prefer to use the existing merge function (that's what it's there for, right?), but I'd like 1Password to not freak out so much if I forget to disable sync, and more gracefully allow me to fix the problem via Preferences (whether via the notification message or not). I now understand that the API issue might make this a difficult nut to crack, but developers can be creative! :)
0 -
Hi @syncrasy,
You certainly don't need to try my suggestion if you don't want to - it was merely a suggestion to help you avoid the problems you've been running into. I agree it sounds a bit inconvenient to set up, but keep in mind that once you've done that, you don't need to worry about it anymore. You wouldn't need to disable (or worry about remembering to disable) your sync settings before traveling/disconnecting, you wouldn't need to re-enable sync and merge your data once that computer is connected again, you wouldn't need to deal with the error messages or the 1Password app getting stuck, and so on. It should just work, without you needing to do anything at all after the initial setup.
I have a feeling that would save you a lot of time, but again, it's completely up to you. Sure, it would be even better if pointing the Folder sync option directly to a network drive worked the way you'd like it to work - and hopefully one day it will - but right now, it doesn't. I'm not a developer so I can't personally change the software one way or another. What I can do (aside from passing your feedback & requests along to our developers) is explain how the software currently works and try to give you some suggestions based on your current options. Just like littlebobbytables' suggestion of pointing Folder sync to a pen/flash drive (from your previous thread), it's just an option we wanted to let you know about, so you can make the right choice for your needs.
So, if you'd like to continue with your current method of syncing, that's totally fine! Hopefully we'll make improvements to that in the future so you won't need to worry about the problems that can happen. But in the meantime, if you decide to try a different option and need help with that, just let us know - we're always happy to help! :)
0 -
To syncrasy,
I am also a network drive syncer, with five different Mac and PC computers in our household syncing to the same sync folder located on a USB drive plugged into our Time Capsule. We have never had any problems within our home, but as you note the setup falls apart if you take a laptop away from your home wifi network and forget to change 1Password's Sync Preference to None.
The first time I took our Mac Air on vacation I got into endless trouble when I made the wrong choice and clicked Ignore on the Fix/Ignore message. I finally had to restart my computer to get back to the Fix/Ignore message. Now I have a reminder on the desktop of each laptop that politely says "Hey stupid, set 1Password's Sync to None before you take this computer away from home" - not in those exact words, but that is the sentiment.
As you noted, you can create new logins, add secure notes, or make other changes to your vault info while you are on the road and 1Password will merge everything very nicely when you get home and reset your Sync Preference to the network drive folder.
0 -
Hi @fourwheelcycle,
Thanks for sharing your experience using Folder sync directly with a network drive! :) I think that's basically the same way syncrasy syncs (or at least did, about a month or so ago).
If that method works well for you, that's great! But just in case you don't want to have to worry about disabling/re-enabling the sync settings whenever you disconnect from or connect to the network, please take a look at my previous post for information about another way you can configure Folder sync.
If you need anything else, we're here for you!
0 -
Thanks Drew.
I have noted your previous references about using rsync. I have no doubt that a separate sync routine could be set up to create a more elegant and automatic solution, but I really rely on 1Password and I don't want to risk screwing anything up by adding another software handshake to the mix. Every time I learn to use a new piece of software it is a big deal for me and I am never really confident I am doing things right.
0 -
Drew, I'm still using the network drive sync method. And now fourwheelcycle's story has inspired me to stick a paper post-it note on the outside of my laptop: "Turn off sync before you travel." So the layers of inelegance are multiplying. I realize that there are technical challenges, and while I appreciate the workaround suggestions, I will continue to lobby for a more elegant approach native to 1Password.
0 -
Every time I learn to use a new piece of software it is a big deal for me and I am never really confident I am doing things right.
@fourwheelcycle: Understood. I'm sorry that you've had to struggle with this. It's definitely an area where there's room for improvement. While we don't have a simple solution to offer you right now, be confident that we're here for you anytime you have a question or need help. :blush:
I realize that there are technical challenges, and while I appreciate the workaround suggestions, I will continue to lobby for a more elegant approach native to 1Password.
@syncrasy: Indeed. Please continue to do so! We don't have the resources to do everything we'd like, so customer feedback can really help us determine where we need to focus our efforts. :chuffed:
0 -
To Drew_AG, syncrasy, and any other interested 1P network drive syncers,
Although I have never had any trouble syncing 1P on all of our household computers to the same sync folder located on our home wifi network drive (see my first comment above), I finally got around to figuring out how to set up a completely automated alternative which would allow me to set 1P to sync to a local folder on each computer and also keep each computer's local folder synced to a common "hub" folder located on our network drive.
Even though the setup described below does work and is fully automated, I ultimately decided not to use it since it has so many components and, for me, it does not work any better than just setting 1P's Sync preference to our network drive folder. It does offer the advantage of not requiring 1P's sync preference be set to None each time we take one of our laptop computers on vacation, but that is not a great inconvenience now that I am used to doing it.
Here's an automated routine that will work:
A. Set up a local 1P sync folder with the 1Password.agilekeychain file on each computer and also set up an identical "hub" 1P sync folder on your network drive.
B. Use Apple's Script Editor to create a script on each computer that will mount the network drive. Save the script as an app format and include it as a login item in each computer's System Preferences.
Here is a script that works:
tell application "Finder"
mount volume "afp://your network drive's address" as user name "Your User Name"
end tellC. On each computer, go to mudflatsoftware.com, download DropSync 3, and set up a two way (bidirectional) sync routine for two local folders (the network drive's "hub" 1P sync folder will be a local folder on each computer since it will have been mounted at login). This app is free as a 15 day trial and can be purchased for $15.99 at the Apple App Store. You can also use rsync, but DropSync 3 provides a very nice GUI that uses rsync "under the hood". Or, you can skip step B. above and set up a DropSync 3 routine for one local folder and one network drive folder - this seemed too complicated to me at first, which is why I learned how to do step B. above!
D. You can save the DropSync 3 routine to each computer's desktop and poke it each time you want to sync the local 1P sync folder to the network drive's "hub" 1P sync folder, but with a little more effort you can use DropSync 3's included directions to set up an automated scheduling calendar that will run the DropSync 3 routine every time you log in or every "x" minutes while you are logged in.
Once I performed all the required initial setup steps on one of our four Mac computers I felt very tired and decided not to use this alternative, but people who have had problems setting up a reliable network drive 1P syncing routine may be motivated to try this.
Another thought that came to me as I set up this multi-step network drive syncing alternative is that perhaps people like me should just stop worrying that their fully encrypted 1P keychain data might get hacked some day from Dropbox or the iCloud. For now, I still worry.
0 -
@fourwheelcycle: Thanks for sharing that! I also wanted to follow up here in case it helps you or anyone else with a similar setup.
The devs have made some changes in 1Password for Mac version 6.0.2 that may be of interest. It requires that you disconnect from sync and reconnect. Upon doing so you’ll get opted into the “removable drive support”, so if we sync while you’re disconnected 1Password won’t yell at you and tell you that there are sync issues. Then it can send the changes once you reconnect.
Regarding the question of "hacking" 1Password data, I "borrowed" this from an excellent post by julie-tx:
You can do all sorts of hypothetical projections on "technological advances in hardware cracking engine power", but the single largest advance in dedicated hardware cracking technology in recent years has been the use of GPUs for general purpose computation. We already had Field Programmable Gate Arrays (FPGA) and Application-Specific Integrated Circuit (ASIC) password cracking engines and it has been the GPU which seriously upped the password cracking game.
There is a completely different issue and that has to do with the amount of energy needed to perform the calculations. Just the basic enumeration step of counting from 1 to 2^128-1 consumes an enormous amount of energy. A nation-state may well have the financial means to create a massive pool of dedicated password crackers which could reduce 1.1 million years to something more immediate, but operating hundreds of thousands to millions of password crackers will still consume massive amounts of energy.
Two different estimates have been made, one based on existing hardware technology and another on theoretical minimum energy required to flip a single bit in a circuit. The values are 30GW and 10GW (a gigawatt, abbreviated GW, is a billion watts of electricity, or about as much energy as a million or two homes consume) respectively over a period of an entire year. That's just to enumerate all possible keys, out of 2^128 possible keys. The actual decryptions will involve thousands of bits being changed raising the total energy into the terawatt-year -- a trillion watts consumed continuously for a year -- range. That much electrical power, consumed over that span of time, is beyond the reach of even a nation-state.
The short answer is that truly randomly generated passwords, which are used to derive truly random, strong and unique keys present challenges to attackers which are outside the realm of possibility, even for nation-states.
Keep in mind that in the case of 1Password data, an attacker isn't "simply" making brute force attempts against your Master Password, but rather it has to do the work of hashing for each attempt, which significantly reduces the speed of each attempt. So while it is true that advances in technology will make it "easier" over time, I don't think that anyone could reasonably describe the process as efficient.
Instead, we're talking about going from "wholly infeasible" to "slightly less infeasible". And if the day approaches where it becomes somewhat more plausible, the steady march of technology is slow enough that we can continue to make changes to strengthen security further long before the situation becomes dire. It won't happen overnight.
So ultimately it isn't just that the technology would need to be available to make such a thing possible, there are also legitimate logistical and practical hurdles that would need to be overcome to get things physically setup and running in order to even work on the problem of cracking the encryption on your data...and even then I'm not sure that these resources would be well-spent on you or me. It's fascinating to think about though. :)
0 -
brenty,
Thanks for your update on hacking. Intellectually, I do realize my 1P data is quite safe in the cloud. It's at the emotional level of voluntarily exposing any of my data to being hacked from the cloud that I have my problems.
I realize my greatest real risk is not that my 1P data might get hacked and unencrypted, but rather that hackers might get directly into my Bank of America account through BOA's servers (including via "social" hacking), or that they might get my credit card info directly by hacking into my Apple Store or PayPal accounts. There's nothing I can do about BOA, but I don't leave any credit cards on file at Apple or PayPal. Amazon is one of the few places where I have a credit card on file, and I just hope Amazon's servers are well protected.
I had my SS number and other personal info hacked last year thanks to Anthem Blue Cross, so now I have my credit access locked at all three of the major credit reporting agencies. I couldn't take out a loan or open a new credit card under my own name even if I wanted to. As a final step, I'm considering making a tin foil cap I could wear under my baseball hat.
0 -
@fourwheelcycle Those were great thoughts by brenty, and I totally know what you mean. At this point, it sounds like more of a subjective thing, and a personal preference. 1Password exists because of personal preference. :) We built something we needed, and it's evolved to become something other folks wanted and love as well. I would love to make other rational arguments for not needing to worry about 1Password's data being compromised anywhere so long as your Master Password is strong, but I don't think that's going to get us anywhere. I don't want to convince you of anything — it's best if you arrive at the conclusion yourself.
I know how you feel, regarding bank matters. Those are very sensitive, and it'd be terrible if someone gained access to your account. You can protect yourself against social engineering by changing your security questions to randomly-generated ones. I wrote a nice little post a while back with some ideas about using 1Password's custom fields for this, and I do it myself for bank accounts and even frequent flyer programs. I mean, why not? 1Password is a great place for such things.
I had my SS number and other personal info hacked last year thanks to Anthem Blue Cross, so now I have my credit access locked at all three of the major credit reporting agencies. I couldn't take out a loan or open a new credit card under my own name even if I wanted to.
That's terrible. :( I wish we could help protect against stuff like that, but if you were using a randomly-generated password and the hack was on the part of their servers, I'd recommend reaching out to them and asking for more protection and encryption of your sensitive information.
I hope that's comforting a bit. It's totally fine that you prefer keeping your data off the cloud. I'm glad you got things set up on a local network to serve your purposes well. Keep rocking. :pirate:
0 -
penderworth,
The Anthem hack did not go through individual user account passwords, it right into their main patient databank - they lost millions of patients' info in one fell swoop. They gave me and my wife one year of free credit alert coverage, but I went further and locked our credit files at all three of the major agencies.
0 -
Well I'm glad they helped you out a bit, and that you took some measures to ensure that won't happen again. :)
0 -
I had my SS number and other personal info hacked last year thanks to Anthem Blue Cross, so now I have my credit access locked at all three of the major credit reporting agencies. I couldn't take out a loan or open a new credit card under my own name even if I wanted to. As a final step, I'm considering making a tin foil cap I could wear under my baseball hat.
@fourwheelcycle: I hate to mention this, but...
Tin Foil Hats Actually Make it Easier for the Government to Track Your Thoughts
Just a heads up. In all seriousness, though, I can't tell you how sorry I am to hear about your identity theft woes with Anthem. I read about these things all the time, but it's really different to hear about it from someone personally affected. :(
On a more "positive" note, it's good at least that we get fraud protection through the credit card companies. That's really the only nice thing I can say about that. Unfortunately that doesn't extend to our social security numbers.
The Anthem hack did not go through individual user account passwords, it right into their main patient databank - they lost millions of patients' info in one fell swoop. They gave me and my wife one year of free credit alert coverage, but I went further and locked our credit files at all three of the major agencies.
When I heard "one year", I winced. I can only imagine that you and everyone else affected will continue to deal with the fallout well beyond the year (which I believe has already passed). My thoughts are with you and your family.
0
