Only sharing options are AirDrop or Print (email, message options restored: iOS v6.4.2, Mac v6.3.1)

dhubb51
dhubb51
Community Member
edited June 2016 in Lounge

The only sharing options for an item are Airdrop and Print. What happened to sharing via e-mail or messages?


AgileBits Update:
We've made changes to fix this in the upcoming update. Please see this post for more information.

image


1Password Version: 1Password 6 Version 6.2.BETA-4 (620004)
Extension Version: 4.5.3
OS Version: 10.11.4 Beta (15E64a)
Sync Type: iCloud

«13456710

Comments

  • forgetcomputers
    forgetcomputers
    Community Member

    Agreed! Just tried to do this today and noticed the missing features.

  • forgetcomputers
    forgetcomputers
    Community Member

    Switched to 1PW for iOS for more sharing options.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Hi @dhubb51,

    I've used that sharing frequently, and have found it an extremely useful feature. But we dropped it over security concerns.

    The buzzwordy corporate-speak answer is "individual item sharing over insecure and unauthenticated channels does not meet our current security standards"

    When you use item sharing, it is only obfuscated, as the key used to encrypt the data is not secret. Thus if someone other than the intended recipient gets a hold of it, it is possible for them to decrypt it.

    When we first introduced this we tried to make this clear to users, but we haven't succeeded in finding a way to present the risks to people in a way that reaches the people that it should reach, yet doesn't interfere with the convenience of it. We had also hoped to build on it to develop a secure item sharing mechanism that we were happy with. But as we didn't develop it in that direction, we realized that

    1. The potential for people to use it is ways that harm their security remains significant
    2. We can't keep a less than fully secure feature around because we its successor to appear "any day now".

    We'd be happy to keep it with Messages, but there is no way to guarantee that something sent through Messages won't end up on SMS. So Air Drop remains the one secure channel.

    We try to produce a product that makes it easy for people to behave securely and makes it hard for them to behave insecurely. We weren't able to get that item sharing mechanism to live up to our demands. Some of you who have been with use for a long time might remember the 1Password Bookmarklet. That was also something that got dropped as the threat landscape changed.

    I hope that helps. And let me know if you have other questions.

  • dhubb51
    dhubb51
    Community Member

    Sounds good but sharing via mail and messages is still available on the iOS version. Contradictory. ;-)

  • The feature has been removed from the iOS app as well. We just haven't released it yet.

    Rick

  • trifinity
    trifinity
    Community Member

    Welp, looks like I'll be avoiding future iOS updates. My partner and I share the purchases of software and this is the only thing we've used the messages sharing function. I understand the security risk but you might be able to have both by presenting a warning when sending items over any possibly insecure method.

  • Hi @trifinity,

    It would be less of an issue if people only used it via Messages, since iMessage is encrypted end to end. I'm curious though... why don't you and your partner setup a shared vault?

    Rick

  • trifinity
    trifinity
    Community Member

    We both buy a lot of software licenses and have large vaults for personal use that have many logins as well, about 500 entries in each. So we do not want to share a vast majority of the info in our vaults as they are personal, there is a select few things that we share with each other for shared use.

  • Hi @trifinity,

    That's understandable. Have you considered setting up a secondary vault that's used just for those kinds of shared things? That way you don't have to share the entirety of your vaults?

    Rick

  • trifinity
    trifinity
    Community Member

    Not a bad idea. It would definitely work, we'll have to give it a test run as I have not used the feature before. I'll let you know how it goes.

  • sjk
    sjk
    1Password Alumni

    Glad you liked Rick's suggestion, @trifinity. :)

    The 1Password for Mac User Guide has some information to help you get that set up:

    Multiple Vaults
    Share a vault

    Give us a shout if you you need more help with it. Looking forward to hearing the results of your testing and hoping it's a success! :+1:

  • @trifinity While I agree that Rick's suggestion of a shared vault is the best way to go, note that AirDrop support for sharing an individual item is still possible. As long as you and your partner are in close proximity with your iOS devices, you can AirDrop an item over to their device.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Out of curiosity (with no implied promise to actually offer it), how would y'all feel about an individual share mechanism that was explicitly unencrypted? That is, the sharing would (somehow) make is clear that the item can be read and used by anyone who captures the message.

  • rgoggin
    rgoggin
    Community Member

    Sharing via email was our primary method of sharing passwords (we use GPG encryption for these emails), it is kind of sad that this was removed...

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Thanks @rgogin. It is good that you made sure that you were sending those over a secure channel. I fear, however, that many other people were not.

  • rgoggin
    rgoggin
    Community Member

    Can maybe an option be added in that adds the sharing via email back in? Perhaps have a configuration option that the user accepts that sending via email is inherently insecure?

  • Hi @rgoggin,

    That's something we can consider. I'd be curious to know why you don't setup a shared synced vault instead? That'd be secure and more convenient than email, no?

    Rick

  • rgoggin
    rgoggin
    Community Member

    @rickfillion, we like to keep things internal when it comes to work credentials, etc. And there are a lot of credentials that we don't share that we keep in our work vaults that wasn't really convenient until the more recent "view all" mode for vaults. It might be an option but we don't really have a syncing mechanism in house at the moment.

  • Thanks for explaining, @rgoggin.

    Rick

  • BBabaa
    BBabaa
    Community Member

    Used this with my family daily... Now, thanks to this new attempt to improve security, I now have to send the website link, username, and password via iMessage manually... What is the point at all. Not an improvement... :-(... Airdrop is sooooo unreliable. Half the time in our office people don't even show up. There has to be a better way than what you've done here... I'd prefer you put it back and if people are ignorant then they are ignorant. Just my thoughts.

  • Hi @BBabaa,

    I'm sorry that this has affected you. I'd love for us to develop an alternative that provides real security for this kind of thing. Hopefully it's something that we can tackle in the not too distant future.

    Rick

  • BBabaa
    BBabaa
    Community Member

    We fortunately there is the option to succumb to the extortion and sign up for the $5 / month. Family Plan and share vaults that way. Doing that now. You won. LOL.

  • BBabaa
    BBabaa
    Community Member

    Actually, I've consulted my Time Capsule and decided to revert to 6.1 (610001) for now, maintaining both the older and newer versions for now. Please let me know if a sharing option is restored to the app as you "tackle it in the not too distant future" :-)

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the feedback! It will be great if we can come up with a secure item sharing method (besides AirDrop) for people to use, since the alternative is pretty gross.

  • Box1456
    Box1456
    Community Member

    Share Vault $ 5 Great app not thought I would have this attitude of taking something that was very useful. Will I miss and put in place a paid solution. Shame want my money back I will look for another option of digital wallet.

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    edited April 2016

    I'm really sorry @Box1456. I know it was easy and useful. But it really does have security problems that we felt we could no longer accept. If we could have found a way to do it so that the individual item sharing by Message or Email is safe when intercepted we would.

    A coincidence of timing

    I know that you will be suspicious of the timing of the decision to withdraw the feature with the appearance of a subscription service that allows for secure sharing. I wouldn't believe me either when I say that the timing is almost entirely a coincidence. But the timing really is almost entirely a coincidence.

    For reasons that have nothing to do with 1Password for Families and Teams, we took a closer at some security designs we'd put off while working on 1Password for Families and Teams. Over the past year we'd been working so hard to develop 1Password for Families and Teams that a bunch of routine-ish security improvements were put on the back burner. Things that needed to be done sooner or later were marked for doing "later".

    Anyway, once we had a chance to catch our breath and were no longer engaged in building and designing the security structure for Families and Teams, we were able to turn our attention to some housekeeping. Most of these aren't visible to users. They are about using more robust coding internally, stronger data validity checking. This is the sort of bread and butter of routine security improvements.

    Now I said "almost entirely" a coincidence. And that is true. But there is something behind that "almost". When there is no other way for people to share items, then it is more likely that we will allow a sharing mechanism even if it isn't as secure as we would like. But when there is another way for people to share items, the pressure to keep a less than ideal feature around diminishes. So while the removal of sharing by Message or Email was removed as part of a general security house cleaning process, it was easier for us to roll back the feature because of the existence of some alternative, even though that alternative isn't a full replacement for everyone. So that is the "almost" of "almost entirely a coincidence". But the main reason for the timing is the reason for the timing of a bunch of other security improvements.

    Routine security improvements

    I should say a word for those who might be worried about "security improvements". To quote a slogan, security is a process, not a product. It is something you do, it isn't something you buy or create once. It is normal to have routine sorts of security improvements whose timing can be pushed around a bit, particularly where there is no known exploit. So when I say things like "improved data validation" that doesn't mean that there was a vulnerability. It meant that there was something that could potentially be turned into a vulnerability if enough other things broke.

    So this is part of my job. I go through things and say, "Hmm. if someone got through X and Y and Z they might be able to turn W into something that would help them get through A and B. So let's do this thing in W more carefully." Those improvements don't have to be made today, but they need to be made sooner or later. Either replacing or fixing the security of individual item sharing was something that had to be done sooner or later. But it had already been getting late.

  • PMii
    PMii
    Community Member
    edited April 2016

    Although it sound like that it comes from a good intention, i think the results aren't going to be what you expect.

    First of all, i truly believe that a lot of people will start sharing password in plain text.
    (They started already in my office actually, that's how i found out)
    Some of them because they don't know how else to, some by laziness, some by lack of time on an urgent request, others because the cost of family and team are way too high and some because "oh well, it's just a password, i'll change it later".

    The consequences? Some IT -like me- will start looking at alternatives, not because we don't like your product (it was my favourite up to now) but because we can't risk to have passwords going around in plain text, even if the sharing mechanism wasn't the best at least someone looking over your shoulder could not see it.
    Now they will show up in the notification center of most IOS users... That's great!

    I know i sound bitter and pessimistic but i believe i'm not the only one who is seeing security and functionality being degraded at the same time... and please stop saying Airdrop is THE alternative... it's just not funny!

    And the "Almost Coincidence" argument is "Almost Insulting".

    A not happy costumer who used to share your app with everyone he knows ... will think again now...

  • rr0ss0rr
    rr0ss0rr
    Community Member

    Can't you just copy it into your IM or Email to send it if that's what you want. I worked at a large IT company where it was acceptable to place a password in an email or message as long as the userid was not mentioned.. I believe it's Agilebits responsibility to protect people from themselves ..

  • mhbx
    mhbx
    Community Member

    jpgoldberg

    AgileBits Team Member
    April 18 edited 7:11AM

    this post is unedifying and unsatisfying, though long enough.
    as noted by others the net result is to force sending the info in truly insecure posts, email or message....

    Worse, what is lost is the rather cool ability of the item to show up formatted, with any / all notes, all the parts intact and etc.
    This way the entire thing has to be re copied.

    I create notes and other items for my clients ... and when done send these to them ... it is not even just the pwd/name but all the other stuff and all the other types of elements....

    The external vault issue is problematic, I think, because it seems to make people have to keep a shared vault around just to contain these items... or figure out how to move them into the main vault...
    An unnecessary hassle for non technical users.

    If I understand your solution I'd have to have a single separate vault for each person that I wanted to share someitng with. They would have to go find and attach it... and then what? after they did, I have to have these vaults remain intact?

    Finally per your "its not secure" ... as others say, you could easily put up that message as part of the flow if you need to absolve yourself of responsibility.
    But, as so often happens , you are forcing a bad process , that isworse than the one you feared....

    So unless there is some other hidden reason, why not put it back, and add whatever qualifiers you need to. I think we are adults out here and can handle it.
    In a worse case you could add a check box to the preferences.

    BTW,
    did anything actually ever happen re this? or are you simply being proactive?

  • AGAlumB
    AGAlumB
    1Password Alumni

    First of all, i truly believe that a lot of people will start sharing password in plain text.

    (They started already in my office actually, that's how i found out)

    @PMii: That's what people were doing anyway. The only difference is that 1Password isn't enabling that behaviour now. Those who do wish to behave securely can simply send information after first encrypting it, which is the same both before and after this change. 1Password was not empowering these same people to send the same information securely before either. That was the whole problem. So from that perspective, nothing has changed.

    And the "Almost Coincidence" argument is "Almost Insulting".

    What you choose to believe is entirely up to you, but we've been very open about this even though, frankly, it's a little embarrassing. We really thought we'd have a secure method for individual item sharing years ago. Goldberg was patient, and probably believed that himself at one point. But given that such a thing never materialized, it had to go, and it should have long before now.

    as noted by others the net result is to force sending the info in truly insecure posts, email or message....

    @mhbx: As I mentioned above, people were doing this anyway. Our job is to find a better (i.e. more secure) way for people to share information, not just a different way.

    The external vault issue is problematic, I think, because it seems to make people have to keep a shared vault around just to contain these items... or figure out how to move them into the main vault... An unnecessary hassle for non technical users.

    I agree completely that it is more of a hassle to share a vault, but if your concern is really security (which you seem to indicate in your comments), then isn't it better to err on the side of security when the convenient alternative is so insecure? Sharing a vault means that the data is just as secure as anything else you put in your own personal 1Password vaults, and isn't that why we're using 1Password in the first place? We can't in good conscience keep an insecure feature around that we're not proud of and wouldn't want to use for our own data. That doesn't meet the bar that we — or our customers — expect us to meet.

    Finally per your "its not secure" ... as others say, you could easily put up that message as part of the flow if you need to absolve yourself of responsibility.

    But, as so often happens , you are forcing a bad process , that isworse than the one you feared....

    It's actually the same: whether 1Password creates a new email for your you do it manually, either way you're sending unencrypted data via an insecure medium. In both cases, the only remedy for this is to encrypt it yourself using something like S/MIME or GPG. And at the end of the day we can't absolve ourselves of this responsibility. And if we didn't remove this feature and later it came to light that it was being actively exploited, I hardly think many of our customers would absolve us of responsibly and simply shrug and say, "Well, it's my own fault; I didn't encrypt it!"

    BTW, did anything actually ever happen re this? or are you simply being proactive?

    That's a really good question. To my knowledge it isn't something that was ever actively "exploited", but of course it's impossible to know for certain. We don't track 1Password usage, and it's unlikely that someone malicious who did exploit this would be kind enough to report it.

    We shouldn't be making promises we can't keep, either explicitly or implicitly; and having an insecure item sharing feature in the app is an implicit statement that it's safe. Users shouldn't have to ask on a case by case basis which features are safe to use and which aren't.

This discussion has been closed.