Backing up 1Password accounts

135

Comments

  • @brenty

    The definition of data loss is when one loses access to data through no fault of their own. While I trust AgileBits has excellent backups, and excellent system security, I have no way to verify either of these things.

    Local backups solves all of the following scenarios:

    • A rogue employee at AgileBits who issues a rm -rf and deletes all server data + backups
    • A hacker who has compromised AgileBits servers who issues a rm -rf and deletes all server data + backups
    • A second team organizer who's finger slips on her iPad and she hits "delete account" and "confirm" accidentally
    • A second team organizer who goes rogue
    • Permanent loss of network access and permanent loss of devices -- no way to restore without internet connectivity
    • The future sale of AgileBits to a less friendly organization that raises prices and locks users out from their data

    I am currently paying for 1password families, and foresee myself doing so in the future, regardless -- simply so I can store a few pieces of information and to assist in accessing my offline local vaults as I have written in other threads.

    However, I will never trust the only copy of my valuable and senstiive data to a corporation. The fact that 1password was originally written as an offline solution was what attracted me versus competitors that are strictly online.

    My main concern is losing access to my data. I have a backup strategy in place just in case my house burns down. I hope this never happens, and I doubt it ever will. But I plan for this possibility.

    Similarly I need to plan for waking up tomorrow morning and AgileBits has disappeared. This is even more relevant given the current dicussion on sustainable pricing for companies. AgileBits is specifically moving to this business model to ensure they are sustainable. I however need to have some sort of backup to my most critical data in case, in the worst case, AgileBits does not survive.

  • I would think if Agilebits disappears, the backup would need to be in a format that the 1P app can read

  • brentybrenty

    Team Member

    Indeed, but I'd take it one step further: if the destruction of AgileBits is what we're planning for, an even better option than backup files that only 1Password can read is to export the data periodically in a human-readable format. That way no matter what you can always access it. Just be sure to keep it in a secure place.

  • natehouknatehouk
    edited April 2016

    @brenty

    Why do you say that an unencrypted human readable format is required to be exported?

    The only thing that is needed, if AgileBits disappears, is the public data format as documented here: https://learn2.agilebits.com/1Password4/Security/keychain-design.html

    The value of an open standard is described here: https://blog.agilebits.com/2013/03/06/you-have-secrets-we-dont-why-our-data-format-is-public/

    Is this not the same format being used for 1password for families/teams?

    No local backups + this dicussion makes it seems AgileBits no longer believes the words written under the subsection "No lock-in". Which is worrisome.

    I think these two paragraphs are the most relevant:

    I have more than 1500 items in my 1Password data, and it would be absolutely catastrophic if I were to lose access to these. This is, of course, why good backups are essential and why I need a Master Password that I’m not going to forget. “Data availability” is the jargon used for this aspect of data security, and it is one that people often overlook. Years ago, I wrote about the importance of backups in “Keeping your data at your fingertips (Part I)“, then I wrote about being sure you have access to those backups. Now it’s time to talk about part II of that first article: avoiding data lock-in.

    Could you lose access to your own password data if we disappeared from the face of the Earth or turned evil? We have no plans to do either, but you should know that even if the worst were to happen to AgileBits, you would still have access to your data. One of the reasons for this is that, once you have purchased a copy of 1Password, you can continue using it forever as long as you have an operating system that supports it. Our (rare) paid upgrades are optional.

  • brentybrenty

    Team Member

    @natehouk: That's a bit over the top. I didn't say "required". You're really missing the point. The concern a few people mentioned is the disappearance of AgileBits. If that happens, you can't rely on the 1Password app, which would certainly no longer be updated in that event, and potentially be unavailable to download and install. As I mentioned in my comment, that's the concern I'm addressing when I recommend human-readable export.

    Also, not everyone is a coder, so having an open format doesn't mean we can all write our own readers for 1Password data. You also can't necessarily count on another entity to do this for you. And of course 1Password Families/Teams does not use AgileKeychain or OPVault. It uses an SQL server database, which the software can read, which in turn supports exporting, which any of us can read, should we have the need to access our data completely separate from 1Password, or to import it into another vault or another app entirely. That's what "no lock-in" means.

  • SmudgeSmudge Junior Member

    It is obvious by this thread that your users need a local backup of their vaults. We appreciate the wonderful 1P for Families feature you have come up with but it is missing a vital piece. After all, isn't stuff like this why you ask for feedback?

    May I suggest you integrate the existing backup function in the 1P app to include all vaults in the Family account? It would be a local copy of the data but not directly loaded into 1P. If something happened to the online system, a user could import the backup file into the 1P app as local vaults. To import another family member's private fault, they would have to enter that user's master password.

  • JacobJacob

    Team Member

    @Smudge We ask for feedback to get different perspectives on how people use 1Password. We're a small group of AgileBits, so we really appreciate the diversity our awesome users bring. That being said, feedback does not create functionality. Even needing that functionality doesn't just create it. Something like this would require quite a bit of work, and even I, a team member here at AgileBits, underestimate how much time and energy goes into the software we craft.

    It's easy to see it as a feature I need, and I have that perspective on a lot of things. Sadly, that's not the reality for us on the development side. We have to choose what new things to develop, what bugs to fix in the next release, and which ones to put off. Saying no to bugs especially is hard, because there's always someone out there who is affected by it, even if that's just one person. I don't like seeing things come down to numbers, but it's a logical approach as far as fixing bugs and implementing new features. Even some requests that have hundreds of votes aren't implemented yet. It's not because we don't want them either, it's because we made a choice to do something else instead. And that's okay, because you can't do everything, even if you have a team of several thousand. There are always people outside the box you foresee. ;)

    So when we say that this is something we're considering, it is. I'm sure there are some folks on our own team who would love to have this just for the peace of mind. And that's what it comes down to for a lot of people. I personally want it when I think about all my stuff sitting on a server that's not near me. The reality, though, is that we've built something marvelous here and it's going to keep growing and getting better and gaining new features and those new features might delay other ones that some people need. We don't take the decisions lightly, you just don't see the logic behind them. If you did, that might help make them less data and more human — less absolute and more alive. It's all in the mindset.

    But hey, mindsets don't build things either. It's awesome that you and all the folks in this thread are excited about this new Families thing we created. When we first launched, I'm sure we were secretly scared about what people might think. We spent quite a while developing this for our devoted users, and we didn't want to let them down. That happens, though. I'm just excited to see where we can go, and I'm so glad we've got your support. I'm glad you're using 1Password and giving us feedback based on your use. It is valued, and whether this particular feature is built or not I hope you continue to share our excitement about what we're building. :love:

  • tommyenttommyent
    edited April 2016

    Just realized I brought up the directory on Saturday :p

    There must be something that I'm not thinking of because I have not seen this mentioned so correct me if I am wrong but could this not be solved by simply backing up /Users/tommyent/Library/Application\ Support/1Password\ 4

    I assume the passwords are in one of the sqllite database the documents are in the b5.sqllite and the b5DownloadedResources directory etc. The only real issue that I see is the documents since they currently don't sync automatically. Anything that was added through the web interface would be lost.

    So in the event of some catastrophic disaster that folder could be restored to a previous version and read using the 1Password App.

  • I understand Agilebits doesn't want to implement this feature, but, from an information security standpoint, it is a necessity.
    The heart of information security, from Wikipedia, is confidentiality, integrity, and availability.

    If the password information isn't available when needed, which could occur if AWS goes down or as a result of the many other reasons suggested in this thread, we lose availability.

    Without local backups, I don't think it is fair to say 1Password Teams will keep a user's information secure.

  • brentybrenty

    Team Member
    edited April 2016

    @tommyent: Correct. Simply backing up that folder will include all 1Password databases. However...

    @Chdsbd: It isn't at all that we don't want to improve backups. However, keep in mind that for the most part this would be a placebo. If your Mac is lost, stolen, or destroyed, your local backups will almost certainly suffer a similar fate. And most importantly, the 1Password Teams/Families database on your Mac (or other devices) is a local backup of the server's data. Any additional backup functionality would simply be duplicating that. Also, if there's something wrong with the server's data, you'll have a copy of that and be backing it up. Data integrity and availability depend on the server any way you slice it, so that's where e're focusing our efforts currently. But you have a copy on each device if needed. And finally, adding another layer of local backup won't do anyone any good unless there's a way to restore it.

    I think that it's worth doing, if for no other reason than peace of mind, but I think we have to be realistic about the fact that individual devices will always be the weakest link in the chain, since for nearly all of us they will depend on consumer hardware, software, and internet connections, all of which lack redundancy and are more prone to failure than the server infrastructure. And if you're like me and you're also using offsite backup services, well...you're probably depending on AWS, S3, or something similar behind the scenes anyway.

  • @brenty sorry but however what? You lost me not sure what in there was the however for me. So it will include all the data so could I not just restore it and open it with 1Password?

    My local backups could be stolen or destroyed it would not matter since it's replicated in two other locations. One being S3 ;) As far as integrity and availability I can restore going back to 1Password 3 with a minimum an hourly schedule on 3 different machines. Though those would be different format. I strive personally for the rule of three when it comes to important data.

    I admit there is something unsettling about the thought of not having that shiny backup I don't have a huge problem with it. S3 is 99.99999...% and can sustain concurrent loss in two locations, you guys are versioning and doing full backups plus I have the local copy on 5 devices. That in itself is a lot of redundancy but I admit I have been backing up the 1Password directory as well. Assuming that I could just restore a previous version which I believe is correct. I feel like I may have talked about it with Dave Teare but my memory is not the greatest :) so who knows.

    Anyway if I am correct I just thought instead of the back and forth of why it's needed or not needed it's a solution for some people at least for passwords. Documents not automatically syncing is a whole nother thing and I would like to see fixed for more than just backup purposes but for the time being you can go through and click to view which will download them. Having this scheduled in a third party backup I would think make some people happy.

    Just my 2 cents but I think anything beyond the local cache, server, server backups etc is preparing for a catastrophe and if that's the case I'm not sure relying on a 1Password backups/formats is the way to go. As someone else mentioned somewhere in this thread I think at that point it should be a published data format. Trusting 1Password to handle redundancy may be scary but is no different than trusting the banks with your savings/retirement. You don't have a backup of your money and in a catastrophic event could be completely wiped out.

    Well keep up the great work guys.

  • brentybrenty

    Team Member
    edited April 2016

    @brenty sorry but however what? You lost me not sure what in there was the however for me. So it will include all the data so could I not just restore it and open it with 1Password?

    @tommyent: Sorry for confusing things there! I wanted to answer your question directly, but it lead into my response to Chdsbd as well. But yeah, the "However..." didn't have the desired effect. :blush:

    Anyway if I am correct I just thought instead of the back and forth of why it's needed or not needed it's a solution for some people at least for passwords. Documents not automatically syncing is a whole nother thing and I would like to see fixed for more than just backup purposes but for the time being you can go through and click to view which will download them. Having this scheduled in a third party backup I would think make some people happy.

    I think you summed up the backups and Documents situation there quite nicely. Those are two things where we all agree that there's room for improvement, even if there's some disagreement as to implementation. Thanks for your feedback and patience while we work out the details. :)

  • Long time user of 1password (from 3.0 forward) and excited about moving to 1password for families.

    Please, please add anther vote for a local backup feature. Even with the best testing and debugging, syncing services and server-side storage still sometimes mess up.

  • I would like to add my vote to local (automated) backups.

  • BenBen AWS Team

    Team Member

    Thanks, folks. :)

    Ben

  • ozarkcanoerozarkcanoer Junior Member
    edited May 2016

    +1 for me wanting an option to have automatic local backups of my Personal and other vaults.

    Am I correct that if I copy all items from my Personal vault to Primary I have made a local copy?

    As a test I just tested creating a 'test note' item in Personal with a field containing '1' and Share/copy to Primary. Then I edited the note in Personal and changed the field to '2' and repeated the Share/copy to Primary. Then I switched to Primary and saw two items with the same name 'test note', one with '1' and the other with '2'. That indicates to me that I can't just copy all items to Primary periodically without removing all items from Primary first if I want to maintain my own local backup there.

  • khadkhad Social Choreographer

    Team Member

    Vote added! Thanks, @ozarkcanoer. :)

    And you are correct about copying items. You would want to empty the local vault and then copy all the items fresh to make a new "backup". (I only put it in quotes since it is a bit of a workaround. The data is indeed copied locally, so you can consider it a backup of those items.)

  • A local backup to which I can point my Mac / Android / iOS local applications would probably satisfy most of our needs. If there were an outage or a hack or whatever, being able to tell the local app, "Hey, ignore the family vaults you can't get at right now. Instead, take a look at this local set of vaults." would mean that we can still access our Web-based lives, with the exception of any passwords changed since the last local copy was created. Maybe that local copy lives in Dropbox. Maybe we have the ability, when the outage is over, to upload changes made in our local copy to update the cloud version. Maybe if the entirety of the cloud version was destroyed, we could upload the entirety of the local copy (which may be a fairly simple case of using the existing item copy operations, but in bulk).

  • JacobJacob

    Team Member

    @RonHeiby Hmm, I'm not sure if a local backup would be necessary in that case. 1Password Families supports offline usage. If your device doesn't have an internet connection, you can continue using it as you always would. And having a local copy that lives in Dropbox honestly wouldn't be any different than 1Password Families — they're both stored somewhere that needs an internet connection to access. :lol: Even in the case of an outage on our end, the apps are smart enough to know that the server is down, and they won't lose any data.

  • I am not concerned with being unable to access my passwords when my Internet connectivity is down.

    It is good to know that the various apps will continue to operate when unable to reach the copy on your servers.

    What happens if someone hacks you and wipes out all of our vaults? I hope that in addition to maintaining multiple replicas, you have some kind of reasonable tape backup strategy in place and periodically tested. (I could tell you stories....)

    But, in the mean time, while trucking tapes back from the salt mines, it would be nice to have something usable. Maybe from what you've said, I am correct in inferring that (say) the Mac app is clever enough to recognize that if it's holding 500 login / password records and suddenly your servers are holding 0 to a small number, that maybe something weird happened and the user should be prompted. I'm guessing that I am not correct, though. I think that the app is clever enough to recognize complete inability to access the servers and provide for local manipulations. And, if the outage lasted for an extended period, I could copy everything back to my DropBox (Primary) vault, or a new one created for the purpose, even better.

    So, maybe we need only worry about a hacker or disgruntled employee. And maybe we don't need to worry about that, if the app is capable of detecting that the server copy does not exist and not wipe out the local copy. And if the encryption prevents a hacker or disgruntled employee from bypassing that detection or replacing our vaults with bogus ones.

    Still, in case you some day go out of business or are acquired by a company that discontinues the Family service abruptly, having a usable (if only for import elsewhere) local copy would make me, at least, if not everyone, feel more comfortable.

    Not saying that it should be a P0 priority thing. But it's probably something to be done in 2016. Meanwhile, be sure that all your employees are fully gruntled. :-)

  • khadkhad Social Choreographer

    Team Member

    @RonHeiby,

    Everyone here is extremely gruntled. :)

    Since the data is stored locally on your Mac, any backup of your system will include the data — Time Machine, SuperDuper, Crashplan, BackBlaze, etc. — presuming, of course, that you don't exclude your home folder from those backups.

    The data is stored in ~/Library/Application Support/1Password 4 and can be restored to that same point from a local backup.

    Even if we are abducted by aliens, you will still have your local data and, with a backup of your own (part of good computing hygiene), you can even restore from that if your computer is abducted by aliens.

    There is always room for improvement, though. It would be nice to have local backups of vaults from family and team accounts just like 1Password already created local backups of other vaults (Preferences > Backups).

  • Thanks, @khad. Just to be sure I'm clear, the data stored in the Library directory you mentioned contains all of my data, including my data stored in my Family account, including all vaults shared with me. It just doesn't include vaults not shared with me, like my wife's Personal vault.

  • omahajimomahajim
    edited May 2016

    @khad , I think I'm missing something regarding your statements about local storage. In ~/Library/Application Support/1Password 4 , I see data and backups (among other folders), last updated in December 2015, when I apparently upgraded from 1P 4. I'm now running 1P 6.2.1 MAS version on El Capitan, and the only recently updated local storage location I can find is in ~/Library/Containers/[a string].com.agilebits.onepassword-osx-helper/data/Library/Backups (with the oldest one dated a half hour after the ending time of the most recent file in the 1Password 4 folders as noted above).

    I don't see any correlation of current data to the old 1Password 4 folder.

    Furthermore, I don't see any evidence that backups of any 1P for Families data is the in new Containers backup location noted above. I created a test item and a test document in my Personal 1PF vault, then performed a backup in 1P 6.2.1. The Containers folder noted above says the same number of items and attachments before adding those items. Then, I created a test item with an attachment in my Primary (local) vault, then did another backup. The backup item and attachment count incremented as expected with those two new items.

    The implication late in this thread is that Family data is included in these local backups because it's present in the locally cached data in our client app, but I don't see that being the case. I simply can't tell where locally cached data is stored... and the post further upthread that referred to a FAQ about where 1P 6.2.1 stores its data locally doesn't clear it up for me. In fact, the link to the referenced post "where does 1P store my data" (or something to that effect) just goes to a list of FAQ entries, not a definitive explanatory post.

    Maybe I'm misunderstanding the last few posts in this thread. Thanks.

  • khadkhad Social Choreographer

    Team Member

    Sorry for the confusion, @omahajim. You must be using the version of 1Password from the Mac App Store. In that case, your data is stored in a different location.

    Mac App Store

    ~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword-osx-helper/Data/Library/Data/
    

    AgileBits website

    ~/Library/Application Support/1Password 4/Data/
    
  • Thanks @khad - that makes sense now. What are the three .blob2 files dated August 2015 however? I changed from the website to MAS version (apparently) in December 2015.

  • khadkhad Social Choreographer

    Team Member

    @omahajim,

    The blob2 files are encrypted binary blobs of your file attachments in the database.

  • @khad - Could you confirm my interpretation (last May 7 post) or clarify further? Thanks.

  • khadkhad Social Choreographer

    Team Member

    Ah, yes, @RonHeiby. My apologies. I thought I had already replied to you earlier. My mistake. :)

    You are correct in your assessment. :+1:

  • Just switched to 1Password for Families and wondering what are the right files to backup for the new Windows version. Thanks.

  • brentybrenty

    Team Member
    edited June 2016

    @sebastian_bauer: Great question! While this may change in the future, the 1Password for Windows version 6 beta stores its data in %LOCALAPPDATA%\1Password, whereas the Windows Store app uses %LOCALAPPDATA%\Packages\DC5C6510.1PasswordAlpha_2v019pwa6amcg currently. Cheers! :)

This discussion has been closed.