offline usage and "Master password is incorrect"

Looks like this extension will not work at all if the machine is not online. For my personal use-case it's okay because I will most likely have my phone, which does cache data offline. However, it would be nice to access some of the things in my vault even without an internet connection. For example, I use secure notes to keep random stuff in 1Password.

Additionally, I tried logging in while turning my network off and received the message Master password is incorrect, while a message like, Hey, you're offline would be more appropriate.

Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Thanks for reporting this, @berto. You're right, that error message could be a lot better in this scenario. I'll get that fixed up in a future release.

    As for allowing 1Password to work completely offline, that's something I would greatly prefer we do not do as it allows us to avoid storing your (encrypted) decryption keys locally. This is really cool as it means that even if your machine is stolen the attacker will not have any data to run an offline brute force attack against. It's a really nice security benefit of this design choice. The other benefit is it makes the process of changing your Master Password much easier as well.

    The downside is indeed that you need to have an internet connection, but in today's day and age it's pretty uncommon not to. And as you said, in the event this did happen, you have your phone as a backup.

    To me the main benefit of 1Password within Chrome is being able to fill login forms easily, and these sites will require you to be online anyway. So all in all I think the benefits of remaining online-only outweigh the benefits of having a local cache.

    I hope that helps shed some light on this and why we chose the design we did.

  • prime
    prime
    Community Member

    @dteare I agree with you about needed internet access anyways to access 1Password, because we need internet to access everything else. Until I went to my parents one day, and I couldn't access 1Password to get the wifi password. I ended up setting up the guess network, accessing 1Password, copied the password for the main network, and got on.

    All the other 1Password has off-line access/stored locally, so I hope this would too in the future somehow. Now I am just learning Linux, but it seems linux users are a special kind of people... more aware of security and stuff than the average person. Maybe an option in the future to download locally or not.

  • pazustep
    pazustep
    Community Member

    +1 here. It would be nice to at least have the option to store the vault locally for offline usage. I'm using full disk encryption, so having my laptop stole won't expose my 1p vault to additional security risks. I'm sure other security conscious people are doing the same.

    Sometimes we do need to access our vault in order to get online: Wi-Fi passwords, Hotspot passwords and so on.

  • beyer
    beyer
    1Password Alumni

    @prime and @pazustep: Thanks for sharing your input. You bring up some excellent points that we might overlook as we (at AlgileBits) all have 1Password installed on our iOS/Android devices, which for me at least, is my go to "offline storage" of my 1Password data. In fact, when I was in the Military I used the 1Password iOS app daily to type in personal passwords while on work computers. At this point, nothing is set in stone so your voices are heard and we will definitely take this under advisement.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • berto
    berto
    Community Member

    Thanks for your response @beyer; I like the openness agilebits has with respect to these discussions. If I may chime in on this once more I'd like to ask that Linux be considered a first-class citizen here. I understand the number of customers that Linux brings is nowhere near the numbers that your other platforms bring in, but that shouldn't dilute the product's user experience.

    For instance, at work the password manager in use is LastPass. It. Really. REALLY. SUCKS. I've been a spoiled 1Password user for 6 years now (first entry created June 2011!) and using a lack-luster pw manager is such a drag. We'd want to roll out password management throughout our 50-employee company, but LastPass Really. REALLY. SUCKS. We don't consider it usable company-wide, but it works across all the platforms we use (and we use all of them: Mac, Linux, Windows, iOS, Android). The thing keeping us on there: Linux devs. There are only 4, but we can't move to any product if it doesn't work for us.

    In my case, Linux is 8% of our user base, but AgileBits would be missing a 50-seat license opportunity because of it. Are 50 seats enough to sway developing this app? Likely not, but I suppose I'm not the only one in this boat.

    All this to say: I would be extremely happy to have a feature-parity app across any platform I may be on. It would make me selling this as an option much easier.

    Thank you.

  • beyer
    beyer
    1Password Alumni
    edited July 2017

    Hey @berto,

    Thanks for writing a positive (at least towards us) and comprehensive request here. I completely understand where you're coming from here. I would LOVE a Linux client and heck it would be an honor to be on the team that develops it if/when we go down that road. The funny part is we also have employees that run Linux as their primary OS.

    1Password for Chrome is still a baby because the whole project started off as a proof of concept that we could fill items directly (and securely) from 1Password.com to a website. At this point we had two options:

    1. We could sit on what we have and maybe create a Linux client app. Once completed we could have a big release party, but we are talking months or more.
    2. We could release what we have which allows people (who are already paying for a 1Password membership) to not only start filling passwords on Linux/Chrome OS but also contribute ideas to the product.

    To me, this was a no-brainer. Linux users already work with products that require some effort to get running and developers love to help contribute to making software better. Which is where we are at, we have this new extension that is going to get a whole bunch of love because we know we can make it awesome.

    Companies like us are already using the web interface on 1Password.com as a method for their Linux users to access their 1Password.com account. We plan to make 1Password for Chrome so good that they don't need a client application. After that, we need to look at supporting other web browsers which will hopefully not be as large of an undertaking.

    I hope this helps. I wanted to try and give you some insights on this whole project. Please understand that we know how great a Linux client would be. We have our priorities now, which will and already has helped out a ton of 1Password.com members.

    I hope you have an awesome week!

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • damo
    damo
    Community Member

    Thanks Andrew for the explaining the rationale behind Agilebits' decision-making wrt the Linux version. With the full context, it makes sense the approach you are all taking.

    When I first read that the Linux version was a chrome extension, my first thought was to whether it was a thin-client - meaning it doesn't store any data locally and makes exclusive use of the 1password.com web API. Seems my hunch was correct.

    I'm hoping that this isn't going to be a strategic shift in 1p future development. I can see the attractiveness of this approach - write once, run everywhere web technology. However, having a local copy of my vaults provides considerable piece of mind. Australia has pretty poor Internet speed and reliability by 1st world standards, and not forgetting nations not privileged to be 1st world. Being able to access your vault only when you have Internet access would be very problematic. Remember, 1P isn't used exclusively for online passwords. It can store all manner of private information (i.e. the categories).

    Perhaps I am reading too much into this, but the replication between the cloud and native clients is vital.

    Damo.

  • beyer
    beyer
    1Password Alumni

    @Damon: I completely agree with everything you've said here. I can't go into a lot of details because honestly I just don't have them all yet, but our goal is to have a secure offline cache in 1Password for Chrome. There are plenty of arguments for accessing your data offline, in fact, getting something like a WIFI or VPN password might be needed without internet access.

    All of this is to say, we get it and when we can do an offline cache right, we will. Have a great week and thanks for taking your time to let us know what you need to be successful with 1Password!

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • damo
    damo
    Community Member

    I understand. Thanks Andrew.

    D.

  • beyer
    beyer
    1Password Alumni

    Stay tuned, we are improving 1Password for Chrome ... bit by bit! :) :+1:

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • flexorium
    flexorium
    Community Member

    +1 for offline cache (could be an advanced, optional feature), but for me that is planning to have Linux as my new work primary OS it will be nearly a deal breaker if you don't offer it.

    I use on Mac for my family, but at work for my small company with Teams we will need it on Linux very soon. We can certainly work with that current beta online-only - it's pretty good already...

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for chiming in! :chuffed:

    I think that something which may be getting overlooked here is that we do need to be cautious with regard to caching since this runs solely within the browser. We're able to avoid this entirely on Windows and macOS by having data stored in a native app and only sending anything to the browser on demand. So it isn't that we want to treat Linux (or ChromeOS) unfairly, but that a different implementation requires different considerations.

    It's really great to see everyone's feedback here. We'll continue to evaluate things as the beta develops. Cheers! :)

  • lburgazzoli
    lburgazzoli
    Community Member

    I believe that for ChromeOS avoid local storage could make sense but for Linux it is a limitation as well as not having a standalone app (i.e. not everyone is on chrome)

  • AGAlumB
    AGAlumB
    1Password Alumni

    Totally. Both approaches have pluses and minuses. We're working on this since it can be used not only on Linux, but also ChromeOS and likely Chrome and its variants on many other platforms as well. The alternative is a native app which does not exist and would take much longer to develop, so I'm rather happy to have this to use on Linux now. :)

This discussion has been closed.