Linking passwords between 2 local Vaults

thequietman
thequietman
Community Member

First, please never get rid of the local vault. I am the paranoid kind and it seems you are the last good password vault product that can store a local vault without requiring a cloud vault.

Now to my question.
I would like to maintain a subset of passwords in a separate vault or at least be able to sync to my local phone (vial WLAN [please keep this feature too])

I do not want to sync all of my passwords to my phone, only a few that are important if I am not at my main desktop version.
I do not want my mobile device to store all my passwords all the time either.
My current workaround has been to move whatever passwords I need on my phone to the Primary Vault. (Keep everything else in secondary vaults), and only sync Primary to my phone. If I have some that I want temporarily on my phone I have to move those to Primary and move back when done.

I would prefer a way to link a the same copy between the 2 vaults so that if I update one record the other will also update (assuming they have the same name, URL, account, etc.....).
There may be a better way to accomplish this, but I am not sure how to do it with the current version on my Mac


1Password Version: 6.8.7
Extension Version: 4.7.0.90
OS Version: OS X 10.13.3
Sync Type: WLAN

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    First, please never get rid of the local vault. I am the paranoid kind and it seems you are the last good password vault product that can store a local vault without requiring a cloud vault.

    @thequietman: We don't have plans to, which is why we've already announced that the native apps will continue to support local vaults on all platforms in version 7.

    That said, I'd be interested to hear more about what might prevent you from using 1Password.com. We're using the same security model there as with local vaults, but with the added security of the (128-bit, randomly-generated) Secret Key. And that's not because local vaults are insecure, but rather we recognize that the threat model is different when we're hosting the (encrypted) data ourselves — which is why we make sure we never have the "keys" to it.

    Now to my question. I would like to maintain a subset of passwords in a separate vault or at least be able to sync to my local phone (vial WLAN [please keep this feature too]) I do not want to sync all of my passwords to my phone, only a few that are important if I am not at my main desktop version. I do not want my mobile device to store all my passwords all the time either.

    My current workaround has been to move whatever passwords I need on my phone to the Primary Vault. (Keep everything else in secondary vaults), and only sync Primary to my phone. If I have some that I want temporarily on my phone I have to move those to Primary and move back when done.

    I appreciate the details, but while I understand what you're doing, there's one thing I'm not clear on: why are you trying to do this in the first place? Unless you're somehow using a much weaker Master Password on your mobile device (I'm not able to think of a way you could do that though, without also using the same one on the computer you're dying it from) you're literally not any more or less likely for someone to be able to access your data by brute forcing it — which odds are astronomically small, in the truest sense of the word, if you're using a long, strong, unique Master Password.

    I would prefer a way to link a the same copy between the 2 vaults so that if I update one record the other will also update (assuming they have the same name, URL, account, etc.....). There may be a better way to accomplish this, but I am not sure how to do it with the current version on my Mac

    It is not possible to "link" items between vaults, as each vault is encrypted separately. I'd really like to understand this better, because otherwise it just seems like you're making yourself jump through increasingly more constricting hoops needlessly, and that sounds not only incredibly un-fun but also doesn't offer a security benefit. Let me know if I'm missing something!

  • thequietman
    thequietman
    Community Member

    1st, I am still uncomfortable with putting my passwords into the "cloud". In spite of the mitigating controls, which I fully understand, it is my own comfort level at this time that is preventing me from embracing storing them off-prem.

    2nd, It is again some of my paranoia and I prefer keep data storage on my phone as lean as possible (even if it is a few kb). I feel that even with a strong password on my phone with the 1Password encryption, I would rather reduce any potential attack vector by reducing the number accounts stored on my phone to only those I would use from my phone.

    As for my above comments on approaches, I was just inquiring of a way to manage a subset of accounts while also keeping them aggregated in the one view of all of the vaults. However, I suppose if I keep my subset in the Primary vault and keep the rest in another, on my desktop version and view all vaults when working with them, that may be a workaround, and only sync the Primary.

    My reasons may not seem to make sense, but it may just be I am still old fashioned on some things.

  • Lars
    Lars
    1Password Alumni

    @thequietman - Fair enough! We've retained local vaults and WLAN syncing just for people like you who prefer to keep everything as local and locked down as possible. However, it does tend to limit your options in the functionality department. As brenty said, adding those extra restrictions onto yourself means a number of things will be either more difficult to accomplish, or simply not possible. Leaving only the items you want on your phone in your Primary vault is going to be really the only way to accomplish what you're after, for example.

    That's part of the reason we no longer make such an approach our first recommendation for the vast majority of our users, mostly because we've already done the math (literally as well as figuratively) on 1password.com's security, and even published a comprehensive white paper on its security. If you're the technical type, you might want to give that a read-through.

This discussion has been closed.