On WLAN Sync in 1Password 7

15678911»

Comments

  • There are a lot of people posting here that could be a little over the top but the fact still lies you have customers wanting an option added back to your product. I have read a lot where its suggested there is no where near enough requests to justify the need for working on this on your end. I get this but has any business thought been given to earlier suggestions I gave such as creating an "Add On" option that we pay for, then you only have to support those users that use it? If not, and this isnt likely on your end either, really at this point you don't see this ever being added to ver7 and this thread should just be more of an "informative" thread for users just discovering the need for WLAN. Just trying to understand a little better the possibilities here. I bought ver7 but have never used since my security beliefs are different than yours. Thanks for your time.

  • LarsLars Junior Member

    Team Member

    @dieseldawg

    There are a lot of people posting here that could be a little over the top...

    Mmmmmaybe. ;) We appreciate passion, though. It means people care. :)

    ...has any business thought been given to earlier suggestions I gave such as creating an "Add On" option that we pay for, then you only have to support those users that use it?

    Thought? Yes. A decision on it? No. At least none that I know of. It's not a bad idea, but it still means developer time spent creating and curating (updating, bug-fixing) an issue. The amount of developer time required to do any such thing will vary from feature to feature, and so will the number of users who would actually be willing to pay -- and how much they'd be willing to pay. Those things (dev time required and number of users actually willing to pay) might very well not align, but even if they did, my own opinion is that we don't want to get into the business of being the digital equivalent of a short-order restaurant: you can have any feature you like as an a la carte option that changes what your cost is. The logistics of the financial end of that alone are forbidding; everyone (or at least a lot of users) paying a different amount from one another due to various "add-on" features, etc.

    Please note that the above is just my own opinion; I don't make those kinds of decisions around here, but I'd be surprised if the folks who do aren't thinking at least partially along the same lines in regard to this. We are always willing and even eager to hear our users' feedback and feature requests, but that doesn't mean we're always going to fulfill them -- it would be impossible to even try to fulfill every one, let alone offer each one as an off-menu "add-on," each with its own separate price.

    I bought ver7 but have never used since my security beliefs are different than yours.

    OK, that's just not right. If you've got an unused license for 1Password 7 for Windows hanging around that you know for certain you won't ever use, we'd be willing to refund your purchase and deactivate the license. We don't want users feeling like they've wasted their money or purchased something they don't need/want. Refunds generally are dealt with on a case-by-case basis, but if you're feeling as if you spent money for nothing, write in to the sales folks here at [email protected] and include a link to my post here, and we'll see what we can do for you.

    Thanks for your time.

    Of course! Thank you for being willing to share some of your own valuable time and your thoughts/wishes for 1Password with us. :)

  • I want to make a few comments on 1Password and why they should offer BOTH 1password accounts and WLAN sync. Individuals have different threat postures.

    1. Our system is a juicier target than your system.
    We are continually under attack. (They are kind of amusing to watch and only very rarely require any manual intervention on our part. But we do keep an eye on them.):

    Correct, and as such the “juiciness” can be so concentrated that it begins to make sense for nation state, and well funded adversaries to come after you. You’ve expounded on your large defense capability. Similarly, you may be overpowered by a larger, more well funded organization. Similar to the mass spying that occurred and was a hot topic in 2013 etc. it is unlikely someone will devote resources to go after every single user as an individual and the nightmare that would entail in terms of breaching everyone’s varied hardware/software.
    One thing that security experts revealed during that time was that it was unlikely if a well funded adversary came after you , you had a chance of defending against it.
    1Password makes the the proposition of attack a good investment. Would it be worth it to devote man hours to breach 1 or 2 users? likely not, unless they were dealing with sensitive information. Would it be worth devoting 1 or 2 security analysts(or more) to breach the entirety of the system? Heck yes.
    Secondly, security history has demonstrated two things:
    1.The security we take for granted (libssh), https, Your VPC, and database etc has indeed been broken before, and likely will be again in the future.
    2. Even the concept of virtualization has been broken with such elements as spectre, meltdown. This is core to cloud computing. Contrary to the funny image you guys posted cloud computing is abstracted resources that are resold to many parties. “its not just someone else’s datacenter” – its anyones datacenter at any point in time. (Some exceptions apply for dedicated hardware provisioning).
    Ultimately, if data never left my disk intercepting it on a network it never travelled down , would be impossible. If someone specifically came for my secrets and accessed my network, then yes sure. I would be at risk, but not necessarily everyone who used the service.

  • I want to make a few comments on 1Password and why they should offer BOTH 1password accounts and WLAN sync. Individuals have different threat postures.

    1. Our system is a juicier target than your system.
    We are continually under attack. (They are kind of amusing to watch and only very rarely require any manual intervention on our part. But we do keep an eye on them.):

    Correct, and as such the “juiciness” can be so concentrated that it begins to make sense for nation state, and well funded adversaries to come after you. You’ve expounded on your large defense capability. Similarly, you may be overpowered by a larger, more well funded organization. Similar to the mass spying that occurred and was a hot topic in 2013 etc. it is unlikely someone will devote resources to go after every single user as an individual and the nightmare that would entail in terms of breaching everyone’s varied hardware/software.
    One thing that security experts revealed during that time was that it was unlikely if a well funded adversary came after you , you had a chance of defending against it.
    1Password makes the the proposition of attack a good investment. Would it be worth it to devote man hours to breach 1 or 2 users? likely not, unless they were dealing with sensitive information. Would it be worth devoting 1 or 2 security analysts(or more) to breach the entirety of the system? Heck yes.
    Secondly, security history has demonstrated two things:
    1.The security we take for granted (libssh), https, Your VPC, and database etc has indeed been broken before, and likely will be again in the future.
    2. Even the concept of virtualization has been broken with such elements as spectre, meltdown. This is core to cloud computing. Contrary to the funny image you guys posted cloud computing is abstracted resources that are resold to many parties. “its not just someone else’s datacenter” – its anyones datacenter at any point in time. (Some exceptions apply for dedicated hardware provisioning).
    Ultimately, if data never left my disk intercepting it on a network it never travelled down , would be impossible. If someone specifically came for my secrets and accessed my network, then yes sure. I would be at risk, but not necessarily everyone who used the service.

  • brentybrenty

    Team Member

    Correct, and as such the “juiciness” can be so concentrated that it begins to make sense for nation state, and well funded adversaries to come after you. You’ve expounded on your large defense capability. Similarly, you may be overpowered by a larger, more well funded organization. Similar to the mass spying that occurred and was a hot topic in 2013 etc. it is unlikely someone will devote resources to go after every single user as an individual and the nightmare that would entail in terms of breaching everyone’s varied hardware/software.

    And that's precisely why 1Password.com users remain safe: because a "nation state" or any attacker would need to target them specifically, and then obtain their Master Password (which they chose and no one else knows) and Secret Key (which is a random 128-bit string generated locally on their device). Neither of those are ever transmitted to us, and both are necessary to decrypt the user's data. No one can take something from us which we do not have.

    If someone specifically came for my secrets and accessed my network, then yes sure. I would be at risk, but not necessarily everyone who used the service.

    Indeed, the potential threat is the same whether you use 1Password.com or local sync: an attacker singling you out to steal your data and the keys to it from you directly.

    The other bits don't apply since we're using multiple layers of end-to-end encryption, not relying on transport security or cloud isolation; but even were that not the case, the fact that the only place the data ever exists unencrypted is locally on the user's device, and only the user has the keys to it, makes all the difference.

  • kojokunokojokuno
    edited November 2018

    I think most the users that are looking for the WIFI sync are somehow advanced users. So I think you wouldn't need to find the best looking and most easy option for us.

    Right now I am using 1P7 for my daily usage and then I still have 1P4 installed for the sync. This works, but it is a bit annoying because of the extra steps.

    Your are always talking about maintenance. That makes sense but let's be honest the sync 1P4 is running great for a long while. Why don't you just grab the code basis of 1P4 and make make a standalone sync app out of it? Then you don't have to code a lot of new things. We all would have an acceptable solution and you could even make a menu item in 1PW7 to install and then launch the sync (you could market it as a free/paid add on). I think you would also make a few more sales to new customers that are sensible with their data. Because you can make your points concerning the security of your cloud service as often as you want but in the end trust and psychology are important factors that you can't change by just repeating your points.

  • @kojokuno: do i understand you right that you have both programs on Windows installed and you can use for both the same local password database file? and then you sync it via the old 1PW4 version with the iOS devices?
    Doesnt 1PW7 have a new PW database file?

    please explain how this works, i would like to try that.
    i also support your idea of a paid add on.

  • brentybrenty

    Team Member

    Both 1Password 4 and 1Password 7 can read/write an OPVault in a local folder. It's just really important to not have them both doing so simultaneously, so make sure you quit all processes for one before switching to the other.

    It is not possible to "grab the code" specifically for WLAN Server from 1Password 4 and cram it into 1Password 7 and have it work. They're completely different apps written in completely different languages, by different people, many years apart. You wouldn't have any better luck taking a snippet of Windows source and cramming it into macOS to get a new feature there either.

  • @brenty I was more referring to the idea of "making the current code basis slim" and to make a stand alone sync app out of it without all the other features. I am sure this is possible without a lot of work. I didn't ask you to port the code.

    @exitstrategy brenty describes it pretty well. I let both versions just access the same OPVault. So for syncing I just close 1P7 and open 1P4 and start the sync process. When installing both make sure you only opt for installing browser extensions with 1P7.

  • brentybrenty

    Team Member

    I don't think it would be a good use of resources to create another app specifically for local sync, based on the small amount of interest (though passionate) in such a feature. I think you underestimate the work that would need to go into developing all of that under the hood and UI, as well as testing it extensively, since we're talking about not reusing/porting existing code -- either way has problems though. I'd argue it wouldn't be justifiable to undertake that, but ultimately it's not my call. However, the reality is that it's irrelevant because we simply don't have anyone available to work on such a project for the foreseeable future. We've got a lot of work underway, and more ahead of us. We're always looking for more people, but we already have other work for them to do if and when we find the right ones. :blush:

    Regarding using a combination of 1Password 4 and 1Password 7, both use the same browser extensions, so that can get pretty messy with both trying to connect. Just one more reason why it isn't recommended or supported, and why it's important to have only one running at a time if you decide to go that route anyway.

  • @kojokuno: installing 1PW4 is long ago and it is currently installed. i checked it today and saw no option in the program to disable browser extensions there. Do i have the option during installation to deselect them? if so, that would be good and support this idea.
    i kinda like it, since i like the new 1PW7 UI.

    @brenty: currenly my 1PW4 file is a keychain file. Will this be converted to a OPVault file when i install 1PW7? IS there any disadvanatge from using a OPVault file with 1PW4 if i decide to drop the usage of 1PW7?

  • bundtkatebundtkate

    Team Member

    @exitstrategy: You don't technically disable the extensions, but instead disable a setting to prevent 1Password 4 from connecting to them via Help > Advanced and unchecking "Use native messaging protocol" in 1Password 4. Thing is, I've personally found they still seem to stumble over one another from time to time. I have to work with 1Password 4 sometimes, so I keep it around, but I follow brenty's advice of ending any 1Password 4 processes before launching 1Password 7 (and visa versa) in addition to disabling that setting. This seems to help when I only need the main app, but getting 1Password 4 to take control of the extension is another story. For that, I use a virtual machine with just 1Password 4. 1Password 7 is designed to be the only 1Password app on your PC. You might be able to wrangle the two into playing nice, but it's not something I've personally found simple or practical. I'm not saying don't try it, but temper your expectations so the worst that happens is you're pleasantly surprised.

    As for OPVault, it will be automatically converted when you open your 1Password 4 vault in 1Password 7. For many, there's no disadvantage to sticking with OPVault with 1Password 4. It's a superior data format that is more secure and for many 1Password apps it's faster, but 1Password 4 can be a bit slower with OPVault, particularly if you have a larger vault. This is something that should be readily apparent to you as soon as you swap 1Password 4 to OPVault, however, so if it's not going to work for you, you should know before it becomes too difficult to back out and return to Agile Keychain. The conversion doesn't delete your Agile Keychain, just renames it, so going back isn't a huge deal unless and until you make a lot of changes to your OPVault. :+1:

  • brentybrenty

    Team Member

    Just to add to what Kate said, also disable 1Password from running on startup in Task Manager. Otherwise you'll have it running in the background all the time.

  • Other ways to sync Mac and Windows? I don't want subscription and don't want to use Dropbox only for 1password.
    So I don't need exactly WLAN Sync, but need a way to sync with Windows. Maybe 1password for Mac should also put .opvault as a folder to iCloud.

  • brentybrenty

    Team Member

    Dropbox and 1Password.com are the only supported options. But a lot of people use the Folder Sync feature to write to a location of their choosing on their local drive, and then use some other software to keep that up to date between computers.

  • bundtkate May 2018
    @cellsheet: While I'll note that 1Password.com syncs everything end-to-end encrypted as well, I'm glad you've found a solution that works for you. Really, this is what we prefer – for you to choose how you'd like to sync, using a cloud service or otherwise. Thanks for taking the time to share. :chuffed:

    @bundtkate To be able to choose resilio sync (or any other 3rd party sync app/cloud service) with 1Password on iOS would require implementation of https://developer.apple.com/documentation/uikit/uidocumentbrowserviewcontroller and unless I am mistaken, that is currently missing.

  • cellsheetcellsheet
    edited January 6

    @bb10 resilio sync on iOS is available at https://itunes.apple.com/us/app/resilio-sync/id1126282325?mt=8

    However, I don’t believe it’s possible on iOS to import the vault nor sync the standalone vault created on the iOS app after attempting this right now. I would personally not recommend this method if you’re on iOS unless you discover a way to make this work through iCloud Drive. I can confirm this works on Android however, for any android users out there.

    @brenty is it possible to add functionality to the iOS app to create/sync standalone vaults the iOS app created to iCloud Drive for true cross platform without reliance on Dropbox? This would allow a bit more control as to how and where the the vault is transmitted as resilio sync does not necessarily require the internet to synchronize from client to client so long as your clients are on the same LAN network. The iCloud Drive should be re-synchronized upon changes from another linked resilio client through P2P since that’s resilio’s protocol (and potentially transmitted as encrypted packets as that’s an option as well), therefore reflected upon sync with iOS to the 1Password app, and vice versa in theory. I can verify this works perfectly on android where you can sync your vault to the file system, and import on the Android app which will be synced to and from other resilio clients (such as a NAS server and a computer for backup/redundancy just in case). This may be an advanced solution and use case, however giving more flexibility for those who want to utilize something like this.

    Edit: Apparently resilio sync makes a “Sync” location on iOS just as there is iCloud Drive, giving users more control as there’s no dependance on iCloud at this point. Perhaps the iOS 1Password app can give us a location selection option for which “Location” we create our vault on provided this is an exposed API? Or even, perhaps, add this as a sync method in general? Perhaps letting users select which location on iOS may be more viable however as less overhead to the code base as far as code changes go.

  • brentybrenty

    Team Member

    I'm not sure that being able to browse files is what anyone had in mind for syncing with a local folder, but it's something to consider. Android is different in that direct filesystem access is possible, hence Folder Sync being an option there. iCloud Drive is designed for document storage, not as a sync mechanism for apps; Apple created CloudKit at the same time to fill the need for database keyvalue storage and sync, and that's a very different animal.

  • bb10bb10
    edited January 7

    @bb10 resilio sync on iOS is available at https://itunes.apple.com/us/app/resilio-sync/id1126282325?mt=8
    However, I don’t believe it’s possible on iOS to import the vault nor sync the standalone vault created on the iOS app after attempting this right now.

    That's what I said :tongue:

    Edit: Apparently resilio sync makes a “Sync” location on iOS just as there is iCloud Drive, giving users more control as there’s no dependance on iCloud at this point.

    Yes, that's the link in my post. :chuffed: Resilio sync (and other sync/cloud apps) use the https://developer.apple.com/documentation/fileprovider extension so other apps can access their data using https://developer.apple.com/documentation/uikit/uidocumentbrowserviewcontroller.

  • bundtkatebundtkate

    Team Member

    I'm just going to echo @brenty's point here – none of these services were really designed to sync what 1Password wants them to. With Android's direct access to the filesystem, we're doing something fairly simple – writing 1Password data to a local folder and leaving it to y'all to decide how your other devices access that folder. On iOS, we'd be looking at something more complicated and probably having to cross our fingers that everything works as we'd like. That doesn't mean these services aren't worth a look, though, and we appreciate y'all sharing. :chuffed:

15678911»

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file