Why don't tags properly sync via WLAN?

BZZZZZ
BZZZZZ
Community Member

My wife and I have been using 1PW for years. To protect the privacy and security of our 1PW data, we sync between our MacBook Pro computers via a 1password.opvault that we store within a folder in the very secure and fully encrypted Tresorit cloud in Switzerland. We sync between our individual MBP computers and iPhone X phones via WLAN connections. The Tresorit folder sync works just fine. However, I noticed today that I have 83 items in the "Banks & Bills" folder of 1PW on my computer but only 53 files in the same folder on my iPhone. I tried disabling and re-enabling sync on both devices. (My wife's computer is off.) The discrepancy remained. Yesterday, I created two new 1PW items on my compute, with respect to a new bank account. The cards are tagged "Banks & Bills" and appear in the "Banks & Bills" folder in 1PW on my computer, but they never WLAN synced over to my iPhone. Does anyone have any suggestions on how can fix the discrepancy? Thanks.


1Password Version: 7.2.1
Extension Version: Not Provided
OS Version: OS Mojave 10.14
Sync Type: Folder

Comments

  • Hi @BZZZZZ

    Do you have multiple vaults on the Mac? If so are they all enabled for WLAN sync? If that does not explain the issue I’d suggest reviewing our WLAN troubleshooting guide:

    If you're having trouble using the WLAN server | 1Password

    Ben

  • BZZZZZ
    BZZZZZ
    Community Member

    Thanks Ben. We share only one vault, the Primary Vault. I did review the WLAN troubleshooting guide before posting here. I'll look at it again. I used folders with an AgileBits keychain for years. I tried but didn't like sharing with family in a 1Password online account. I wasn't satisfied with security from hackers. I had a long, friendly conversation with Dave Teare and decided to go back to syncing our computers via a folder in our very secure, encrypted Swiss cloud, "Tresorit". Moving to an online account and back to standalone converted my folders to tags. I didn't understand the significance of the change until last night, when I was reading from the 1PW Knowledge Base. I'm cleaning up and better organizing my tags. When that's done, I'll get back to working on the WLAN issue, which may cure itself with better organized tags. I'll probably uninstall 1PW from my iPhone and reinstall, because I'm already seeing an old 1PW folder on my iPhone that's been cleaned out of 1PW on my MacBook Pro during my tags reorganization.

  • BZZZZZ
    BZZZZZ
    Community Member

    I reorganized "Tags" in 1PW on my MacBook Pro , which removed maybe 10 old "Folders" and left me with 26 collections of "Tags". When I used WLAN to sync 1PW on my MacBook Pro with 1PW on my iPhone, I still saw the old folder structure, containing many of the items that I'd removed when I reorganized tags. I removed and reinstalled 1PW on my iPhone and refreshed the WLAN sync. Same result. I marked 1PW folders and files in my MacOS Mojave "Library" "OLD_", deleted the 1PW app from my MacBook Pro, downloaded and reinstalled a fresh 1PW app on the MacBook Pro, opened up the last 1PW backup.zip, saw my new Tags structure, did another WLAN sync, and saw the same old, now incorrect Folders structure in the "Organize" pane of my iPhone's 1PW. I was bummed! Then, I scrolled down past the "Folders" area and realized that the entire new "Tags" structure appeared further down in the scroll. The Tags correctly showed the new Tag structure I'd created on my MacBook Pro. I tried to "Edit" and tapped minus-signs, trying to remove old Folders. No dice. I tried to "Edit" and tap minus-signs to remove files from within old Folders. Again, no dice! SO, as far as I'm concerned, AgileBits needs to do some work, to allow its customers to remove the old AgileBits.keychain Folder structure from WLAN syncs. I hope to hear from members of AgileBits "1Password Team".

  • I’d be interested to hear what it is that makes you feel using a 3rd party service like Tresorit for syncing your encrypted 1Password data is more secure than using our 1st party service that was designed for the purpose of syncing encrypted 1Password data. In any event... regarding the situation you’re experiencing: my understanding is the eventual goal is to replace folders with tags entirely across the entire product line. But that is also somewhat of a sidenote. If you’re trying to use edit mode on the organize tab that is currently broken in 1Password for iOS regardless of how you are syncing and whether you’re trying to edit folders or tags. Our development team is aware of that and is working on a fix.

    Ben

  • BZZZZZ
    BZZZZZ
    Community Member

    Ben, thanks for letting me know about planned fixes. I'll answer your question about 'why I'm using Tresorit's cloud service instead of AgileBits' cloud below. First, do you know who is providing the cloud service that AgileBits uses to host all of its customers' online 1Password accounts? Is AgileBits using its own cloud server farm or a third-party's cloud server farm? I'm asking because, when Tresorit sends me 2-step verification codes, the text messages that contain the codes come from "AgileBits". I was wondering whether AgileBits might be using Tresorit to store and protect its 1Password customers' valuable password data. Now, to answer your question. When I initially considered using AgileBits' 1Password cloud service, I read what AgileBits had to say about the security of its service. Instead of saying "we are hack-proof", AgileBits recommended that customers create very secure 1Password master passwords, in case AgileBits 1Password cloud might be hacked. That recommendation suggested to me that AgileBits' cloud might not be secure from hackers. Also, I was concerned about potential government intrusions into privacy. The last I heard, Tresorit had offered a substantial financial reward to any hacker who could pierce Tresorit's encryption. The reward was never claimed or collected. Tresorit was designed by Harvard and MIT physicists and computer geeks. They chose to put the Tresorit cloud servers in Switzerland, because Swiss law prevents government intrusion. I already had a Tresorit account. It was a simple matter of storing the 1Password.opvault file in a folder of one of my Tresorit "tresors". (I believe that "tresor" means "treasure" in French.) I did open an online 1Password account and store my 1Password data on AgileBits' cloud servers for a while. I don't remember exactly what I didn't like. Maybe, at age 74, I'm too set in my old ways. I had a very nice conversation with Dave Teare about the new service. We shared about similar health experiences that made 1Password a 'must' to protect our loved ones in case we kick off. THANKS again!

  • Ben, thanks for letting me know about planned fixes.

    You're very welcome. Likewise thanks for taking the time to answer my question.

    I'm asking because, when Tresorit sends me 2-step verification codes, the text messages that contain the codes come from "AgileBits". > I was wondering whether AgileBits might be using Tresorit to store and protect its 1Password customers' valuable password data.

    We do not have any affiliation with Tresorit. This sounds more like a mislabeling in your contacts than anything else. I can't even think of anything off-hand that we send text messages for. All of our verification is handled by email. In fact, off-hand, I don't even see where we collect a phone number from customers.

    First, do you know who is providing the cloud service that AgileBits uses to host all of its customers' online 1Password accounts? Is AgileBits using its own cloud server farm or a third-party's cloud server farm?

    1Password.com is a 1st party solution (created by the 1Password team). We utilize Amazon AWS hardware and data centers. AWS has many geographical regions. Each region consists of multiple independent data centers located closely together. We are currently using three regions:

    • 1Password.com: N. Virginia, USA: us-east-1
    • 1Password.ca: Montreal, Canada: ca-central-1
    • 1Password.eu: Frankfurt, Germany: eu-central-1

    I read what AgileBits had to say about the security of its service. Instead of saying "we are hack-proof", AgileBits recommended that customers create very secure 1Password master passwords, in case AgileBits 1Password cloud might be hacked.

    Claiming something is "hack-proof" is folly. Security is a moving target, and is something that has to be constantly re-evaluated based on evolving threats. Planning for the worst is the appropriate approach. We take the approach that 1Password is designed where even if all of the 1Password data was stolen from 1Password.[com/eu/ca] it would still be encrypted using both your Master Password and your Secret Key:

    About your Secret Key | 1Password

    A strong Master Password is still important, and I don't want to downplay that, but even with a weak Master Password cracking even one bit of one customer's encrypted data would involve a significant amount of time and expense.

    That recommendation suggested to me that AgileBits' cloud might not be secure from hackers.

    Of course we take every precaution to make sure the above doesn't happen, but the point is that even if it were to there are still layers of strong protection from your data being exposed.

    The last I heard, Tresorit had offered a substantial financial reward to any hacker who could pierce Tresorit's encryption. The reward was never claimed or collected.

    We participate in a similar program:

    AgileBits’s bug bounty program | Bugcrowd

    Likewise the $100,000 reward we offer has not been claimed or collected.

    Tresorit was designed by Harvard and MIT physicists and computer geeks. They chose to put the Tresorit cloud servers in Switzerland, because Swiss law prevents government intrusion.

    Tresorit's website says they use "Microsoft Azure data centers located in the EU, in Ireland."

    You can read our position on government intrusion here:

    Password manager - for law enforcement | 1Password

    Canada and the EU also have strong privacy protections and that is part of the reason we offer instances in those locations.

    Maybe, at age 74, I'm too set in my old ways.

    That is an entirely different argument than 1Password being less secure than Tresorit. :)

    Thanks again for taking the time to discuss.

    Ben

    P.S. In most instances where I refer to 1Password.com I'm also referring to the 1Password.ca and 1Password.eu instances as well. Aside from their physical location in the world and the currency they bill in they are essentially the same.

  • BZZZZZ
    BZZZZZ
    Community Member

    Thanks very much for your thorough explanations, Ben. I'll take a look at 1Password.com again. Also, I'll rethink our master password.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @BZZZZZ: Glad that Ben was able to help! And regarding the question of security, I think it's of benefit to consider the separate functions of the Master Password and Secret Key. While both are used to encrypt the data locally on your device, so that only encrypted data is ever transmitted and stored (and those "keys" themselves are never sent to us), they each serve an important purpose:

    The Secret Key has the specific role of providing additional security for server-side data. Since we knew that we'll become a target for attack by storing customer data, even though its encrypted, we wanted to ensure that we can't be used to compromise 1Password users. So the Secret Key is a 128-bit, randomly-generate string that would need to be guessed simultaneously with the user's Master Password -- since we never have either of these -- in order to decrypt data if an attacker was able to steal that from us.

    But the Master Password has the unique property of being chosen and known only by you. If someone has access your your device, you should assume they will be able to get the Secret Key (since only the Master Password needs to be entered locally, when the device has already been authorized on your account). So using a long, strong, unique Master Password is a critical local security measure.

    Anyway, if you have any questions. just let us know. :)

  • BZZZZZ
    BZZZZZ
    Community Member

    MESSAGE TO BEN

    A few days ago I said: "... I'm asking because, when Tresorit sends me 2-step verification codes, the text messages that contain the codes come from "AgileBits". I was wondering whether AgileBits might be using Tresorit to store and protect its 1Password customers' valuable password data."

    You answered: "We do not have any affiliation with Tresorit. This sounds more like a mislabeling in your contacts than anything else. I can't even think of anything off-hand that we send text messages for. All of our verification is handled by email. In fact, off-hand, I don't even see where we collect a phone number from customers."

    I've been wondering why I continue to get 2-step verification codes from Tresorit, with the source identified as "AgileBits". Tonight, I discovered why. The Tresorit 2-step verification messages say: "SMS with ‭8147594411". ‬ My AgileBits contact card identifies that phone number as the mobile phone of "Eva Schweber, Good Witch of the Pacific Northwest @ AgileBits". Does Eva now work for Tresorit, or does she work for both AgileBits and Tresorit?

    1. To the best of my knowledge that isn’t a number that is associated with Eva or AgileBits
    2. Eva is no longer with our company
    3. To the best of my knowledge Eva does not and has never worked for Tresorit

    My best guesses are:

    • You added that number to Eva’s contact card mistakenly (perhaps intending to add it to Tresorit’s and tapping the wrong record) or
    • That is indeed a number that was previously associated with Eva/AgileBits but has been reassigned by whatever service provider owns the number to Tresorit

    I searched our email archives for any mention of that phone number and was unable to find any reference to it anywhere. As such I suspect the former situation is more likely.

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni

    I don't recall us having anyone based in Pennsylvania. :unamused:

  • BZZZZZ
    BZZZZZ
    Community Member

    Ben and Brenty, thanks for your responses about Eva. In case you might be interested, I'll explain my past experience with the 1Password Family Plan and Eva Schweber. I looked at old emails in my 1Password mailbox. In 09/24/2016, I opened individual 1Password.com for myself and my wife.

    On 09/25/16, I purchased a 1PW Family Plan. That day, I emailed "support+kb@agilebits.com": "My Primary vault contains 616 items. When I tried to copy those 616 items to Shared, only 535 items appeared in Shared. I created a “The ....” vault and tried to copy the 616 items in my Primary vault to 'The .....' vault. Only 27 items copied over."

    I exchanged several emails with Steve C. Joyner, "Ninth Inning Closer @ AgileBits". I made a phone call appointment with Steve, which he inexplicably failed to keep. As a consequence, I exchanged emails and then spoke with Jeff Shiner. (I was mistaken in an earlier post. I said that I'd talked with Dave Teare. I have a vague memory of having done so; but now I realize that that contact was MANY years ago, when AgileBits was young.)

    At some point, Jeff offered to give me the Family Plan free of charge, also, Jeff set me up to talk with Eva Schweber, instead of Steve Joyner. That's how I got her mobile number. I believe that I had at least one phone conversation with Eva. She had me work with Rick Fillion, "Sync Whisperer @ AgileBits".

    Ultimately, I decided to cancel our Family Plan. On 10/05/16, I wrote this email to Jeff Shiner and Rick Fillion, with a copy to Dave Teare:

    Jeff and Rick,

    I’m using 1Password beta updates now. I just installed 6.5.BETA-21.

    Rick, thanks for fixing mini and agilekeychain issues in the new beta.

    Right now, I’m syncing my Primary vault with [my wife] via 1Password.opvault, which is in a folder on my MacBook Pro that automatically uploads, encrypted, to our very secure Tresorit cloud in Switzerland. (Here’s info about Tresorit: https://tresorit.com/solo. I learned about Tresorit from hacker websites and joined Tresorit when it was a brand new service. [My wife] and I each have 11GB of free storage space there.)

    In case it might be helpful to you, I’ll give the four reasons why I closed our 1Password accounts and discontinued use of Families.

    First, I didn’t like having multiple vaults. Because I only share with [my wife] and share all with [my wife], we had no need for anything other than our Primary vault. (After closing our 1Password accounts, I realized that I could probably work around the unnecessary-three-vaults issue by: (1) moving all files from Primary to Shared; (2) removing Primary and Personal, if allowed, or selecting to see only Shared, if not allowed; (3) setting “Shared” as the “Vault for Saving”; and (4) using only the Shared vault.

    Second, I use Folders to manage our many 1Password username/password combinations (“items”). I was afraid to move our 615+ items from Primary to Shared, for fear of losing items if something went wrong. Therefore, I copied. Our Folders did not migrate to Shared when I copied from Primary to Shared. I definitely didn’t want Families if it was going to take away our Folders. (I don’t know if Folders would have migrated to Shared if I moved rather than copied.)

    Third, especially without my folders, I didn’t like the mess of Documents (formerly attachments) that I had to scroll through seeking out items I wanted to use.

    Fourth, why pay $4.99 per month for Families, when syncing Primary via 1Password.opvault in Tresorit works fine for us?

    Thanks to both of you, Eva, and the rest of the AgileBits team. I very much appreciate your collective efforts to improve 1Password constantly. And thanks again, Jeff, for your call.

    [Me}

    P.S. Rick, after seeing that you improved the agilekeychain in the latest beta, I’m wondering whether I should still be syncing via 1Password.opvault. I checked Preferences > Sync and saw no reference to the old 1Password.agilekeychain file. Is it okay to keep using 1Password.opvault for syncing?

    I'm sending the full text of my 10/05/16 email to you partly to hear from you whether the 1PW Family Plan still requires a separate Shared vault. Another important question: does the Family Plan use tags in a way that allows tagged files to be seen in folder-like collections.

    THANKS,

    P.S. We have a new, long, random passphrase as our Master Password. Thanks for that!

  • AGAlumB
    AGAlumB
    1Password Alumni

    I exchanged several emails with Steve C. Joyner, "Ninth Inning Closer @ AgileBits". I made a phone call appointment with Steve, which he inexplicably failed to keep.

    @BZZZZZ: I apologize for the difficulty and confusion, but it seems you're half-remembering (which is understandable since these are all things which were sorted out years ago!) You actually canceled that call yourself ("I can’t participate in a call tomorrow."), and Eva, Rick, and Jeff helped you after that as well. There is, however, no reference in that conversation to a phone number in the 814 area code.

    ref: YUW-12568-199

    I'm sending the full text of my 10/05/16 email to you partly to hear from you whether the 1PW Family Plan still requires a separate Shared vault.

    The Shared vault can be deleted. However, if I'm understanding your specific use case correctly from reviewing your comments here and historical correspondence, it sounds like you may actually prefer to share an individual 1Password.com membership. That would allow you to both have the same account, same data, and same Master Password. If you're okay with that, you're welcome to use it that way. I will just say that it does mean giving up a few things that may or may not matter to you:

    • Recovery: Organizers in a 1Password Families plan can help other family members recover their accounts if they get locked out.
    • Private accounts for each family member: each would have their own account with a Master Password of their choosing, their own Private vault which no one else can access, and then access to other vaults which have been shared with them.
    • Sharing: being able to create additional vaults to share with some, all, or none of your family members can be very useful.

    Again, it sounds like maybe you'd prefer an individual membership anyway, but I did want to mention those differences just to be sure.

    Another important question: does the Family Plan use tags in a way that allows tagged files to be seen in folder-like collections.

    Yep! 1Password 7 displays tags in the sidebar and also supports nested tags.

    P.S. We have a new, long, random passphrase as our Master Password. Thanks for that!

    Great! As long as it is memorable to both of you, that sounds perfect! :) :+1:

  • BZZZZZ
    BZZZZZ
    Community Member

    I just finished several weeks of setting up my new fast-chip, 16GB-ram, 2TB SSD MacBook Pro from scratch. It took a while to get Tresorit and 1Password to sync properly between our two computers via a Tresorit folder and our iPhones to sync with our individual computers via WLANs. All finished today, finally! If I have even the slightest problem with syncing going forward, I'll open an individual 1Password.com membership and use a single 1Password account. That sounds perfect.

    THANK YOU Brenty and Ben for being so responsive and thorough. I VERY MUCH APPRECIATE YOU TWO!

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited November 2018

    @BZZZZZ: You're welcome! Sounds good. Thanks for the update! Enjoy 1Password. We're here if you need us. :chuffed:

This discussion has been closed.