Wifi Sync between multiple Macs & multiple iOS devices

braindump
braindump
Community Member

I've always been able to keep 1Password on my iMac, Macbook, and iPhone in sync using Wifi Sync. With the recent releases, I now see this limitation has been introduced:

https://guides.agilebits.com/1password-ios/5/en/topic/sync-over-wifi
"Wi-Fi sync is only available between a single Mac or PC and one or more iOS devices."

This is a terrible idea, why was such a usability-limiting requirement introduced?

What workflow do you now recommend to keep two desktop instances and one or more iOS instances in sync, without requiring my (albeit encrypted) credentials to be stored on a cloud service?

Thanks for any useful information you can provide.

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @braindump

    I assume until now you've been making use of the workaround of disabling Wi-Fi syncing and re-enabling it when you use your iPhone as a bridge between the Macs?

    It still works, we haven't undone that. The text is just accurately describing the fact that you can't establish Wi-Fi Sync on two Macs in parallel.

    As long as you only syncing a Primary vault in this manner you won't notice any difference at all. If you want to sync a secondary vault using this method you may need to jump through a couple of hoops first. Depending on how you created the vaults on each machine.

    Other than that, your other option is the use of Folder Sync and something like rsync or ChronoSync to keep .agilekeychains in sync between your Macs and leave your iOS devices syncing over Wi-Fi with a single machine.

    If you have any follow up questions please do ask :smile:

  • braindump
    braindump
    Community Member

    @littlebobbytables thanks for the reply.

    Previously, I would sync with one Mac by opening 1P's Wi-Fi Sync window, and selecting that computer under Settings > Sync > Wi-Fi Sync on my iPhone, then start the sync. I'd then close that 1P's Wi-Fi Sync window (and quit 1P), open the other Mac's 1P Wi-Fi Sync window, select that computer on my iPhone (refresh list, if needed), then sync. Worked fine.

    In the current version of 1P, I don't see an interface in Sync Settings to select the computer to which it should sync, and the app won't recognize the second computer when its Wi-Fi Sync window is open.

    What are the steps to do this?

    I'll look into the Folder Sync method, thanks for the tip.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @braindump,

    What version were you previously using? The interface in 1Password for iOS 4/5 hasn't changed much in the last couple of updates, even with the introduction of Wi-Fi Sync for secondary vaults. My findings were I could list both machines at the same time on the screen where you select.

    So say you've selected Wi-Fi Sync on your iPhone, if you keep 1Password open on both Macs you don't see two entries?

  • braindump
    braindump
    Community Member

    Hi @littlebobbytables

    I'm currently using iOS v5.2 & Mac 4.4.3. My previous iOS version was likely the release just prior... I typically keep my apps up-to-date.

    My iOS version of 1P never shows either computer, regardless of whether or not their Wi-Fi Sync windows are open. Under settings, I have an option for Sync. The Sync settings page displays as is shown in the attached image, below. I never get the options to select the computer.

    Also undesirable, sync starts automatically instead of requiring me to press Sync Now.

    Not sure what's going on, the app gives me no interface to select which computer to sync from, and won't recognize the other computer.

    What do you advise?

  • Megan
    Megan
    1Password Alumni

    Hi @braindump,

    Thanks for confirming your version numbers for us! That gives us a better idea of where things might be getting tangled. I have a few follow-up questions:

    • Do you have any firewalls or proxy servers that might be blocking communication between the Mac and iOS devices? We have a user guide article that can help you with configuring a proxy server or firewall to ensure that 1Password can operate.
    • Does your computer have a longer name? The service we use to make Wi-Fi sync happen (Bonjour) limits the name to 63 characters - if the computer name is longer, it will not show on iOS. This is a bug that we've managed to fix in version 5, but for version 4, you'll need to ensure that you're using a shorter name for your computer.

    I hope this helps!

    ref: OPM-2507

  • braindump
    braindump
    Community Member

    Hi @Megan,

    No, there are no firewalls or proxy servers on the internal network that would interfere with communications.

    No, both computer's names are 10 characters or less.

    Should the Sync Preferences screen look different from what I posted?

  • MikeT
    edited February 2015

    Hi @braindump,

    You have to tap on Sync Service ... Wi-Fi and select Change Sync to change it to the different Mac to sync with. It looks like this:

    Does this work for you?

  • braindump
    braindump
    Community Member

    Thanks @MikeT,

    That worked, kind of.

    First, I find it unintuitive to have to select "Change Wi-Fi" when I really want to change the desktop source to which I am syncing. IMO, Change Wi-Fi implies using a different Wi-Fi network, which I'm not changing.

    I found that my 1P iOS still won't recognize a different computer after it has synced with the first, even when Refresh List is repeatedly chosen. As a matter of fact, it still only listed the first after that computer had been shut down. The only way I am able to choose a different computer is to Disable Sync on my iPhone altogether then reboot all my devices (iPhone & both computers), then re-enable Wi-Fi Sync. I've tried this several times, but 1P iOS won't pick up a different computer's instance once the first is chosen.

    I can use this workaround, but suggest some more attention to this feature to make it work smoother.

    Is there another thread to which I can contribute feature suggestions for Wi-Fi sync, or should I start a new one?

    Thanks again.

  • MikeT
    edited February 2015

    Hi @braindump,

    We'll keep your feedback in mind to improve the wording. We do want to improve the Wi-Fi sync to support computer syncing as well, like Mac to Mac, so if that happens, the overall experience will have to change.

    As a matter of fact, it still only listed the first after that computer had been shut down. The only way I am able to choose a different computer is to Disable Sync on my iPhone altogether then reboot all my devices (iPhone & both computers), then re-enable Wi-Fi Sync. I've tried this several times, but 1P iOS won't pick up a different computer's instance once the first is chosen.

    Do you use any international or special characters in the computer's names? Can you share the computer names with us?

    Do you have only Mavericks on your Macs, no Yosemite Mac in the network?

  • braindump
    braindump
    Community Member

    Hi @MikeT,

    Do you use any international or special characters in the computer's names?

    No. Just simple alphabetic characters.

    Can you share the computer names with us?

    I'll send as a private message, I prefer that information not be made public.

    Do you have only Mavericks on your Macs, no Yosemite Mac in the network?

    Correct, 10.9.5 on all computers on the network (though upgrades to Yosemite will begin with 10.10.3).

  • Hi @braindump,

    I'll send as a private message, I prefer that information not be made public.

    You did the right thing, I should've mentioned to send it via PM. The computer names looks proper, so that's not the issue.

    Correct, 10.9.5 on all computers on the network (though upgrades to Yosemite will begin with 10.10.3).

    I think I know why and the issue may be that we only fixed this limitation in the 1Password 5 version, not the 4th version. It had to do with how 1Password advertised itself via Bonjour on the Wi-Fi network.

    If you have multiple Macs with 1Password running at the same time, the first one that advertised will always override the rest of the Macs because the other 1Password apps doesn't have any unique names, they looked exactly the same as the first one. That's why you never see the other Macs show up.

    So, if you're currently seeing Mac A only and not Mac B or C, logging out of Mac A and C (or shutting them down) should then make Mac B show up as long as you restart 1Password on Mac B to re-advertise itself.

    In the latest 1Password 5 version, we set a unique 1Password name for each Mac, so that they all show up properly.

  • braindump
    braindump
    Community Member

    Thanks, @MikeT,

    Am I correct in assuming 1P 5 is only available for OS X 10.10?

  • MikeT
    edited February 2015

    Hi @braindump,

    Yes and it is a free update to all 1Password 4 customers through the respective stores.

  • braindump
    braindump
    Community Member

    @MikeT,

    All makes sense now. Thanks again for your help.

  • You're welcome!

  • resourcesforlife
    resourcesforlife
    Community Member

    We're running the 1Password Mac App Store version 5.3 (530029) on two iMac computers running Yosemite (10.10.3). We also have two iPhone 6 Plus devices with 1Password version 5.4.1.

    On iPhone #1, everything works fine. We are consistently able to sync fine with iMac #1.

    On iPhone #2, we're having a similar problem as described by user "braindump" above when trying to sync with iMac #1.

    On the working iPhone (iPhone #1), we go to Settings > Sync > Start Syncing > Sync using Wi-Fi > see the message "one moment please" > then see the available computers displayed. Choose iMac #1 > Click on Sync Now > See sync started > See Receiving number/number > See Sync finished.

    On the iPhone that doesn't work well (iPhone #2), we go to Settings > Choose Sync > The Sync screen looks different than iPhone #1. It has Primary Vault Sync Service Wi-Fi listed and Sync Now link under that. Below, there's a message showing Last Sync 3 minutes ago and the number of items in the database. The phone seems to be set for automatic synchronization. I can't find anyplace to change it to manual synchronization. On the Sync screen, if I click on Sync Service > I'm taken to a screen showing Current Sync Method and Wi-Fi is selected. I can go to Change Wi-Fi, choose Disable Sync, and then choose a computer from those listed. I pick iMac #1 and that works. The visuals for this are the same as what Mike T provided above. But this is all much less intuitive than the experience on iPhone #1. Also, on iPhone #1, we see a helpful progress indicator telling how many records are being synced. On iPhone #2, it just says "Syncing" but doesn't indicate progress.

    Here's the other problem we're noticing. In the past, we were able to easily sync with either iMac with either iPhone. For some reason, when we try to sync with iMac #2, it overwrites the password database on either iPhone with older entries, so we lose all recent entries. On iPhone #1, we see an indication that it's receiving the entire database of passwords. On iPhone #2, it just says syncing, and only by manually searching through can we discover that newer entries have been replaced with older ones.

    Fortunately, this can be fixed by synchronizing with iMac #1 where the latest records are updated to the iPhones.

    As user "braindump" explained above, something that had been easy and intuitive is now confusing, and doesn't work properly.

    We're hesitant to adopt the new "fad" that's become popular among many password management apps whereby an entire collection of logins is dropped into the cloud somewhere. An encrypted file is only a strong as the password protecting it. While encryption methods are strong, passwords that people use multiple times a day are generally not strong. So, if someone gets ahold of an encrypted password file, it shouldn't take too long to guess the password. That's why file encryption creates a false sense of security. Mobile device apps that utilize encrypted files often have a self-destruct feature, but there's no protection if those encrypted files are brute force decrypted on a separate system. I presume I'm interpreting this correctly.

    Any suggestions or advice would be much appreciated.

    Thanks,
    Greg

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @resourcesforlife,

    Wi-Fi Sync is designed to be automatic so from our perspective iPhone #2 seems to be working correctly while iPhone #1 doesn't if you're being forced to manually initiate Wi-Fi Sync. We don't actually have a manual sync any more. Even back in 1Password 4, if my memory serves me correctly the iOS side of the sync was automatic as long as the Mac Wi-Fi screen was open. Now my memory can be terrible so I may be wrong.

    This is the screen you should see if syncing isn't enabled.

    and this is the screen you should see if syncing is enabled.

    Regarding your non-cloud sync configuration. If the goal is both Macs and both iOS devices are all meant to stay in sync what we recommend is you set up Wi-Fi Sync from one Mac and sync both iOS devices to it. We then suggest using a pen drive with Folder Sync to keep the two Macs synchronised.

    While it is possible to use an iOS device as a bridge between two Macs it was never designed with that in mind and there can be conflict issues as a result. We've not really changed this since Wi-Fi Sync and Folder Sync were introduced. Likewise, while you can use Folder Sync with a network share the functionality was originally designed with removable flash drives in mind because available system calls mean we can reliably work with them. You can use an iOS device as a bridge or use a network share but there is the possibility of sync issues.

    You're quite right though, the strength of your Master Password is key. We've done all we can to keep your vault as safe as possible by limiting the ability to brute force a password but if your password is weak and/or susceptible to a dictionary attack that security is for naught. Personally my MP is in the 30 character ballpark because what it protects needs to be secure. The purpose of all encryption in my mind is it assumes unauthorised access and that's the premise we work from. We assume access to the vault and we assume they won't use 1Password to try and open it. That's why the encryption itself has to be computationally hard to limit how fast somebody can try and guess. Again, in my mind it's why self-destruct isn't part of the program because that can easily be circumnavigated by downloading the data.

    You may very well have some follow up questions or points after reading my reply and we will do our best to respond in kind if you do :smile:

This discussion has been closed.