Why 1Password isn't working for me

edited March 2016 in iOS

I can no longer recommend 1password for a password locking system. When I lost my Iphone I could not access my 1password mobile from my friends phone to access findmyiphone online. I had to go home and use my desktop. Such time wasted has prove to me that 1password is not worthy of managing my passwords. Instead of being convenient at holding passwords for me, it held my passwords hostage so I couldnt access findmyiphone until it was too late and the thiefs shutdown my phone forever. I tried to get my passwords from both his phone and an ancient legacy windows 1997 desktop at a nearby hotel. Neither attempts succeeded, I couldnt access my password due to interface issues. It was only when I went home and used my mac that I could access my passwords. 0/10 I never thought such a service would betray me. I'd have been better off memorizing my passwords so I could have sooner used findmyiphone.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    @Mr.Anderson: It's a pleasure to hear from you, Mister Anderson. I only wish it were under better circumstances. I'm really sorry to hear about how you lost your phone, and the ensuing frustration (and perhaps panic?) Indeed, I've been in similar situations myself, and the stress of dealing with the fallout is almost palpable. Unfortunately — for you, me, and probably most people — we don't anticipate these events, and so we don't put a contingency plan in place until we've already gone through it once. While this will help us going forward, it does nothing to mitigate what's already transpired. It absolutely sucks. :(

    I can no longer recommend 1password for a password locking system.

    I'm really sorry to hear that, but I think it's important to note that 1Password hasn't failed to secure your data; rather, its security is a barrier. But it's important to note that this applies to both sides of this crisis: your 1Password data is stored only where you choose, and the Master Password needed to decrypt it is only known to you. This means that:

    1. You cannot access your sensitive information without the vault itself and the Master Password used to secure it...
    2. ..but neither can anyone else (for example, whomever ends up with your device in this sort of situation)

    Obviously when taking #2 for granted in a crisis like this, #1 seems less of a blessing and more of a curse, but you can't have one without the other.

    When I lost my Iphone I could not access my 1password mobile from my friends phone to access findmyiphone online. I had to go home and use my desktop. Such time wasted has prove to me that 1password is not worthy of managing my passwords. Instead of being convenient at holding passwords for me, it held my passwords hostage so I couldnt access findmyiphone until it was too late and the thiefs shutdown my phone forever.

    This is horrifying. Believe me, I know. But as I mentioned above, the chief concern in this case is the loss of the device itself. 1Password gives you the luxury of being pissed off that you couldn't access your data without it, since you know that the data itself is secure.

    I don't know about you, but I keep things in 1Password that I cannot put a price on; so while I'm upset when I have to replace a device, that's my biggest concern. I'd be a lot more freaked out if I wasn't confident that all my private financial and personal data is secure. 1Password allows us both to worry about figuring out what to do about the lost phone, instead of the lost information (and perhaps identity).

    Losing data is a nightmare, and one I have personally experienced. But let me be clear: I would still much rather have my data lost forever then have it fall into someone else's hands. Just thinking about that possibility makes me sick.

    I tried to get my passwords from both his phone and an ancient legacy windows 1997 desktop at a nearby hotel. Neither attempts succeeded, I couldnt access my password due to interface issues. It was only when I went home and used my mac that I could access my passwords. 0/10 I never thought such a service would betray me. I'd have been better off memorizing my passwords so I could have sooner used findmyiphone.

    You make an excellent point: while a crazy random gibberish password is best in most cases, for things you may need to access before you can even get to 1Password (like iCloud, Dropbox...or your device passcode), using a randomly generated word-based password will allow you to memorize it — for crises, but also for simply unlocking a device or syncing your data for the first time. Anything you need to get to 1Password in the first place will need to be at your disposal, whether it's hardware, software, or information ("Where did I put that, anyway?")

    For example, I can access my AgileKeychain vaults in Dropbox using 1PasswordAnywhere using a modern browser on almost any computer (but of course it's important not to do this on an untrusted machine that could simply monitor my keystrokes). However, I'll need to be able to login to the Dropbox website in the first place to do that.

    And it may seem silly to say this, but if you were to lose all of the devices where your 1Password data is stored (theft, disaster, etc., including backups), it's gone. 1Password isn't a service, and we don't have your data to give to you if you lose it. In a crisis, this is a pain in the ass. But the rest (99.99...%) of the time it's appreciated (though perhaps without much thought).

    Now, we're always looking at ways to make 1Password more convenient, without sacrificing security. While 1PasswordAnywhere's days are probably numbered, 1Password for Teams is currently in beta. Keep a copy of your Emergency Kit in your wallet (as well as in other safe places), a "copy" of your Master Password in your brain, and you can access your data in the browser as well, using only those.

    But no matter what, our sensitive data is only ever stored where we put it — whether that be 1Password for Teams, Dropbox, or a single device. And if we don't put it somewhere we'll be able to get to it, we're out of luck.

    1Password is designed this way intentionally. It may be that it doesn't make any difference to you (or perhaps it simply doesn't under the circumstances), but many of us relish the fact that we know exactly where our data is, rather than having it available literally everywhere. The flip side is that this also means that we need to plan accordingly. I'm not sure that anyone would be comfortable putting our sensitive data on a publicly accessible website, which is what would be required to access it from anywhere without a password.

    So I think it's important to be clear about exactly what sucks. And in this case, 1Password did exactly what it was meant to do: protect your data. Someone stole your phone; now that sucks. But had this terrible act not occurred, I'm not sure we'd be having this discussion. And after all, isn't that what all of us hope for? Anything but this kind of "excitement". :angry:

This discussion has been closed.