When is the local sync for OPVault coming?

girtsn
girtsn
Community Member

Looks like it is already beta 6.4 still no sign of local sync for OPVault, any news on when it is coming? Kind of silly to implement great new OPVault and then not really support it on some platforms. And common, if you can implement it on dropbox its easy to sync it from local storage.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @girtsn. Thank you for sharing your interest in seeing OPVault support for local storage sync. At this time, we don’t have any immediate plans to support OPVault for the local storage sync method as the team is focused on a few different areas of the app. However, we are internally tracking this request and we plan to re-review it in the future.

    In the meantime, you can use AgileKeychain or Wi-Fi sync to keep your most up-to-date data. I would love to help you get that setup if you haven’t already. Let me know! Thanks.

  • MartinWeiss
    MartinWeiss
    Community Member

    Please excuse my languge, but this is bulls##t! This feature was promised for about 8 month!! I bought the OSX and Windows version and I cannot use the keystore on Android unless I use Dropbox.

    I will NOT use 1Password any longer and move to something else that respects paying users. I have waited quite a long time now and have seen a lot of others useless Features getting implemented.

    Thanks for nothing and wasting my money and time!

    Oh and I will also tell collegues and everyone else who wants to hear about this kind of "customer service".

  • Hi @MartinWeiss. I'm sorry to hear that you're frustrated over the lack of OPVault support with local storage syncing. This is something we hope to support in the future.

    In the meantime, if you want to sync with local storage, you're welcome to use an .agilekeychain vault, which is supported with local storage syncing on Android. If you need help switching over to Agile Keychain, just let us know and we'll be happy to help walk you through it. Thanks!

  • girtsn
    girtsn
    Community Member

    Hello.

    This feature was indeed promised when switching to opvault like year ago.
    And honestly, the support for reading opvault from other sync sources already exists, you just have to read them from a local mount...
    How difficult can that be?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited December 2016

    @girtsn: The problem is that no local support for this exists: Dropbox and WLAN Server both use completely different frameworks. It's definitely not as simple as adding a setting for it. We've been working on lot of things both user-facing and behind the scenes in the app itself. It just isn't something that we can offer a specific time frame for, as it isn't a single change but rather many in concert that are necessary for full OPVault support.

  • girtsn
    girtsn
    Community Member

    you must be aware there are people who don't want to throw the password files online e.g. dropbox no matter how encrypted they are, but rather rsync or so. i will not switch back to the agile keychain, will keep on waiting for the promised local sync opvault implemented. doesn't mean that this makes me the most satisfied customer though...

  • AGAlumB
    AGAlumB
    1Password Alumni

    @girtsn: Certainly some folks prefer a local sync option or need to use it due to restrictive networks, companies, and/or authoritarian regimes. But encryption is just math; it doesn't lie, and isn't a matter for debate, only research. Encryption works on your local network (which you'd be using for WLAN Server or rsync to transfer data) and over the internet, otherwise buying anything over the internet (including 1Password) would be unsafe. While we want to fill this gap in 1Password for Android's OPVault support, if your 1Password data were insecure via any sync method, we'd remove that entirely. Fortunately encryption doesn't discriminate, and we'll keep working to improve 1Password to make it better for all of us. Thanks for your patience!

  • girtsn
    girtsn
    Community Member

    It has been more than a year since OPVault was introduced, could we please get local storage sync working with it?
    As you can see I have been quite patient, 9 months to bump the request again.

  • Hi @girtsn. Our team is prioritizing 1Password memberships, which is the newest and most secure way to sync, which is why we haven't made any changes to standalone sync solutions. We may revisit supporting the OPVault format for local storage syncing in the future. Thanks for the bump!

  • girtsn
    girtsn
    Community Member

    It is just amazing. I did quit Roboform for 1password exactly for the same reason, at one point they started to push for having to put my vault on their server. Is this related to some government request we are not aware of that eventually materializes in having to store my encrypted data accessible to them by request?
    I am sure there are plenty of users like me who would never willingly upload their secure vaults to cloud storage no matter of the encryption used.
    Please don't disregard the support of local storage, or just like for Roboform me and likeminded folks will abandon the product for some new kid on the block. We would like to receive support for the latest features like opvault as well...

  • AGAlumB
    AGAlumB
    1Password Alumni

    Is this related to some government request we are not aware of that eventually materializes in having to store my encrypted data accessible to them by request?

    @girtsn: Nope. We don't have anything of use to them, so this is what they get:

    Information for Law Enforcement

    I am sure there are plenty of users like me who would never willingly upload their secure vaults to cloud storage no matter of the encryption used.

    If you've decided that encryption does not work, then online shopping and, well...pretty much anything else you'd do with technology will be a problem for you too. The reality is that your 1Password data is end-to-end encrypted, so 1Password simply doesn't depend on the sync service to protect your data. 1Password is secure by design, not by chance.

    Also, 1Password is designed to protect your data even if someone steals your vault from you (which, frankly, is more likely since they will need to get your Master Password from you to decrypt it anyway). 1Password does not rely on "security through obscurity", hoping that an attacker won't be able to steal one of your devices if they want to.

    And because 1Password is built on math and not hope, even if someone obtains the database from 1Password.com, they don't have what they need to decrypt it, since, in addition to the Master Password, the data is is encrypted with the 128-bit, randomly-generated Secret Key. I doubt you or anyone else is using a Master Password that strong.

    Please don't disregard the support of local storage, or just like for Roboform me and likeminded folks will abandon the product for some new kid on the block. We would like to receive support for the latest features like opvault as well...

    We've already announced that 1Password for Mac and Windows version 7 will continue to support local vaults, so the tales of this feature's demise have been greatly exaggerated — by people other than AgileBits. ;)

  • girtsn
    girtsn
    Community Member

    Thanks for the very clear pointer for the government issue.
    I have not decided that encryption does not work, quite the opposite otherwise would not be using your product.
    But I have decided that no cloud solution will see my vault if I have anything to say about it.
    As you have said, the customer owns the secret data, so let the customer also fully utilize your opvault format which is so much more convenient to synchronize from local storage...

  • AGAlumB
    AGAlumB
    1Password Alumni

    @girtsn: Ah, I'm sorry for misinterpreting what you said. Keep in mind that regardless of which data format you use — AgileKeychain, OPVault, or 1Password.com — your data is encrypted locally on your device. You won't have the benefit of the additional protection of the Secret Key with AgileKeychain, but then again you wouldn't with OPVault either. We don't currently have plans to go back and add support for what is now a legacy data format, but it's something we'll continue to consider for the future.

  • girtsn
    girtsn
    Community Member

    Whoa, here I was thinking that agile keychain was legacy and opvault the new format.
    So, in effect 1password v4 for Windows and both formats are legacy just waiting to be deprecated?

    If so time to look for another password manager again :( too bad since I like it a lot and since it was essentially same thing that moved me from RoboForm to 1password. If it is about $, I would be ok to pay a recurring fee to keep my desktop version up-to-date without the online features. But of course then I would expect that my currently local storage format does not become legacy.

    We don't currently have plans to go back and add support for what is now a legacy data format, but it's something we'll continue to consider for the future.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Whoa, here I was thinking that agile keychain was legacy and opvault the new format.

    So, in effect 1password v4 for Windows and both formats are legacy just waiting to be deprecated?

    @girtsn: OPVault was new almost exactly 5 years ago. OPVault is neither broken nor deprecated, but our focus is on our current products, both 1Password.com and the latest version of the 1Password apps on each platform. 1Password for Windows version 4 has not been under active development since the beginning of this year, as we've focused our development resources on 1Password 6 and its successor, 1Password 7, which we've already announced will support local vaults.

    If so time to look for another password manager again :( too bad since I like it a lot and since it was essentially same thing that moved me from RoboForm to 1password. If it is about $, I would be ok to pay a recurring fee to keep my desktop version up-to-date without the online features. But of course then I would expect that my currently local storage format does not become legacy.

    It's your call, but I don't follow that logic. As I mentioned above,

    We've already announced that 1Password for Mac and Windows version 7 will continue to support local vaults

    So you'll be able to use local vaults in the future as well. I can't give details on the implementation at this time, so it's possible we will be using a different format. OPVault support is not a feature that 1Password for Android shipped with. It's something we've added there later on for some configurations, which you can use without having to pay for a new version. But OPVault local folder sync is not a feature 1Password for Android has or that we advertise, and therefore not one that any customers have paid for. If we continue using OPVault though, obviously it will have to be supported in all of the apps.

  • girtsn
    girtsn
    Community Member

    Opvault was existing from December 2012 but Windows users only found out in end of 2015 when it was made the default vault format, probably even later for Mac and iOS as in the post below. I did not know anything about opvault format until this post being a user of Windows 1password since end of 2011.
    https://blog.agilebits.com/2015/10/19/when-a-leak-isnt-a-leak/
    The very same post introducing opvault to Windows users and suggesting to switch to it made a promise:

    We’ve already started making changes to use OPVault as the default format. In fact, the latest beta of 1Password for Windows does this already. Similar changes are coming to Mac and iOS soon, and we’re planning on using the new format in Android in the future.

    Well, guess you can say "in the future is vague enough" and "it is supported but not in all sync methods" - but it is still the reason this thread exists and Windows users migrated to opvault back then.
    So your "legacy format" is a format that is ~2 years old for quite some of your customers.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @girtsn: 1Password for Android does use OPVault, just not for the specific use case being requested here. I understand your point, but 2 years is also an eternity for technology. 2 years ago Windows Phone was still a thing, and I was running completely different OSes on most of my devices. Most notably, perhaps, is that Windows 10 was still new. But more relevant to this discussion, ostensibly about 1Password for Android, is that there was no official way for 1Password and other apps to do filling on the platform. There is today (Automatic Filling is supported on Android 8, and OpenYOLO will work all the way back to 4.1), and we only support it today because we've said no to other things and put development resources into making that happen, both internally and in cooperation with Google. I'm sorry that this one particular feature that you care about is not something that 1Password for Android can offer you right now, but I hope you'll at least understand that we need to put our efforts into things that will make the most difference for the greatest number of 1Password users, and this just isn't something most folks care about. :(

  • kermit4karate
    kermit4karate
    Community Member

    This thread is a bit old now, but I have the same concerns as the OP. I absolutely love 1Password, but I absolutely, under no circumstances, want any aspect of my password vault, even if it's deliberately kept incomplete so as to render it 'impossible' for a bad actor to gain access to my data, saved in the cloud. I only want the ability to locally sync with my own devices on my home network.

    Will I be able to continue doing this with 1Password going forward? A year from now? Two years from now? I too would be fine paying an ongoing subscription fee so long as I can continue to use 1Password locally with no connection to the cloud.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @kermit4karate: Yep. Not sure I can promise you anything further out than that, as 1Password 7 does not exist yet except on iOS, but we've already announced that the next versions on macOS and Windows will support local vaults. You can read between the lines there. ;)

    A lot of people seem to make this a "subscription" issue, but the reality is that most folks just want to have their data everywhere and could care less how that happens — much less have a desire to fiddle with network settings and sync stuff manually — so, as a result, that's where our focus has been. 1Password.com is a more secure option than local vaults/sync (though not because of KRACK: 1Password data is end-to-end encrypted anyway, so it doesn't depend on the sync service — or WPA2 — to protect your data) thanks to the Secret Key, which is going to be much stronger than any Master Password. And anyway, all of that (and more) is only possible with a hosted service, and charging a one-time fee for that would mean it wouldn't last long. But we're happy to offer other options for those who enjoy their fiddling. Cheers! :)

  • kermit4karate
    kermit4karate
    Community Member

    @brenty Understood, but I do think it's important that you know that I and most of my peers in IT chose 1Password specifically for local sync. Much of the good press 1Password has received over the past few years, while its competitors were experiencing highly publicized breaches and exposed vulnerabilities, was specifically due to local sync.

    For the record, NONE of your competitors, at least publicly, ever said that cloud-based was less secure than utilizing a purely local option. No one EVER says that. Every company in the cloud feels that their approach is bulletproof, and yet the record on that speaks volumes. Bad actors typically don't walk in through the front door. I prefer the devil I know, in my own local environment, than someone else's devil in the cloud, and I know I am far, far, far from alone in that. The bad press from a major cloud exploit would damage 1Password's business more than the cost to continue supporting local sync. I know it's all about business and market share and catering to the average Joe who just wants easy access to his vault from anywhere, but please just keep it in mind.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited November 2017

    Understood, but I do think it's important that you know that I and most of my peers in IT chose 1Password specifically for local sync. Much of the good press 1Password has received over the past few years, while its competitors were experiencing highly publicized breaches and exposed vulnerabilities, was specifically due to local sync.

    @kermit4karate: Totally. I think in the security industry, no news is often good news. And it's always good to have choices, whether that be different products in this space, so that the competition pushes us to do better, or with regard to things like sync options.

    For the record, NONE of your competitors, at least publicly, ever said that cloud-based was less secure than utilizing a purely local option. No one EVER says that. Every company in the cloud feels that their approach is bulletproof, and yet the record on that speaks volumes. Bad actors typically don't walk in through the front door. I prefer the devil I know, in my own local environment, than someone else's devil in the cloud, and I know I am far, far, far from alone in that. The bad press from a major cloud exploit would damage 1Password's business more than the cost to continue supporting local sync. I know it's all about business and market share and catering to the average Joe who just wants easy access to his vault from anywhere, but please just keep it in mind.

    I hear you. This is the stuff we worry about too. That's why, in addition to our own efforts, we participate in external audits and cooperate with independent security researchers to find any flaws so we can fix them. Certainly some companies have put convenience above security, and they and their users have suffered the consequences of that when someone was able to break in and steal the "keys" to the data along with the encrypted database. Not having the "keys" to anyone's data (well, except for our own!) is critical for us. Otherwise we wouldn't use 1Password ourselves.

This discussion has been closed.