Feature request - Syncing individual items to keychain

cjcampbell
cjcampbell
Community Member

Having spent a bit of time with High Sierra and iOS 11, I've noticed an opportunity to smooth out the relationship between keychain and 1Password. While I know that keychain sync has come up before in the context of import and has been dismissed due to friction in the UX (having to approve access for every item), I'd love to see an option to sync individual items to keychain so that I can more easily take advantage of Apple's new password entry features for items that I'm willing to entrust to keychain. While I could perform the manual task of copying these items to the OS keychain, I'd much rather manage everything through 1Password and have the sync happen behind the scenes.

Depending on how completely this feature is fleshed out, I see some other benefits as well. The most significant in my mind is 1Password is positioned to provide a better keychain sync (relative to iCloud Keychain). When I bring up the vault on a new device, the items that are designated for sync would be added from 1Password to the local macOS or iOS keychain. Even better if 1Password can also detect new items in keychain, e.g., wireless networks, and give me the opportunity to bring that into my Vault (the one-time prompt for permission is not a major burden when working with individual items).

Any chance AgileBits has given this some thought already? Having worked a bit with the new CLI and native keychain interfaces, I feel pretty confident that there aren't any major technical or cryptographic obstacles. Likewise, I think there's an opportunity to provide an even smoother end-user experience and spin 1Password as a "better" front-end to Keychain Access.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    HI @cjcampbell -- thanks for writing in with such a well-thought out suggestion, and I'm sorry for the delay in my response. I wanted to gather some thoughts internally from a few different people on this before I replied to you.

    Long story short? I don't think we're going to be getting to this any time soon. As you might expect, there's a lot that goes into our decision to act on a feature request, including available developer cycles, how many people the issue affects or would benefit, other items on our plates at the time and a whole host of additional factors. You're not wrong about potential benefits in terms of integration with the underlying OS, but we don't just develop 1Password for Mac. Increasingly, as time passes, our customer base expects to find feature parity between what's available on the Mac side and what's available on the other platforms for which we develop a 1Password application. And they're not wrong to do so -- we also want 1Password to behave on one platform as much as possible the same way as it does on others. Sometimes that's not possible due to differences in the underlying OS itself, but in general, if we develop a feature on one platform, we try to make it available elsewhere as well. This would mean not just taking this on with respect to the local macOS keychain, but also on Android, iOS and Windows as well -- a considerably larger undertaking than it first appears. So, while it isn't that we think this is a bad idea, the convergence of limited developer hours and the pressure of higher-level priorities likely means this won't be happening anytime soon.

    I really hope you don't take that to mean we don't appreciate this kind of thoughtful suggestion, because we absolutely do. Many of the features or ideas you see in 1Password today have come in part or sometimes completely from suggestions exactly like this one of yours. We feel very lucky to have one of the more engaged, passionate and thoughtful user communities in all of software; you guys rock. :) And more than that, you keep us on our toes, always pushing forward to make 1Password the best it can be for all our users, even as we can't always say yes to every request or idea. Thanks for being part of that, and keep 'em coming!

  • cjcampbell
    cjcampbell
    Community Member

    @Lars Thank you for the thoughtful response. I understand and agree with your take on needing to launch such a feature with parity across platforms (especially given that my team and customers use the tool across all of those platforms). I also recognize the potential complexity and the payoff relative to other features competing for developer resources.

    If nothing else, I merely wanted to plant the seed for a time when developer resources allow. And I wanted to further the discussion of usability in terms of understanding how 1Password fits and interoperates with all of the other pieces of software trying to manage my passwords (and other sensitive info) on a default install of any given platform. We're often fielding questions from clients about how to work effectively with a password manager, and this topic is almost always a point of some confusion. This request was prompted in part by some reflection on the issue after a recent engagement.

  • Lars
    Lars
    1Password Alumni

    @cjcampbell -- thanks for the follow-up. If I wasn't clear in my earlier response, you definitely planted the seed. The delay in my initial reply was due to me finding a minute when I could buttonhole a couple of our developers and run this by them. So rest assured, this idea is now part of the environment here, if not yet part of the DNA of 1Password. Have a great rest of your week! :)

  • Marke
    Marke
    Community Member

    @Lars I would like to vote this 1Password sync with MacOS Keychain up! I have trouble getting my wife to use 1Password because it isn't integrated with her apps on your phone/iPad. If it was, she would definitely use it as it offers password sharing features.

    So in IOS Apps she would have to click on the key and open the app instead of opening 1Password and cutting and pasting.

    I am sure there are others out there who would become customers of 1Password with such a unique feature of password syncing with Apple Keychain. This could bring additional revenue to your company.

    Cross-platform features sometimes lag each other or are slightly different. 1Password is the best MacOS/IOS password manager. Why not make it the greatest MacOS/IOS password manager?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2018

    I would like to vote this 1Password sync with MacOS Keychain up!

    @Marke: I don't think Apple gives any of us a vote. Definitely don't get your hopes up. Keychain interoperability seems to be something Apple is moving away from, not heading towards. Of course, that could all change in an instant if Apple announces something, but I'm not holding my breath.

    I have trouble getting my wife to use 1Password because it isn't integrated with her apps on your phone/iPad. If it was, she would definitely use it as it offers password sharing features.

    Let us know if there's something we can help with. :)

    So in IOS Apps she would have to click on the key and open the app instead of opening 1Password and cutting and pasting.

    Yeah we can't help with that. That's all Apple. Unless they allow 3rd party integration with that feature in the future.

    I am sure there are others out there who would become customers of 1Password with such a unique feature of password syncing with Apple Keychain. This could bring additional revenue to your company.

    Unless this is something Apple officially supported with APIs and developer tools, it would also be a great source of pain for everyone. Before Safari supported 3rd party extensions, we used our own tricks to fill there...and this all broke any time Apple released an update. We really don't want to relive that again, and neither do our customers who remember those times.

    One of the many reasons though that we always recommend not using browser autofill (or Keychain for password management) is because of how confusing that can be. Where is that password? Is it in Keychain? or is it in 1Password? It's a huge cognitive load to try to keep track of that stuff.

    Cross-platform features sometimes lag each other or are slightly different. 1Password is the best MacOS/IOS password manager. Why not make it the greatest MacOS/IOS password manager?

    That's what we're doing. ;)

This discussion has been closed.