Two Macs and an iPhone

jimmyboo
jimmyboo
Community Member

Hi,

I have been using 1Password 6.8.5 on my main Mac and an iPhone for a while, and I've been synching via the WLAN server as I don't want to sync via a cloud folder. I have recently installed 1Password on a new Mac, using a backup of the original mac, and I'm trying to figure out how best to keep both Macs and the iPhone synched. Again, I don't want to sync over Dropbox or iCloud. Any advice?

Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    Hi @jimmyboo - WLAN sync in 1Password is set up on a server-client basis. A single Mac or PC acts as the server (this is why the WLAN panel in 1Password Preferences is called "WLAN Server"), and any number of mobile devices (1Password for iOS or 1Password for Android) are the clients.

    There aren't really any stable and simple, non-cloud-based ways to sync multiple desktop instances of 1Password for Mac, 1Password for Windows or both. Can I ask why you're opposed to cloud-based sync?

  • jimmyboo
    jimmyboo
    Community Member

    I am opposed to cloud-based sync because Dropbox, iCloud, etc provide multiple attack vectors. If there is a security breach, the attackers could get access to our vaults. That's an unacceptable risk. Synching over my own (adequately secured) home network is much safer. A potential attacker would have to specifically seek me out to get access, as opposed to "stumbling" into my vault from a larger/general attack on cloud services.

    It would be very helpful if y'all would allow the option whereby the desktop client can act like a client for the WLAN Server, like the mobile clients, as I suspect there are many people in a similar situation. The era of there being a single "desktop class" machine in a household has long passed.

  • darrenNZ
    darrenNZ
    Community Member

    You're right @jimmyboo, cloud servers do have multiple attack vectors.

    It's why 1Password accounts (Individual, Families or Teams) have a true second factor: the secret key. Even if AgileBits were to have all of their encrypted customer data stolen, it'd be useless. The master password isn't transmitted to AgileBits nor is the secret key - both parts are used together to encrypt customer data.

    If you were using a 1Password account then a hacker would need to 'specifically seek you out to get access'. Exactly the same as they would in the scenario you give. The hacker would need to breach your individual device, somehow grab your master password and then get your secret key.

    Therefore the 1Password account doesn't suffer from the "multiple attack vectors" that you talk about for this very reason. It comes with one very big problem: if you forget your master password and/or secret key, you're goosed. You can kiss your data goodbye. This is why 1Password is a singularly unattractive target to hackers.

    iCloud, Dropbox, OneDrive and Google Drive don't provide zero-knowledge security which is why they have the "multiple attack vectors". For those companies it'd be unacceptable for a customer to lose his data if he forgot his password. For 1Password, and their customers, it's an acceptable trade-off (no master password and secret key = data permanently irretrievable).

    It would be very helpful if y'all would allow the option whereby the desktop client can act like a client for the WLAN Server, like the mobile clients, as I suspect there are many people in a similar situation.

    The number of sync conflicts that this can cause is tremendous.

    The WLAN sync was and is a bad implementation. This isn't because 1Password are doing something wrong, but because of issues connecting via Mac and various OS-level restrictions.

    It's a nice idea for everything to work like this but the majority of people aren't using this method any more because of unreliability through conflicts and user error.

  • Lars
    Lars
    1Password Alumni

    @jimmyboo -- @darrenNZ is right on the money with his reply - we have never based the security of 1Password on the safety of any cloud provider or even in fact the security of your home network/computer -- however good you may be at securing it. In traditional sync (iCloud, Dropbox), we do not depend on the security of these services. In fact, 1Password has always been secure by design; with the assumption that an adversary might get hold of your data. This can happen just as easily (more easily, in fact), through leaving a device somewhere or having it stolen than it's likely to happen as a result of iCloud being breached and your specific data being stolen.

    In both cases, your Master Password protects you, (along with a few other technologies). That's why we place such emphasis on users choosing a truly strong Master Password: because that is the only thing that can transform your 1Password data to unreadable ciphertext and back again.

    With 1Password.com, we added an additional layer of security in the Secret Key which is in addition to your Master Password and ensures that whatever you chose for your Master Password, it's equal to at least 128 bits of entropy (password strength).

    While we continue to support advanced manual syncing methods such as WLAN, Dropbox and iCloud for our users who prefer it or are subject to organizational restrictions, we won't be changing the current WLAN setup any time soon. I won't say "never," because that's the kind of statement that comes back to haunt a person - or a company - but I will say it's something you're unlikely to see. WLAN sync should be considered for advanced users only, who are comfortable setting up, maintaining and troubleshooting it themselves.

    The only way keep multiple Macs (and/or PCs) in sync as well as one or more mobile devices would be to designate one of your Macs as the WLAN server and sync all mobile devices with it. For the Mac-to-Mac sync, you would need to pursue a Folder Sync setup, and locate the OPVault keychain on a removable external hard drive or USB flash drive. We do not recommend such a setup for most users because 1Password cannot assure stability if sync isn't maintained manually, consistently, which can result in data errors. However, if you've got multiple Macs and at least one mobile device and you won't consider any cloud-based alternative, this will be the only way for you to keep your 1Password data synced.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Synching over my own (adequately secured) home network is much safer. A potential attacker would have to specifically seek me out to get access, as opposed to "stumbling" into my vault from a larger/general attack on cloud services.

    @jimmyboo: Fortunately what you're saying isn't possible, since we never have the keys to the data: if you lose them, you'll be "stumbling" around unable to gain access to your own data as well. A potential attack would have to seek you out anyway, since they'd have to get your Master Password from you anyhow, so they might as well grab the database while they're at at — the same threat applies equally to both 1Password.com and WLAN Server. I think it's important to be realistic about that.

    It would be very helpful if y'all would allow the option whereby the desktop client can act like a client for the WLAN Server, like the mobile clients, as I suspect there are many people in a similar situation. The era of there being a single "desktop class" machine in a household has long passed.

    Maybe your household. Send some of that hardware my way! ;)

    But in all seriousness, the desktop apps do act as sync clients with 1Password.com, Dropbox, and iCloud already since all of the apps act as the client in that case; so, given that your 1Password data is end-to-end encrypted doesn't depend on the sync service to protect your data, we've already been offering the functionality you're asking for for years, just not the specific implementation you're proposing, since that's much more prone to failure. It's certainly your prerogative if you choose not to use these options, but given that 1Password.com uses the 128-bit, randomly generated Secret Key in addition to your Master Password to encrypt the data (neither of which we ever have), you're actually missing out on additional security and convenience by doing so.

  • jimmyboo
    jimmyboo
    Community Member

    Thanks for the detailed responses all. One more question: what if 1password.com or my, say, iCloud account were breached and my vaults deleted by a malicious hacker? Or deleted due to a technical error? How would I recover my passwords?

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the detailed responses all. One more question: what if 1password.com or my, say, iCloud account were breached and my vaults deleted by a malicious hacker?

    @jimmyboo: They'd still need your Master Password (and Secret Key, in the case of 1Password.com) to decrypt the data. We never have any of that.

    Or deleted due to a technical error? How would I recover my passwords?

    With iCloud or local vaults in general you're out of luck unless you have a backup of your data somewhere else. 1Password.com, however, has backups of backups — full item history going back a year — and redundancy in case of technical issues, thanks to AWS.

This discussion has been closed.