Those of you who have relied on Wireless LAN synching for 1Password data will have noticed that this is not supported in 1Password 7. There are lots of reasons for this, which I will break down into three.
My first draft of this topped 3000 words. You will be pleased to know that I did some editing.
Please let us know why you want WLAN sync server added to 1Password 7 for Windows. That list is where we are keeping track.
With (most) other synching mechanisms for 1Password data, you set it up once on each device and then can entirely forget about it. You don't have to worry about which device you made what changes to when.
You have to think about which devices may not have synchronized. If you've made changes on multiple mobile devices you need to do manually sync and resync to get everything propagated.
This may be a price you are willing to pay, but that doesn't take away from the fact that it really is harder.
Almost everyone reading this right now is aware of multiple choices and has some idea of where the data can live. And that's great.
But most others have set up 1Password once and no longer know how they set up synching. They only knew which they picked when and shortly after they set things up. When they go to set up a new device they don't know how they are already synching. Despite our efforts at setup guidance, even if 1% of people set up a new device incorrectly, that is still tens of thousands of people. The large majority of support queries are to resolve sync problems, and the overwhelming majority of sync problems are the result of multiple ways to sync.
Let me make this clear that none of this is the user's fault. People shouldn't have to know about sync mechanisms to be able to use 1Password well.
WLAN adds to that general problem by being yet another sync method, but it is also easier to mess up, and there are the networking issues. A typical household will just have one local subnet (so-called guest networks notwithstanding). But there are a lot of atypical ones.
When people notice synching problems we can't ask them to describe their local network topology and expect reliable answers. Again, this is not the user's fault. People shouldn't have to know about network topology to use 1Password.
Your data is end-to-end encrypted. That means that it is encrypted with keys that are derived from secrets that only you hold before your data ever hits a disk, much less a network. If that encryption were not good enough for "the cloud" than it wouldn't be good enough on your own devices.
Encrypted data can be stolen from "somebody else's computer", and it can be stolen from your own. What I'm going to ask you to consider is whether WLAN actually offers you more relevant security or whether it just offers you a greater sense of security.
First let me talk about the security advantages WLAN sync.
Our system is a juicier target than your system.
We are continually under attack. (They are kind of amusing to watch and only very rarely require any manual intervention on our part. But we do keep an eye on them.)
We get some scraps of metadata. We can know when you connect to the service, where you connect from and how much data you have.
If you keep your data entirely within your own network, then nobody has that information.
Our Privacy by Design means that can't know the websites you have logins for, we can't know the titles you've given to items or vaults. We can't know the names of tags that you use.
But still, we do get a little bit more information about you than we do if you only sync on your own network. (If you use Dropbox, then they or anyone who compromises them have that data.)
Lockout. What power do we have to lock you out of your own data?
We never want to lock people out of their own data. We do not even want to have the capability of locking people out of their own data.
With some effort, you can make sure that you always have a backups of your own data locally. It's not as robust and automatic as it should be, but we are working at improve this.
You may need to keep things to local networks for compliance reasons.
You may work in an environment in which you simply are not allowed to store data, no matter how well encrypted, outside of your own organizations system. This is the most compelling reason to use WLAN sync. I believe that in this case your organization's rules and policies may be misguided, but my opinion doesn't change the requirements placed upon you.
We will continue to explore ways to make 1Password work for you. But I can't offer any promises about what the nature of that resolution may be. Folder Sync remains an option between some systems, but it does not cover everything.
Now let's look at the security advantages of our service.
Two-Secret Key Derivation (2SKD). 1Password data stolen from your own machine or network is protected only by your Master Password. Data stolen from our systems is protected by both your Master Password and a your 128 bit Secret Key.
It is hard to over-state the importance of this. When we designed the service, we designed things knowing that we would be a juicy target. And there are limits to how much things like PBKDF2 can do for you. Our concern was that if someone stole your data from us they would be able to launch password cracking attempts against your Master Password.
So client side a Secret Key is combined with your Master Password during key derivation. The Secret Key is stored on your device, but is never sent to us. Without the Secret Key, there is simply no way that anyone could attempt a Master Password cracking attempt on data from our services. (And if they were to get the secret key from your machines, then they would also have your local copy of encrypted data as well, and wouldn't need anything from our systems.)
No secrets transmitted during authentication
When your client connects to our server and authenticates, no secrets are transmitted. We cannot learn anything about your Master Password and Secret Key during that process. It's really cool, and we've published the source code that is used for this.
Does not depend on the secrecy of TLS/SSL
We do use TLS, and we do so very strictly. But we do not depend on it. In addition to your data always being encrypted with keys derived from your Master Password and Secret Key, our own communication protocol encrypts and authenticates messages with a session key that is negotiated during authentication. And finally, all of that is done over TLS. So that gives you three layers of encryption during transport.
Data format improvement.
Just as OPVault has important security improvements over its predecessor, Agile Keychain Format; what we use with our service is an improvement over OPVault.
Our systems are better protected than yours.
You have been using WLAN sync, so you are a sophisticated user who knows how to protect your systems. But in addition the obvious resource advantages we have in protecting the systems on which your data reside (our ops team, virtual private clouds, full database encryption, monitoring, etc), there is an even bigger difference:
The only thing that ever happens on each of our systems is the very narrow purpose of that component. Our database systems only run the database for example. Your systems, on the other hand, are used for web browsing, for email, for Twitter, for document preparation, for watching videos, and playing games. This is a deep and fundamental difference that makes our systems inherently easier to secure.
So while it remains true that our systems are a more attractive target, we have designed things so that we even if we are compromised, your secrets remain safe. Our security is layered, relies on end-to-end encryption, maintains privacy by design, and focuses on real defenses instead of theatrical ones. We want you to have as much control over your own data as possible, while still making things work for you.
[This forum thread originally appeared in the 1Password for Windows Beta forum, but has been moved to non-beta forum as the release of 1Password for Windows 7 approaches].