On WLAN Sync in 1Password 7

2456715

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    Now, shortly before you are releasing the new version of 1PW for Windows with local support, you announced that there will be no possibility to sync the mobile app e.g. iOS without cloud integration?

    @Finke03: I'm not sure you've been following this discussion. No one has said that. What has been said is that WLAN Server will not be in version 7.0, and that if you or anyone else would like us to spend the time and energy to develop, test, and support that in the new Windows app, please see Dave's earlier comments about signing up so we can gauge interest.

    Instead of discussing the advantages and disadvantages of storing the vault into the cloud, you should put your energy into implementing this kind of feature which already was included in previous versions and used by several users.

    "Several users" probably isn't sufficient to justify building a feature from scratch in a brand new app, and discussions like this one — since, as mentioned previously, we don't have tracking features in our software which would tell us if more than that use WLAN Server — are the only way we're going to get feedback from actual people about their reasons for wanting us to add this.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @ftwilson: I've really enjoyed your comments here. Thank you. I just have one nitpick:

    Right now, 1Password is the best there is, I'm persuaded of that. But, the absence of a local sync option (for reasonable programming resources issues, if nothing else) is leaving folks who would otherwise practice good computer hygiene to put their "cash under their mattresses." (And, even banks get robbed, with guns or code. Maybe 1Password should help folks at least put their cash in a safe in their anonymous basement?)

    While you're fairly anonymous to us (not entirely, if you've purchased a license, but as far as your data), it isn't us you need to worry about since only you have the keys to your encrypted data no matter where you store it. Who you need to worry about is an attacker. And since they'll have to get those keys from you in order to decrypt the data anyway, you will likely not be anonymous at all to them, if they're to be successful. I think it's important to keep this in perspective when we're talking about threat models vis a vis "local" and "cloud". Either way, you're the best attack vector.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I feel a horrible loss of control if I'm forced to store data, even encrypted, anywhere else except my local network. This is an emotional dilemma and it doesn't matter how much logic you throw at it. Just the thought alone is physically sickening. I got taught many times that one should not upload anything into the internet that you're not willing to share publicly. It's very hard to unlearn this and it's especially hard to stomach when you already offered a quite solid solution in 1P 4. (my original argument about legal/privacy limitations is still my main concern and deal breaker, btw. I just wanted to share my emotional stance as well)

    @frame: I wanted to address this because you bring up a really important point. Certainly we're not robots, and there's going to be emotions involved when we're talking about some of our most important data. But I think it's worth considering that we don't make our best decisions when we do so based on emotion. If we did, "crime of passion" wouldn't be a cliché. It's better to be rational with important stuff, especially when were dealing with security. Attackers and the tools they use don't care about how we might feel about being their target. But we obviously want you to feel good about using 1Password; we just know that, at the end of the day, that only works if we approach security rationally and do everything we can to protect 1Password users. If someone gets your data because of a mistake we make, you won't care how bad we feel about that. That's why we don't ever have the keys to it (which means that you're not uploading just anything to the internet; you're only uploading encrypted data), and why, apart from our own efforts, we participate in external audits and cooperate with independent security researchers to find any flaws so we can fix them. A logical approach is the only way any of this works, and the only way any of us can trust it, because having good intentions and assurances that 1Password is trustworthy just don't cut it — not for you or for us, as we're 1Password users too.

  • AGAlumB
    AGAlumB
    1Password Alumni

    You say it was difficult to setup? I can't clearly remember the (setup)process anymore, but all I am doing now is pressing WLAN sync, entering my password, done. Is this what you consider to be difficult?

    @Sefer: I wanted to respond to you as well because this is really personal to me, as it's an area I've spent a lot of time on over the years. But first, as an aside, since WLAN Server doesn't work between two computers (it never has, only a single computer — the server — and one or more mobile devices — the clients), I'd be interested to hear how you set that up, if you can recall, and perhaps others would too.

    To be clear, if you're one of the few who are either technically savvy and on top of your network environment, very lucky, or both, to the point that you've never had trouble with WLAN Server (née Wi-Fi Sync), I'm happy for you. Seriously, I mean that from the bottom of my heart, because this support documentation (and the various esoterica contained therein) exists solely because of how much it sucks for most people, both novices and also plenty of technically savvy folks with bad luck or just some other uncooperative hardware or software. Those are the folks we hear from, and it hurts every time, so it is good to hear from someone like you who have had good experience with this. I just wish that were the case for everyone.

    Unfortunately whether WLAN Server is added or not we just don't have any control over anything outside of 1Password, and since it depends so heavily on the network environment, we're hesitant to add a feature that's going to get a lot of people excited only to ruin their days (weeks, months, who knows...) :(

  • AGAlumB
    AGAlumB
    1Password Alumni

    Right now after your announcement of not supporting local wlan sync, nearly everybody is disappointed.

    @lebowski: Hey, Dude! What we've announced is that WLAN Server will not be in version 7.0, and that if you or anyone else would like us to spend the time and energy to develop, test, and support that in the new Windows app, please see Dave's earlier comments about signing up so we can gauge interest. Thanks! :)

  • scott_savarese
    scott_savarese
    Community Member

    @brenty,

    I think you need to explain WLAN Server more. Was that a typo and you mean "WLAN Sync"?

    My requirements are simple... I don't want my data leaving my home network. I don't care how its done. I'll spin up VM's at home (linux support please... i don't want to buy a windows license) to run a server my laptop and phone can connect to to sync from.

    Yes I do sleep, but firewall ports don't just open themselves up when I don't look at my router (yay Juniper). And yes, I monitor everything (kinda what I do). But that doesn't matter. Dropbox monitors everything and they were hacked numerous times in the past few years. And how do I know you do infrastructure security right? Is there a process where I can come onsite and audit every little thing you do to my satisfaction? Or am I supposed to trust you just because you say so? Even if you offered it to me, are you going to offer it to everyone on this list that says they want their stuff local? You'd run out of money hiring people to manage the onslaught of people requesting access to your files.

    To be fair, even if you offered to show me everything I don't have the time. That's why the rule is simple for me. Keep it local. No audits necessary. I don't bend the rules unless there is no other choice.

    Also, plenty of other apps in iOS (specifically iTV) do support SMB and CIFS shares. Why couldn't 1Password? Not saying its the right/smart thing to do, but it is doable technically.

  • Lars
    Lars
    1Password Alumni
    edited March 2018

    @scott_savarese

    I think you need to explain WLAN Server more. Was that a typo and you mean "WLAN Sync"?

    No, not a typo. WLAN sync in 1Password is a server-client model: one copy of 1Password for Mac or 1Password for Windows functions as the WLAN Server. In 1Password 4 for Windows, it was indeed called WLAN Sync, but on the Mac side, it's been called WLAN Server for a while now, and that would be the likely name of it in 1Password 7 for Windows as well. This reflects how it's designed: one "desktop" syncs with one-or-more mobile devices (Android or iOS). It's never been possible to sync two Macs, two PCs, or a PC <--> Mac together via WLAN in 1Password.

    I want to return to something you said in your earlier post that brenty already replied to:

    I take offense to the "our security is better than yours" line. I'm a network security architect with 20 years of experience.

    I can certainly understand why someone in your position might take umbrage at that comment of @jpgoldberg's (even though it wasn't directed at you specifically and I agree with brenty's reply, in general). But let me ask you: what percentage of our user-base do you suppose shares your qualifications? How many have 20 years of network security architecture experience under their belts? To be clear, I don't have any facts or figures handy, so this isn't snark, it's a genuine question that I don't know the exact answer to myself. But that's kind of the point: since (as dave mentioned) we don't include analytics in 1Password (and even if we did, they wouldn't tell us your job qualifications, LOL), we're trying to gauge what a decent approximation of the actual answer to this question might be.

    You're very clear on what your bright lines are, and we're glad you took the time to share them with us.

  • AGAlumB
    AGAlumB
    1Password Alumni

    My requirements are simple... I don't want my data leaving my home network. I don't care how its done. I'll spin up VM's at home (linux support please... i don't want to buy a windows license) to run a server my laptop and phone can connect to to sync from.

    @scott_savarese: To be clear, this is a discussion exclusively about 1Password for Windows version 7 and our interest in hearing feedback from users who might want us to develop a WLAN Server feature for it. We have nothing to announce for Linux at this time, but you can use 1Password X there with a 1Password.com membership if you want to try that.

    Yes I do sleep, but firewall ports don't just open themselves up when I don't look at my router (yay Juniper). And yes, I monitor everything (kinda what I do). But that doesn't matter. Dropbox monitors everything and they were hacked numerous times in the past few years.

    The thing is, if we're "hacked", we don't have the keys to anyone's data. That's kind of the point.

    And how do I know you do infrastructure security right? Is there a process where I can come onsite and audit every little thing you do to my satisfaction? Or am I supposed to trust you just because you say so? Even if you offered it to me, are you going to offer it to everyone on this list that says they want their stuff local? You'd run out of money hiring people to manage the onslaught of people requesting access to your files.

    I think you're being a bit facetious here, but seriously, you should really read the 1Password.com security white paper and let us know if you have questions.

    To be fair, even if you offered to show me everything I don't have the time.

    To be frank, if you don't have the time to audit us, you don't have the time to audit yourself and all of the systems and processes (including any persons or entities with access to where you store or use your devices) either.

    That's why the rule is simple for me. Keep it local. No audits necessary. I don't bend the rules unless there is no other choice.

    I think that's perfectly fair, as it's your data. Just please keep in mind that you're choosing to impose these constraints on yourself.

    Also, plenty of other apps in iOS (specifically iTV) do support SMB and CIFS shares. Why couldn't 1Password? Not saying its the right/smart thing to do, but it is doable technically.

    There's a lot more that goes into it than this, but to put it simply: if we're debating whether or not we can justify devoting the resources to developing, testing, and supporting WLAN Server in the new Windows app, developing an entirely different sync method for multiple platforms is a much bigger stretch.

  • scott_savarese
    scott_savarese
    Community Member

    @Lars

    what percentage of our user-base do you suppose shares your qualifications? How many have 20 years of network security architecture experience under their belts? To be clear, I don't have any facts or figures handy, so this isn't snark, it's a genuine question that I don't know the exact answer to myself

    That's a fair question. I would argue that judging by how vehement people on this thread are complaining about it, it might be worth reconsidering completely killing the ability to sync local vaults. Like I said... I don't think people care if you use the existing WLAN Server, or something else. Just give the people something that will let them get a vault between two 1password 7 devices that are on the same network.

    Personally, I would argue that 1Password is used by more security conscious people that you might think. Given that 99% of the world doesn't care about password safes in general, we're already talking about the 1% of people who follow security. I'd bet that a large chunk of them know the risks around cloud services in general (equifax, Dropbox, etc). If I had to bet, I'd say 10-15% care. I subscribed to the newsletter about it to get my name on your register. I'd love to see what the final numbers are.

    I remember you having issues with webdav years ago (https://discussions.agilebits.com/discussion/23755/feature-requst-sync-with-private-cloud-e-g-via-webdav). Maybe performance has improved now and it is worth revisiting. I'd be happy to help test out a version that has webdav support built in. Hell, I know the world has moved to APIs nowadays. It can't be hard to write a simple endpoint that supported uploading a vault file and checking the date on it to see if your version is most current (https://stackoverflow.com/questions/15776003/upload-files-in-php-using-rest for example). I'd be happy to slap something in a github repository for the server side.

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    @scott_savarese

    I'm enjoying the thread, but I would just nuance this, "worth reconsidering completely killing the ability to sync local vaults" to this "worth reconsidering completely killing the ability to sync local vaults via WLAN"

    Just cause the local folder sync will be there, and will be functioning and can also accomplish the same for some users (not a 1-to-1 match, but you get my point. A home-based or SoHo network share vs WLAN). As opposed to using some third-party sync service.

  • Lars
    Lars
    1Password Alumni

    @scott_savarese

    I would argue that 1Password is used by more security conscious people that you might think.

    I certainly hope it's used by security-conscious folks! Means we're probably doing something right.

    Given that 99% of the world doesn't care about password safes in general, we're already talking about the 1% of people who follow security.

    I'm not sure they don't care, they just don't know about the dangers of things like password reuse. But they're starting to: more and more such articles are now available in the mainstream (non-tech press). People didn't know not to send sensitive information over unencrypted channels for a long time, either - many still don't. But they're learning. And regardless of the accuracy of those guesses, one of our guiding lights here is that everyone - including that 99% - deserve real security. It shouldn't be limited to a tech cognoscenti who know how to set up their own WebDAV servers or are otherwise security pros. I'm not trying to suggest that's what you believe; my point is that because this is one of our principles, that's how we develop and design 1Password -- so that people who aren't security professionals can still enjoy the advantages of robust password security. Frankly, in many ways, it makes our job much harder to do it this way than if we restricted our target audience/customer base to computer/security professionals. This way, we have to not only make sure the security aspect is solid (which it is), but we also have to make sure it's comprehensible and usable (read: not intimidating or confusing) to that 99% (or whatever) that aren't pros.

    Regarding WebDAV specifically, this is probably the thread to reference -- you can read it right from Dave Teare himself. Short version: we tested it: the performance was terrible. It's also worth noting ben's comment, further down in the same thread, that:

    ...it is worth noting that while we do not natively support WebDAV within 1Password, and likely won't, if it is a killer feature for you it is possible to set it up. You'd need to set up folder sync (noting the warning) to your local file system and then use a 3rd party utility that can sync from your local file system to a WebDAV server.

  • scott_savarese
    scott_savarese
    Community Member

    @lars... I just want to echo what @AlwaysSortaCurious said above... Folder sync is good (I use it for backups), but won't get the vault onto an iOS device. That's the magic people seem to want. That's why I'm suggesting some sort of industry standard protocol (I use that term loosely) such as webdev and/or REST. Nobody said we have to be limited to those two. If there is something else just as fast, I'm game for it.

    How does Dropbox work? Why can't we do something similar (just an API call) and get the same performance?

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    edited March 2018

    I take offense to the "our security is better than yours" line. I'm a network security architect with 20 years of experience.

    If you look at the reasons I gave for that @scott_savarese , I think you will see that no offense was given. I didn't say that we are smarter or more experienced then you are. That would have been a horribly presumptuous thing to say. I did say that the systems on which your 1Password data live and are handled by are specifically designed for the purpose. We aren't running anything on those systems other than the very specific services and databases needed.

    I think any platform with a greater attack surface (like you said... you get attacked daily) is a much bigger risk than my home network which is hidden on the internet behind a firewall with no open ports.

    Obviously we do have to have some open ports to serve to the world, but that isn't the only aspect of attack surface. Every process, from your web browser to a game, to word processor that you run inside your network presents an attack surface. And that surface includes all of the software libraries and frameworks that went into make each one of those running processes.

    This is what makes your network more vulnerable than the VPC on which 1Password data lives. Of course we face threats via the software running on our systems and their dependencies, but we can keep that to a much smaller set than a home network running general purpose systems.

    You mentioned elsewhere that just because a service is professionally managed doesn't make it invulnerable. There is enormous evidence that you are correct. And this is why we designed 1Password so that it remains secure even if our systems are compromised. We don't want to frighten people, so we are careful that we say this only in front of security experts, but it would be irresponsible to design 1Password without the expectation that the hosts will be compromised. This is the fundamental purpose of the Secret Key, but other parts of our design reflect this.

    Although I still believe are better protected than than even the most well-managed home use network, that doesn't mean that it can't be compromised. And, of course, "better protected" doesn't mean "less likely to be compromised". There are far greater incentive to attack our system then yours. We need to be better protected.

    One way that I like to put our approach to the security design is that we should aim to keep you safe even if we were to turn evil. If our design can defend against an insider attack, then it can defend against anyone who coerces us or gains our powers over your data. So we try to design the system to be safe against insider attacks not because we expect that we will suddenly turn evil, but such a design defends against enormous categories of attack.

    But this doesn't change my claim that if 1Password's encryption isn't good enough to live on our systems, then it really isn't good enough to live on yours. Indeed, the Secret Key means that you are better off having the data stolen from us than from your own devices.

  • ftwilson
    ftwilson
    Community Member

    Hello,

    Thanks for your response, and I'm glad you've enjoyed my comments. (Really.)

    I'd ask, though, that you treat everything that comes after "But all that is beside-the-point stuff." in its entirety, because--from the skeptical user perspective--everything before that really is "beside-the-point stuff." (By which, among other things, I mean the stuff that folks with a clue about cyber security care a wit about, vice your average or average potential customer.)

    Your comments treat "secure in my house" vs. "secure on our servers at the mysterious end of the Internet" as the same thing to customers. But, TO CUSTOMERS, they are not the same. The best equation for our nation's security doesn't pit these two against each other, but rather whether they use a stupid password model (one password for everything) vs. a smart password model (long, random, blah, blah passwords that vary by endpoint, kept secure by something like 1Password) against each other.

    Sure, I appreciate SRP and Diffie-Hellman and code supply and code derivations and, and, and.... Your customers don't.

    Asking people (axiomatically, with the security provisions that are integrated and postulated) to trust putting their passwords out in the ether (awesomely encrypted, and on the basis of "I know better than you do") is like asking them to walk their bike across the street in front of an Uber self-driving vehicle in Arizona: some people aren't ready yet, and their angst deserves to not be belittled. No question about it, self-driving cars ARE the future. (Emphasis on the last word... get it?)

    I get that you can't spend money or coding time everywhere; I've been there. But--until you're literally (despite some folks' hatred of that word) willing to bet the company on the model--it isn't helping your case to say "trust us, trust the internet, trust AWS, trust encryption that we admit is hard." (If you ARE ready to bet the company on the model, call me; I'll give you my number.)

    It's "OK" to say "we have decided that it's not in our business model interest to deploy developer and support resources against local sync." Lots of folks will ask, "why not," and you can go after that from a cost-benefit perspective; that's fine. But saying, "you're misguided for thinking that local sync is safer"--when NOBODY's ever heard of smart local security getting cracked but EVERYONE has heard of central, Internet-based security getting cracked (Equifax, AWS, etc)--isn't good marketing.

    Perception vs. reality. Comfort vs. discomfort. If you don't get that, you're missing the point (hence, my "beside-the-point stuff"). And, yes, as developers, you've got to figure out how many people feel the way I (and some others) do.

    But, here's the thing. You can aspire to make the interface look awesome. You can make all kinds of feature additions. They'll be great. And, I LOVE the work you've done on Mac, and iOS (and I don't use Windows, so I can't say).

    But, you've got like ONE feature to bring EVERYONE into the fold, after which you can take all the time in the world to add pretty icons and windows and stuff. Until then, you're potentially losing customers and potentially undermining individual and US national security. (And, I don't drop the last three words lightly. And, yes, by now, you know I'm not kidding.)

    Hmmm....

    Todd

  • ftwilson
    ftwilson
    Community Member

    PS. I'm only the "best attack vector" if they're after ME specifically. From the perspective of the individual customer who has no perceived reason to be specifically targeted, but only wants to be "cyber smart," services beyond the reach of their homes present a vastly greater "attack surface", and the press is replete with such surfaces that have been breached.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for your response, and I'm glad you've enjoyed my comments. (Really.)

    @ftwilson: Likewise, thanks for taking the time to have this dialog. I can see you're as passionate about this stuff as we are. :)

    I'll respond to this first, because even though it's your postscript, I think this is really crucial:

    PS. I'm only the "best attack vector" if they're after ME specifically. From the perspective of the individual customer who has no perceived reason to be specifically targeted, but only wants to be "cyber smart," services beyond the reach of their homes present a vastly greater "attack surface", and the press is replete with such surfaces that have been breached.

    You're absolutely correct in theory, but in practice, it's a bit different. Not wrong, just different. I recognize that I probably did a poor job of tying this all together, but my point is that, since we don't have the keys to your data, an attacker would really need to target you specifically in order to be able to decrypt it. At that point, whether you use local vaults or 1Password.com, they might as well just get the encrypted database from you too. It's just much more practical.

    For example, the Secret Key is relatively hard to capture because it is never transmitted to the server (SRP ensures that), and since it is only rarely used (to authorize a new device), there are limited opportunities to capture it (compared to the Master Password, which you're probably entering many times per day, depending on the device). That's not to say this is something we should count on for our security, but it limits the attack surface to some degree.

    I fear that I run the risk of explaining this poorly again here, but suffice to say that it is probably easier for an attacker is able to trick you into giving your Master Password to them — perhaps with a fake 1Password unlock prompt in the browser, or fake 1Password.com login page. These are things we go to a lot of trouble to prevent, but you may not notice them being done to you on your machine if you're not paying attention. So, in the real world, it will be much more practical for an attacker to go after an individual (who is probably using their machine for stuff other than security and doesn't have around the clock monitoring and external audits by security professionals) than it will be for them to go after us, because we still don't have everything they need anyway.

    Your comments treat "secure in my house" vs. "secure on our servers at the mysterious end of the Internet" as the same thing to customers. But, TO CUSTOMERS, they are not the same. The best equation for our nation's security doesn't pit these two against each other, but rather whether they use a stupid password model (one password for everything) vs. a smart password model (long, random, blah, blah passwords that vary by endpoint, kept secure by something like 1Password) against each other. Sure, I appreciate SRP and Diffie-Hellman and code supply and code derivations and, and, and.... Your customers don't.

    You're absolutely right. I didn't mean to be dismissive, and you're correct that most of our customers may not draw these distinctions or care. But frankly that's why we feel such a sense of responsibility to make all of this not only secure so that when they don't worry about it, they're not screwing themselves, but also easy to use. And of course that's where 1Password.com comes in, and why WLAN Server is not our top priority.

    Asking people (axiomatically, with the security provisions that are integrated and postulated) to trust putting their passwords out in the ether (awesomely encrypted, and on the basis of "I know better than you do") is like asking them to walk their bike across the street in front of an Uber self-driving vehicle in Arizona: some people aren't ready yet, and their angst deserves to not be belittled. No question about it, self-driving cars ARE the future. (Emphasis on the last word... get it?)

    I get it, and thank you for making this point. I am sorry if anything I or my teammates here at AgileBits have come off as belittling. It's a really fine line between explaining these kinds of concerns and talking down to people, and if we've failed in the regard, I apologize. I think that's why it's so important to have this kind of discussion, because even though it's true that using 1Password.com offer both convenience and security benefits to users compared to WLAN Server, us merely saying "1Password.com offer both convenience and security benefits to users compared to WLAN Server" is not helpful. There needs to be a dialogue, so that people can ask questions and hopefully understand why when it's their data that's involved.

    But saying, "you're misguided for thinking that local sync is safer"--when NOBODY's ever heard of smart local security getting cracked but EVERYONE has heard of central, Internet-based security getting cracked (Equifax, AWS, etc)--isn't good marketing.

    You're right of course. I don't think we've said "you're misguided", but we may as well have, and that feels bad. I apologize for that. But I think it's worth noting that being "misguided", if we're going to use that word, is the opposite of stupidity, though is think that is how it might feel to some. "Misguided" means that someone was smart enough to seek the advice of someone more knowledgable or experienced than them, and they were misled — maybe that's a better word — by someone, either intentionally or not, into believing that person was an expert and that their advice is sound. A lot of people are in this boat with WLAN Server: they were told that this is sufficient and necessary for security, and that simply isn't the case. But rather than just saying "it isn't true", we try to explain why it isn't true...

    Perception vs. reality. Comfort vs. discomfort. If you don't get that, you're missing the point (hence, my "beside-the-point stuff"). And, yes, as developers, you've got to figure out how many people feel the way I (and some others) do.

    But you're right on. Perception and discomfort are challenges. We've made a lot of progress since initially launching the 1Password for Teams beta in late 2015, but we've definitely still got work to do in this regard, not only in marketing and education, but also just connecting with people: what are their concerns an specific use cases? That's why we're here.

    But, you've got like ONE feature to bring EVERYONE into the fold, after which you can take all the time in the world to add pretty icons and windows and stuff.

    I disagree that adding WLAN Server would bring everyone into the fold. There is a long list of different sync options (including those named above, but also many others) people have asked for over the years, and they're often a dealbreaker. I think it's a nice idea that 1Password could server everyone someday, but it isn't realistic given resources and individual preferences, so we're focused on the things which can do the most good for the greatest number of users.

    Until then, you're potentially losing customers and potentially undermining individual and US national security. (And, I don't drop the last three words lightly. And, yes, by now, you know I'm not kidding.)

    I am interested to understand specifically what you mean by this. 1Password – in all of its forms — has helped many people secure their digital lives. Certainly 1Password isn't a perfect fit for everyone, so not everyone will use it. But I don't see how this undermines national security. I'm sure there's more to it than that though, so I'd like to get a better sense of where you're coming from.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2018

    Hi, It’s exciting to hear that 1PW7 is out of alpha. I really appreciate the work you do at agilebits.

    @dwk: Likewise, thanks for the kind words! We're also excited about 1Password 7, and appreciate you getting in touch about this.

    However dropping support for WLAN sync is a disappointment on my end because I heavily rely on it with my windows desktop and iphone. Nonetheless the decision is made and there is no going back I guess. I have to find a way to sync my iphone and my windows machine without using WLAN support.

    While we do not currently have plans to add WLAN Server to 1Password 7, we are actively soliciting feedback. please see Dave's earlier post for more information.

    So big words short : is it possible to sync my iphone and my windows machine without using WLAN or cloud services ?

    Yes. 1Password 7 will support syncing to a local folder, which you can in turn sync between devices using another tool of your choosing. That last past isn't something we support ourselves, but so long as you maintain backups you'll have a fallback if you run into issues with whatever you use. This is technically speaking, how Dropbox sync works, as 1Password just saves a sync copy of the vault to a folder, in that case inside Dropbox. 1Password doesn't care if you use something else though.

    I did a little digging and I guess I found two ways. Since my iphone is my primary use for 1PW, everytime I make a change to iphone I will use WLAN(using 1PW4) sync to move my data to windows machine and use 1pw7 as a client. Manually type in all the changes on both platform Please enlighten me....

    That's not something I'd want to do, so it wouldn't be what I'd recommend. But you're right that being on iOS complicates things a bit since it isn't possible for apps to save to an arbitrary folder there.

    I'm sorry I don't have better news on that count, but definitely check out Goldberg's post on this topic. And we'd be interested to hear the specific reasons and/or use case you would have in mind for WLAN Server.

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    edited March 2018

    @ftwilson very reasonably asks that I

    treat everything that comes after "But all that is beside-the-point stuff."

    I did get very distracted by the stuff that came before that. But that is beside the point.

    From your more recent comment

    Your comments treat "secure in my house" vs. "secure on our servers at the mysterious end of the Internet" as the same thing to customers. But, TO CUSTOMERS, they are not the same.

    And in the original

    Your customers (or potential customers) who don't trust all the security layers involved actually ARE quite rational. "Rational" isn't binary. They may not know the details of CCleaner, Firefox, AWS, or Equifax, but they know enough.

    I want to break that down into pieces. Some of those pieces provide a good case for maintaining WLAN sync (other things because equal), but others don't.

    Customers do know enough about those cases to be frightened and to be distrustful of any systems that demands their trust. People should be skeptical of us or anyone holding on to their data, particularly this sort of data. But we hope that that skepticism leads to enough analysis to differentiate. And I'm hoping that the people reading this discussion will lead them to analyze these things. So very briefly.

    • CCleaner: This was an attack through software running on individual's home machines. Keeping things on a local network would not help the victims here.
    • Firefox: Their poor choice of KDF applies to data stolen from local machines.
    • AWS: We should assume that anything that Amazon can see and decrypt here is visible to government entities or anyone else who compromises them or to various insiders. That is why we use end-to-end encryption.
    • Equifax: Our approach to user privacy is the complete opposite of Equifax. We try to acquire as little data as possible; Equifax tries to acquire as much as possible. We see the data you create and small bits of data we have about you to be yours. Equifax sees all of that data as their own data. This is not just vague statements of philosophy, it is built into our designs.

    But yes, the customer who knows enough, but has not read our security documents should very reasonably wary of letting their encrypted 1Password data live in anyone else's hands.

    What some customers (don't) know

    A brief, but relevant, digression.

    A number of customers don't know that their 1Password data is end-to-end encrypted. We have people write in who have forgotten their master passwords (or lost they Secret Key). They are genuinely surprised to learn that we do not have the capacity to unlock their data for them. Some are are incredulous. They think that we can but are just refusing to unlock their data. Many do not know what encryption is.

    It is also natural for people to believe that because we (our software) can tell if they've entered the correct master password that it has a copy of it in plaintext somewhere. Indeed, I've had more than one customer explain to me that it would be impossible for us not to store their master password.

    I should point out we've had these conversations with customers even when everything was stand-alone. I cannot blame people for not knowing what encrypting or hashing is. Cryptography really is doing magic with mathematics, and most people will think of data access in terms of authentication only ("it is behind a locked door", "it is stored in a vault", "the locked box is opened with a key").

    What takes me aback during these customer encounters is that they had these mistaken beliefs about how 1Password works and trusted it anyway. If they believed that 1Password was so weak that we could "tell them where their master password is stored" on their disk or that we "unlock their data when we wish to" then they really shouldn't have trusted 1Password at all.

    This digression is relevant because that last paragraph is similar to my repeated statement that if you don't think your 1Password data is safe on somebody else's computer, you shouldn't think that it is safe on your own.

    Under the mattress

    I think your second strongest point is when you said,

    But, the absence of a local sync option (for reasonable programming resources issues, if nothing else) is leaving folks who would otherwise practice good computer hygiene to put their "cash under their mattresses." (And, even banks get robbed, with guns or code. Maybe 1Password should help folks at least put their cash in a safe in their anonymous basement?)

    Five years ago I made a similar defense of security theater in Guess why we’re moving to 256-bit AES keys:

    If Molly feels that 128-bit keys aren’t sufficiently secure, she may incorrectly reject systems that use 128-bit keys instead of 256-bit keys. In doing so, she may make choices that actually weaken her security overall. I might not agree with her reasoning, but we do have to recognize that her feelings do matter to her choices. And I certainly want to keep Molly secure. So if by offering 256-bit keys we enable Molly to make better security choices (even if for the wrong reasons), that is a good thing.

    But in that article I was able to continue with the following paragraph:

    As long as there is no reason not to use 256-bit AES keys, it makes sense to use them. We have now reached the point where there is no harm in using 256-bit keys, and so the reassurance that comes with using them is worthwhile.

    We don't have any analytics. And we mostly hear from customers when something goes wrong (and then we only hear from those who chose to contact us instead of just giving up). So I can only speculate. My impression is that far more people are turned away from using 1Password because they fail to get synchronization working than would be turned away by the absence of purely local synching.

    Customer control

    Probably the best argument for continuing to support purely local sync through thick and thin is that it's your data and so it's your security choices that matter. I may not agree with some of your risk assessment about threats to your data, but ultimately it is your data and must be your choice.

    This, indeed, is why we have continued to support various forms of local sync. And it is why we might dedicate the resources to bringing WLAN sync to 1Password for Windows 7.

    As an aside, that isn't relevant to WLAN sync, we do not accept that kind of reasoning if we think it will lead people to substantially lower their security. We do try to make it easier for people to behave securely than insecurely, and that does mean that we don't offer user choice over some things. But as I said, WLAN sync isn't in that category. I just mentioned this to point out that there are limits to the customer choice argument.

    We are all right

    You aren't wrong:

    • We do need consider people's feelings and senses of security.
    • We should be giving people as much control over their own data as possible.
    • Remote storage of data does offer additional avenues of attack.
    • We should be designing with the recognization that people legitimately have different perspectives on the particular threats that they face and so they must ultimately be making the choices that are right for them.

    But I'm not wrong either:

    • WLAN sync sucks up an enormous amount of developer time that could be better spent on other things.
    • Much (admittedly not all) of the perceived security advantages of WLAN are more theatrical than real.
    • WLAN sync directly leads to synching problems for a number of users.
    • WLAN sync, as "yet another sync mechanism", contributes to the biggest cause of problems for users (and perhaps the biggest cause of people giving up on 1Password).
    • Folder/File sync remains available (except, sadly, for iOS).

    Everything we do involves choices that must take all of this (and more) into account.

  • Wells
    Wells
    Community Member

    So I've got 1PW4 Windows running on a Windows 7 and Windows 10 machine. I was looking forward to trying out the 1PW7 Windows beta, but I also have.... an iPhone :(

    I'd like to ask a question regarding a point in the above post:

    • Folder/File sync remains available (except, sadly, for iOS).

    Forgive me if this has come up before, (and my knowledge of iOS development is pretty nonexistant) but can't individual files be transferred to an app('s storage) on an iOS device? Obviously 1PW vaults are folders with tons of files, but maybe the iOS app could import/merge zipped vaults, or vaults generated from backups (which I'm pretty sure are just zipped vaults anyway).

    I realize that this is far from an optimal solution in terms of ease of use- I can't imagine that lots of Normal Human Beings are gonna want to be manually syching files to their phones, but I update my vault infrequently & regularly enough that this method of transferring a local vault to my phone would be sufficient. And of course no feature is really "easy" or "trivial" to add, but it seems like unzipping a file and importing it on an iOS device is a lot simpler than a whole WLAN server/client dealio. Not to mention that it's other-device-agnostic (any platform can make a zip file of a 1PW vault, and most platforms have iTunes... right?).

    Anywho, really psyched for 1PW7, but I need a way to sync my danged local vaults to my iphone!

  • AGAlumB
    AGAlumB
    1Password Alumni

    I'd like to ask a question regarding a point in the above post:

    Folder/File sync remains available (except, sadly, for iOS).

    Forgive me if this has come up before, (and my knowledge of iOS development is pretty nonexistant) but can't individual files be transferred to an app('s storage) on an iOS device?

    @Wells: There are definitely ways it could be done, but they're sort of hacks and could be interpreted as violations since this isn't something that's officially supported.

    Obviously 1PW vaults are folders with tons of files, but maybe the iOS app could import/merge zipped vaults, or vaults generated from backups (which I'm pretty sure are just zipped vaults anyway).

    Honestly, the other big problem with an approach like this is that it would require us developing and testing some pretty significant stuff in not only the Windows app but also iOS. After all, one wouldn't work without the other, and when we're dealing with something as critical as data and something as complex as syncing, it's a lot more time and effort than one would think. Including us. It's easy to underestimate these things, even moreso when there are multiple factors involved: platforms, formats, networking.

    I realize that this is far from an optimal solution in terms of ease of use- I can't imagine that lots of Normal Human Beings are gonna want to be manually syching files to their phones, but I update my vault infrequently & regularly enough that this method of transferring a local vault to my phone would be sufficient. And of course no feature is really "easy" or "trivial" to add, but it seems like unzipping a file and importing it on an iOS device is a lot simpler than a whole WLAN server/client dealio. Not to mention that it's other-device-agnostic (any platform can make a zip file of a 1PW vault, and most platforms have iTunes... right?). Anywho, really psyched for 1PW7, but I need a way to sync my danged local vaults to my iphone!

    Thanks so much for your feedback on this. Even though your suggestion itself is a bit of a tough sell, as you point out, it's clear how important this is to you, and helpful to get a sense of what would work for you. Glad you're excited about 1Password 7, and while it's a bit of a bummer for you as things stand, the good news is that all of the work we're putting into it now will benefit you as well if in the future your needs change or 1Password does. Cheers!

  • yelladog_superjet
    yelladog_superjet
    Community Member

    One place I see it as being useful is for standalone vault users with windows + an older version of iOS where they cannot use a modern enough version of the Dropbox app on iOS to successfully sync. I am in his situation currently on 1pw4 + older iOS iPad

  • AGAlumB
    AGAlumB
    1Password Alumni

    One place I see it as being useful is for standalone vault users with windows + an older version of iOS where they cannot use a modern enough version of the Dropbox app on iOS to successfully sync. I am in his situation currently on 1pw4 + older iOS iPad

    @yelladog_superjet: That's a really interesting point you raise, for a few reasons, so I'll break it down into those components:

    "Older version of iOS"

    First and foremost it's important to note that this isn't something we recommend or support, as keeping the OS up to date is one of the most important things we can do to stay secure. And since we're all ostensibly using 1Password to improve our security, we shouldn't shoot ourselves in the foot by lagging behind. I realize you're probably aware of this, but I want to mention it for anyone who might be following this discussion.

    Certainly it will not be possible to update on an old device past a certain point though. But in that case, even if we remove 1Password from the equation, it's not safe to use a device running outdated software (browser and OS) with known vulnerabilities online anyway. They do make great hand-me-downs for kids to play games and watch videos locally, a jukebox, or a number of other offline uses that don't pose any risks.

    In the end though, pulling old OSes forward isn't something we can reasonably consider when designing current versions of 1Password, for the aforementioned reasons. We're not going to go back and disable features or the old apps themselves, but we're also not going to encourage people to continue using them, as there are very real security risks involved.

    "Modern version of Dropbox to sync"

    Not terribly important, but it's worth noting that the Dropbox apps aren't involved in syncing 1Password data on mobile devices. The Dropbox APIs are built directly into 1Password. So what happened was that when Dropbox changes their APIs over time (as they did last year), only current versions of 1Password will be (and can be, frankly) updated to support the new ones. So it wouldn't work even on a device which can run the latest Dropbox app (requires iOS 9 or later, as of this writing) if it cannot run a version of 1Password which supports the current Dropbox APIs (6.7 or higher). That isn't a problem today, but not keeping up to date also leads to compatibility issues, not just security risks.

    Local syncing between different platforms

    That brings me to a related point: even if we do add a local sync feature for 1Password 7, there's no guarantee it would be compatible with old devices/apps/OSes. After all, if we're going to commit the time and energy to develop, test, and support something like this for the foreseeable future, it's worth considering if there's a better solution. So while we don't currently have plans for that, it isn't a foregone conclusion that it would work with this particular use case — which, again, is one that carries additional risks and downsides which we don't want to encourage users to assume.

  • MClark
    MClark
    Community Member

    I think you get so much negative feedback here because 1P is basically loved and there's only two password managers that supports on-premise syncing between Windows and iOS. There's simply nowhere to go except Enpass (which supports WebDav sync to Own/Nextcloud).

    And eWallet (IliumSoft)

  • Lars
    Lars
    1Password Alumni

    @MClark - there are certainly a number of choices consumers can make in the password management field. That's great for user out there! We're truly appreciative of every bit of feedback we receive here, because it means that a) people are paying attention, and care enough about the state and direction of 1Password to take the time to voice their opinions and b) we don't have all the good ideas. But we don't implement every user suggestion or idea. Sometimes, that's just a function of having only so many hours (and developer cycles) in the day, combined with having other items we deem higher-priority. Other times, it's because we've decided we're not going in a certain direction. When that happens, we try to state why we've decided against something, as clearly as we can (and as often as necessary). And we trust that users will make the best choice for themselves, based on their needs for password management as well as specific features. If users decide to test the waters elsewhere, well, we're sorry to see people go, but as long as you're using something for password management (instead of nothing at all), we'll be happy. Stay safe out there! :)

  • exitstrategy
    exitstrategy
    Community Member

    I hope this is OK if i post my question here, as it is WLAN sync related.
    i have a couple of iDevices (phone and 2 pads) but i use a Windows Desktop PC.
    i bought a 1PAssword license a while ago and i am a happy user so far.

    Do i understand it correctly, that with 1 Password 7 for windows i wont be able to sync between my devices anymore UNLESS i use the new subscription model?
    So basically my bought license then will be useless? Or is there any other way to transfer my license to a 1password.com account where i dont have to pay a monthly fee?
    I hate this new subscription model for 2 reasons:
    1. i bought 1password as it was not a subscription based 'service'
    2. i like to store my password data on my PC (a reason many others quoted here)

    Regards,
    Patrick

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @exitstrategy!

    So basically my bought license then will be useless?

    If you purchased a standalone license for 1Password for Windows "a while ago," it will not be usable to license 1Password 7 for Windows. 1Password 7 on all platforms is a separate, new purchase.

    Do i understand it correctly, that with 1 Password 7 for windows i wont be able to sync between my devices anymore UNLESS i use the new subscription model?

    For the moment, that's correct; WLAN Server will not be in version 7.0. If you would like us to spend the time and energy to develop, test, and support that in the new Windows app, please see Dave’s earlier comment in this thread about signing up so for the WLAN sync newsletter so we can gauge interest.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @exitstrategy: You can, however, also use Dropbox or sync to a local folder, but the latter will preclude syncing with the iOS devices. I'd recommend 1Password.com first and foremost, but Dropbox is a solid advanced sync option.

  • exitstrategy
    exitstrategy
    Community Member

    @Lars thanks for clearing that up.
    Will 1Password 7 be subscription only or can i also buy it with a one time fee?

    @brenty
    dropbox is a no go for me sorry.
    Thanks for your replies.

  • Lars
    Lars
    1Password Alumni

    @exitstrategy - we will still be selling standalone licenses for 1Password 7 for Windows, though I'm always a bit surprised to hear people use the word "one time fee." To be clear, a license for 1Password 7 for Windows will work "forever"...but only to license version 7. That "one time fee" doesn't grant the buyer free upgrades for life. There will be additional costs in the future to upgrade to future versions (8.0, 9.0, etc.) when they are released. Apologies if you're already aware of this; I mentioned it because of your use of the term "one time fee" -- just like with virtually all other software, there really is no option to pay once and never again, unless the user wants to stay "frozen in time" and never upgrade.

This discussion has been closed.