1Password 7 with Dropbox

kappabearkappabear Junior Member

Hi there,

I'm a very long time 1Password user with a Family license, and with several vaults stored and synchronized via Dropbox. Moments ago, I signed up for the Family subscription so that I can obtain version 7. It's my understanding that I can continue to use and synchronize my various vaults with Dropbox, and NOT have to import my data into 1Password Cloud. I see that I can import my existing vaults, but how do I keep that data from being stored in the cloud? How do I create local vaults that don't sync 1Password Cloud, yet sync with Dropbox?

Thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • LarsLars Junior Member

    Team Member

    @kappabear - first of all, thanks for being a long-time customer! :) If you've got a family of two or more people who use all use 1Password and share at least some data, 1Password Families is by far the best and most economical way to do that. A 1Password Families membership (or any 1password.com membership) allows you to sync your data via the much more stable (not to mention secure) 1password.com servers, so there's no need to continue using Dropbox. If you import your vaults into 1Password Families, they will be synced via our servers by default/definition.

    However, you're not required to import your vaults into 1Password Families, and you don't need to become a 1password.com member in order to use 1Password 7 for Mac.

    If you want to continue using 1Password standalone with Dropbox sync, you'll need to visit our downloads page and download 1Password 7 for Mac directly there. From there, you'll be able to install it and continue with your standalone setup. When you run 1Password 7 for the first time, you'll get the following screen:

    Just click the "Need a license? We have those too." link, and you'll be taken to a second screen to select the license purchase option (during this launch special period, $49.99 instead of the regular $64.99 price - nearly 23% off!). 1Password licenses are sold per-person and per-platform, meaning that if you have other family members who'll be joining you on 1Password 7 for Mac, they'll each need to purchase their own licenses as well.

    If that's the route you want to go, make sure you sign into your recently-created 1Password Families account in a browser, click the "Settings" tab in the right sidebar, and choose the "Delete my account" link at the bottom of that page. Let us know if you have any questions, and thanks again for being a long-time 1Password user!

  • kappabearkappabear Junior Member

    @Lars, thanks for your response. I'm not doubting what you're saying about 1Password.com being more stable and secure, but I'd love to know why you say that. What documentation exists that points out the pros & cons of using 1Password vs. Dropbox (or any other cloud based service)?

    I was able to download 1Password 7, go into Advanced and click the Local Vaults box, which then allowed me to sync with Dropbox. (This was actually the information that I was looking for, when I posted initially.)

    If I wanted to create more local vaults, how do I go about doing that? Is that a Standalone vault, or is that something else?

  • BenBen AWS Team

    Team Member

    You may be interested in this page from our guide:

    About the 1Password security model

    If you’re interested in the technical details of how and why things work the way they do we have a more comprehensive white paper:

    1Password Security Design White Paper

    Additionally the 1Password membership service is purpose built for 1Password data. There are some features that we’re only able to offer with membership-based vaults.

    You can create additional standalone (“local”) vaults from the File > New Vault menu. “Local” is a bit of a misnomer here in most cases as most folks sync them using a cloud service.

    Ben

  • LarsLars Junior Member

    Team Member

    @kappabear - just to add a bit onto what Ben already mentioned, and to make sure you're aware, if you continue on with the 1Password Families membership, you'll be charged for it. I think you know that but just checking to make sure. 30-day free trial, then $4.99/mo after that (if paid annually). More importantly is the fact that with a 1Password Families membership, all applications are included in the membership cost -- but for that to work, you'll need to be signed into your account within each instance of 1Password on each device. In other words, the only way for 1Password to "know" you have a membership is for you to be signed into it. So there's not any way to remove your 1password.com vaults and go local (standalone) only, unless you purchase licenses. Just want to make sure you understand how that works.

  • kappabearkappabear Junior Member

    @Lars, yep. I was fully aware of what I was getting into, by buying the Family membership (which I paid annually). Good information @Ben. Thanks for sharing!

  • LarsLars Junior Member

    Team Member

    @kappabear - great! Glad to hear you're on your way. Let us know if you have any further questions. :) :+1:

  • I have also been using 1password for years as well and utilize the same syncing with dropbox .. only I think that Lars was saying IF we wanted to keep ourselves out of the cloud vault we can continue to purchase licenses for each USER on their platform (mac, pc, etc) and continue that way. security pros and cons are applicable either way. what I would love to see in your product is an additional layer of encryption that would probably address Lars' concern that prompted the question he asked initially. like bitcoin people probably feel good about keeping their keys where they can retrieve them (safety deposit box for example) . Question : Does the cloud version 7 encrypt and mask the data. for example in case its found to just lying around so to speak, on backed up disks, and service rings, old media etc . This is the concern .. a person gets the passwords file on disparate desktops throughout the country vs. gets the cloud server that holds the country's 1password customers is the rub. I swear by 1password and use it personally and at work as its in a word "GREAT" but the cloud "eh" for password vaults.. has a Fort Gox ring to it for some reason. :)

  • dancodanco Senior Member Community Moderator

    People do seem to be unclear about what the cloud means (indeed it is not a precise term, it is cloudy). After all, @Negril , syncing through Dropbox is just as much putting your data on the cloud as using 1password.com.

    It is possible to work entirely locally, folder sync and WLAN sync, but that is hard work for most of us, and cloud methods are easier, with 1password.com the easiest as it needs no setting up at all.

    The short answer to your question about encryption is that your data is encrypted locally before being sent to 1password.com, and they only hold encrypted data, they have no means of decrypting. Even if your data were stolen from 1password.com, it could not be decrypted in millions of years barring some major change in cryptographic processes. There is a longer answer by AgileBits in a security white paper.

  • brentybrenty

    Team Member
    edited October 2018

    @Negril: danco is awesome, and correct, but I have an even shorter answer: your 1Password data is end-to-end encrypted using your Master Password, so 1Password simply doesn't depend on the sync service to protect your data. That's regardless of which version/flavour of 1Password you're using.

    However, 1Password.com accounts also use the 128-bit, randomly-generated Secret Key to encrypt the data. That way, even if an attacker steals encrypted data from our server, they cannot perform a brute force attack against a user's Master Password: they'd also need to guess the Secret Key at the same time. The 1Password.com security white paper, danco mentioned, is the long version, and goes into a lot more detail. If you have any questions at all just let us know. :)

  • @danco and @brenty for the first time after I wrote above I did read the white paper and it's great to understand exactly what was missing in my understanding. Feeling a little silly actually. "1password" has had me from "1" so I am grateful for the discussion and access to the technical white paper. I fully agree with @danco "dropbox syncing " comment regarding cloud perception. Btw . Thanks guys keep up the great work!!

  • brentybrenty

    Team Member

    @Negril: Likewise, thanks for the kind words, and for your support! And don't feel silly: The way 1Password.com works is very, very different from most websites. :)

    First, generally a web service stores your password (or a cryptographic hash of it) so they can authenticate you when you try to sign in. Second, and closely related to that, you're generally sending your actual login credentials to a website when signing in (at least in some form). Third, the website itself runs on the server. That last bit seems obvious, and is sort of why it's called a "server" in the first place, in a sense.

    But 1Password.com actually is a browser-based app that runs locally on your device, so that the server never deals with decrypted data; and also account credentials are never transmitted to the server: we're using SRP (Secure Remote Password), where a cryptographic verifier is sent (which cannot be reversed) to prove to the server that you know your account credentials without actually sending or revealing them. This was really important to us, not just because we're geeks who love cool technologies like this, but because we wouldn't be comfortable being in a position where an attacker could gain access to our customers' data (or our own!) through us.

    Anyway, I'll stop there to avoid rambling on too long. But we're here if you ever have any questions. As you can tell, we love talking about this stuff... ;)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file