1P 7 Mac Backup

ronen
ronen
Community Member
edited February 2019 in Mac

I want to Usb localy backup all 1P data
My 1P is the Account version Appstore .
Iv'e exported to a USB Drive and the result is Data1.pif
Please see pic
Is this the right way ?
Thanks


1Password Version: 1Password 7 Version 7.2.4 (70204001) Mac App Store
Extension Version: 7.2.4
OS Version: macOS 10.14.3
Sync Type: Account

Comments

  • Ho @ronen,

    No, please do not use 1pif for backups. Files exported to 1pif are not encrypted. They should be used for temporary use only, and not as a backup solution.

    Your data is backed up by our servers so you do have that extra layer of protection. We do not have a feature for explicit local backup of account data at the moment, but as long as you are backing up your Mac, you should be ok. Your current 1Password data is stored in ~/Library/Group Containers/2BUA8C4S2C.com.agilebits - so you can make an extra backup of that folder if you like.

    Cheers,
    Kevin

  • ronen
    ronen
    Community Member

    Hi Kevin.
    Thanks!
    Although I fully trust 1Password team and servers, ( all my passwords is there)
    I still want a local backup to sleep even better.
    Making a PDF file ( select all logins , and in the print dialog box choose to save as pdf to a usb ) - is a solution?
    USB with password to view files.
    Ronen

  • Joolster
    Joolster
    Community Member

    Hi Kevin
    I'm also interested in this - it would be good to know what your disaster recovery model is at the very least... is there something I can read about how you're set up for that? Cheers

  • Lars
    Lars
    1Password Alumni

    @ronen - I understand the instinct for wanting local backups, truly -- if you've been (properly) raised in digital safety, then you backup everything, sometimes multiple times, and that goes double for the really important data. I get it. But I'll reiterate what Kevin said: please don't use .1pif for local backups; it's unencrypted and poses a huge security risk. On the 1password.com servers (we use Amazon's AWS as our actual hardware host), your data is backed up multiple times (in encrypted form, obviously), to the point where it's virtually impossible to imagine a scenario in which the data (all copies of it) would be irretrievably destroyed or lost. On your own device(s), the internal cache of data IS your local backup. That's how you're able to open and use 1Password when you don't have an internet connection (like in Airplane Mode, or if you're away from wi-fi): you have that local cache of your data. If, tomorrow, both AgileBits and Amazon were to go ^^POOF^^ without a trace, all you'd need to do is click Preferences > Advanced in 1Password 7 for Mac and check the button marked "Allow creation of vaults outside 1Password accounts," which would create a standalone vault for you, then transfer your local copy of the data over into the standalone vault, or export it for use elsewhere.

    My issue with something like making a PDF copy is that it's static, like a snapshot. From the moment it finishes printing, it begins becoming out-of-date. As soon as you add, delete or change anything in your 1Password vault(s) after that, your most-recent "backup" is no longer accurate. And the longer you go without making a new one, the more out of date it becomes (as you continue using, adding to, and changing your data). In standalone 1Password, the application itself makes backups for you once a day (because there IS no 1password.com server involved), but in a 1password.com account, all that's handled server-side. If you tried what you're envisioning, you'd have to remember to do that once a day, or once a week, or whatever you thought was a tolerable compromise, and keep doing that, forever. Not saying you couldn't...but here again, a PDF would be an unencrypted (and thus wildly insecure) form of your data, and you'd be creating new versions every day/week/whatever. It's really not recommended, not just because it's horribly insecure, but because it's not necessary. So, while I appreciate the instinct to back up, in this one case, I'd strongly recommend you allow us to do it for you; that's part of what you're paying for: peace of mind.

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @Joolster! Thanks for thinking proactively about your data security. :) Please see my comments above to @ronen for some additional fleshing-out of why we really don't recommend such ideas. Amazon AWS has remarkably robust disaster recovery, and you have a local copy of your data. Let us know if you have any questions.

  • xerox1101
    xerox1101
    Community Member

    Assuming the AWS backups are fine, what happens to the local data copies on my phone and computer if someone manages to delete my 1password.com account? I just deleted my account due to a setup problem and found that it was pretty simple and only required access to my email for a couple of minutes. I'm hoping that if this happened I could still use the copies on my phone/computer like a recent encrypted backup to restore things, but I don't know whether this data would be wiped once my device accessed 1password.com and found out the account no longer exists.

  • Lars
    Lars
    1Password Alumni

    @xerox1101 - excellent question!

    Assuming the AWS backups are fine, what happens to the local data copies on my phone and computer if someone manages to delete my 1password.com account?

    No one but you should be able to delete your account. You are (hopefully) the only one in possession of your Master Password and Secret Key, which would allow you to sign into 1password.com and use the Delete command. However, the local cache of your data will be intact UNTIL it has a chance to sync with the server. When that happens, if the account is deleted, it would be removed from any devices on which it resides. If you knew or suspected someone ELSE had managed to access your account online and deleted it (or even just made significant changes to your data), you could set your phone (for example) to airplane mode, and you'd be able to still unlock, view and even make any changes or additions to your data...as long as you don't allow 1Password to connect to the server.

    On a Mac, it's much the same: disconnect your internet connection, and you can unlock 1Password without fear of your data being wiped. You could use the time to create a local vault and transfer all of the data from your 1password.com account into the local vault, to make sure you didn't lose it. Then you could go about restoring your account or even creating a new one, depending on what had happened and how you determined to proceed. I'm kind of hypothesizing here since a) this is VERY unlikely as no one else is able to do this in ordinary circumstances, so it would have to be a case of someone discovering your Secret Key and Master Password and wanting to impersonate you, and there's too many variables for me to do anything other than generalize. But the basic point would be this: you would click Preferences > Advanced (in 1Password for Mac) and check the box marked "Allow creation of vaults outside 1Password accounts" which would create a standalone vault, into which you could move all your data.

  • ronen
    ronen
    Community Member

    Lars , Thank you !

  • AGAlumB
    AGAlumB
    1Password Alumni

    :) :+1:

  • xerox1101
    xerox1101
    Community Member

    Thanks for the information. Just to be clear, you can delete someone's account with only access to their email. I know this because when I attempted to setup my account the first time the app encountered an error and never sent me the secret key. The only way I could fix this was by deleting and recreating the account since the secret was on no devices and never sent to me. This was easily possible by going to https://my.1password.com/signin and following the "Having trouble signing in?" flow.

  • AGAlumB
    AGAlumB
    1Password Alumni

    That's correct. We don't recommend signing up and using 1Password with a shared email account unless you really, really trust the people you're sharing it with -- as with any service. And, diggy-doo, if you're using 1Password, you already have help creating and saving a long, strong, unique password for your email and other accounts to prevent anyone unauthorized from accessing them. Cheers! :)

  • chinfuzzy
    chinfuzzy
    Community Member

    Back on March 1, @Lars relied to @xerox1101 about local data copies:

    You could use the time to create a local vault and transfer all of the data from your 1password.com account into the local vault, to make sure you didn't lose it. Then you could go about restoring your account or even creating a new one, depending on what had happened and how you determined to proceed. <<

    So it sounds like, for those of us who absolutely must keep a local backup of a vault (offline, disaster recovery, etc), it's possible to do it that way: create a local vault, copy all the entries from the vault to be backed up, then store a backup of, say, the ~/Library/Group Containers/2BUA8C4S2C.com.agilebits folder offline?

  • AGAlumB
    AGAlumB
    1Password Alumni

    If you're copying the data to a local vault, you really just need to backup the local vault at that point. Everything in the account is already backed up. :)

  • ronen
    ronen
    Community Member
    edited March 2019

    Im saving in Lexar® JumpDrive® Fingerprint F35 USB 3.0 flash drive
    https://www.lexar.com/portfolio_page/jumpdrive-fingerprint-f35-usb-3-0-flash-drive/

  • Lars
    Lars
    1Password Alumni

    @ronen - sounds good. :) :+1:

  • chinfuzzy
    chinfuzzy
    Community Member

    @brenty I tried creating a new local vault then copying all 1658 items from my Personal vault in 1Password.com. After doing select-all, then right-click and Copy to Vault, a dialog box appeared saying "One of the items you are copying has a reference to another item. This item reference will be lost in the copy." I clicked Continue, and the copy appeared to run. Later, a dialog box appeared with "Item Category Not Supported in Destination Vault / There is currently no support for items of this type in the destination vault."

    I do have a number of Documents in my Personal vault, converted from attachments in old standalone vaults. Is that causing problems?

    Eventually, the cursor changed to the famous Apple spinning beachball. 1Password 7 remained in that state, using almost no CPU, until I stopped it with a force-quit.

    This is with 1Password for Mac v7.2.5 (70205002), storing standalone vaults in Dropbox v68.4.102.

    I'm not sure I like this backup method, so far.

  • Lars
    Lars
    1Password Alumni

    @chinfuzzy - I'm sorry for the trouble.

    I'm not sure I like this backup method, so far.

    That's because it's really not a supported backup method, and was never intended as such. I suppose I could have answered "there is no way to do this," but that wouldn't have been strictly true; you can copy your data back into a local vault. But yes, there are differences, and you've hit one of the major ones: the Documents category does not exist in standalone 1Password (we used direct file attachments in standalone 1Password, which were part of the individual item to which they were attached). If you want to persist with this, you would need to separately download your Documents items (decrypted, obviously), copy all of your 1password.com items except the documents, and then finally re-attach the items you previously downloade to whichever other 1Password items in the local, standalone vault that you think they most-properly belong to or are associated with.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed, we can't count on people backing up their data themselves. We know from experience that the vast majority don't. That's why our focus is on automatic offsite backup with 1Password memberships now, because that's usable in case of disaster, even of you forget to backup yourself. For a long time self-directed backup was the only option for 1Password users, but there's a better way now. Even if it's not a perfect fit for everyone's personal preferences, it's much more effective for 99% of our customers.

This discussion has been closed.