Feature Request: Automatic Wi-Fi Sync

FromOZFromOZ Junior Member
edited October 2013 in iOS

Do you have to manually initiate syncing via WiFi now?

It doesn't automatically launch on the iOS device 1Password when you load it and 1Password is already running on the desktop like it used to in 1Password 3? And it seems you have to manually select WiFi syncing on the desktop via as well.

So it's totally manual on both sides? And have to manually initiate? Not very user friendly.

So to be clear even after the WiFi setup is done to sync via WiFi we have to:

  1. Start on 1Password OS X via - Window | WiFi sync (also after initial setup it brings up a shared secret but I have already typed in the shared secret on mobile devices. Leave the dialog box running (showing the shared secret to everyone who walks past your desk for them to copy it and suck down all your passwords!?!?!?!).
  2. Go to iOS device, start 1Password
  3. Go into Settings (the sort of menu selection you shouldn't have to go into all the time)
  4. Choose Sync
  5. Choose Wi-Fi Sync
  6. Select your desktop from the list
  7. Check that the secret is still the same as on the desktop (which everyone has written down now as it is helpfully in large letters)
  8. Click Sync Now

And we have to do all these steps each and every time we want to sync our mobile devices' copy of 1Password....?

Dude that's not very user friendly - you guys really don't like WiFi sync do you?

When you redesign this because of all the user complaints (they are sure to come) I'll be a beta tester for you.

I have to say this again...

I find it pretty amazing that for a high security program like this to sync between desktop and mobile devices you have to leave a dialog box like this...

continuously open on your desktop with a sensitive secret code showing (that you are going to use each time you sync) that people can see, write down, and use and be able to pull down (steal) all your passwords onto their own mobile copy of 1Password. Heck they can even make a separate vault for it and call it "stolen passwords". Who designed this UI?

Why don't you use something like a self-signed certificate that is generated on the desktop 1Password and you import into the iOS 1Password.

Sorry, but this is so insecure it's almost unusable. The dialog box should say "For your insecurity, Wi-Fi sync..."

Comments

  • I agree! I just downloaded the updated iOS version with WiFi Syncing and I have to say I'm pretty disappointed.

    On the Mac side what's the need to keep this Dialog box up? I mean, I've already launched the app, I'm pretty sure I'd like to sync it, it's very tedious and seems pointless to me. How about just having a dialog in Prefs saying "Ya, I want to WiFi sync all the time!"

    In the iOS version why is WiFi Syncing 3 more steps to do the same thing? Why isn't it in the MAIN Sync like all the rest? I just want to turn it on, and hit Sync why do I need to navigate all these other dialogs?

    And now I come to my main issue..

    IT DOESN'T WORK!

    My Mac shows up, I hit it, make sure the correct key is entered, hit Sync and above it'll quickly say it's syncing 0/3 then goes away. I try to find new entries that I KNOW should be there and they don't! What's the deal?

    Just to give you some info..

    I have a Credit Card setup as a Credit Card with all my info, then I also have a Login for the WebSite for this Card which I have filed under Financial, this one doesn't show even though it's definitely on my Mac. I've rebooted, re-entered things, etc, etc, etc.. It just doesn't work...

    You really want us to use iCloud or something, do you?

    Ugh!

    Oh, and now that I thought about it what happened to the Sync dialog??? It would be pretty handy to see what was actually sync'd! Why did you get rid of it??

    So ya, so far not real happy with the upgrade..

    Come on guys!

  • Ok..

    Figured something out..

    It apparently DOES Sync, BUT it doesn't seem to take the Folder placement into consideration as I can find it if I look through my categories..

    Soo, looks like you have a slight bug on your hands, looking forward to it getting resolved..

  • Forgot to say that I am able to find it when I look through ALL logins.. Not real ideal..

  • FromOZFromOZ Junior Member

    Bump.

    Could I get some official response on this? Is it being considered to improve this design?

    Just to show that I'm not just complaining (though I believe WiFi sync users have a right to).... I have been thinking about best design to implement secure wifi syncing and have some ideas.

  • yusfyusf
    edited October 2013

    I agree! Flow is not broken but very unfriendly and complicated. I'd appreciate if WiFi sync would be treated not as a second class citizen compared to the cloud sync alternatives but on par with those.

    I don't see why I should need to have the secrets window open to sync once the secret has been entered on the phone. In fact I don't see why the 1P app should have to be opened at all for syncs. The helper app is enough for cloud sync, why not for wifi sync. The only manual activity that's acceptable when syncing is for the user to open the 1P on the handheld device seeing the app is sandboxed and all that.

    Remember to be nice when posting errbody! :)

  • Agile Bits doesn't support the software on IOS at this time. The only way to use the mobile version is to manually enter in all of your logins.

  • @GlennTurner Did you even read the topic?

  • The only way to use the mobile version is to manually enter in all of your logins.

    Sorry, but that is misleading and incorrect. Folder sync (from 1P4 Mac) to iOS 4.3 via keychain through iTunes works perfectly, at least for me. It may not be the most convenient method for everyone but there's no need to "manually enter" everything on iOS.

    Stephen

  • Is @Megan or anyone else able to comment? :)

  • I'm happy to have Wifi Sync again, but the process is not "secure" at all and there are too many manual steps.

    Is this a strategy to annoy the customers so nobody will use this sync option and AgileBits can abandon it in future?

    I was really happy with Wifi Sync in version 3.x.
    Without it, I'm not willing to pay for any new 1 Password version again.

  • yusfyusf
    edited October 2013

    Is this a strategy to annoy the customers so nobody will use this sync option and AgileBits can abandon it in future?

    Don't be silly ;)

  • Is this a strategy to annoy the customers so nobody will use this sync option and AgileBits can abandon it in future?

    What a question! It's obvious. What else can be the reason?

  • Can we get back on topic here?

  • MeganMegan

    Team Member

    Hi everyone,

    First of all, I'd like to apologize for the delay in response, as you can probably note, we've been a bit busy since the launch of 1Password 4, but we're all putting in extra hours to be sure we get back to our usual speedy reply times just as soon as possible!

    @FromOZ Yes, Wi-Fi sync is currently a manual process. This is because of the authentication method we are using. I'd like to explain a bit more about this method here.

    The secret sharing we are using as our authentication method authorizes syncing between the specific Mac app and the specific iOS app. We've done it this way to ensure that only the device you want to sync has access to your data as it is transmitted wirelessly. Please note, the data IS still encrypted during this process. But we want to be sure that the data is going where it is supposed to and nowhere else in the Wi-Fi network. Authenticating both devices using this shared secret ensures that you don't risk sharing your data with unauthorized devices on your network.

    That being said, Wi-Fi sync is, of course, not perfect yet. All of your feedback is valuable as we work to develop this feature and make it more user-friendly. We are committed to making this a viable option for our users who do not want their data stored in the cloud, and we appreciate you taking the time to help us make Wi-Fi sync the best that it can be.

    @rt2014, I will mention that our developers are currently tracking down a bug related to folder sync. You should certainly not have to search through all of your Logins when you have taken the time to organize things neatly into folders. We hope to find a solution soon!

  • @Megan I appreciate your attention to these issues, we all realize this is a new release and is bound to have some problems, hopefully they can be worked through..

    I get having the secured method of transfer when using WiFi, totally makes sense. But why insist on going through the process each and every time you want to sync? I think once you have the code entered and the secure channel established that should be sufficient for future communications, no?

    It seems really redundant to be forced to open another window on your computer even though you're already authenticated in the app, plus all the extra steps on you iDevice. Why can't there just be another on/off toggle in the Sync area like all the rest once we have the secure channel setup?

    Everything was handled very nicely in 3.x so I'm not really sure why the need for all these extra steps in 4.x

    Looking forward to seeing what your devs can cook up to help with these growing pains..

    Thanks again!

    -RT

  • MeganMegan

    Team Member

    Hi @rt2014,

    First of all, we really appreciate your patience as we work through these growing pains.

    We do understand that manual syncing is not an ideal situation, and we are looking into ways to make it more automatic in the future. Of course, I can't make any promises, but it is certainly on our to-do list. I'll be sure that the developers know that you're anxious for it :)

  • FromOZFromOZ Junior Member
    edited October 2013

    Hi @Megan

    Re: your points:

    @FromOZ Yes, Wi-Fi sync is currently a manual process. This is because of the authentication method we are using

    and

    We do understand that manual syncing is not an ideal situation, and we are looking into ways to make it more automatic in the future. Of course, I can't make any promises, but it is certainly on our to-do list.

    I have been thinking it through, I understand what has to happen (core concepts) and I have some technical and UI suggestions which I believe would be a secure, yet user friendly way for this to work. I (and I trust other 1Password users of the desktop and iOS apps) would appreciate it if you could 'formally' pass this onto the developers.

    Firstly I understand the unique challenges in setting up a WiFi sync:

    1. Authentication (the user/device is who they say they are and they are authorised to access data)
    2. Security (transferring sensitive data such that it ideally can't be intercepted and if it is intercepted then it can't be used i.e. it is encrypted)

    With syncing via methods like iCloud and Dropbox it is much simpler for the developers because they have a 'well known' entity (and network port) they are connecting to. So the 1Password device is the client and iCloud/Dropbox is the server (in the sense that the 1Password device knows where to connect to the iCloud/Dropbox servers and where the 1Password data file will be).

    WiFi syncing is more difficult because, to characterise it, it is a peer-to-peer type connection. So how can one 1Password peer know that the other 1Password peer really is who they say they are, and which of the two becomes the server and which becomes the client.

    In this scenario I will assume that 1Password Mac acts as the 'server' and 1Password iOS acts as the client.

    Authentication/Setup

    The goal here is to establish the trust model, it's like getting a drivers' license - you need to take multiple documents to prove who you say you are, but after that (complicated) process you get a secure, trusted document (token), i.e. your drivers' license usually in credit card size format, and when 'authenticating' yourself to a policeman you don't need to show your paper documents — you show your drivers' license and the policeman trusts the issuing authority. Anyway... I'm sure we all get the idea :-)

    For the setup process 1Password could use the similar setup (visually) as was used with 1Password 3, and somewhat copied by current 1Password 4.

    1. In 1Password Mac go into 'setup' of WiFi link - this opens port and connection on 1Password (server).
    2. In 1Password iOS also go into setup of WiFi.
    3. 1Password Mac (server) displays a secret code onscreen with instructions to enter in 1Password iOS (client). Obviously at this point no-one else can see what is happening, so setup is secure.
    4. Client enters code, clicks OK and client initiates communication on special one-time link using channel encrypted by shared secret symmetric key.
    5. Server authenticates client over same secure channel.
    6. Server and client then exchange public keys of public-key cryptography setup which use any manner of secure methods to generate private keys. For example serial number & name of device.
    7. Server and client then switch to communication encrypted/decrypted with new private/public keys and confirm that authentication is successful.
    8. Setup is complete, and setup windows on both devices automatically, and immediately, close. That is the potentially insecure (because it is displayed visually) shared secret is removed from display. At this point a sync could optionally be performed.

    Regular Sync

    Now we come to situation where two devices, 1Password Mac (suppose we'll let Windows machines do it also ;-) ) as Server and 1Password iOS as Client, wish to sync with each other.

    1. On server device open the device for connection by simple menu selection and/or toolbar button. No need to go into setup. This will have server open a well known port on the device.
    2. Server goes into wait connect loop, if no connection within predefined time it automatically closes the port i.e. shuts down from being open for sync connections.
    3. On client initiate sync through menu selection or button (not through setup). If there are servers within range (on same WiFi - btw what about Bluetooth?) then initiate connection. Possibly show popup listing servers nearby which may be helpful if there is more than one server open.
    4. The server and client 'know' each other because they have exchanged public keys and data about themselves.
    5. Using their respective private keys they communicate with each other and remote side uses public key to decrypt.
    6. Sync happens - we don't need to go into details of that. I would just assume that the server acts as mediator in case of conflicts.
    7. Sync successful - channel closed.
    8. Client closes down sync process immediately.
    9. Server may close down sync port immediately or optionally wait for further connections until pre-defined timeout reached at which time it closes port and finishes accepting any sync requests.

    This to me is a much more secure and cleaner way of doing sync over WiFi — I trust the developers will agree and we will see a more user friendly UI for syncing.

    Of course also, keeping the same UI design, the developers may prefer for heightened security to use symmetric keys instead of private/public keys where the generated key used unique data of both devices (e.g. serial number + host name) to generate the shared secret symmetric key. The concept remains the same, the two devices have gone through a one-time setup where they progress from a manual (window with shared secret code) to automated (keys) authentication — which can be made very strong for both authentication and secured communications.

  • There was a clean, simple and secure Wifi-Sync in 1PW3. Nobody can understand why they didn't take this to 1PW4. But I'm sure they will not go back, and so they ill never have a more secure and cleaner way.

  • FromOZFromOZ Junior Member

    Anything is possible — I think it's best to wait for response from an AgileBits person.

  • MeganMegan

    Team Member

    Hi @FromOZ,

    Wow, thanks for that well-written post! I am passing that along to our developers right now :)

    @Famulus, I'm sorry to hear that you're unhappy with the current state of Wi-Fi sync. As I've stated before, we do know that there is room for improvement, and we do appreciate your patience while we work to get it polished up for you! I'm glad to hear that Wi-Fi sync worked well for you in 1Password 3, however, while it was great in its day, we were never quite happy with it - in fact, that is the reason that 1Password 4 was initially released without a Wi-Fi sync option. Between the need for manual syncing and networking issues, it did not provide a great user experience for many users. We have re-written it completely for 1Password 4 and hope that it will soon be a reliable and relatively pain-free alternative to cloud syncing.

    If you are having a specific problem with the sync though, we'd love to help you sort it out - please provide just a few more details about where you are having trouble :)

  • I'm glad to hear that you are happy with wifi sync as it is now. This is a little bit strange, but the most important point is, that you are happe. And if you didn't like the perfectly working feature in 1PW3, it is normal that you had to kill it in order to put something worse in it's place.

  • MeganMegan

    Team Member

    Hi @Famulus,

    I'm sorry if I was unclear. I did not mean to suggest that we were satisfied with the current state of Wi-Fi sync for 1Password 4. We know that manual syncing is not an ideal user-experience and are looking for ways to improve the process while keeping it secure.

    I apologize if you hare having difficulty getting synced up using the current Wi-Fi sync. Please provide some details about where you are running into trouble, and we'd be happy to help you sort it out!

  • sjksjk oversoul

    Team Member

    Hi, @Famulus.

    As @Megan has mentioned we were never quite happy with Wi-Fi sync in 1Password 3, certainly have plans for improvements with it in 1Password 4, and appreciate everyone's valuable feedback about it. And we're here to help resolve specific problems anyone is currently having with it.

  • I was very happy with WiFi Sync in version 3.x. Don't remember having any issues with it, it was working as expected all the time.

  • Dear all,

    First of all, I am super happy that wifi sync is back in 1Password, I'll never put sensitive stuff in the cloud, even if it is truly convenient.

    I agree with the first comment, wifi sync can be improved.
    Is there a way to make my iphone unique for my mac and my mac unique for my iphone so that they automatically wifi sync when I have 1password unlocked on both ? (via a self-generated certificate or by using the EMEI of the phone and the MAC address of the mac?)

    Thanks
    Regards,
    Pierre

  • MeganMegan

    Team Member

    Hi @PierreBondurant,

    Thanks for taking the time to write in to us! I have passed your suggestion along to our developers. I can't comment much on unreleased features, but we are certainly looking to improve Wi-Fi sync, and a certificate doesn't sound like a bad option to make things a bit more automatic. :)

This discussion has been closed.