Creating Periodic Offline Backups for Subscription-Based Vault
Good Afternoon!
Long time 1Password User (circa 2012). Great product, thank you for the peace of mind for the past several years!
I've finally come to terms with the fact that the subscription-based model is the future of this product. I've tried to hang on with the standalone license key I purchased many years ago, but the fact that I'm multi-platform user (Android/OSX/Windows) and that I haven't been able to edit on my Windows workstation for a few years now (the latest version of 1Password for Windows 10 only gave me read-only access to my vault) I've finally decided to move my vault to 1password.com, remove the Dropbox-based syncing I had configured, and upgrade.
So far, so good! It is obvious that the 1password.com sync approach is working much more effectively, and I also like that I can authorize and deauthorize devices. That is a marked improvement from the Dropbox syncing model. However, I've noticed that the ability to create local backups has been removed. I'd used to have my local 1Password application on OSX generate a offline backup and store it in both Dropbox and my offline backups.
I understand, I've read the https://support.1password.com/backups/ write up and that everything uploaded to 1password.com is automatically backed up, and error checked before it is uploaded. However, you'll have to forgive my skepticism. Every cloud-based service I use (Dropbox, Google Drive, etc.) I have configured to back up offline so I can restore in the event that either my device goes down, or if the service itself goes down for some reason. I want to know how I can periodically save offline backups with the subscription-based model. This way, if your cloud-based syncing service goes down either temporarily or longer term (as unlikely as this is), I don't lose 6 years worth of data.
Any advice would be appreciated.
1Password Version: 7.2.4
Extension Version: 4.7.3.90
OS Version: 10.13.6
Sync Type: Not Provided
Comments
-
Welcome to the forum, @spennymac! I'm really glad to hear you're (mostly) enjoying the 1password.com experience so far. It's much more robust and flexible than anything we've been able (or ever will be able) to do with the limited 3rd party sync APIs of even the best companies like Dropbox. It's not their fault; they have to write a sync engine that works for virtually any type of data, which is good if that's what you want. But with 1password.com, we have the luxury of creating a purpose-built sync engine that doesn't have to worry about cat gifs or Excel spreadsheets or recipe databased. It ONLY has to do one thing: sync your 1Password data. And it allows us to do a lot more than we could before.
However, I've noticed that the ability to create local backups has been removed.
This is true. We've done some preliminary looking into re-establishing this feature because you're not the first person to ask for it. The issue here is a couple of things:
- It's not as simple as it might appear, nor as simple as it was in standalone 1Password. With standalone 1Password, it would've been almost malpractice to not have a backups function, because not everyone is diligent about backing up their data. I've helped many a user over the years recover from a disaster through the use of those auto-generated backups. But in the 1password.com age, it's a different story. The "canonical" copy of your data is no longer the one on your device, it's the one on the server. Restoring a local backup would leave the server (which is connected to all other instances) not knowing which was the correct copy of the data, especially since the time-stamps would differ. And this problem is worsened in the context of 1Password Families or 1Password Teams/1Password Business accounts - if you restored a previous version of data from vaults you shared with other family/team members, you might overwrite needed changes other people had made -- or there would be sync conflicts galore with no obvious way to determine which one version should "win."
- More importantly, the 1password.com server makes iterative backups on an item-by-item level for you. It's one of the things we could never do before with 3rd party sync APIs. But now, we can allow you (via the web app) to sign into your account and literally restore individual items to previous states, not just an entire vault. Even the trash is an archive: try creating a Secure Note in 1Password for Mac. Delete it by sending it to 1Password's trash, then Empty the Trash. Then sign into your account in a browser, and open the trash...and click "View Archived Items." You can see the deleted item there -- and even recover it. So, local backups are much less of a necessity than they used to be (which frees up a ton of hard drive space, given that we used to save FIFTY backups (so you had a good span of time). Now, all of that is taken care of for you on the server, without gobbling your processor, your hard drive space, or requiring you to set it up.
Long story short: there isn't currently any way of creating full-scale (usable) backups of the kind you're accustomed to in standalone 1Password. There may be someday, but there may not, depending on the difficulty and problems associated with allowing users in multi-user accounts to overwrite existing data, and also because this is a lower-priority item for developer hours given that we DO have a backup strategy in place for 1password.com accounts. You mentioned two scenarios: your device goes down, or we as a company go "poof," presumably taking all 1Password data with us. In the former situation, I'm not sure what the concern is: when you get a new device, just sign back into your 1password.com account, and everything will be as you left it (and in the interim, you can use 1password.com's web interface). I won't waste your time describing how unlikely it is that WE'LL be going anywhere...you're imagining a situation where we DO, for whatever reason. Don't forget, you have a local cache of your data in every instance of 1Password. So if you have a home Mac and one at work, or maybe an iPhone and and iPad as well -- that's FOUR instances of 1Password data, complete within the SQLite databases of the 1Password apps on each of those devices. If you wake up one morning and we've gone "poof," you would just click Preferences > Advanced > Allow creation of vaults outside 1Password accounts and that would re-enable standalone vaults. From there, you just move all the items back from your 1Password account vault into this newly-created local vault, and go merrily on your way. Or, you choose File > Export and create an unencrypted CSV or .1pif file for you to take with you to some other password management service or even a spreadsheet. Bottom line: there just aren't any situations in which you can't restore, export or move your data -- even if we're not around and our servers are down. Hope that helps! :)
0 -
Hi Lars,
Thanks for the detailed commentary. I had a suspicion that it was something along those lines, that it wasn't a static copy of the entire vault, but that it was an element-per-element sync. Your description and justification makes sense.
I might play around with the 1Password CLI a bit to see if I can create anything I can run locally to run a periodic export utility. Obviously, having un-encrypted passwords locally can defeat the purpose of a password manager, but I'm interested regardless. :)
I'll keep my ear out if that low priority feature eventually gets implemented.
Spencer
0 -
@spennymac - sounds good. Let us know if you have any questions. :)
0