Difficulty migrating [troubleshooting in progress]

Options
chongolcn2
chongolcn2
Community Member
edited April 2022 in Mac

Hello,

This is not a support request (I already have [#GWB-59355-691]). This is a WARNING to those who still have local vaults.

If you have a local vault, say one that is synced via iCloud that resides on your mac, I recommend that you NOT move that vault to 1password.com at this time. You should also NOT take the offer of "3-year discount" offered by the 1Password macOS up as this will migrate your local vault to 1Password.com. If you migrate your local vault stored on your mac to 1Password.com you may suffer the same fate as me.

What happened to me? After the migration, initially all seemed well. However, after 1 to 2 days, the master unlock password for the 1Password app on your mac will NO LONGER WORK! Worse still, the vault that moved to 1Password.com VANISHED after 2 days!

Fortunately for me, I had a "spare laptop" on which the 1password app worked using a local iCloud synced vault. Support had me move that vault to 1Password.com again. Again after that 2nd move, all seemed well, but the next day the master unlock password no longer worked on that 2nd "spare laptop"! If things go the same way as before, then I might see the loss of data on my 1Password.com vault as well .. I hope not but it happened once before.

Loss of ability to unlock your 1password app on your mac: twice. Loss of data that was moved to 1Password.com: once (hopefully not twice). It seems clear to me that there are deep and serious flaws with the vault migration code. Beware!!!!

I have asked support to help me revert to a local vault use. Thankfully I have a *1pif backup: so I am hoping this reverting will work.

-- Landon Noll ^oo^

1Password Version: 7.9.3
Extension Version: Not Provided
OS Version: macOS 12.3.1

Comments

  • Jack.P_1P
    Jack.P_1P
    Options

    Hi @chongolcn2:

    Thanks for sharing your thoughts.

    Firstly I'd like to say that I absolutely understand how frustrating this is. We don't like seeing people lose data either, so we're happy to continue working with you. With that said, would it have been possible that you used a different account password for your 1Password account compared to your Primary vault password? 1Password accounts have a slightly longer password requirement than the Primary vault password did, and if you had migrated all your vaults to a 1Password account, then removed your standalone vaults from 1Password, 1Password would no longer unlock using your Primary vault password, but your 1Password account password instead.

    Just to verify that all of your items are still as expected, are you able to sign in to your account on 1Password.com using your 1Password account password, not the password you may have used previously to unlock the 1Password app? If you are, and the migration went as expected, you should see all of your items there. Let me know if you're unable to sign in, or don't see your items, and I'll follow up with the team to continue helping you out via email.

    Jack

    ref: GWB-59355-691

  • chongolcn2
    chongolcn2
    Community Member
    edited April 2022
    Options

    Thank you @Jack.P_1P for your reply.

    Sorry for the delay in responding we have been under a significant time crunch how we have no working 1Password on any laptop. We have been forced to type in very long (24+ character) passwords by hand from iOS devices or an excel spreadsheet. Being down for 2.5 week is taking its toll and many things are taking much longer.

    I don't want to duplicate details of our on-going tech support case [#GWB-59355-691], so I invite you to investigate that case if you are interested in the fine details. Nevertheless, to answer your questions, I need to go into some additional details.

    Please do NOT consider the following test to be a support request The following is just some context in an effort to answer your questions.

    Still, we appreciate your question and so let's respond in general for those who may be reading this thread and wondering what is going on:

    Firstly I'd like to say that I absolutely understand how frustrating this is. We don't like seeing people lose data either, so we're happy to continue working with you.

    Thank you, Jack.

    BTW: I still want to work with support to resolve this matter. Moreover, if Agile is interested, I would like, from an outsider's perspective, to understand how this disaster happened in the hopes that things could be fixed OR in the case of things being "my fault", how people might avoid my mistake.

    Suggestion: When someone is selecting the "3-year subscription deal" that the 1Password app was offering, ASK permission or otherwise make it VERY CLEAR that approving the deal includes migrating any local vault to 1Password.com. Perhaps detect if there is a local vault and before it is too late, give them a clear pop-up of the form:

    To proceed, we first need to move your local vault to 1Password.com. Do you wish to proceed? {YES) {NO}

    ... with the default being NO. There may be legal, contractual, or personal reasons why someone might not be able to move their vault to 1Password.com at this time. Don't just assume it is OK to migrate. Obtain a very explicit permission before you do.

    I am not anti-1Passowrd.com by any means. I have 4 vaults on 1Passowrd.com in addition to an iCloud synced local vault. I am just suggesting that moving such a local vault to 1Password.com should have been an EXPLICIT decision: one that I might have delayed a few weeks until I was ready, had I known.

    Suggestion: Do not offer a "3-year subscription deal" "personal license" to someone who already has a "family license".

    If someone already has a "family license", offering them a "3-year subscription deal" for a "personal license" might not be a good thing.

    In my case I had an existing "family license" vaults in 1Password.com. When I accepted the "3-year subscription deal" I was given a "personal license", not an extension on our "family license". Part of the start of that "3-year subscription deal" "personal license" was the creation of a new personal vault containing the migrated local vault keys.

    I used the same Email address for this "3-year subscription deal" "personal license" as my "family vault" Email address. Again, thinking that I was extending the "family license" time 3-years, I gave it the same Email address. When I saw that the secret key being used was the same as my "family license", I gave it the same password as my 1password.com login.

    BTW: I also have a vault set from my former employer in 1Password.com (with my former employer's permission of course).

    Again, I had these vaults in 1Password.com:

    • Previous employer (company license: 2 vaults: Shared and Private) [ -- edited by 1Password staff -- ]
    • LANDON NOLL'S FAMILY (family license: 2 vaults: Shared and Private)
    • in addition to a local iCloud synced vault.

    After accepting the "3-year subscription deal" I had:

    • Previous employer (company license: 2 vaults: Shared and Private) [ -- edited by 1Password staff -- ]
    • LANDON NOLL'S FAMILY (family license: 2 vaults: Shared and Private)
    • LANDON NOLL (personal license: 1 Private vault - contain the migrated keys from the local iCloud synced vault)
    • No local iCloud synced vault on the "primary laptop" (the local vault was still on the "backup laptop" and iOS devices)

    I was able to use the 1Password app on macOS, and use my existing "master unlock password", and login to 1Password.com, and see my 576+1 items on 1Password.com under the "LANDON NOLL" vault.

    This state lasted somewhere between about 24 to 48 hours. Then on day 2, the LANDON NOLL vault vanished. Moreover, the 1Password app no longer recognized my "master unlock password" on my "primary laptop". Worse still, the 1Password diagnostic app produced an **empty diagnostic report folder*: as if there was no vault data for it to even diagnose.

    QUESTION: Could the use of the same Email address and password for the "family license" and that new "3-year subscription deal" personal VAULT led to that new vault being seen as a duplicate and removed?

    BTW: I say 576+1 items. The +1 is the additional item that is added to the vault when it is migrated.

    BTW: When support directed me to migrate the local iCloud synced vault on my "backup laptop" to 1Password.com, I chose, as I was instructed, to migrate those items into the private vault under LANDON NOLL'S FAMILY "family license".

    The 576+1 items migrated from local iCloud synced vault on my "backup laptop" to 1Password.com just fine.

    For the next 24 to 36 hours, I was able to use the 1Password app on my "backup laptop" just fine. I could also login to 1Password.com and see the 576+1 items that migrated to the private vault under LANDON NOLL'S FAMILY "family license".

    Then (after 24 to 36 hours), the "master unlock password" failed to unlock the 1Password app on the "backup laptop". I.e., this was the 2nd time that there was a DELAYED loss of being able to unlock the 1Password app on a mac.

    Unlike the 1st failure from the "primary laptop" where the 1Password diagnostic app produced an empty diagnostic report folder, on the "backup laptop" the 1Password diagnostic app WAS able to produce a diagnostic report (that I gave to support).

    QUESTION: Any idea on why these disasters were delayed? I.e., why things worked very well for 24 to 48 hours before disaster struck? Is there some background process on the 1Password.com back end that is involved in these disasters?

    With that said, would it have been possible that you used a different account password for your 1Password account compared to your Primary vault password?

    Yes.

    The "master unlock password" (or Primary vault password if you are referring to what I call "master unlock password" ) (that I use with the 1Password app on the mac and iOS decides) is NOT the same as my "1Password.com login password".

    There is an extremely important separation whereby the "master unlock password" CANNOT be the same as my 1Password.com login password! So Yes, the are different by design and requirement.

    BTW: I tried also using the "1Password.com login password" to try and unlock the 1Password app: no success.

    1Password accounts have a slightly longer password requirement than the Primary vault password did, and if you had migrated all your vaults to a 1Password account, then removed your standalone vaults from 1Password, 1Password would no longer unlock using your Primary vault password, but your 1Password account password instead.

    Interesting / good question:

    The "master unlock password" is 14+ "j-random" characters that was generated by the 1password app containing UPPER chars, lower chars, digits, symbols, no words, no repeating patterns, etc.. Just a solid j-random password.

    The "1Password.com login password" is a 25+ "j-random" characters that was generated by the 1password app containing UPPER chars, lower chars, digits, symbols, no words, no repeating patterns, etc.. Just a solid j-random password.

    I believe both passwords are of sufficient quality. The "1Password.com login password" is longer than the "master unlock password" by 11 characters.

    Just to verify that all of your items are still as expected, are you able to sign in to your account on 1Password.com using your 1Password account password, not the password you may have used previously to unlock the 1Password app?

    Yes. I have always been able to login to 1Password.com using my "1Password.com login password".

    Even when, the " LANDON NOLL (personal license: 1 Private vault)" vault disappeared, I was able to login to on 1Password.com using my "1Password.com login password". I re-verified this just now.

    ((continued on next post))

  • chongolcn2
    chongolcn2
    Community Member
    Options

    ((Reply to Jack continued))

    If you are, and the migration went as expected, you should see all your items there. Let me know if you're unable to sign in, or don't see your items, and I'll follow up with the team to continue helping you out via email.

    The 1st failure (the one from my "primary laptop") saw the " LANDON NOLL (personal license: 1 Private vault)" vanish some 24 to 48 hours after I signed up for the "3-year subscription deal".

    While the " LANDON NOLL (personal license: 1 Private vault)" vanished, NONE of the other items in the other 4 vaults were impacted. The "master unlock password" on my "primary laptop" was impacted (no longer works).

    The 2nd failure, so far, has been restricted to the loss of the "master unlock password" working on my "backup laptop" (no longer unlocks).

    I just verified that the 576+1 items that were moved into "LANDON NOLL'S FAMILY (family license: Private vault)" are still there by logging in just now.

    However, I hope you can appreciate how nervous I am:

    • Down for 16+ days on my "primary laptop" 1Password app
    • Down for 2+ days on my "backup laptop" 1Password app
    • No macOS 1Password app access
    • Loss of the " LANDON NOLL (personal license: 1 Private vault)" from 1Password.com
    • Only iOS devices using an iCloud synced vault still work
    • … plus, a *.1pif backup file

    (now in encrypted storage copied to multiple physical safes (physical security faults location in widely different locations))

    Jack

    Thank you, Jack, I hope this helps answer your questions.

    I am NOT looking for support: For support I have [#GWB-59355-691].

    I have asked support to help me revert my "primary laptop" back to a 1Password app that uses a local iCloud vault, restoring from a *.1pif if needed. I know that local vaults will NOT be supported in 1Password v8. This revert would be a temporary measure to not prolong this disaster well beyond the 16+ days it is running now.

    My wishing to revert is NOT a sign that I am giving up on the [#GWB-59355-691] support case.

    I am looking for 2 things from Agile that you, or others not involved in my support case, might help/advise on:

    • Someone attempting to reproduce these failures
    • High level non-internal explanation as to what happened

    For the 1st point (failure reproduction) I can help:

    I have the "backup laptop" on which I can help perform experiments migrating a local vault to 1Password.com.

    The "High level non-internal explanation as to what happened" is my wish to again be able to place a great deal of trust in Agile / 1Password software. As you might guess, that trust in Agile / 1Password now has been shaken. I want to find a reason to both trust AND recommend to others to use the software.

    Comments, suggestions, corrections, and questions welcome.

    -- Landon Noll ^oo^

  • Jack.P_1P
    Jack.P_1P
    Options

    Hi @chongolcn2:

    Thanks for your detailed responses! Since clarifying what would have likely happened will require digging into specifics, to protect your privacy and security, I'll follow up with you directly in your email conversation with us. Please keep an eye out for my email coming soon!

    Just as an additional note, since this is a public community, I've removed some of the personal details from your posts. 🙂

    Jack

  • chongolcn2
    chongolcn2
    Community Member
    Options

    Thank you @Jack.P_1P

  • chongolcn2
    chongolcn2
    Community Member
    Options

    I replied via Email, @Jack.P_1P

    Other folks: We are making good progress. I suggest we keep this discussion open and I'll post a summary of what happened and how it was resolved.

This discussion has been closed.