Backup 1Password 8 vaults?

VariagVariag
Community Member
in Mac

After updating to 1P8 I am shocked to find that the feature to automatically create local backups has disappeared.
I am already not happy at all for you not to support iCloud vaults but having backups integrated in the cloud vault.
Please bring back the feature to create local backups!


1Password Version: 8.7.0
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • ag_tommyag_tommy

    Team Member

    @Variag

    My suggestion would be to make a complete computer backup. We store all backups on the servers. In addition each device has a cached set of data. So if you have multiple devices you have a backup of sorts. Time Machine is a great set it and forget it approach.

    The team is investigating this possibility and I would be happy to let them know this is important to you.

  • murrayEmurrayE
    Community Member

    I, too, am dismayed by the local backups as well as sync to iCloud has disappeared. This is a definite REGRESSION and REMOVAL OF FEATURES!!!!!

    I will no longer recommend 1Password for Mac to others and will have to consider seriously an alternative app.

  • PeterG_1PPeterG_1P

    Team Member
    edited May 6

    Hi @murrayE and @Variag, thanks for your feedback here.

    As @ag_tommy mentioned, we've built a considerable amount of redundancy (and aspects of backup) into the 1Password.com system. Here's some quick info on how that works and why we've chosen this approach:

    • First, a reference copy of your data is synced to your devices by our secure servers
    • A local 1Password database is also present on each of your devices - so if you have three devices (say, a laptop, a desktop, and a mobile phone) then you have four copies of your data available - one on each device, and one at 1Password.com. This means you can also access your data from any of these devices when not connected to the internet (try it!)
    • You can also use your Emergency Kit to sign in on a new device at any time (and thus have another copy of your data handy)
    • Lastly, we also have an export feature which you can use to export a copy of your data if you really need to. However, we don't typically recommend this, as the data will be in an unencrypted format and thus outside the protection of the 1Password app.

    Regarding iCloud: while iCloud and Dropbox are great, they're not primarily made for what we're doing. By building the entire security architecture for your 1Password use, we're able to provide you with a number of advantages, including the Secret Key, individual item history, Travel Mode, and more. We can't do that through third-party sync services.

    If you'd like to check out the nerdy details, one of our security gurus @Lars provided an in-depth discussion here.

    Our servers also make it possible to keep your data in sync across devices, while ensuring that the keys to access that data remain in your hands only, and that we can support you directly should something go wrong (when there's an issue with a third-party sync service, that's considerably harder to do).

    And while we've found that this system overall presents a great solution for data redundancy and making sure you can get your items whenever you need them, we're always open to suggestions on how we can improve further - so we'll let our development team know that backups are something you'd like to see going forward. Thanks for taking the time to let us know.

    ref: dev/core/core#5969

  • murrayEmurrayE
    Community Member

    My engagement with computing dates to at least 1959 and involves mainframes, servers, and personal computers. Backup storage media I've used range from punched cards and tapes through floppy disks, HDs, SSDs, and cloud. In all this, three essential lessons I learned are: (1)the importance of multiple backups and personal; (2) manual control over backups; and (3) never rely solely on backups created or stored by 3rd parties. It is the latter that has been degraded in 1Password8.

    With regard to (3), I need hardly remind you of how many corporate, governmental, and other institutional computer systems have been hacked and compromised.

    Despite your implication, export is safe if, for example, one shoves the export into a folder and then uses Disk Utility to encrypt a .dmg, which can then be backed up to iCloud or elsewhere.

    You've just made backup harder in version 8.

  • PeterG_1PPeterG_1P

    Team Member
    edited May 7

    Hi @MurrayE, thanks for the reply. I'm not sure I understand where you're coming from on this yet (but would like to).

    You mentioned:

    never rely solely on backups created or stored by 3rd parties. It is the latter that has been degraded in 1Password8.

    I agree very much with the philosophy of "never rely solely on backups created or stored by 3rd parties." Absolutely!

    Fortunately, the instances of your database are not exclusively stored by us. The majority of them are stored with you, on the device where you signed into the 1Password app. If you sign into 1Password 8 on a Macbook, and then disconnect it from wifi and take it with you sailing, you still have all your items in the local database on that device. It's under your control, both in the sense that you physically possess the database, as well as that the ability to unlock it remains entirely with you.

    With regard to (3), I need hardly remind you of how many corporate, governmental, and other institutional computer systems have been hacked and compromised.

    A totally fair point. And while we haven't been hacked, our security model isn't predicated on remaining breach-free forever. Instead, we've put the elements needed to decrypt your data exclusively in your hands. That's also a great defense against attack - because if someone did manage to compromise our servers, all they'd be left with is indecipherable blobs of data that can't be decrypted without the account password and Secret Key that only you have. And through a number of overlapping techniques, we've raised the cost and time required to break that encryption to unreasonably high levels.

    This is even true when you view your items on 1Password.com, by the way. It may look like you're seeing an unencrypted version of your data on our servers, but the unlocking and display of items is actually all handled locally, in the browser session.

    Despite your implication, export is safe if, for example, one shoves the export into a folder and then uses Disk Utility to encrypt a .dmg, which can then be backed up to iCloud or elsewhere.

    Forgive me if I'm misunderstanding - doesn't that amount to trusting another cloud service provider with the data? When we handle these tasks (encrypt, sync, backup) we have the ability to enforce high security standards on how that data is handled, and to do it with an architecture dedicated exclusively to that purpose. That's (in my view) one of the chief virtues of the current approach.

    I should have been more specific about the implications of why we don't recommend export, as well. Most people, when they export, don't then apply custom encryption to the file. It's much more common for folks to leave an unencrypted copy on the local device (which could then compromised remotely by an adversary, or lost, or stolen), they may back it up to a hard drive or external source and forget that it's there (or not realize they've done it), or print the file, which introduces another range of potential exposures.

    In any case, I appreciate having your perspective, and the chance to discuss it with you. Thanks for sharing your thoughts here!

  • tmoehletmoehle
    Community Member

    Especially when you work with teams and multiple shares vaults, how can I protect myself and my company against accidental or intentional deletion of shared data? I mean, if all my devices sync on a regular basis, those elements are going to be deleted everywhere as well.

    What if someone with access deletes an entire vault?

    Local backups and the ability to view and import data from them are crucial and the removal of this feature is one of the many very questionable decisions Agile Bits has done in the last few years, that are also eroding my trust in this company.

  • PeterG_1PPeterG_1P

    Team Member
    edited May 11

    Hi @tmoehle, thanks for this question.

    Especially when you work with teams and multiple shares vaults, how can I protect myself and my company against accidental or intentional deletion of shared data?

    Partly this can be managed through appropriate permissions for each shared vault - who has delete item privileges, who has edit item privileges, and so on.

    Any deleted items can also be restored from the View Recently Deleted section, provided the vault still exists.

    I have also communicated your concern about potential vault deletion to folks on our engineering team, so that we can discuss what additional approaches might help (beyond the current permissions safeguards) with that kind of scenario. Thank you for letting us know that this is a priority for you.

    ref: IDEA-I-962

  • LewLew Junior Member
    Community Member

    Hello @PeterG_1P...

    With regard to your statement:

    • Lastly, we also have an export feature which you can use to export a copy of your data if you really need to. However, we don't typically recommend this, as the data will be in an unencrypted format and thus outside the protection of the 1Password app.

    What good is an export feature if there is no obvious method to import or restore that data if necessary? At the very least, we need to know the file name and location of local vaults so they can be manually replaced with those previously exported in the event of vault damage.

  • Dave_1PDave_1P

    Team Member

    @Lew

    Thank you for the reply. Out of curiosity, what kind of vault damage are you hoping to protect against? If the local vault on your Mac is damaged then you can restore a healthy copy of your data from 1Password.com by resetting the app and then adding your account back to the app, it's one of the great benefits of 1Password accounts.

    I look forward to hearing from you. 😊

  • VariagVariag
    Community Member

    Hello Dave,
    local backups would protect from a data loss originating in the cloud storage. This could be caused either by human error or malicious attacks. For instance Hetzner recently accidently deleted their customers VM snapshots without a way to recover.
    When all my passwords are stored in the cloud I want ensure they cannot be lost. F.

  • LewLew Junior Member
    Community Member

    @Dave_1P

    I recently experienced an issue of two vaults being combined during the upgrade from v7 to v8. I was left with a primary vault nearly twice the size with the second vault empty.

    I was unaware vaults could be restored from data stored on 1Password.com. Why did your email support not mention this? I have not seen this mentioned in posts I've read here on the Support Community.

    I have asked a number of times about the location of my vaults on my Mac with no response. Why is that?

    Also, can you please address my questions above: What good is an export feature if there is no obvious method to import or restore that data if necessary? At the very least, we need to know the file name and location of local vaults so they can be manually replaced with those previously exported in the event of vault damage.

  • ag_tommyag_tommy

    Team Member

    @Lew

    At the very least, we need to know the file name and location of local vaults so they can be manually replaced with those previously exported in the event of vault damage.

    That would not be necessary as a restore would happen server side. There would be little if any interaction from the user. I would suggest logging in and out but that's about all you would need to do. I am obviously making this as simple as possible for the description process. There could be a few other steps in the mix.

    Also, please check your inbox. There are follow up questions I sent over. I am trying to replicate what you experienced. Please reply via email so we can keep the discussion one on one and have all the details for reference. They may help us in solving this mystery. * Dave I both have sent messages. We'll do our best to help.

  • kaptainkylekaptainkyle
    Community Member
    edited May 18

    We've been using 1Password for a very long time and only store our data on iCloud. We''ll upgrade to 8 only when it rolls out to the App Store AND continues support for iCloud syncing on the primary vault.

    We're a 100% Apple family with many devices and absolutely zero desire to use a 3rd party host (other than iCloud) for password syncing. I was willing to tolerate the subscription fee only because of their support for Apple's ecosystem.

    Sadly 1Password 7 may be the end of the line for us. Fortunately Apple's own Passwords manager has improved enough that it has already taken over as my primary website password manager with 1Password as backup. My wife won't be a fan of losing 1Password but she'll adjust.

  • BenBen AWS Team

    Team Member

    Hi @kaptainkyle

    One of our founders, Dave, has an extensive post about standalone vaults (and the associated 3rd party sync options such as iCloud and Dropbox), here:

    The future of local/standalone vaults

    In short: these will not be a part of 1Password moving forward. I'd love to talk more about how we can meet your needs without them, but if those are sticking points then I'm afraid we may be at an impasse. The future of 1Password is based on 1Password.com. It's the only way we can offer a number of the features we currently have, and more that we're pursuing. iCloud and Dropbox just can't do those things for us. I hope you'll reconsider, but if not I wish you all the best in finding a new tool that you're comfortable with and confident in. 👍️

    Ben

  • kaptainkylekaptainkyle
    Community Member

    Thanks for the response Ben as it does a good job describing the future path of 1Password. I too come from an IT background and unfortunately this direction conflicts with some of the very core reasons I've hung with this product for so long. Primarily we just use the core functionality across all our devices but it has been such as solid product (until now) that the family subscription cost was worth it.

    I wish there'd be a 1Password Lite version that dialed back some of the current bloat for a lower price while keeping the iCloud vault and App Store integration. Until then, v7 is the end of the line for us. I wish you and your team well!

  • BenBen AWS Team

    Team Member

    Thanks @kaptainkyle. Likewise!

    Ben

  • dalepeakdalepeak
    Community Member

    If the database became corrupted on one device would that corrupted version be replicated to 1password.com and thence onto all other connected devices?

  • sandstromsandstrom
    Community Member

    I think a good solution would be if 1Password 8 (for macOS, in my case) could automatically/regularly make an export of the vault (in an encrypted format) to a chosen location on disk. Similar to what the Sync tab does in 1Password 7.

    That way I can use my preferred backup mechanism to handle that file (move to Dropbox, store on local NAS, send to S3, etc).

    For macOS, you could piggy-back on the Shortcuts app if you wanted to. If you provide an export Shortcut, then I can automate it [e.g. every day at 12:00] using the Shortcuts app.

  • sandstromsandstrom
    Community Member

    Also, here is a related (earlier) thread about backups of hosted vaults:
    https://1password.community/discussion/121450/latest-process-for-local-backup-on-macos

  • PeterG_1PPeterG_1P

    Team Member

    Thank you for the request, @sandstrom, I have added it to our internal discussion. 👍

    ref: IDEA-I-1205

  • sandstromsandstrom
    Community Member

    Thanks Peter!

    Also, the reason for it to be in an encrypted format, is that e.g. Shortcuts (macOS built-in automation app) wouldn't need to know the password to perform the backup. You don't want the backup tool to know and store the password.

  • WA DanWA Dan Junior Member
    Community Member

    I just upgraded to 1Password for Mac 8.7.1 from 7 and it seems like there are less options for exporting parts of the database than before. For example, if I select a tag, then select all items, then go to File > Export it exports everything, not the selected items.

    In addition, previously when I could limit items, I had no control of what was included. What I would like to do is print out certain tagged items relevant to estate planning to give a copy to my attorney and to save in a safety deposit box that only I have access to (and others in the event I die). They don't need to see, for example, what tags have been associated with each item. I realize I can edit it out in a word processor or spreadsheet, but this is something I update regularly and it's a waste of time to have to do so each time. I think we should be able to create and save custom export templates.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file