Backup 1Password 8 vaults?
After updating to 1P8 I am shocked to find that the feature to automatically create local backups has disappeared.
I am already not happy at all for you not to support iCloud vaults but having backups integrated in the cloud vault.
Please bring back the feature to create local backups!
1Password Version: 8.7.0
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
My suggestion would be to make a complete computer backup. We store all backups on the servers. In addition each device has a cached set of data. So if you have multiple devices you have a backup of sorts. Time Machine is a great set it and forget it approach.
The team is investigating this possibility and I would be happy to let them know this is important to you.
0 -
I, too, am dismayed by the local backups as well as sync to iCloud has disappeared. This is a definite REGRESSION and REMOVAL OF FEATURES!!!!!
I will no longer recommend 1Password for Mac to others and will have to consider seriously an alternative app.
0 -
Hi @murrayE and @Variag, thanks for your feedback here.
As @ag_tommy mentioned, we've built a considerable amount of redundancy (and aspects of backup) into the 1Password.com system. Here's some quick info on how that works and why we've chosen this approach:
- First, a reference copy of your data is synced to your devices by our secure servers
- A local 1Password database is also present on each of your devices - so if you have three devices (say, a laptop, a desktop, and a mobile phone) then you have four copies of your data available - one on each device, and one at 1Password.com. This means you can also access your data from any of these devices when not connected to the internet (try it!)
- You can also use your Emergency Kit to sign in on a new device at any time (and thus have another copy of your data handy)
- Lastly, we also have an export feature which you can use to export a copy of your data if you really need to. However, we don't typically recommend this, as the data will be in an unencrypted format and thus outside the protection of the 1Password app.
Regarding iCloud: while iCloud and Dropbox are great, they're not primarily made for what we're doing. By building the entire security architecture for your 1Password use, we're able to provide you with a number of advantages, including the Secret Key, individual item history, Travel Mode, and more. We can't do that through third-party sync services.
If you'd like to check out the nerdy details, one of our security gurus @Lars provided an in-depth discussion here.
Our servers also make it possible to keep your data in sync across devices, while ensuring that the keys to access that data remain in your hands only, and that we can support you directly should something go wrong (when there's an issue with a third-party sync service, that's considerably harder to do).
And while we've found that this system overall presents a great solution for data redundancy and making sure you can get your items whenever you need them, we're always open to suggestions on how we can improve further - so we'll let our development team know that backups are something you'd like to see going forward. Thanks for taking the time to let us know.
ref: dev/core/core#5969
0 -
My engagement with computing dates to at least 1959 and involves mainframes, servers, and personal computers. Backup storage media I've used range from punched cards and tapes through floppy disks, HDs, SSDs, and cloud. In all this, three essential lessons I learned are: (1)the importance of multiple backups and personal; (2) manual control over backups; and (3) never rely solely on backups created or stored by 3rd parties. It is the latter that has been degraded in 1Password8.
With regard to (3), I need hardly remind you of how many corporate, governmental, and other institutional computer systems have been hacked and compromised.
Despite your implication, export is safe if, for example, one shoves the export into a folder and then uses Disk Utility to encrypt a .dmg, which can then be backed up to iCloud or elsewhere.
You've just made backup harder in version 8.
0 -
Hi @MurrayE, thanks for the reply. I'm not sure I understand where you're coming from on this yet (but would like to).
You mentioned:
never rely solely on backups created or stored by 3rd parties. It is the latter that has been degraded in 1Password8.
I agree very much with the philosophy of "never rely solely on backups created or stored by 3rd parties." Absolutely!
Fortunately, the instances of your database are not exclusively stored by us. The majority of them are stored with you, on the device where you signed into the 1Password app. If you sign into 1Password 8 on a Macbook, and then disconnect it from wifi and take it with you sailing, you still have all your items in the local database on that device. It's under your control, both in the sense that you physically possess the database, as well as that the ability to unlock it remains entirely with you.
With regard to (3), I need hardly remind you of how many corporate, governmental, and other institutional computer systems have been hacked and compromised.
A totally fair point. And while we haven't been hacked, our security model isn't predicated on remaining breach-free forever. Instead, we've put the elements needed to decrypt your data exclusively in your hands. That's also a great defense against attack - because if someone did manage to compromise our servers, all they'd be left with is indecipherable blobs of data that can't be decrypted without the account password and Secret Key that only you have. And through a number of overlapping techniques, we've raised the cost and time required to break that encryption to unreasonably high levels.
This is even true when you view your items on 1Password.com, by the way. It may look like you're seeing an unencrypted version of your data on our servers, but the unlocking and display of items is actually all handled locally, in the browser session.
Despite your implication, export is safe if, for example, one shoves the export into a folder and then uses Disk Utility to encrypt a .dmg, which can then be backed up to iCloud or elsewhere.
Forgive me if I'm misunderstanding - doesn't that amount to trusting another cloud service provider with the data? When we handle these tasks (encrypt, sync, backup) we have the ability to enforce high security standards on how that data is handled, and to do it with an architecture dedicated exclusively to that purpose. That's (in my view) one of the chief virtues of the current approach.
I should have been more specific about the implications of why we don't recommend export, as well. Most people, when they export, don't then apply custom encryption to the file. It's much more common for folks to leave an unencrypted copy on the local device (which could then compromised remotely by an adversary, or lost, or stolen), they may back it up to a hard drive or external source and forget that it's there (or not realize they've done it), or print the file, which introduces another range of potential exposures.
In any case, I appreciate having your perspective, and the chance to discuss it with you. Thanks for sharing your thoughts here!
0 -
Especially when you work with teams and multiple shares vaults, how can I protect myself and my company against accidental or intentional deletion of shared data? I mean, if all my devices sync on a regular basis, those elements are going to be deleted everywhere as well.
What if someone with access deletes an entire vault?
Local backups and the ability to view and import data from them are crucial and the removal of this feature is one of the many very questionable decisions Agile Bits has done in the last few years, that are also eroding my trust in this company.
0 -
Hi @tmoehle, thanks for this question.
Especially when you work with teams and multiple shares vaults, how can I protect myself and my company against accidental or intentional deletion of shared data?
Partly this can be managed through appropriate permissions for each shared vault - who has
delete item
privileges, who hasedit item
privileges, and so on.Any deleted items can also be restored from the
View Recently Deleted
section, provided the vault still exists.I have also communicated your concern about potential vault deletion to folks on our engineering team, so that we can discuss what additional approaches might help (beyond the current permissions safeguards) with that kind of scenario. Thank you for letting us know that this is a priority for you.
ref: IDEA-I-962
0 -
Hello @PeterG_1P...
With regard to your statement:
- Lastly, we also have an export feature which you can use to export a copy of your data if you really need to. However, we don't typically recommend this, as the data will be in an unencrypted format and thus outside the protection of the 1Password app.
What good is an export feature if there is no obvious method to import or restore that data if necessary? At the very least, we need to know the file name and location of local vaults so they can be manually replaced with those previously exported in the event of vault damage.
0 -
Thank you for the reply. Out of curiosity, what kind of vault damage are you hoping to protect against? If the local vault on your Mac is damaged then you can restore a healthy copy of your data from 1Password.com by resetting the app and then adding your account back to the app, it's one of the great benefits of 1Password accounts.
I look forward to hearing from you. 😊
0 -
This content has been removed.
-
Hello Dave,
local backups would protect from a data loss originating in the cloud storage. This could be caused either by human error or malicious attacks. For instance Hetzner recently accidently deleted their customers VM snapshots without a way to recover.
When all my passwords are stored in the cloud I want ensure they cannot be lost. F.0 -
I recently experienced an issue of two vaults being combined during the upgrade from v7 to v8. I was left with a primary vault nearly twice the size with the second vault empty.
I was unaware vaults could be restored from data stored on 1Password.com. Why did your email support not mention this? I have not seen this mentioned in posts I've read here on the Support Community.
I have asked a number of times about the location of my vaults on my Mac with no response. Why is that?
Also, can you please address my questions above: What good is an export feature if there is no obvious method to import or restore that data if necessary? At the very least, we need to know the file name and location of local vaults so they can be manually replaced with those previously exported in the event of vault damage.
0 -
At the very least, we need to know the file name and location of local vaults so they can be manually replaced with those previously exported in the event of vault damage.
That would not be necessary as a restore would happen server side. There would be little if any interaction from the user. I would suggest logging in and out but that's about all you would need to do. I am obviously making this as simple as possible for the description process. There could be a few other steps in the mix.
Also, please check your inbox. There are follow up questions I sent over. I am trying to replicate what you experienced. Please reply via email so we can keep the discussion one on one and have all the details for reference. They may help us in solving this mystery. * Dave I both have sent messages. We'll do our best to help.
0 -
We've been using 1Password for a very long time and only store our data on iCloud. We''ll upgrade to 8 only when it rolls out to the App Store AND continues support for iCloud syncing on the primary vault.
We're a 100% Apple family with many devices and absolutely zero desire to use a 3rd party host (other than iCloud) for password syncing. I was willing to tolerate the subscription fee only because of their support for Apple's ecosystem.
Sadly 1Password 7 may be the end of the line for us. Fortunately Apple's own Passwords manager has improved enough that it has already taken over as my primary website password manager with 1Password as backup. My wife won't be a fan of losing 1Password but she'll adjust.
0 -
Hi @kaptainkyle
One of our founders, Dave, has an extensive post about standalone vaults (and the associated 3rd party sync options such as iCloud and Dropbox), here:
The future of local/standalone vaults
In short: these will not be a part of 1Password moving forward. I'd love to talk more about how we can meet your needs without them, but if those are sticking points then I'm afraid we may be at an impasse. The future of 1Password is based on 1Password.com. It's the only way we can offer a number of the features we currently have, and more that we're pursuing. iCloud and Dropbox just can't do those things for us. I hope you'll reconsider, but if not I wish you all the best in finding a new tool that you're comfortable with and confident in. 👍️
Ben
0 -
Thanks for the response Ben as it does a good job describing the future path of 1Password. I too come from an IT background and unfortunately this direction conflicts with some of the very core reasons I've hung with this product for so long. Primarily we just use the core functionality across all our devices but it has been such as solid product (until now) that the family subscription cost was worth it.
I wish there'd be a 1Password Lite version that dialed back some of the current bloat for a lower price while keeping the iCloud vault and App Store integration. Until then, v7 is the end of the line for us. I wish you and your team well!
0 -
Thanks @kaptainkyle. Likewise!
Ben
0 -
If the database became corrupted on one device would that corrupted version be replicated to 1password.com and thence onto all other connected devices?
0 -
I think a good solution would be if 1Password 8 (for macOS, in my case) could automatically/regularly make an export of the vault (in an encrypted format) to a chosen location on disk. Similar to what the Sync tab does in 1Password 7.
That way I can use my preferred backup mechanism to handle that file (move to Dropbox, store on local NAS, send to S3, etc).
For macOS, you could piggy-back on the Shortcuts app if you wanted to. If you provide an export Shortcut, then I can automate it [e.g. every day at 12:00] using the Shortcuts app.
0 -
Also, here is a related (earlier) thread about backups of hosted vaults:
https://1password.community/discussion/121450/latest-process-for-local-backup-on-macos0 -
Thank you for the request, @sandstrom, I have added it to our internal discussion. 👍
ref: IDEA-I-1205
0 -
Thanks Peter!
Also, the reason for it to be in an encrypted format, is that e.g. Shortcuts (macOS built-in automation app) wouldn't need to know the password to perform the backup. You don't want the backup tool to know and store the password.
0 -
I just upgraded to 1Password for Mac 8.7.1 from 7 and it seems like there are less options for exporting parts of the database than before. For example, if I select a tag, then select all items, then go to File > Export it exports everything, not the selected items.
In addition, previously when I could limit items, I had no control of what was included. What I would like to do is print out certain tagged items relevant to estate planning to give a copy to my attorney and to save in a safety deposit box that only I have access to (and others in the event I die). They don't need to see, for example, what tags have been associated with each item. I realize I can edit it out in a word processor or spreadsheet, but this is something I update regularly and it's a waste of time to have to do so each time. I think we should be able to create and save custom export templates.
0 -
I would like to second the unconditional need for automated backups under my control.
Whatever may or may not be taking place on the 1Password servers is irrelevant in this context.
- I have no means to access, audit, control, inspect, validate it. All I have is a service provider's word.
- "1Password giveth and 1Password taketh away" (case in point: local backups ...). Whatever might be in place today may be gone tomorrow.
Given how vital the data in 1Password is to me, I need an automated, local, vendor-neutral backup (I realize that the backups made by prior versions of 1Password did not fully accomplish this, either). I am currently achieving such a backup using bash, the 1Password CLI, JSON, openssl, etc. But I should not have to, this functionality ought to be built in.
The export function, as it is currently implemented (manually triggered and unencrypted) is not an option -- it could be, though, if exports were encrypted, encoded in an open format, and if the process could be automated/scripted.
0 -
@Sandstorm and @WA Dan
Thank you for your feedback and I'm sorry for the delay in responding. I've forwarded your comments to our product team. 🙂
Do you happen to use any full-disk backup software like Time Machine on your Mac? If you do then that full-disk backup will also contain a copy of your encrypted 1Password data. If you did need to restore it in the future then you can drag and drop the following folder from the backup to your Mac:
~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data
The benefit of a Time Machine backup is that it's done automatically and is versioned. That being said, I know that this doesn't meet all of the requirements that you mentioned and I've passed along your specific comments and requests to our product team as well.
-Dave
0 -
@Dave_1P I wish this recovery process was better documented without having to dig into the forums. I found this post from @Ben where he describes the steps in detail. Maybe that could serve as a template.
It was so reassuring to me that these local backups held in Time Machine or Arq or whatever backup service could help me recover in many disaster scenarios such as these.
- A family organizer accidentally deletes our whole Family account.
- A family organizer accidentally deletes a shared vault.
- A family organizer accidentally deletes me from our family (despite my being a family organizer as well).
- A mess-up at 1password where my account is deleted.
- A government compels AgileBits to delete/disable my 1password account.
The scary thing with all the scenarios is how as soon as the 1Password app connects to the AgileBits servers and sees the account is deleted, the app wipes the local cache of the vault along with the secret key. This played out in the experience of this person's friend.
The ability to restore from a local backup protects me from all these scenarios.
More and more people realize they are just one algorithmic mess-up away from their account being deleted on any cloud provider. The only way to be protected is to have a local backup.
With that said, I genuinely love 1password. My oldest vault entry was created on 8/3/2010. I truly wish for this product to thrive and serve more people.
0 -
Thank you for the feedback. I'm happy that Ben's post was helpful. I did want to mention that the filepath for 1Password 8's "local cache" is located in a slightly different place from 1Password 7:
~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data
It's not very likely that an account or vault would be accidentally deleted by a family organizer since the warning prompts that appear when someone does try to delete a vault or account are quite explicit. However the example that you linked to, where an account was deliberately deleted by a family organizer, does show a scenario that I hope that we can prevent in the future. Personally I'm in favour of creating an option that would automatically allow any family members who have their account deleted by a family organizer spin that account into their own separate individual account.
In the meantime, it's important that you trust the person who is the family organizer for your 1Password account. If you don't fully trust them, or worry that they're not the right person to be in that position, then I recommend starting your own membership.
A mess-up at 1password where my account is deleted.
Your encrypted data is replicated to redundant copies on our end to guard against any data loss or corruption. And, unlike other services, we don't scan or even have access to your data since it's end-to-end encrypted so an "algorithmic mess-up" of the type that you mentioned is thankfully something that cannot occur with your 1Password data.
All that being said, even if you maintain a full disk backup of your Mac using a service like Time Machine, I do recommend that you download and print your Emergency Kit. Keep the Emergency Kit somewhere secure like a personal safe or a safe deposit box so that you never lose access to your Secret Key. 🙂
-Dave
0 -
@Dave_1P I really like 1Password overall, I'm a fan.
But what you said above is also something that LastPass would have said to those same questions (https://www.wired.com/story/lastpass-engineer-breach-security-roundup/). In other words, I still think the wish from myself and others in this thread, of having backup control over the vault, is legit and makes sense.
Backing up the aforementioned directory does work to some extent, but I think it could be smoother (I've already mentioned my suggestions earlier in this thread).
0 -
Thank you for the feedback, I see that my colleague Peter has previously forwarded your comments to the team. 😊
-Dave
0 -
Thanks for the thoughtful replies @Dave_1P and @sandstrom.
And just for the record, it might have been unfair to bring in the "algorithmic mess-up" at Google into this conversation, as I know that AgileBits can't see the data we are storing in our vaults. But I did so because, for me, that story was what sparked a lot of rethinking about my safety from account deletion at cloud providers.
I know AgileBits is super careful with backups of customer data and so on. But there is still the chance, however minuscule, that there could be a clerical, accounting error of some sort—not a technical one—and my account gets deleted for some reason. A certain amount of time could pass where AgileBits could no longer restore my account from a backup.
I do know that accounts that go unpaid go into frozen mode. So I'm happy that's the case there. I suppose I'm protecting from the super super edge case here. But I just wanted to make clear what I was pointing to with "A mess-up at 1password where my account is deleted."
0