I've been a 1Password User for a fairly long time, but now i'm concerned about one particular issue:
Why, for the love of god, is 1Password storing the URL's / ItemNames that are currently stored in your Vault outside in a
I like AgileBits as a company a lot, especially their way of communicating security!
But why that security breach?
To make things clear: by no means i intend to say Wow, 1Password is bad software. But i want to understand the thought process behind it.
i created an example vault to further showcase the problem.
This is part of the design of the AgileKeychain Format. At the time it was necessary to have these certain fields decrypted. This is covered in this AgileKeychain Design document.
Soon we will be moving to our newer OPVault format which does not reveal this information.
Someone from AgileBits will definitely give you a detailed answer, but until then here's my thoughts (I'm just a forum user like you):
What you see is expected. 1Password uses a format called agilekeychain when using Dropbox or folder sync. If you use iCloud sync, you get the newer opvault format. Agilekeychain does not encrypt URLs and item names. Opvault does encrypt URLs and items names. Here are the technical details:
Of course, AgileBits wants opvault to become the default format. Unfortunately the rollout of opvault has moved at a glacial speed. There are some existing discussions on the forum including replies from AgileBits. Some examples:
It is possible to switch to opvault even if you use Dropbox and folder sync. I have myself used opvault for almost a year without issues, but my setup is pretty simple: 2 Macs, 1 vault, no attachments.
As chrisdji has stated there are historical reasons for this, ones that wouldn't apply if creating from scratch now. I can't disagree with what Xe997 said either, I know we've been intending to adopt the .opvault for a while now and from the users perspective it will probably seem like we haven't made any progress.
If you're interested in manually moving over to the .opvault format for your syncing needs let us know and we can help you there, once we've made sure it won't mess anything up that is.
Is there a way to migrate ourselves to this format ?
The current 1P for Mac 5.4 beta allows you to change to opvault format if you sync by Dropbox or if you use folder sync (so the ability should be coming in the next release if beta testing goes well). There is a command line way of changing your vault format which has been referred to on this forum but I'd be a little wary unless and until AgileBits confirms it's happy there's no risk of data loss or corruption—because I suspect much depends on whether or not you sync your 1P data and, if so, how you do it and with what other platform(s) you sync. (There are still some incompatibilities of vault format between platforms, as I understand it.)
We're now down to Android as the .opvault holdout :wink: I kid, somebody had to the final piece to the puzzle. I believe we've got many of the kinks ironed out so if you'd like to try .opvault @saphirblanc then our beta would be the easiest way to do so. The option is in Help > Tools > Enable OPVault for Dropbox and Folder sync. If you are currently syncing using the .agilekeychain you will have to disable syncing and re-enable to have 1Password switch over. While enabling OPVault will mean any vault creations going forward use the newer format it doesn't automatically convert existing sync data.
If you have any questions please do ask away.
Thank you for your answer. I'll give it a try and let you know.
I've disable the syncing of my vaults, but the option to enable OPVault is still not showing up in the tools view.
I do have the latest beta available : 5.4 Beta 2.
What should I do.
The latest beta is 5.4.BETA-9—and that is the beta that introduced the feature you want.
It sounds like updating has stopped for some reason or another. The latest beta is actually 5.4.BETA-9 and OPM-3029 in this latest beta release. If updating doesn't want to play ball I'd recommend the following:
⌃⌘Qwhen 1Password is open (it doesn't have to be unlocked).
/Applications/folder to the Trash. Please don't use an app cleaner.
You won't risk your data at all as long as you don't use any app cleaner. I do this all the time and I wouldn't recommend anything that would risk your vault either. With the newest beta you should see the option :smile:
Oh thank you for the information !
@saphirblanc, on behalf of littlebobbytables, you're quite welcome! :) Let us know how it goes, and if you have any trouble with that, we'll continue from there. Thanks!