OP Vault Support

Hello,
I think the most important feature would be the support of OPVault on Android. Because the OP Vault format does improve the security very much. And 1Password is a security driven software. And I think security is important to AgileBits? isn't it?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«1

Comments

  • saadsaad

    Team Member

    With our recent implementation of Wi-Fi sync, we have started making progress with the OPVault format on the Android platform. OPVault is not yet available outside of Wi-Fi sync, but we hope to change that in the near future.

  • @saad wait a second. So I could use opvault on Android but only with wifi sync?

  • saadsaad

    Team Member
    edited August 2015

    Sorry for the confusion! This is not the case. Wi-Fi sync format is not exactly OPVault but the implementation does include certain changes shared with the OPVault format.

    We don't have any immediate news on when OPVault will become available on Android, but the team is working on new and exciting features! We can't wait to share them when it's ready. Stay tuned! ;)

  • @saad I can't wait to see them. I hope the android dev team will realse them this week or maybe next week or sometime the next month. Maybe the 21 of september because its my brithday ;) So a beta as a birthday present would be very nice :chuffed:

  • saadsaad

    Team Member

    A special beta for birthdays? That would be really A-W-E-S-O-M-E! Keep your fingers crossed! :+1:

  • @saad I will. Can't wait for it.

  • saadsaad

    Team Member

    :)

  • @saad So today is my birthday can't wait for the beta today ;)

  • saadsaad

    Team Member

    Happy Birthday @ntimo! Hope you have a great day celebrating! :) It doesn't look like everything we want for our next beta is ready for release yet, so we are unlikely to see a beta today. The update is getting really close though, so we should have something to share soon.

  • Any news on this? I'm also interested in making the transition to the more secure OPVault format but I'm held back as the Android application so far does not support it.

  • kuoiradkuoirad Junior Member

    Especially given the new news about metadata leakage when using AgileKeychain instead of OPVault, it would be nice to get some progress on this.

    ref: http://myers.io/2015/10/22/1password-leaks-your-data/

  • saadsaad

    Team Member

    1Password on Android uses the AgileKeychain format for Dropbox and local storage sync. We don’t support the OPVault format for these sync methods yet, but as I mentioned before, this is something that we are planning on revisiting.

    We recently introduced Wi-Fi sync that uses an internal version of the OPVault format. If you wish to avoid using AgileKeychain right now, you can switch over to Wi-Fi sync on your Android device and switch to OPVault format on other platforms.

    I hope that helps! Please let us know if you have any other questions. :)

  • saadsaad

    Team Member

    @kuoirad We recently put up a blog post related to the article you posted. Have a look and let us know if you have any questions: https://blog.agilebits.com/2015/10/19/when-a-leak-isnt-a-leak/

  • @saad Everyone seems to be in agreement that the default format has privacy issues (which can also be outright security issues depending on the usage) and while it maybe technically isn't news (this problem has been known and discussed before) or "a leak", I think it's fair to assume that your users in general are not aware of these different formats, the design decisions for the default agilekeychain format and the consequences of using it.
    This also means that users very likely are not taking the lack of metadata encryption into account when using the product, something which may expose them in situations that could have been avoided even still using that very format.

    To be honest, I find the title of that response (https://blog.agilebits.com/2015/10/19/when-a-leak-isnt-a-leak/) rather discouraging; it signals having a focus on entirely the wrong issue.

  • saadsaad

    Team Member
    edited October 2015

    It’s great that you are thinking seriously about the security of your 1Password data - this is an important conversation to have!

    The AgileKeychain format was designed nearly a decade ago and it does expose the same sort of information that would be in the browser history and bookmark. If someone gets a hold of your AgileKeychain data, they will only be able to see what sites you have logins for and the title of your items. They won’t be able to see your username and password.

    As mentioned, we have documented and discussed this in several different places. In short, is it more secure to have the metadata encrypted? Yes — it provides an additional layer of security and, depending on your perspective, peace of mind.

    If this is the approach you would prefer, then you are welcome to switch to OPVault on other platforms and change to Wi-Fi sync on Android. Wi-Fi sync on Android avoids the requirement for an Agilekeychain format. We hope to see support for the OPVault format for Dropbox and local sync in the near future.

  • OPVault was introduced in 2012 but it still isn't available on Android, when is this going to happen?

    I feel like the Android version of 1Password lacks greatly to the iOS version. The whole overlay feature to autofill passwords doesn't even work!


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided
    Referrer: kb:opvault-overview

  • I just noticed that the Android app lacks OPVault support via Dropbox. Given the downsides of the Agile Keychain format and the amount of time OPVault has been available, it's unbelievable. I note the OPVault support article recommends using WiFi sync with Android. Does this mean that OPVault is supported but only when using WiFi sync?

    --Adam

  • " If someone gets a hold of your AgileKeychain data, they will only be able to see what sites you have logins for and the title of your items. They won’t be able to see your username and password."

    That would not be true in my case. I actually put the username in the title depending on the site. In some cases I manage 5+ accounts on that domain so I need a way to identify them.

    I really felt bad when you guys got slammed with all the bad press but I was hoping something good would come out of it. I was thinkjing it might light a fire under you guys to get the OPVault up an running on Android instead Twitter and the forum is still being filled with "hope" and "near future" replies.

  • saadsaad

    Team Member

    Thank you for your passion, and for pushing us to make improvements to 1Password. We understand the importance of OPVault, and the team plans to add support for it on Android.

    If you would like to switch to OPVault immediately, use Wi-Fi Sync in 1Password for Android and follow these instructions for the other platforms on which you use 1Password:
    https://support.1password.com/switch-to-opvault

    Hope that helps! Please let us know if you have any other questions. :)

  • droiddroid
    edited November 2015

    Android is the number one mobile OS in the world. Please get the 1password app in shape! It is a shame to read "it is coming soon" for more than one year now. (no matter if it is material design or OPVault etc.)

  • periperi

    Team Member

    Currently, 1Password 4 for Android has support for Wi-Fi sync, which uses an internal version of the OPVault format, so in this way, it's certainly possible to sync an OPVault over to Android. We're also hoping to bring OPVault support to Android in the future.

    That said, support for OPVault is a relatively recent request on Android. We added this as an issue as soon as we started receiving feedback, and I'll go ahead and add your vote for OPVault support in Android to that issue as well.

  • @peri I don't really want to be "that guy" but I just find it a bit concerning that the viewpoint is "OPVault is a relatively recent request on Android".
    Surely it shouldn't be a matter of users requesting it when it comes to bringing core functionality up to par for a security application?

  • periperi

    Team Member

    Hi @hawk7000,

    Don't worry, you're not 'that guy'. :) Being conscious about the security of your data is a good thing! OPVault support is and has been on the roadmap for Android since the OPVault format was designed. But until recently we haven't heard a lot of users requesting it. Of course, user interest is not the only factor that we consider when determining where to spend development time, but it is a factor that comes into play. (Believe me, I don't envy the developers who have to determine which fixes and features get priority - there's a lot to juggle there!)

    I want to assure you though that we would not be making use of the .agilekeychain in 1Password for Android if we thought that it was insecure. Many of us on the team (myself included!) still trust the .agilekeychain format to secure our own data. If you do wish to switch to .opvault, you're welcome to do so by following the instructions that Saad linked to above.

    As mentioned earlier in the thread, I can't promise any more details about future features, but we are listening to all of your concerns, and I'm happy to answer any further questions you might have.

  • @peri Has there been any update since your last post? I appreciate that you feel the Agile Keychain format is secure, but with the greatest respect it is clear from how the issue blew up in October that many people are not happy making the compromise the format forces.

    Given that the OPVault format (originally the Cloud Keychain) is now 3 years old and the weaknesses of the Agile Keychain format (non-encrypted metadata), it's really quite remarkable that Android support still has not arrived. From an outside perspective it would appear that the Android platform is not fully supported (the same could be said for Windows, but those issues are unrelated).

    I hope that OPVault support will arrive soon and in the meantime I will compromise by using WiFi Sync (not that I ideally want a sync server broadcasting 24/7).

  • periperi

    Team Member

    @admdly The Agile Keychain format is indeed secure, and we're very confident in that. However, I didn't mean to imply that that means that we don't want to bring OPVault to Android. We absolutely understand that our customers want their metadata encrypted, and the post that you mentioned did sort of light a fire under our toes.

    I can't give any update as to an ETA, but OPVault support is definitely on our roadmap, and we're prioritizing it as much as we can at the moment. I'm glad to hear that Wi-Fi sync (though it may not be ideal for you) is a sufficient workaround in the meantime. :)

  • I just want to know the estimated time when I can have this...

  • Alternatively, you can at least make the local folder working. I can use a 3rd party (e.g. Foldersync) software to sync vault files.

  • saadsaad

    Team Member

    I’m sorry we are not able to give an ETA on OPVault support on Android. When we have more news to share, we will be happy to post it in this thread.

    In the meantime, you can use Wi-Fi sync on Android in combination with OPVault on other platforms. :)

  • No ETA is fine. Not having it already is not. If it isn't there for the 6.0 release, I'll definitely be switching from 1Password to just about anything else.

  • Agreed. Not having native Android OPVault support is becoming a real issue. (Clunky) Wi-Fi sync is just not cutting it.

This discussion has been closed.