I'm still waiting for a way to sync over MY OWN web server - why don't you offer that?

I won't feel comforatable when I would store my password file on an public server like dropbox, OneDrive or iCloud:

  1. Nobody knows how long the current encryption systems won't be cracked. 20 years? 10 years, or just 5? And for sure, the file I upload now will still be somewhere in the cloud in this time, even I will have deleted it. Will all my passwords to maybe hundreds of accounts, websites, services and so on be changed than? I'm really not sure.

  2. It's true that you can use very complex passwords for all of your accounts etc. But what's with your main-password wich you use for unlocking your vault? I can't imagin that many people uses more than e.g. 12 characters including strange signs and so on for their main-password, because you have to type it in several times a day.

Yesterday Germany's Federal Supreme Court canceld the "Save Habour Treaty" which means, that the U.S. isn't a place where you can trust on, that your private data will be kept confidential.

So, how long can agilebits wait for offering alternative ways of syncing the data without public cloud servers? I'm sure, many European users are waiting for that, because syncing several devices by wi-fi is not really comfortable.

Best, Dirk


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: kb:sync-options

Comments

  • MikeT
    edited October 2015

    Hi @don_dirko,

    As long as you're only using 1Password between computers, you can already do this by using your own local sync tool to sync between your computers, there is no need to wait for anything. We also support Wi-Fi sync between Windows and iOS/Android devices and this will be improved in later versions. If you have a NAS device, it should come with its own sync tool that you can use to sync your data between computers.

    The only exception is that there is no easy way to support this on mobile devices that doesn't have a user-accessible file system like iOS devices. The Android version of 1Password does support syncing with the device's local storage as mentioned here: https://support.1password.com/guides/android/settings-sync.html

    Nobody knows how long the current encryption systems won't be cracked. 20 years? 10 years, or just 5? And for sure, the file I upload now will still be somewhere in the cloud in this time, even I will have deleted it. Will all my passwords to maybe hundreds of accounts, websites, services and so on be changed than? I'm really not sure.

    If AES and any of the other encryption protocols we used was to be cracked, there will be bigger problems as majority of the world depends on AES to encrypt their data. AES is continuously tested by the security community all the time to ensure it doesn't happen. In addition, they won't need to know your credentials to get into your bank accounts, they'll just crack the bank's data server instead, which means your 1Password data doesn't need to be stored in the cloud.

    It's true that you can use very complex passwords for all of your accounts etc. But what's with your main-password wich you use for unlocking your vault? I can't imagin that many people uses more than e.g. 12 characters including strange signs and so on for their main-password, because you have to type it in several times a day.

    If someone intentionally uses a weak password for their 1Password vault, then there's nothing anyone can do to protect their data, it will be guessed quickly and the data in 1Password's vault will be exposed.

    Most people don't need to include symbols in the master password, you can use a diceware type of password; a random string of words that doesn't make sense together. You can find out more here: https://support.1password.com/strong-master-password/

    Yesterday Germany's Federal Supreme Court canceld the "Save Habour Treaty" which means, that the U.S. isn't a place where you can trust on, that your private data will be kept confidential.

    I'm pretty sure that was true even before the treaty was canceled and not to mention, Germany was doing the same thing with its citizens when it was working with NSA on XKeyStone as pointed out by Snowden.

    The reality is that no one should trust any government or anyone else to protect their private data. The best thing anyone can do is protect their own data themselves is by using strong encryption to encrypt their own data.

    Also, AgileBits is a Canadian company.

    So, how long can agilebits wait for offering alternative ways of syncing the data without public cloud servers?

    We're not waiting because we have local sync with Wi-Fi and users can use their own sync tool to push data between their own computers. We would like to work on improving Wi-Fi sync to push data between computers but for anything else, there are no further plans at the moment.

  • don_dirko
    don_dirko
    Community Member

    Hi Mike,
    thank you for your comment! I think you're right with most of your opinions concerning the security issues. Nethertheless I find it less convenient to sync with a 3rd party tool, because I can't believe that you won't get confusions when you have made changes on both files (smartphone + notebook e.g.). So I think I have to wait for the improvements of the wi-fi-sync-options, because when you sync to 2 sides (PC 1 <-> smartphone <-> PC 2) you alwas have to re-establish the connection (which admittedly works fine than).
    However, 1password is the best vault I know - and I tried several others before ;-)

  • Hi @don_dirko,

    Nethertheless I find it less convenient to sync with a 3rd party tool, because I can't believe that you won't get confusions when you have made changes on both files (smartphone + notebook e.g.).

    There aren't any sync tools that will not have this problem, that's the inherent danger of bidirectional real-time syncing. Dropbox (and others) has spent millions of dollars and several years on this problem and yet, they still depend on creating sync conflicts to work around this problem. 1Password on iOS and OS X works with these sync conflicts to try to manually resolve it but it's not perfect.

    If we were to build our own solution, it will have this problem as well, there's no way around it, we can mitigate it but these sync tools you're referring to will already have solutions in place to handle this.

    As long as your time server is in sync with your computers and mobile devices, the odds of having the conflict is rare but not impossible.

    So I think I have to wait for the improvements of the wi-fi-sync-options, because when you sync to 2 sides (PC 1 <-> smartphone <-> PC 2) you alwas have to re-establish the connection (which admittedly works fine than).

    That's the big reason why we don't have the sync support between computers. In order for 1Password to support this, the client on the computer also needs to be a server at the same time, this makes it more prone to sync conflicts when it switches between client and server for each computer in the Wi-Fi network. Right now, the current Wi-Fi works the way it does because we have one specific device being the true server in the relationship.

This discussion has been closed.