OPVault Security Issue
Comments
-
Hi @Amazme1,
Thanks for taking the time to contact us with that question! Now, you didn't say which sync method you're using, but since you're asking about making OPVault the default sync format, I'm guessing you currently use Dropbox or Folder sync. But if you happen to be using iCloud sync (available in the Mac App Store version of 1Password 5 for Mac), then your sync data is already in the OPVault format, as that's what iCloud sync has always used.
But getting back to your question, and assuming you're using Dropbox or Folder sync: I honestly can't say for sure if OPVault will be the default Dropbox/Folder sync format by the end of this year. That doesn't mean it won't, but that doesn't mean it will - I really just don't know yet. As with any change, there are too many factors that could affect implementation, and we certainly don't want to promise something that we can't deliver on.
More importantly, please note that once OPVault is the default setting for your sync data, that will not automatically convert your existing .agilekeychain file to a .opvault file. At that point, you would still need to disable & re-enable Dropbox or Folder sync in order to have it create a new sync file in the OPVault format, as described here.
If you want to start using OPVault, you definitely don't need to wait for us to make it the default sync format. It's really easy to do it now, and you can find the steps in this knowledgebase article: Can I switch to OPVault from Agile Keychain?
That involves entering a command in Terminal on your Mac, but even if you're not familiar with Terminal, that's very easy to do because you simply need to copy & paste the command from the above article.
If you need help with that or have more questions, please let us know! :)
0 -
If I do nothing will you take care of making the OPVault the default by yearend?
0 -
None of your instructions work. The terminal change failed to update the vault. I could not update the vault in preferences. I'm trying to be patient about this situation, but this is a serious problem that could better be handled by phone. You need to get this serious security issue fixed. You could have done a better job by providing thorough step-by-step instructions. I have recommended your software to several people, but I cannot continue to do that unless I see this resolved. Very disappointed.
0 -
Awaiting reply
0 -
Hi @Amazme1,
I sincerely apologize for the frustration here! Our documents team has been working on polishing up the article that guides you through the process of switching to .opvault. It's updated here: Switch to .opvault - do these steps explain things more clearly for you?
You need to get this serious security issue fixed.
This issue has been talked about a lot in the past week, and it does seem pretty serious, but I want to assure you that we would not allow .agilekeychain to be used at all if we thought that it put our users at risk. Many of us on the team, myself included, still trust .agilekeychain to sync our data. It's important to note that, even with the metadata unencrypted, there are some pretty significant hoops that an attacker would need to jump through in order to get at even the data. As we've stated in this announcement at the top of the forums,
In order for anyone to access information about your 1Password data (such as the titles and URLs of your items but not usernames or passwords), they would need to gain access to the Dropbox account you use to sync your 1Password data in the Agile Keychain format.
Even then, they would only have access to the metadata about your sensitive data (notably titles and URLs), not the sensitive data itself.
It's great to hear that you are thinking seriously about the security of your data, and we're more than happy to help you migrate your data to .opvault if that is what you prefer. I just want to make sure that you know that, no matter which data format you choose, your passwords are safe in 1Password.
0 -
Let me explain what I did. First I logged off and then copied your code for the App store version to terminal and ran it. No success.
Then I tried the version for the download from your site. No success. In both cases it still shows Agilekeychain. Your other instructions refer to unlocking the sync area in preferences. There is no place indicated to unlock it and it cannot be changed there. Earlier I had tried deleting the link in dropbox and that also failed to work. Since you have no support other than this forum, we can continue this discussion as long as it takes. As an retired IT expert with more than 30 years of experience with major companies, let me help you properly create your list of instructions.Your instructions should be written as follows. Keeping in mind that these are only examples.
Before beginning, I assume I downloaded your app from Apple's store. You need to look at my license and determine if I downloaded from your site and tell me since I have no evidence of that and trying that code in terminal failed anyway because when I did it, I had not deleted the dropbox link or changed anything in preferences which I can't unlock.Step 1: Delete the dropbox link
Step 2. Log out to close all apps
Step 3. Log back in
Step 4. Whatever comes next
etc.0 -
Here's your first missing step which I discovered by accident. Where it says "Sync Primary Vault With Dropbox" under Preferences you failed to say "Click on Dropbox"and choose "None". A popup appears that allows you to delete data from Dropbox. "Check the box and click on Disable Sync."
There are two additional problems you need to deal with. Command+Control+Q does not do anything. I had to log off after closing 1Password5 on my Mac, but it does not affect the menu bar icon which doesn't close. So when I did the terminal step and reopened 1Password Preferences, the only Dropbox file I could select is the agilekeychain. The OPVault file doesn't exist. This means that there are some additional missing steps or you haven't explained where I find the OPVault to select it in Preferences.
0 -
Hi @Amazme1,
I apologize for the delay in getting back to you about this!
I'm also sorry if our steps to switch to the OPVault sync format were a bit confusing. Thank you for your feedback & suggestions about that! I'll let our development team know, and hopefully we'll be able to improve the steps there soon. In the meantime, I'm sure I can help to clear up the confusion and help you to sync your data in OPVault format. Please know that if you'd prefer a more private means of communication with our support team, you can email us at: support+forum@agilebits.com (if you do, please include a link to this forum discussion)
Command+Control+Q does not do anything. I had to log off after closing 1Password5 on my Mac, but it does not affect the menu bar icon which doesn't close.
I don't know why the
⌃⌘Q(Control+Command+Q) keyboard shortcut wouldn't work, but there's another way to do that. From the main 1Password app, hold down thecontrolkey on your keyboard, then click on the 1Password menu at the top of the screen (right next to the menu). Choose Quit 1Password and 1Password mini from the menu (you should still be holding down thecontrolkey when you do that).The 1Password mini icon that normally shows in the menu bar of your Mac should disappear.
...I assume I downloaded your app from Apple's store. You need to look at my license and determine if I downloaded from your site and tell me since I have no evidence of that
To see if you have the AgileBits Store or Mac App Store version installed, open the main 1Password app on your Mac and go to the menu for 1Password > About 1Password. The window that opens will tell you which one you're using. You can also find those steps here: Which version of 1Password am I running?
Once you know which one is installed on your Mac, you can make sure you enter the correct command in Terminal, as described in Step 2: Make OPVault the default format.
The terminal change failed to update the vault.
That's correct, the Terminal command simply changes the default format used when creating new sync files. It's just a way to change an internal setting, and it doesn't affect any existing sync files in Dropbox. After you (successfully) enter the correct command in Terminal, you'll still need to disable sync, delete the existing .agilekeychain file from Dropbox, and then re-enable Dropbox sync. When you re-enable Dropbox sync, 1Password will create an .opvault file in Dropbox instead of an .agilekeychain file. This is described in Step 3: Convert existing vaults.
Your other instructions refer to unlocking the sync area in preferences. There is no place indicated to unlock it and it cannot be changed there.
I'm not actually sure which step you're referring to, as our instructions for switching to the OPVault sync format don't mention locking or unlocking anything. If you still need clarification on a specific step from that knowledgebase article, please let us know exactly which one and what it currently says, and we'll be happy to help you with that.
Getting back to the exact steps you need to follow: After you enter the correct Terminal command, you'll need to follow these steps:
- Open 1Password and go to 1Password > Preferences in the menu bar.
- Click the Sync tab, choose a vault on the left, then change the sync from Dropbox to None.
- Click the box to Delete data from Dropbox, then click Disable Sync.
- Change the sync from None to Dropbox.
- Click the Choose button and select your main Dropbox folder (then click Open).
- Click Create New to create a new 1Password.opvault file in Dropbox/1Password.
- Allow Dropbox to fully sync.
On your other devices/computers, 1Password will give you an error when it realizes the .agilekeychain file for your vault is gone, and you'll need to re-enable Dropbox sync and choose the new .opvault file.
Please let us know how it goes and if you have more questions about that! :)
0
