1Password Anywhere and Vault Format
I presently have 1Password 6 licensed on my Mac and I have 1PW for iOS on my iPad and iPhone. My data is synced via Dropbox in Agile Keychain format. As a result, I have a 1PW Anywhere file in Dropbox which is my solution for accessing my passwords when I am in the "middle of nowhere" (not near my Mac and do not have either my iPad or iPhone with me). This does require me to remember two passwords (my 1 PW master and my Dropbox passwords) but that's okay with me.
I understand that:
- if I convert my data to the OPVault format, I will lose 1PW Anywhere (no longer exists)
- if I want similar access, I need to use 1PW for Teams which has a web version
My dilemma is that, although I'm concerned about not upgrading my vault to the most current format, I already have a license for 1PW 6 and don't want to have to purchase 1PW for Teams in order to have "middle of nowhere" access.
In my opinion, providing some kind of "middle of nowhere" access is crucial to the application however I don't like the idea of the web version not being made available to all existing users.
Where do I go from here please?
Paul
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @paul_guertin,
Thanks for taking the time to write in, and very clearly describing your situation. Your understanding about AgileKeychain, OPVault, and 1Password for Teams is correct, and I see your dilemma.
It sounds like you feel like you should switch over to OPVault, mostly because we've switched to it as the default. We've switched to it as the default because it has a few very specific benefits over AgileKeychain. If those specific benefits aren't big deals for you (personally, they aren't for me), then I think you should feel free to keep using AgileKeychain. My personal vault is still sync'ed using an AgileKeychain file over Dropbox.
If you'd like a run-down of the differences about AgileKeychain versus OPVault, I'm happy to provide them so that you can make an informed decision.
You make a really good point: remote access to a vault via a browser is a really important feature. It would be really awesome if we could bring this ability to all sync methods.
I hope this helps.
Rick
0 -
Thanks for your reply @rickfillion.
I would like to take you up on your offer to outline the differences between Agilekeychain and OPVault. It would be helpful to know "what I'm missing" (if anything) by sticking with the Agilekeychain format.
I'm glad to hear that you agree that remote access to a vault via a browser is a really important feature. I suspect however that you and I agreeing on this won't bring about any changes (although it would be pretty cool if that was all it took! ;) ) Do you have any suggestions on how we can go about starting the revolution? Although sticking with the Agilekeychain format may solve the problem for me personally, it doesn't help all of the other new users (like my brother-in-law for example) who have their vault in OPVault format by default. That is actually how this whole topic became an issue for me. After persuading him to purchase a licence and join the 1PW family, I went to show him how he can always use 1PW Anywhere for remote access and discovered it wasn't an option for him. After selling him on 1PW, I now have to eat a little crow and explain the absence of remote access for him.
Cheers,
Paul
0 -
You're welcome, @paul_guertin.
Let's start with the differences between AgileKeychain and OPVault.
AgileKeychain was designed in something like 2008, with the constraints of that time in mind... specifically the iPhone. The original iPhone had little computing power, and at the time, AgileKeychain was used not only for the purposes of sync, but also as the way everything was stored. The number one thing the app needs to do for you (besides keeping the data secure), is to allow you to find the right login you're looking for quickly. Search had to be quick. Searching through encrypted data with as little computing power as we had was far too slow. So.... a compromise was found. There's a few things that you're likely to use for search: the title of an item, the URLs, and tags. For these few things, we decided that it would be OK to not encrypt it. This would mean we could search it much faster, then decrypt only the data for that specific item you've searched for. The fact that this data exists in an unencrypted manner is actually what made 1PasswordAnywhere possible. Decryption in a browser would have been far too slow to make it usable, much the same problem as the original iPhone had.
OPVault was designed a few years ago, originally built to be our way to sync via iCloud via Apple's older Mobile Documents sync. Two big things changed by this point : we now only used OPVault (and AgileKeychain) as a way of syncing data, and not the way all data was stored in the app itself (we started using a little database for that). The other thing is that we now had substantially more computing power, so the time cost of decryption was significantly lower. This meant we could encrypt effectively everything in the OPVault, and not need to leave a few things in the clear.
As a user, thats the big difference between the two, hopefully that clears it up.
You asked how to best get the pitchforks to start the revolution towards 1PasswordAnywhere NextGeneration. I don't think there's anything really for you to do here. The technology that backs 1Password for Teams has a lot in common with OPVault (and how we use iCloud/CloudKit as well). It wasn't broken, so we didn't fix it. We're focusing on making the web vault viewer (and editor!) for 1Password for Teams, but once it's built I'm hoping that it wouldn't be a significant amount of work to make it work with OPVault & iCloud/CloudKit. Nearly nothing from the original 1PasswordAnywhere could be re-used, because... as I said, it really relied on that bit of decrypted information to make it usable. We now have access to much faster decryption in the browser these days, and we make use of it in 1Password for Teams. We'd need that new stuff for OPVault reading in order to make it usable.
So that's how we're approaching that problem. Let's get it solved nicely for Teams, and then we'll see what we can do for the rest.
I hope this helps.
Rick
0
