Only sharing options are AirDrop or Print (email, message options restored: iOS v6.4.2, Mac v6.3.1)

AGAlumB

This is like some countries, commonly referred to as nanny states, removing personal choice from their citizens. Agilebits is saying that it knows more about how I and others should manage our respective lives. You've gone beyond protecting us from third parties to protecting us from ourselves, and then using the lowest common denominator to determine how to protect everyone.

@SecretSquirrel: I have to respectfully disagree. As you and others have pointed out here, it's still possible to share passwords via email (insecurely) and iMessage (potentially also insecurely, as I've often been surprised to see a message go from blue to green after sending). You still have the choice to do this. We're not "outlawing" it like a overreaching government might. We're simply not willing to facilitate it.

Then you say that using an external insecure method to share is up to the user ("After all, you're able to share information insecurely by any means you wish regardless"). However, 1P does not prevent these workarounds.
So, if you're ok with (or even recognize) users using an (insecure) workaround as they choose, why on earth are you not ok with users sending via iMessage.
Have you figured out a way to prevent users from taking a screenshot or to copy/paste to iMessage (or even SMS)? Of course not. You have not prevented anyone from insecure ad-hoc sharing. You can't. As such, removing the share feature protects no one. It's a failed attempt to protect users from themselves, and only serves to push them into workarounds, and anger many users.

I'll reiterate this: we're not trying to stop people from being insecure, sharing screenshots of their credit cards on Twitter, copying and pasting their banking information into Facebook, etc. We can't. But 1Password's mandate is to help people be more secure. So where we can offer a secure option, we want to, so we continue to explore ways to securely share individual items.

But where an option is insecure, we don't want to offer it. People will still do as they see fit. It's your data after all. We just don't want to include a feature that helps people be less secure. It appears as a tacit endorsement of bad behaviour, and can also lead people to believe that it is secure. After all, if it wasn't, why would 1Password support it?

Let me repeat that: removing the share feature does not prevent anyone from using a sharing workaround with no security warning. Your lowest common denominator is the person most at risk to this. You've not protected them; rather, you've exposed them to greater security risks.
I'm not sure you really see this. With an in-app feature you can at least provide a warning. Workarounds have no warnings. You've accomplished the exact opposite of what you intended.
Do you not see this?

You're right, and we absolutely do see this side of it, but it isn't the only consideration (as outlined throughout this discussion). Ultimately it's about responsibility, and we have an obligation to not make it easier to do the wrong thing; however, the choice remains yours as an individual.

From a security viewpoint, they are endangering the very people they want to protect. The whole approach was ass-backwards to begin with.

I couldn't agree more. We should't have introduced item sharing in the first place if we weren't able to make it secure. That's the real pain point here: that we introduced a feature that did not meet our standards, anticipating that we'd be able to bring it up to that level in the future; we didn't make good on that; and now, we've taken away something you and others have come to love, and for that I am truly sorry. :(

AGAlumB

This is so sad. Basically, Agilebits is succumbing to the CYA mentality of protecting us from ourselves so that they are not seen as "enabling us" into using a non secure route for sharing information. Rather than correcting a potential problem, you have created a larger one since people are now sending regular passwords etc. over plain text / email.

@mwarner: Not at all. This isn't about appearances. It certainly hasn't helped your esteem of us (and others in this discussion)! But as I outlined above, we believe firmly that 1Password shouldn't be helping anyone be less secure. For anyone intent on doing so, they don't need 1Password's help.

Surely your lawyers can come up with the right language to place a clause in the app. that will fully warn people that what they are about to do is not 100% secure and that the users should delete the email / text after use.

We really, really don't want lawyers involved. Yuck. And regardless, we don't agree that saying, "Here's a feature, but seriously don't use it," sends the right message. We want 1Password to be about security, and everything in it should reflect that.

Much like the dust-up with other Mac apps like TextExpander, I fear that this is partly in motivation to force users to the monthly payment plan version of the app. so they can access shared vaults across users. Very very sad.

I'm sorry for the confusion about this! As mentioned above, were this the case, Dropbox would be gone. As it stands, anyone can securely share a vault with another 1Password user whether they pay a subscription or buy a license. In this case, 1Password Families/Teams simply makes the same thing easier. But Dropbox is still a great way to securely share a vault with your family, friends, or coworkers. :)

iReza

Bring the share option for iOS back. This is not fair what you guys doing to push everyone to buy into the team story!
@brenty with all respect none of what you say makes no sense! Give back what you originally sold us.

jgriffinstewart

Here is a possible solution:

Why not use expiring links similar to how you can do with Dropbox. The idea would be that the recipient has 24 - 48 or a custom specified time to add that login to their 1Password and then after that, the link goes to a page on your site explaining the link expired and to contact that person for a new link (should get some nice traffic your way :-)

The current alternative is sending usernames and passwords in the open or single 1password files which I believe have the same security risks.

Ben

@jgriffinstewart

That would require some form of hosted service. Not completely out of the question, but not something that could be done in the short term.

I truly wish we had a better solution to offer for ad hoc sharing in the short term, but we don't. Not even our new subscription services offer it (sharing is still done at the vault level).

We're still discussing how we can best meet this need in the future.

Ben

jgriffinstewart

Makes sense @bwoodruff. Seems it could be done rather cheaply via some kind of tie-in to S3 especially as all that is being sent is text. Maybe it could be an option add on for a $1 monthly fee.

Or maybe just a direct integration with Dropbox, so dropbox would handle the file and expire the link/remove the file after the expiration?

Or would it be possible to have an embedded expiration date in the share link that would then encrypt itself or obfuscate itself via some OS X tool or script after the expiration?

Ben

I'm not aware of any way to encrypt something such that it can only be decrypted on certain dates.

It is likely that any solution we could come up with would require some sort of a mediator, whether that be us (likely via S3), or some other service such as Dropbox. Though I'd think especially considering recent experience we'd be more inclined to have it be ourselves.

Ben

tonydow

Do you really think that this sharing, which has been working for some time I assume, was such a critical problem now that it warranted removing it before an alternative was found?

AGAlumB

@tonydow: We'd really rather not wait until it becomes a truly critical problem, as evidenced by every zero day software vulnerability out there. If someone smart decided that it was worth their attention, they could write some code to de-obfuscate the data and simply add it to an exploit kit. By then it's too late.

mszmansky

I am a big fan of 1Password and truly believe that it has made my entire family's usage of id's and passwords to be much much more secure as we now have different passwords for every sight and those passwords are not anything that can be easily remembered. I used the sharing feature all the time with my family for those accounts in which both my wife and me use together. Taking away this functionality and telling me to pay a subscription fee is absurd. One of the reasons I converted my entire system from the old tool to 1Password was because it was a subscription based service and I am not willing to pay monthly for that. I want that feature back period. It should be my choice if I want to share via messages or email. An agreement I can submit would be fine. I really do not want to convert my entire system to another tool again, but I will if I have to. I will also not be very willing to recommend this tool to other users going forward. I am very disappointed in this decision.

Penelope Pitstop

@SecretSquirrel how often did you use the feature?

Ben

@mszmansky,

Paying a subscription is not necessary in order to share items with your wife. You can use a secondary vault & vault sharing to accomplish this:

(iOS) How to share a vault without 1Password Families or 1Password Teams

@SecretSquirrel,

I haven't reviewed LastPass or Dashlane's implementations of ad hoc sharing. What makes them secure? How is the information transmitted such that the intended recipient, but no one else, can decrypt it?

I'm not saying that we can't do it, but we haven't found a good way to do it yet. It may take some time to find one.

Ben

Penelope Pitstop

@SecretSquirrel regrettably, I was unable to. Would you care to answer my question?

1opinion

I want the sharing thru email and iMessage back. I have no issue accepting responsibility of something happens. That was my most used feature with my wife.

mszmansky

I used the feature a lot with my family and like @Penelope Pitstop said, it was easy as a couple of clicks and now they have it.

Penelope Pitstop

@SecretSquirrel Really. There isn't a way. I'm not trying to goad you. I am genuinely interested. How often?

Penelope Pitstop

@SecretSquirrel trolling? Poppycock. I asked you a straightforward question. Feel better now that you've taken another chance to whinge?

AGAlumB

Now 2K views.

@SecretSquirrel: Indeed. Each and every post you make in this discussion notifies everyone else who's ever participated in it, so it's not surprising that the numbers get up there when we check the new comments. We're all going to have to start reloading faster if we want to catch up to some of the newer, even more popular threads. ;)

I should also mention that sending private messages is enabled only for moderators, though anyone can reply to a private message. However, I can totally setup a more private conversation if that's something you'd both be interested in. Starting a new discussion is another good option, provided we can keep it friendly and respectful even when we don't see eye to eye.

@SecretSquirrel, @Penelope Pitstop: I have a lot of respect for both of you from past discussions I've participated in, and I think it's a shame that this one has gone off the rails a bit — and in a sort of not-so-fun way. Let's keep the comments focused more on the topic and less on each other. At the end of the day, we all want 1Password to be the best it can be, even if we disagree about the details.

dsuper7

There are so many posts on this I didn't even bother reading many of them.

I love 1password and have recommended many family members and friends begin using it though moving forward I will have to investigate the alternatives. I do use the Dropbox shared vault with my husband but can't with my mom because she hasn't used dropbox since http://www.drop-dropbox.com. Its also very inconvenient and overkill to create a shared vault simply to share a few passwords on occasion having to maintain both to avoid duplicates and to ensure you have the password in your main vault. Though you do provide the "All Vaults" view by default we find it confusing and risky, we begrudgingly use the Vault to pass a login through then he adds it to his main vault then deletes it from the shared vault.

At the very least can you provide access to what ever file you are propagating up to the AirDrop sharing API. Then maybe I could simply use messages.app to share what ever the hell that file is that your willing to send via Airdrop lol.

I hope you guys come up with a solution that isn't cumbersome and inconvenient, the Family and Team sharing subscription is just overkill for the majority of users. I did test drive the Teams sharing for our small office and it was just too difficult to get everyone on board especially since many of them need a password like once a year.

I do work with a consulting company that would utilize all of the great features in Teams but they are already using LastPass which I think is the case with a lot of companies. Its going to be difficult to convince all the big companies to switch unless LastPass really screws them over.

dsuper7

Another thing I forgot to mention is that the Dropbox sharing user flow is so difficult to explain to not so tech savvy family members. If you guys are stuck on this as the alternative I would really work on a much more stream lined process. Something like automatically creating the Dropbox folder and vault and utilize any Dropbox APIs if available for collaboration all in the same flow. Even providing dialogues or a wizard to walk users through the process would be better then the existing instructions. I would have suggested tackling this stuff before killing the other sharing methods but hey better late then never :).

I understand you are trying to market your subscription product and I recognize development and maintenance are far from cheap I would gladly pay 40 bucks a year to get other more convenient sharing methods available that are maintained in parallel. VMWare squeezes me for an annual upgrade fee every time OSX is updated and I have no problem with that.

Ohhh and one more thing. The consulting company I work with was rather turned off by the idea of not using 2 factor authentication. I realize you guys do your homework but why not also have 2 factor authentication with teams and Account Key.

I gotta say both the sharing via messages and Better than two-factor authentication seem like marketing decisions more then security precautions, though I hope thats not the case.

The_caveman

Hi there,
Normally I come here to complain about the fact that we still can't take a picture of something and add that to 1Password (iOS version).
Now, however, I'm here to rant about the fact that someone decided to remove the iMessage sharing option. WHY?? It was the perfect option to share a log in with someone else! It was added to 1Password with a click. Convenience!! And please don't tell me I can still do that by copy/paste because I can't! It is no longer a one click experience!!
Please bring this back!!
Oh, and don't advice me to buy into the "team" or "family" stuff. I already bought the software and I don't buy subscription based software. You can charge me again for a serous update, but not a monthly subscription. And I'm not the only one...
So, please, pretty please with sugar on top, bring back the secure iMessage sharing option. Yes, only when sms sending is not selected. I know!!
Cheers,
Caveman