Only sharing options are AirDrop or Print (email, message options restored: iOS v6.4.2, Mac v6.3.1)

1468910

Comments

  • Hi @The_caveman,

    I've merged your thread with another on the same subject. Please see above. Unfortunately we had to remove the non-AirDrop sharing options as they did not meet our current security standards.

    We'd like to find an acceptable ad hoc sharing solution, but we do not have one at this time (even 1Password Teams and 1Password Families does not currently have this).

    It is never an easy decision to remove a feature. It wasn't a decision we made lightly. And we understand there is a demand for a replacement. But we cannot in good conscience bring the feature back as it were.

    Thanks.

    Ben

  • Ben
    Ben
    edited May 2016

    @dsuper7 Thanks for your feedback. What would you imagine the marketing advantage around these decisions would be? I ask as if we're using language that makes it appear that way I'd like to know that.

    We feel the account key is a stronger way of protecting 1Password data, as it is involved in the actual encryption process, vs being for authentication only (which is what most MFA implementations do).

    And as for the removal of these sharing features... I could see why folks might think it were a marketing move if we were selling an alternative. But we aren't. Even if we were, that wouldn't have been the reason, but I could see why folks might think that.

    I'm not trying to be argumentative; just trying to get a better understanding of why you feel these were marketing based decisions.

    Ben

  • dsuper7
    dsuper7
    Community Member

    Hey @bwoodruff,
    First I want to say I think 1password is a stellar product and I don't want it to seem as though I feel otherwise. I simply felt that the removal of a widely used feature coinciding with the paid availability of a subscription solution for the now absent feature was a bit suspicious. As you alluded to in your post you can see "how folks" might think that. The MFA solution may very well just be a well thought out decision made by engineers and designers, but with the previously suspicious move I started wondering if there could be sales/marketing related costs with implementing MFA as opposed to the "Account Key TM". Now I admit that is a totally wild speculation that is probably wrong and based on 0 research; but that is where my mind went after the sharing feature RemovalGate lol.

    Again you guys have done an amazing job and I hope this brings about a solution that meets somewhere in the middle of convenience and security. Like I mentioned even just revisiting the user flows for using Dropbox with shared accounts would make a huge difference. The other issue I find really hard to believe but haven't taken the time to read the API for AirDrop yet, is that facilitating an AirDrop transfer is doing something other then simply sending a 1password URI or file like you were before just only allowing people to do it over airdrop. AirDrop works great on my machine but several of my friends and family members cant use it for various reasons.

    Thanks again for all the hard work on 1Password lucky for you I'm pretty lazy so unless the other core functionality suffers you will likely keep myself and others as customers. Overall probably a not a bad Marketing Move whether it was planned or not lol.

  • mweavind
    mweavind
    Community Member

    Created an account just to add my voice to the large number of complaints about the removal of the share via Messages options. This was a very useful tool. From reading some of the comments above it seems that this was deemed insecure solely because of the option to fall back to SMS. As the is an optional feature (and one that I have turned off) can't you check for this? If not I agree with several posters that this is surely our option as to whether we use an supposedly insecure feature. Though one would argue that you've left perhaps the most insecure option, Print, available still so removing an option which is significantly more secure is a bit odd.

    Please bring back the share via message option!

  • [Deleted User]
    [Deleted User]
    Community Member
    edited May 2016

    I see my post was merged with an existing one... I've just spent the last half hour reading the above stuff and it's clear you pissed of a lot of people with this move, especially one that was not in the release notes!!

    Anyway, let's look at the alternative:
    AirDrop: can you please carefully explain if I can use AirDrop with the same security and confidence as iMessage (and for the sake of reasoning, the iMessage that does NOT revert to SMS).

    If AirDrop is secure and as easy to use as the iMessage option (you know, one tap and it's added to 1Password), then it would be a satisfactory solution for my problem.

    Cheers,
    The caveman

  • vipson
    vipson
    Community Member

    I want to share entry over iMessage and I don't see that option available. Am I missing anything?
    I also tried AirDrop - it used to work and now I don't see it listing my contacts on AirDrop anymore. I have soft-reset my phone and tried again. No success.
    So I tried to share the data on Threema, but looks like it does not send anything on Threema..What am I missing?


    1Password Version: 6.4
    Extension Version: Not Provided
    OS Version: iOS 9.3.2
    Sync Type: wifi

  • Hi @vipson,

    I've merged your message with another on the same thread.

    The best way to share 1Password items is via 1Password for Teams or 1Password for Families:

    Families - 1Password

    Teams - 1Password

    Alternatively you can set up a shared vault in Dropbox:

    How to share a vault without 1Password Families or 1Password Teams

    Currently the only ad hoc sharing we have available is via AirDrop. You can read more about AirDrop and under what conditions it is available here:

    How to use AirDrop with your iPhone, iPad, or iPod touch - Apple Support

    I hope that helps!

    Ben

  • jayd
    jayd
    Community Member

    @bwoodruff, in your last reply to @vipson, you are pointing him toward 1Password for Teams/Families (paid) or Dropbox vault sharing (free) for his request. However, his inquiry was asking about sharing individual entries. Just a few replies up the page, where you responded to @dsuper7 and @The_caveman, you said AgileBits is not selling a replacement for the missing feature.

    I have no experience with 1Password for Teams/Families (paid), but your message here is conflicting. Why did you previously say that no replacement for the removed feature was available, but now you are suggesting @vipson pay for Teams/Families to get the feature replaced.

    Does the paid 1Password for Teams/Families actually provide the simple ability to ad-hoc share entries? That is the feature all the posters in this thread are missing and wanting returned. Please do not try to sell us on your additional paid service, particularly if that service does not even provide the feature that was yanked out from under us.

  • lerokie
    lerokie
    Community Member

    Here we go... another happy customer disappointed with the removal of the Encrypted Text option. I love 1Password, and when my partner and I met, we were so excited to learn we're both hardcore 1Password users.

    We oftentimes share 1Password's Credit Cards, Bank Accounts, and specially Secure Notes through the Encrypted Text, among the casual login credentials that triggered this conversation. We both share through iMessage, and not once our Encrypted Texts have gone through SMS. We used this feature often. About a month and a half ago we realized the feature was disabled, and though we were disappointed then, we decided to move forward with AirDrop since we were both in the same physical location. Today, however, it was a different story. I needed some sensitive information sent my way while I was at work, and we found it very hard to do so. I even tried setting up a shared vault just for this purpose, but found out I can't do so from the iOS app, and unfortunately my office firewall blocks any and all online storage options like iCloud and DropBox for security concerns. So we found ourselves turning off our iCloud Photo Stream to take a screenshot, then send it over iMessage, for me to access the information, then delete the iMessage from our Macs, iPads and iPhones to prevent it from being seen by anyone we share our phones with, and obviously, deleting it from the Photos app, before re-enabling the Photo Stream feature.

    That's a lot of steps to try and keep things as secure as we could in the absence of an Encrypted iMessage. Even if someone has access to my iPhone or iPad, they don't know my 1Password password and couldn't open the contents even if they wanted, so we both wouldn't have had to go to our other devices to delete the Encrypted message.

    Would you please figure out a way to have this back? It was one of our favorite 1Password features, and we're very disappointed in not having it anymore.

  • vipson
    vipson
    Community Member

    I agree with @jayd.
    Looks to me that you are indirectly forcing people to buy the other product by discontinuing some features from one & making those available in other. Tomorrow you will say that Dropbox is not supported anymore and so is iCloud..now, we have to buy your family/team product if one is using Dropbox/iCloud.

    Looking at other way - if other chat services etc. are not supported why are they showing up in when I click "share"..You should have disabled all that are not supported.

    You have to understand that what made your app better than others was the features, principles etc. behind it and that's why people, at least I bought it. I chose your product because it allows me not to store my data on cloud, it allowed me to share my data the way I want, it allowed syncing by wifi (if not via cable).

    Anyways, sharing ad-hoc entries via iMessage was there, it would be nice to get it back. If sharing ad-hoc entries over iMessage/SMS is security concern, you could device some public key/private key method (including taking hash of entry & verifying authenticity of message/entry) to make sure that only intended recipient is able to get it.

  • This content has been removed.
  • dsuper7
    dsuper7
    Community Member

    OK I just requested the deletion of my Team Vault account for our office and felt compelled to vent yet again lol. As many have pointed out you provide a print option which completely blows the "security interest" reasoning out of the water with a nuke. I do understand that the messages and email sharing provided the user perhaps a feeling of security that you no longer wanted to misrepresent BUT the core functionality and usability of the application hinges on Copying and Pasting passwords and user account information into sites and applications that do not support the 1p api for insertion. Copying and Pasting from within iOS gives the user the ability to Copy and paste their passwords to a text message or anywhere they see fit. So all you have really done was make sharing via text message less secure and a huge pain in the ass right? Again I understand the goal is to make the app more secure BUT you gotta be wearing nikes with a Kool-Aid mustache to believe that feature removal accomplished this.

  • vipson
    vipson
    Community Member
    edited May 2016

    I kind of see that the feature was removed in the name of security, but considering the nature of product and team behind it it's very hard to believe that that was the only and/or main reason. Like what Threema is doing, they could have implemented ad-hoc sharing still in messaging apps or even enhanced it to next level with authenticity verification.

    Until now I was strong advocate of 1Password. Without this needed/practical feature needless to say that it's hard to recommend the app/tool to others now.

  • This content has been removed.
  • canuck
    canuck
    Community Member

    I Just found out about this. I used this feature all the time! This is clearly a play to move us over to your subscription model (yes, I read the whole thread). Now I'm going to be forced to send plain text over imessage to my partner (thanks for that!). As someone who has been buying your applications for multiple devices and platforms from day one, I can't even begin to express how disappointing this is. I don't need your family cloud service. Will all the apps for all the platforms go free if you pay for the service?

  • barrettj
    barrettj
    Community Member

    Is there any chance you'd add the feature back but require us to enable some secret setting via a url scheme or something? This was one of the main reasons my wife and I use 1password - we could quickly share our passwords while keeping them considerably more secure than we otherwise would have. Without this feature we're literally texting them back and forth even less securely. I understand your position that it's not "super secure" - but it's leaps and bounds ahead of what we'd be doing otherwise and without the feature I think we'll be asking apple for a refund as the app no longer fills our need.

  • Sam84
    Sam84
    Community Member

    Did 1Password remove the option to send/share passwords throug the message app? Also, sharing as clean text is gone. This was availible before 6.4.


    1Password Version: 6.4
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: iCloud

  • vs2014
    vs2014
    Community Member

    Deeply disappointed with your decision to remove iMessage Sharing. Insecure SMS. Ok, it's not encrypted - but imagine how many Two-Factor Authentications are exchanged by this unencrypted medium. And how large is the risk that this information is received by a targeted attack on you? Symmetric Encryption with a PIN could be a solution to the encryption problem.

  • dszp
    dszp
    Community Member

    @SecretSquirrel LastPass has a web server where they can store passwords securely for sharing with users in other accounts. 1Password without Teams/Families has no such central server to point people to in order to share passwords--there's no central storage and no way to securely exchange encryption keys without a multi-step process that is beyond simple sharing. This would be possible with their 1Password Teams or Families services, since it's much more along the lines of how LastPass works conceptually with a server in the middle, however they haven't built the feature there either for ad-hoc item sharing (though you could give Guest access to a vault to share items within an existing account). However, I agree it's much more likely to show up there when they get a chance to build it (because it's much easier to build there).

    A small side-service of a company I've used the products of before has a little utility called HelpSpot Vault at https://www.helpspot.com/vault which lets you save stuff like passwords and such into a form on their site with a random URL you can share and an expiration for when it's deleted. It DOES require trusting them (I do, you may not) to do the right thing but it would be more secure than plaintext sharing. It's not an ideal solution, just one thing I thought of when reading this thread. 1Password could do a first-party version of that much better with time.

  • face
    face
    Community Member

    Today i've tried to share some items through sms / iMessage but i cannot find the functionality anymore ?
    Is it been dismissed ?
    Why ???


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided

  • face
    face
    Community Member
    edited May 2016

    I'm in too for the 'petition' to re-enable sharing encrypted methods like iMessage (is secure as Airdrop, come on!!!) and also with WhatsApp (now that comes with the new active encrypt end to end conversation).
    We all are missing something ??? Please do it ! We all LOVE 1P ...

  • buckZor
    buckZor
    Community Member

    ARE YOU FREEKIN KIDDING ME!?!!? Such a BLATANT desperate move to force people into your Subscription Teams service. I manage our Company Teams tenant, but I still share single items with other people from time to time. This is ridiculous! I can't add everyone that I need to share something with into the Team. The Team offering is very cool and people will use it, but don't cripple the software in a desperate attempt to up-sell people. I am a 1Password evangelist! You MUST reverse course on this!

  • buckZor
    buckZor
    Community Member

    ..and if the reason TRULY is from a security perspective, then put up an annoying disclaimer every time they share an item to a medium that you consider insecure. My data, My passwords. Let me choose. How dare you remove functionality that BROUGHT YOU CUSTOMERS!

  • This content has been removed.
  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Forgive me for not addressing all, or even a portion, of the various points made in this very very long discussion.

    Unfortunately, there is little I can say other than repeating what I've said before

    Long overdue

    Because of the security problems, individual item sharing should have been ditched long ago. We were wrong to let it live so long. It was introduced as a stepping stone to something "just around the corner" that never happened. One of the things that we've learned from that is that we should never introduce anything that lowers security even if it is just a "temporary step".

    The reasons for withdrawing it remain

    Whatever the future holds for individual item sharing, I will strenuously object to it being restored as it was. Now I don't always get my way on every thing. So this doesn't absolutely preclude it coming back as it was, but the security reasons for getting rid of it are compelling.

    Having people send passwords around by SMS or Email in a manner that superficially looks secure while actually isn't is just not acceptable. People who read our discussion forums understand the security properties of sending such things. But y'all are a tiny fraction of the people who are trusting their secrets to that sharing.

    Timing really is a coincidence

    Despite that fact that I am being perfectly truthful about the coincidence of timing, I fully understand why some people are more than a bit suspicious. I am going to paraphrase some of our internal discussion of this.

    Me: It has to go.
    A: Oh, I know it has to go, but can't we wait at least until we have individual item sharing in Teams and Families?
    Me: Always waiting for a successor/solution is how we've ended up with this [expletive deleted] thing for nearly three years, which is two and a half years longer than it was ever supposed to live. We just can't do that any more.

    Me: It has to go
    B: Oh, I know know it has to go, but it is a really useful feature.
    Me: I know. I love it. I use it. But it has to go.

    Me: It has to go
    C: Oh, I know it has to go, but the timing of this is going to look really bad.
    Me: Tough. We've waited so long that we no longer have the freedom to pick a better time. Always "waiting for a better time" is how we've gotten ourselves into this situation.

    We all knew that it had to go. But I'm the bad guy. I'm the one who led the "I can't care about all of the reasons we have for waiting. We've waited too long to kill it" effort.

    I'm the bad guy

    I love to say that it is wrong to think that there must always be a security/convenience trade-off. Any time we face what appears to be a security/convenience trade-off it is our job to reject that sort of choice and find something that simultaneously makes things easier for people and more secure. And that really is what we genuinely do.

    But we don't always succeed in that. Sometimes we really do have to face a security/convenience trade-off. And sometimes we have to revise our decisions of how we have balanced those. Though in this case it isn't so much a revision of our estimate of the balance of the proper balance here, but a revision in whether we can continue to say, "well let's just wait a bit longer." So I'm the security guy saying that we have to give up on a convenient feature. (While I really am the bad guy here; I should point out that the only argument was about timing. There was strong consensus on the fact that individual item sharing as it was had to go.)

    And so we've made a long overdue choice on a security/convenience trade-off. We knew that it would be deeply unpopular. We knew that the timing would look more than suspicious. We knew that even the truth – that we'd let this thing live as long as it did – is embarrassing.

    I know that this isn't the "answer" that most people want to hear. And I'm sure that we could have communicated this better. And of course, we were wrong to let obfuscated item sharing live as long as it did. But given that last mistake, we just weren't going to wait any longer to take our lumps.

    I'm sorry.

    The future

    We very much have heard you all. And we can imagine that for every person who has spoken up here there are many more who have not contacted us. (And there are those who have contacted us via other channels.)

    Because of the security issues, we will not bring back individual item sharing unless we can either

    1. Give it the security properties people rightly (and often implicitly) expect of it
    2. Or make it absolutely clear to everyone using it every time what security properties it has.

    A deep and essential aim of everything we do is to make it easier for people to behave securely than to behave insecurely. Individual item sharing, as we've had it, went against that principle.

    Jeffrey Goldberg
    Chief Defender Against the Dark Arts (and occasional trouble maker)

  • Unknown
    edited May 2016
    This content has been removed.
  • AGAlumB
    AGAlumB
    1Password Alumni

    @SecretSquirrel: As Jeff mentioned in the post you're replying to, and as myself and others have stated prior to that, we continue to consider a number of options, including bringing back insecure item sharing with crucial warnings, etc. You can believe or disbelieve as you wish. However, we don't have anything to announce at this time, and regular badgering, insults, and demands don't help anyone.

    And believe me, we know that you're dissatisfied with this change. However, that doesn't give you the right to show disrespect to others in order to vent your frustration. And while I appreciate that you're frustrated, we want to keep things friendly on the forums for the wide range of people that visit. Please keep that in mind in the future. We're happy to have you here, so long as you can adhere to the guidelines:

    Forum guidelines

    The TL;DR version is "Treat others as you would like to be treated."

    Now, you may take umbrage with me saying such a thing since you feel that we were wrong to remove this feature without consulting you. Isn't that hypocritical? In a sense, yes, but we can't go back in time to prevent ourselves putting both you and us in this position. Jeff already went over the reasoning in detail, and I remember those conversations firsthand.

    We made a mistake by allowing this feature to exist in that form, removed it to rectify things, communicated the change poorly, and in the process took away something that you loved. We've made a mistakes, and we're truly sorry for that. You may feel that we've wronged you personally, but two wrongs don't make a right. That doesn't entitle you to be rude and defamatory. Please stop.

  • This content has been removed.
  • jayd
    jayd
    Community Member

    As another early commenter in this thread, @SecretSquirrel and I know we do not always see eye-to-eye on style, but I think we have agreed on the overall point. I must chime-in here to say his latest post (above) is spot-on. It may not be my own style of writing, but that does not detract from what he is saying. And he is right.

    @brenty, he is not disparaging anyone, nor is he being defamatory. What his writing style may lack in touchy-feely tact (which is not always a good thing), he more than makes up with appreciated bluntness and facts.

    I think @SecretSquirrel summed it up beautifully with his last three sentences: "Damage control involves recognizing the mistake and then providing a solution, but you've not provided the latter. At this point, its not so much what you did, but what you will do. Unfortunately, you've failed to address this, which only adds to the negative feedback."

    All of us customers surely appreciate that AgileBits has heard us and is considering options. That is truly great. However, the vague, non-committal non-promises of what AgileBits is going to do to make the situation right is not instilling confidence among your customers. This thread has offered many options about how to solve the issue, and I am sure the smart folks at AgileBits have a whole slew of additional great ways to solve it. I bet most of us customers here do not much care how it gets solved (within reason), but simply that it does get solved, and soon. If AgileBits is still figuring out the details, I can accept that. But give us some commitment that you will make things right, and give us a fair timeframe when you will do so (hint: the sooner the better).

    To quote @SecretSquirrel's most recent eloquence, "At this point, its not so much what you did, but what you will do."

    Love and kisses,

    Jay

  • AGAlumB
    AGAlumB
    1Password Alumni

    @jayd: I think it's important to recognize that we're unlikely to come up with a solution over the span of a month where one has escaped us for much longer than that. I could be wrong though, and would be glad to be in this case. When we have something more concrete to share, we'll be happy to do so.

    At this point, its not so much what you did, but what you will do. Unfortunately, you've failed to address this, which only adds to the negative feedback.

    @SecretSquirrel: You not getting what you've asked for in no way justifies any of this, and it's counterproductive. Negative feedback is productive...until it's repeated incessantly by the same person. I think this is pretty universal. And if you really believe we don't understand you or don't care, repeating yourself more loudly doesn't help. I think there's an interesting, thoughtful, and productive discussion to be had on this topic, but it's really been drowned out by this sort of thing:

    Do you want to do it, Jeffrey; or, is all this concern over security just hyperbole?
    Will you “drop your opposition if [we can] make it absolutely clear to everyone using it every time what security properties it has” by developing that warning and push out an update with it; or, are you simply blowing smoke at the user base? You cannot have it both ways. There’s always a good reason, and there’s always a real reason. By not creating ad hoc sharing with a warning that satisfies your criteria simply means, to me, that your stated rationale is not the real reason.

    Declaring that our statements are untrue is the same as calling us liars. And calling Jeff, myself, and others liars is, in fact, disparagement. Continuing to troll this discussion (and those in it) once your concerns, criticism, and demands have already been expressed is harassment. I will never understand why the type of behaviour that results in libel suits and restraining orders "in real life" is considered acceptable "on the internet". This is real life too. You've made your position very clear. This is excess. Presenting your own statements as "truth" doesn't change that. If you really believe that we're not "trustful", you certainly shouldn't trust us with your most sensitive information. And at that point, all of this is irrelevant.

    I have no doubt that we'll come up with a secure solution for item sharing in time, but I don't know when that will be. And arguing with you about it won't make it happen any faster either. So let's move on.

    Regarding your proposed warning, how you you anticipate that working? It seems to me that we won't be able to insert a warning after the user selects Mail or Messages. At this point, you're in Apple's share sheet, and we can't modify that (which is why you'll see options displayed there which won't work — it's out of our control).

    So it sounds like we have to consider warning the user any time they try to interact with the Share [ ↑ ] button. What form should that take? A modal dialog? An overlay of some kind? Are we talking a "Cancel/OK" choice that must be interacted with? Some kind of banner? Or a full screen message? Let me know what you think.

This discussion has been closed.