Only sharing options are AirDrop or Print (email, message options restored: iOS v6.4.2, Mac v6.3.1)

The_caveman

Well, I'm in favour of moving forward, so I'll repeat my question: is AirDrop as secure as a real iMessage?
If yes, it might be a functional work-around for me (and maybe others as well).
Cheers,
The caveman

Penelope Pitstop

I believe so. See page 31 of the iOS security White Paper.

The_caveman

Thanks for the info Penelope.

khad

Let's all please stick to the topic. There is no need to make any of this personal.

AChakery

@brenty

As an old LastPass user who switched to 1Password because of more freedom and options I have to say this is ridiculous to remove these sharing options . I agree that you guys are trying to offer better and more secure options to your users but this is not right that you try to DECIDE for the people too.

If you really wanted to offer better security you could have sent an email to all users mentioning that what are the best and more secure ways for sharing passwords.

Or at least put more options like iCloud Sharing.

I switched from LastPass because I didn't want to use their servers to store and share my passwords and now you are going to the same direction!!!

As a semi-professional user I have my own Email server and when I want to share my passwords I use end-to-end encryption so yeah this is safe to share passwords using email depending on the user and conditions.

And about DropBox password sharing , I am not using dropbox service so now what ? I am using OwnCloud service and SFTP because of security reasons and now to do the most simple thing which is sharing a user pass I should mandatory use your teams/family service OR DropBox ?!!!! Do you really think this is a good strategy ?

All in a wrap, We as users come and purchase practical products like 1Password to make our daily routines easier and faster, now you by making illogical decisions for users are actually doing the opposite thing.

khad

If you are running your own email server and have managed to figure out how to send encrypted email, you are in a very small minority. I'm sure you can recognize that. It's important to us that we don't give the rest of the population rope to hang themselves with by leaving such a feature available to them when they are not encrypting their email. As you said, we're "trying to offer better and more secure options".

We're really sorry that this has been such a sore spot for you. We are looking at alternatives, but we don't have anything to announce at this time.

kleinias

I still don't think I fully understand this. I used to be able to share through text or iMessage and now I don't see that option anywhere. Are you saying you've completely taken this basic feature away from the user? So all that happens now is that it makes it more time consuming for us to have to individually copy each item and then paste it into tex/imessage etc. I'm obviously not going to use text (or email for that matter) to send something that is super top secret but easily being able to send something to my parents or friends via text or iMessage is a basic feature.

Is there at least an easy option to share via plain text? That way there is no possible way a user could think this is a secure way of sharing something. It would just be a basic and convenient way of sharing basic information with someone. Copying and pasting each individual item into text or iMessage is the end result here and it's a pretty frustrating user experience.

Please do bring back this basic sharing element, there has to be a balance between security and being heavy handed and causing needless inconvenience.

khad

@kleinias,

Is there at least an easy option to share via plain text? That way there is no possible way a user could think this is a secure way of sharing something.

It's one of the things we are looking at for the future. Right now, you'll need to copy and paste the information where you would like to send it (as you mentioned).

I'll make sure the developers know you would like to see this made easier in an update. :+1:

AChakery

Sorry but I really can not accept such a logic that since for example knives are dangerous so we should hide all of tgem so people dont cut themselves !!!! Do you really believe in such a logic?? If yes there is nothing more to say....

In my opinion you should educate people regarding security other that removing options ...

AGAlumB

Sorry but I really can not accept such a logic that since for example knives are dangerous so we should hide all of tgem so people dont cut themselves !!!! Do you really believe in such a logic?? If yes there is nothing more to say....
In my opinion you should educate people regarding security other that removing options ...

@AChakery: I appreciate the sentiment, and you're absolutely right about education. But the metaphor doesn't quite hold up: Knife companies sell knives, which are meant to cut things, to people who want knives for cutting things. AgileBits sells software which is meant to help people be more secure, but having a feature which did the opposite was antithetical to this. We'll have to find a better way.

BrayceWune

I would like to decide by myself, why and how I want to share a password, or an information. As the function was available over years in the iOS app, I can not understand why this was removed now. What is the option for me now, when I want to use the sharing function? I could reinstall an older version (can I get this anzwhere?), or switch to another software, that allows me to do what ever I want with my data.
Please restore the function. 1Password was secure over years with this function and it would be in future as well.

AChakery

@brenty
Thank you but it was in reply to Khad's statement about rope!

Anyways... Please accept that it was a mistake reamoving these options whitout providing free alternates. In my case I really have no team that I want to pay $3-4 a month. I tested your service and it worked really fine and I like the idea...but I am sure there are lots of people like me which do not need such a service for their personal or even for small business use.

I remember that you guys said that you will support SFTP or WebDav long time ago (2years Go) so I wonder why you have not implanted these options yet? And even more simple .. Why havent you utilized iCloud instead of DropBox?

In addition please note that not all of your customers are in US, there is law here in EU that companies should not send their and their customers sensitive data to servers outside the EU and personally I do not want and as I mentioned am not using DropBox.

All in all , I would really appreciate if you add options like SFTP support to your app.
(Please add ot dont just say we will add and after two years just leave it as it is)

And finally I have to say I am not like those who say you have dont it to earn more money... I completely disagree with this statement but please agree that you should have provided a free alternate before removing these options.

Thank you

AGAlumB

I remember that you guys said that you will support SFTP or WebDav long time ago (2years Go) so I wonder why you have not implanted these options yet? And even more simple .. Why havent you utilized iCloud instead of DropBox?

@AChakery: Ah, good questions! We did implement WebDav; but it was terrible and unreliable, so we killed it. iCloud, on the other hand, does not provide file access. With Dropbox, there's a great deal of freedom which was never possible with iCloud, such as the ability to share data between accounts. While you can store your vault anywhere, Dropbox uses the filesystem, which makes it available to 1Password and other apps. iCloud syncs using the CloudKit API, which is nice but less flexible.

In addition please note that not all of your customers are in US, there is law here in EU that companies should not send their and their customers sensitive data to servers outside the EU and personally I do not want and as I mentioned am not using DropBox.

This is starting to get a bit off-topic, so you may want to start a new discussion. But suffice to say that the beauty of Dropbox, iCloud, and 1Password Teams/Families is that your sensitive data isn't sent to the server; the data is sent (and stored) in encrypted form. In the case of 1Password Families/Teams, the Account Key and Master Password needed to decrypt the data is never transmitted anywhere.

And finally I have to say I am not like those who say you have dont it to earn more money... I completely disagree with this statement but please agree that you should have provided a free alternate before removing these options.

I agree that 1Password should have item sharing. But it should be secure, and it never should have existed in the form that it did. We definitely want to bring back item sharing though.

tonydow

On May 19th @jpgoldberg wrote on this thread that he was 'the bad guy'. I assume that he was hoping this would draw a line under this ongoing discussion which it obviously hasn't done. He also stated -

Because of the security issues, we will not bring back individual item sharing unless we can either

1. Give it the security properties people rightly (and often implicitly) expect of it
   Or 2. make it absolutely clear to everyone using it every time what security properties it has.

This second option is what a number of people have been suggesting as an acceptable solution so why don't you just go ahead and do this. What excuse are you going to come up with now if this is seen by both Agilebits and your disgruntled users as an answer?

AChakery

@brenty
Thank you for your reply,

But what about other cloud systems like OwnCloud which acts almost similar to DropBox ?

I am personally using OwnCloud with SFTP storage system which is more reliable than WebDav and it also offers a better security as well.

There is a great option in OwnCloud called Federation Cloud which lets you to share files between other storage and Cloud systems. This makes sharing even more easier and more secure.

So please at least provide us with one of these options ... OwnCloud or SFTP...

Thank you

Ben

@tonydow

This second option is what a number of people have been suggesting as an acceptable solution so why don't you just go ahead and do this.

We may very well do just that. But I can't make that promise at this point. It is an option that we are looking into.

@Achakery

So please at least provide us with one of these options ... OwnCloud or SFTP...

At this point we are not implementing any additional 3rd party sync solutions, though that may change in the future if the landscape changes. Right now we're focused on our 1Password Teams and 1Password Families services, as well as our existing syncing via Dropbox and iCloud offerings.

Part of developing a product is knowing when taking something on will over extend your resources. Everybody and their brother makes a sync service. OwnCloud, OneDrive, Google Drive, SpiderOak, BT Sync, etc etc... They all work differently and would for the most part each require entirely unique solutions from us in order to have 1Password sync with them (if possible at all). We just don't have the resources to do that at this time.

That doesn't mean that we'll never consider adding any of these in the future, but we just can't do it right now.

I'm sorry that I don't have the answer you were hoping for.

Ben

AChakery

Well, I have not seen anything like this !

I know implanting a new cloud service needs so much effort, money and time but I believe implanting a very popular protocol like SFTP would not be that hard since as I mentioned it is a protocol not a Cloud system.

It will also help many people who have both windows and Mac and are not willing to use DropBox to store their passwords.

I always try to think positive about what people say , but what you said means we have got two options :

1. You should use our paid service
   2.Go ... yourself

Thank you very much.

Now I am really convinced.

khad

Sending passwords in the clear over iMessage is just as secure as sending them with the old sharing URL. You will just need to copy and paste the passwords rather than tapping a link.

The obfuscation provided no security. Anyone with 1Password installed could get the password from one of the share links. And anyone could install 1Password for free.

We're looking at other options, but we don't have anything to announce right now.

Please do start a new discussion if you'd like to discuss sync options.

tonydow

@khad So you are saying that sending passwords in the clear over iMessage is secure but you removed the share option for this because it is not secure?

AGAlumB

So you are saying that sending passwords in the clear over iMessage is secure but you removed the share option for this because it is not secure?

@tonydow: That's not what he said at all. iMessage is, by default, able to fall back to SMS, which is completely unencrypted over cell networks, which are also insecure. In that case, whether you're sending plaintext that anyone can open in TextEdit or a share link which anyone can open in 1Password, the data is not encrypted to prevent either. That's the point he was making.

I always try to think positive about what people say , but what you said means we have got two options :
1. You should use our paid service

Given that neither 1Password Families nor 1Password Teams has an encrypted item sharing feature (and that this has already been pointed out by many), I'm not sure what gave you that impression. We don't have an encrypted item sharing feature to offer anyone at this time, which is why this was removed: sending sensitive information unencrypted is not secure. :(

We'll also continue to consider other sync methods going forward, but we don't have the resources to commit to developing, testing, and supporting something like that at this time...and that's another topic entirely anyway. ;)

tonydow

@brenty I quote "Sending passwords in the clear over iMessage is just as secure as sending them with the old sharing URL. " What did I misunderstand about that? Also I do not have an iPhone, just an iPad which does not have a fallback to SMS.

Ben

The point was that the sharing URL itself did not provide any additional security.

Ben

tonydow

Would the logic you are using for this not also dictate that you should also remove the Copy function?

khad

No. The Copy button does not provide the illusion of security through obfuscation. The share link was obfuscated, but that obfuscation provided no real security. The danger was in people using those links thinking the data was protected in them just as securely as the data in their vaults.

tonydow

Okay, so warn them of this before letting them procede. At least allow users to make that informed decision rather than you making it for them.

Ben

Right. And that is one possible way forward. One which we're strongly considering.

Ben

kleinias

I understand the rationale for discontinuing the share link (in its former state). I found it useful but I can understand how a reasonable person might expect the link to only work for the specific person they sent the link to. However, I do not understand the rationale for discontinuing the feature to share in plain text. It seems reasonable that if someone is sharing something in text/iMessage in plain text that they have little expectation of it being secure. These matters are clearly things that you have thought through more than I have so I'm just suggesting that it would be more user-friendly to have this option back. Thanks!

AGAlumB

@kleinias: Ah. We didn't actually have a plain text sharing feature that was removed. Granted, people have always been able to copy and paste information and send it using any means they wish, but that's basic OS functionality and not a 1Password feature.