Suggestion for securely restoring message/email/etc. sharing options

jpotisch
jpotisch
Community Member

I don't want to rehash the discussion about whether it was good or bad for you to remove the ad-hoc password sharing options many of us used so I wanted to suggest a possible solution. Your concern was that sharing by email is not secure, that sharing by iMessage could be secure except it could fall back to SMS, etc. I realized that if you can establish a trusted connection between two 1Password users you could essentially perform a key exchange that would allow you to encrypt the password being shared and send it over any channel, even entirely public channels like twitter, facebook, or a postcard.

Something along the lines of the following:
1. one time I perform a trust exchange with another 1Password user - by app support that utilizes AirDrop, QR code, wifi, etc. I leave the details to you to find a way that works across Windows/iOS/Mac/Android/etc.
2. This exchange results in our two vaults each storing a password to use when sharing passwords with each other. This password is entirely different from the passwords either of us use on our vaults and because it is not created or exchanged by humans can be made extremely secure.
3. These sharing passwords could either be unique for each pair of users, in which case a message I send to my wife to share an item with her would not work if also sent to a friend, or could use public/private keys such that I always encrypt with the same private key and anyone I've trusted by giving my public key can open shared items.
4. After that, any time I want to share an item with that other user, 1Password encrypts it with that pre-negotiated sharing password and allows me to send it over any channel I choose. If (when) it is intercepted in transit by attackers, it is of no use to any of them.
5. The stored sharing passwords can be deleted by either user at any time. Any previously shared passwords would still work but future sharing would not work until a new trust exchange is performed. In any event, at no time and under no circumstances would any of this grant any access to my vault to anyone not in possession of my master password.

I'm not a cryptographer but I think an approach along these lines would do a great deal to restore functionality many of us relied on while addressing the security concerns that led you to remove it, and would help restore trust that this change was not intended to drive Families/Teams adoption.


1Password Version: 6.2.1
Extension Version: 4.5.6.90
OS Version: 10.11.4
Sync Type: Dropbox
Referrer: kb-search:share, ug:ios/enable-extension, kb-search:share

Comments

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @jpotisch,

    Thank you very much for taking the time to share your thoughts and ideas for how secure item sharing might be implemented! Our developers would certainly like to find a way to bring back options for sharing an item with someone else as long as they can do so securely. I believe they've discussed ideas similar to what you've proposed, and I'll be happy to forward your suggestion to them in case it helps. It sounds like you put a lot of thought into this, and we truly appreciate it!

    ...and would help restore trust that this change was not intended to drive Families/Teams adoption.

    I'm very sorry if we've said anything to make you think that was our intention, and I can assure you the two things are completely unrelated. The change was made due to security concerns, and you can read more about that in this post from our security guru.

    If the reason behind this change was to drive customers to Families/Teams accounts, we would have removed all of the item sharing options - however, as you may have noticed, AirDrop is still an available option for sharing an item, and that's because it's much more secure than the options that were removed.

    Additionally, it would make no sense for us to push customers to Teams/Families for these item sharing features, as they don't exist in Teams/Families either. If you were to sign up for a Teams/Families account and add that to 1Password for Mac, you would notice the items in your Teams/Families vaults have the exact same sharing options as the items in your local vaults.

    Thanks again for sending us your request & ideas for how secure item sharing might work, we really do appreciate that you took the time to do that! Hopefully we'll be able to do something like that in a future version, as it's certainly something a lot of customers are interested in. If you need anything else, please don't hesitate to let us know. Cheers! :)

    ref: OPM-602

  • Hi, @jpotisch.

    I just wanted to piggyback off Drew for a minute to say that even though this kind of feature does not exist yet in family and team accounts, it will be much easier to implement there. With 1Password Families and Teams, each user account already has a public/private key pair, and that is how things are shared within an account. This other feature (single item sharing with someone not in your account) would be able to use the same keys, so there's less work to be done there. It isn't something we've implemented, but it's something we're considering, and I don't want it to send the wrong impression if it does show up for 1Password.com users first.

    The very nature of 1Password.com (true user accounts) and how it was designed (public/private key pairs) allows for this kind of thing to happen very easily. It would be quite a bit more work to make it happen securely without a 1Password.com account. In that case, we'd probably stick to the public/private key pair design (though you'd encrypt with the other person's public key, not your private key), but we'd have to figure out how to exchange and manage keys, plus how to sync them for users using multiple devices. It'd be one thing if everyone only had one device, but most people have more than one and then replace them as they age, so now you have to sync your private key among your devices in addition to your actual data.

    Anyway, it would be possible, but there are several technical hurdles in the way. We really do appreciate the feedback, though, and perhaps we'll be able to bring the feature back in a more secure form some day!

  • jpotisch
    jpotisch
    Community Member

    I'm really not alleging that this was a sneaky way to drive 1Password.com adoption. I know you've denied that this is the case and you've explained why, but the forums here are full of people who are suspicious. I accept your explanation that this was done for security - AirDrop is secure so you've left it, iMessage would be secure except SMS fallback is not and can't be prevented unless users explicitly forbid it in iOS settings, so you've removed it.

    My point is I purchased 1Password for my phone, my wife's phone, and our family's computers, and it had a handy feature that you've taken away. You may have done it for all the right reasons, but to us 1Password was more useful with the feature than without. I think it's reasonable as a customer to assume that features I've paid for won't be taken away, so when this happens it's very frustrating and can seem suspicious. Statements like "perhaps we'll be able to bring the feature back in a more secure form some day" and "Our developers would certainly like to find a way to bring back options for sharing an item with someone else as long as they can do so securely" do not suggest any level of urgency or commitment to restoring functionality you've taken away from a product I purchased from you.

    The fact that you removed the feature without providing a replacement or including an option to reenable it (after making the user click past a big scary warning message about why they should never ever do that) is a choice you made as a company. The fact that you are not committing to do so now is another choice you are making as a company. It doesn't prove or even suggest you're intentionally crippling the standalone product to drive sales of 1Password.com. I'm saying it's not great customer service to take a feature away from a paid product. Will I dump 1Password? No. Will I stop recommending 1Password to people? No. Do I regret purchasing 1Password? No. But I'm a little bit less happy with 1Password than I was (say A to A-), and I am concerned that any feature in the product that I really do rely on could be vulnerable to the same kind of thinking in the future. If you determined filling out web forms was insecure would you quietly delete it from the product? I'd hope you'd let customers know, give us an option to disable it, or recommend we stop using it until you could patch the hole.

    I am convinced that your very very smart dev team can solve this key exchange problem and bring back sharing. I am not convinced AgileBits management has made it a priority for them to do so.

    Thank you for your time.

    p.s. One technical note:

    It'd be one thing if everyone only had one device, but most people have more than one and then replace them as they age, so now you have to sync your private key among your devices in addition to your actual data.

    I assume these sharing keys would be in my vault and would synch across all my devices exactly the way all my other items do and thus this really isn't a concern.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @jpotisch,

    I'm very sorry you've been inconvenienced by the removal of those item sharing options! I am certain I'd feel the same way if I were you. Since you and your wife had come to depend on those options, I can absolutely see how their sudden and unexpected disappearance was an unwelcome surprise for you. I truly apologize if we disappointed you. :( The decision to remove those options wasn't made lightly. But we probably could/should have done a better job of communicating this change to our customers beforehand so it wasn't a shock to discover that.

    It sounds like you used those item sharing options with your wife (and maybe other family members). I also noticed you're using Dropbox sync, so I was curious if you've considered setting up a shared vault? If you often sent your wife or other family members items from your vault via Messages or Mail, a shared vault might make things much easier for you, because any items you add to or edit in the shared vault would automatically show up for others who you share that vault with. It's very easy to set this up via Dropbox sync & file sharing, and we explain how to do that here: How to share a vault without 1Password Families or 1Password Teams

    Perhaps that's something you already knew about, but I wanted to mention it in case it helps.

    We're here for you if you need anything else! :)

  • jpotisch
    jpotisch
    Community Member

    Thanks for the response. Yes, I'm aware of shared vaults and may go that route to solve this problem. I recognize that despite the extra initial work to set up it's probably a better long-term solution than coordinating AirDrop "dates" with my wife. :-)

  • Vee_AG
    Vee_AG
    1Password Alumni

    Exactly, @jpotisch. The initial setup probably won't take much longer than an AirDrop date or two. Saving you enough time for, say, a dinner date or two! :chuffed:

  • optimum
    optimum
    Community Member

    @jpotisch eloquently said! I personally have never gotten AirDrop to reliably work on any of my Macs or iOS devices, so that option is a non-starter.

  • Megan
    Megan
    1Password Alumni

    Hi @hanguolaohu,

    I hope that a shared vault ends up being a perfect solution for you! If you have any questions, you know where to find us. :)

  • rwfisheriv
    rwfisheriv
    Community Member

    For the record, i'm not happy about losing the ability to ad-hoc share. I just discovered that this feature has been removed.

  • Megan
    Megan
    1Password Alumni

    Hi @rwfisheriv,

    I’m sorry that you’re missing this feature! We have been listening to user feedback on this and looking into ways to bring back individual sharing in a secure manner.

    Thanks for sharing your thoughts here. :)

  • rwfisheriv
    rwfisheriv
    Community Member

    The airdrop sharing function did work for me, however.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I'm glad to hear that! Since it's authenticated and confirmed on each device, it's a great secure option. We're exploring ways to make secure item sharing possible via other means as well. Thanks for your feedback! :)

  • AJACs
    AJACs
    Community Member

    Add me to the list of folks who think you should have allowed a workaround for "sharing after warning". Secure imessages of passwords between my spouse and I are part of our standard workflow. AirDrop does not help in the middle of the day when not in the same room. I tried adding a 1password account and find the process Byzantine. And then I learned you have to pay for it and I really don't want to pay for it. Never thought I would, but now I will be keeping an eye out for other options. You have lost my loyalty.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @AJACs,

    Thanks for taking the time to let us know you'd also like us to bring back the option to share individual items via Messages/iMessage! I'm very sorry the removal of that feature caused a problem for your workflow. I'll gladly forward your comments to our developers.

    I tried adding a 1password account...

    I apologize for any confusion, but signing up for a 1Password Teams or 1Password Families account will not bring back the option to share individual items via Messages. As I previously explained, the Messages and Mail item sharing options do not exist in Teams/Families either.

    Now if I understand, you and your spouse often share individual items with each other. Instead of doing that for each item you want to share (and doing it every time one of you updates one of those items), it might be much easier to set up a shared vault. That way, any items you put in the shared vault will automatically sync back & forth between you and your spouse. You don't need a Teams/Families account in order to share a vault - it's also easy to do that using Dropbox sync & file sharing. You can find the steps to do that here: How to share a vault without 1Password Families or 1Password Teams

    I hope that helps, and again I'm so sorry you were negatively impacted by the removal of the Messages and Mail item sharing options. If you have more questions about that or need any help to set up a shared vault, please don't hesitate to let us know! :)

    ref: OPM-4076

  • AJACs
    AJACs
    Community Member

    Thanks Drew.

    I didn't think the iMessage capability would come back, so I tried the family account for its own sake and found the experience of setting it up less than straight forward. Then I discovered the annual cost which I find prohibitive just to give me back abilities (easy sharing) that used to be included in the price of the purchase of software.

    I dropped Drop Box when Condeleeza Rice joined the board. That just didn't seem to jive with my privacy concerns.

    All that whining expressed, I would consider the annual subscription model for Families if it included free software major version upgrades. I had no problem paying for going from v4 to v5, but I find the prospect of paying for both to be problematic, especially as mentioned above, just to get back previous capabilities.

  • Vee_AG
    Vee_AG
    1Password Alumni

    Hi @AJACs,

    Thanks for following up here.

    I didn't think the iMessage capability would come back, so I tried the family account for its own sake and found the experience of setting it up less than straight forward.

    We'd love to hear more specific feedback on what was difficult about the Families account creation process so we can improve it! User feedback and suggestions are our strongest assets for making 1Password better for everyone. Feel free to post more details about this here in the forums, or email us at support@1password.com. We really would like to hear it, if you care to share.

    Then I discovered the annual cost which I find prohibitive just to give me back abilities (easy sharing) that used to be included in the price of the purchase of software.

    At this point in time, Families does not yet have a way to share individual items either, though we hope to add it. So Families sharing is currently more comparable to Dropbox vault sharing than iMessage item sharing, and Dropbox sharing is still very much available.

    I dropped Drop Box when Condeleeza Rice joined the board. That just didn't seem to jive with my privacy concerns.

    Of course that is your choice to make, but I do want to share this 1Password sync security article with you for your consideration.

    I would consider the annual subscription model for Families if it included free software major version upgrades.

    I'm happy to inform you: it does! The subscription cost includes the latest versions of 1Password available on all platforms. There's a nice chart on our Pricing page that shows everything that's included with the subscription. I hope this helps!

  • AJACs
    AJACs
    Community Member

    Thanks for the reply Vee. The pricing page does indeed make it clear that all future updates are included. The shared vaults capability is indeed a better answer in my case/example. I just don't know how/why I missed or ignored the announcements for these big changes. Thanks for being patient with such a cranky curmudgeon.

  • Vee_AG
    Vee_AG
    1Password Alumni

    No worries, @AJACs! :) I'm far more familiar with where this info is that I'd expect you to be, so I'm more than happy to share it with you. And if you didn't see it before, that's probably more our fault than yours! We'll keep trying to get that info out there so folks like you can find the answers you're looking for, and in the meantime folks like me will still be around to help. Cheers!

  • optimum
    optimum
    Community Member

    "Item sharing has returned with proper advice for sharing only over secure services. {OPM-4076}"

    https://app-updates.agilebits.com/product_history/OPM4

    :+1:

  • nmott
    nmott
    1Password Alumni

    :+1: :)

This discussion has been closed.