Domain matching in 1Password 6
Hello,
Does 1Passwod 6 use the Opvault format or agilekeychain?
I ask because as far as I understand opvault doesn’t support domain matching so if 1Password 6 goes that route how will domain matching work in 1Password 6?
Thanks
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@reck thank you for asking, 1Password 6 supports editing of 1Password Accounts (1Password Teams, 1Password Family and 1Password Individual) and reading of both .agilekeychain and .opvault. Domain matching should work the same.
Hope that helps :)
0 -
So you'll continue to support .agilekeychain going forward? I thought the idea was to eventually replace it with opvault?
Is it still the case with 1p 6 that opvault users can't use domain matching and are you planning on adding it for those users?
Is there any advantage to changing to opvault?
Thanks.
0 -
We still have people using .agilekeychain format and their data was written back in 2008, we don't want them to loose that info. Opvault has stronger encryption and better packaging. From Agile Keychain Design:
It’s not that Agile Keychain is no longer secure, it’s just that OPVault is secure-er.
Agilekeychain will not be editable, but it stays readable.
I'm not sure I know where that "opvault domain matching" issue came from, from what I know both of them use the same domain matching logic and use the same type of data. There was a bug in 1Password 6 for Windows up to 6.0.186 when URL was not correctly migrated from .agilekeychain, but it is fixed as of 6.0.197.
The advantages of switching to opvault are:
- it uses less files, resulting in faster sync
- it encrypts everything, including URL of the item
more details can be found in OPVault Design
With that being said, I'd recommend to take a look at 1Password Account (1Password Teams, 1Password Family or 1Password Individual) options. It has far greater support for faster sync, sharing and overall control over your data. Plus it takes away that sync and formats plumbing from your shoulders ;)
0 -
Agilekeychain will not be editable, but it stays readable.
This is in 1Password 6? So you can only read the existing data but not create any new data? If that's the case then for all intents version 6 is OPVault only, why use 2 formats when you can just convert your existing data to the newer, editable format.
So if domain matching is supported with OPVault there sounds very little benefit in continuing to use the .agilekeychain format then?
I say if because on the following page it says “Note: This “global” domain matching is a feature of the .agilekeychain format only; it is not included in the .opvault format.”, is this page correct Sergey?
https://support.1password.com/guides/windows/preferences-logins.html
With that being said, I'd recommend to take a look at 1Password Account (1Password Teams, 1Password Family or 1Password Individual) options.
Thanks, but one of the reasons I moved away from Roboform was the subscription model. Software subscriptions aren’t for me.
0 -
Ah, now I'm getting the picture - you are looking at 1Password 4 docs where we have such limitation on domain matching.
1Password 6 is complete start over, it's designed with 1Password Accounts in mind and at the moment folder vaults are read only (both opvault and agilekeychain). If you are using folder vaults and do not plan to switch to 1Password Account, then you better stick to 1Password 4 and agilekeychain until we enable opvault editing in 1Password 6.
0 -
Yes sorry for the confusion.
So just to be clear that page I linked to says that Domain Matching doesn’t currently work with OPVault in 1Password 4, is that correct?
If so will Domain matching work with OPVault in version 6 or not (once editing becomes available)?
Thanks and sorry for not being clear.
0 -
@reck: I think there may be some confusion about what "domain matching" (i.e. determining if a login matches the current URL) is being talked about. 1Password — the app — handles all of this and it isn't related to the data format. It works identically regardless of the vault type.
However, in the past, it was possible to do a search in the browser without unlocking with AgileKeychain format, since the overview data (title, URL) is not encrypted. But this is no longer possible regardless. 1Password will need to be unlocked first before you can interact with it in the browser. And also in each case the "Multiple URLs" option will need to be enabled in Preferences if you want to be able to match more than just the first URL in an item (since the others will need to be decrypted separately).
I hope this helps. I'm sorry for any confusion there! :)
0 -
This was the line that had me confused.
This “global” domain matching is a feature of the .agilekeychain format only; it is not included in the .opvault format
It makes it sounds like the domain matching feature, which I use, doesn't work if the vault is in the .opvault format.
So assuming this is not the case why would I continue to use the.agilekeychain format? It sounds like there's more benefit in using the .opvault format. Do you recommend I upgrade to that format?
0 -
@reck: Indeed. Matching in general is confusing, so I'm really sorry about that!
We do recommend using OPVault, but we want to continue supporting AgileKeychain where we can since, as Sergey mentioned, a lot of folks have vaults they need to access. And especially in cases where older versions of 1Password are used due to hardware/OS limitations, AgileKeychain is the only option. But if you're able to use the current version of 1Password on each platform, this isn't something you need to worry about. Cheers! :)
0