Some issues I've noticed migrating from 1p4 to 1p6 family account:

I've just moved from 1p4 to 1p6 and a family account, and during the move I've noticed a few things:
1. I can't turn a generated password into a login item, or convert any item to anything else. I think this used to be the case as well, but you could update by, like, logging in to the page you care about. Because of the next issue this is no longer an available workaround:
2. If you have 1p4 and 1p6 installed and add the chrome extension, the extension connects to 1p4 not 1p6, not sure how to fix this.
3. the 'Sign in to dropbox' page renders in a broken view and throws lots of scripting errors, and you can't actually submit the login (I can't, anyway. I don't have IE or edge installed, which may have something to do with it)
4. If you're looking at one vault and move something to trash/edit something, the view defaults back to all vaults. This is v annoying. Same with filters.
5. Not being able to attach documents to things that aren't 'document' items is bad (use case here is an ssh private key and the passphrase. They are not helpful separated, and 'notes' on documents aren't obscured, so if you open one and it has a secret anyone can read it over your shoulder).
6. I can't edit form data anymore, which is usually fine but sometimes extremely inconvenient. At least let me delete it/not have it be secretly pasted in every login.
7. The on-board process for families is not clear, a 'now add someone else to your family' message would be good. Alternatively some explainer text that the account you're creating when you first make one is the admin account and you need to invite others later, and that sharing doesn't work by, for instance, giving someone else your key and master pass.
8. The migration process from 1p4 to 1p6 is hacky and losing attachments without making it clear in the import is bad.
9. Can't filter by 'has attachment' in 1p4 or 1p6 (or even have an indicator visible in main view) so you have to scroll through 320 items and check + export each of them individually.
10. Export attachment always defaults to desktop, which is a terrible place to put secret files, if you make a new folder somewhere else you have to navigate there every time.
11. Can't export attachments more than one at a time, if you've got 3 attachments on a single login item this combines with 10 in an excruciating way.
12. Some items I exported from 1p4 vanished entirely, weren't in trash, weren't anywhere, but in the copy I had open in 1p6 they were still there (without any attachments, though, of course)
13. I can't be sure of this because 3, but I've got a shared vault in dropbox and I won't be able to edit things in there, assuming I ever get dropbox sync working, because it counts as local and 1p6 can't edit local vaults.
14. The migration process from keepass/other secret stores is bad in 1p4 but it's horrific in 1p6. Migrating people away from other password managers seems like it should be a core piece of your business model and it's nearly impossible + involves running random perl scripts from the internet.
15. Seriously, I can't emphasize enough how bad that process was. I watched a relatively technically savvy person try and go through the process for about half an hour and they got nowhere (except incomprehensible perl exceptions) and, had I not rescued them/insisted, they would never have used 1password again for anything, ever.

That's probably enough to be going on with :)
let me know if you want more details on any of these (the script errors on the dropbox signin page, etc)


1Password Version: 6.2.333d, 4.6.1.617
Extension Version: 4.6.2.90
OS Version: w7
Sync Type: Not Provided

Comments

  • dan_o
    dan_o
    Community Member

    Oh, also, in discovering 2 above, I removed the 1password extension from chrome to re-add it, and suddenly all the password save/login prompts I hadn't been getting for the last day or two all popped up at once. To some extent that's on me for not closing my browser occasionally, but I shouldn't have to do that for an extension to work, and I'm curious what queuing it's using such that attempts to use the extension a day and a half ago can pop up once the hung thread is killed (I assume that's what it was but who knows?) but before the uninstallation is finished (I assume again, otherwise there's a different problem with chrome)

  • AGAlumB
    AGAlumB
    1Password Alumni

    I can't turn a generated password into a login item, or convert any item to anything else. I think this used to be the case as well, but you could update by, like, logging in to the page you care about. Because of the next issue this is no longer an available workaround:

    @dan_o: I'm really sorry for the inconvenience. This is a known limitation of the new 1Password 6 Windows desktop app, and we're working to improve this and add other features to get it on par with 1Password for Mac. For the most part, I'll just say now that this is the case for a lot of things while we build the new version, so we really appreciate the feedback to know the pain points that are affecting you and others most so we can prioritize development in those areas.

    If you have 1p4 and 1p6 installed and add the chrome extension, the extension connects to 1p4 not 1p6, not sure how to fix this.

    If you quit 1Password 4 completely (Agile1PAgent.exe in Task Manager), then it won't interfere with 1Password 6 connecting to the browser. It's really better to use one version or the other, but if you need to use both for some reason, let me know and I can offer some tips to make it a bit easier.

    the 'Sign in to dropbox' page renders in a broken view and throws lots of scripting errors, and you can't actually submit the login (I can't, anyway. I don't have IE or edge installed, which may have something to do with it)

    This is a problem with your browser. On Windows 7, that will be Internet Explorer, which is used for that web view to load the Dropbox website (on Windows 10, Edge will be used). If you go to Internet Options in Control Panel and select the Advanced tab and Reset, that should clear things up.

    If you're looking at one vault and move something to trash/edit something, the view defaults back to all vaults. This is v annoying. Same with filters.

    Agreed 100%. Drives me nuts! We've made some big improvements to this in the latest beta, with more to come. Hang in there. ;)

    Not being able to attach documents to things that aren't 'document' items is bad (use case here is an ssh private key and the passphrase. They are not helpful separated, and 'notes' on documents aren't obscured, so if you open one and it has a secret anyone can read it over your shoulder).

    This isn't a limitation of the new Windows app; rather, 1Password.com Accounts don't support attachments, only Documents, so this affects all versions of 1Password. We're open to feedback though, so it may be something we can add in the future.

    I can't edit form data anymore, which is usually fine but sometimes extremely inconvenient. At least let me delete it/not have it be secretly pasted in every login.

    Indeed, it's not something we use often, but sometimes it can make a big difference. We've added support for this in the beta too, so it's coming.

    The on-board process for families is not clear, a 'now add someone else to your family' message would be good. Alternatively some explainer text that the account you're creating when you first make one is the admin account and you need to invite others later, and that sharing doesn't work by, for instance, giving someone else your key and master pass.

    Certainly it's possible to share an account with a loved one. I know some folks do this. But I think in most cases it's really nice to have one's own Master Password and Personal vault. I guess what I'm saying is that there isn't a one-size-fits-all solution, and we don't really want to be telling people how to run their families. But we'll continue to try to at least make the possibilities clearer. :)

    The migration process from 1p4 to 1p6 is hacky and losing attachments without making it clear in the import is bad. Can't filter by 'has attachment' in 1p4 or 1p6 (or even have an indicator visible in main view) so you have to scroll through 320 items and check + export each of them individually.

    I agree that there's a lot of room for improvement there to make things smoother. In the mean time, if you or your loved ones need help with the migration process, we're here for you!

    Export attachment always defaults to desktop, which is a terrible place to put secret files, if you make a new folder somewhere else you have to navigate there every time.

    Ah, that's interesting. I'd definitely recommend only exporting sensitive data on a trusted machine, regardless of the location. I'm not sure that the "security by obscurity" offered by defaulting to a nested folder is a real benefit though. We're starting to use Windows Encrypted File System for some things, so perhaps that's something we could utilize in the future. Unfortunately this is only available on certain Windows versions (Pro, Ultimate, Enterprise, etc.)

    Can't export attachments more than one at a time, if you've got 3 attachments on a single login item this combines with 10 in an excruciating way.

    I think the real solution here is for 1Password 6 to automate this. I'm sorry that we're not there yet, so this isn't of any help to you now, but I'm glad you're sharing your experience with this. it's something we'll work toward.

    Some items I exported from 1p4 vanished entirely, weren't in trash, weren't anywhere, but in the copy I had open in 1p6 they were still there (without any attachments, though, of course)

    That's really strange. Have you tried one of your backups? It sounds like something may have been damaged at some point. You may also want to see if this data is present on any of your other devices. Let me know what you find!

    I can't be sure of this because 3, but I've got a shared vault in dropbox and I won't be able to edit things in there, assuming I ever get dropbox sync working, because it counts as local and 1p6 can't edit local vaults.

    Local vaults (along with proper support for Dropbox and others) are coming. We're actively working on it

    The migration process from keepass/other secret stores is bad in 1p4 but it's horrific in 1p6. Migrating people away from other password managers seems like it should be a core piece of your business model and it's nearly impossible + involves running random perl scripts from the internet.

    I'm not sure I'd dismiss the scripts — which are human readable, and not quite like running untrusted executables — but I get your point. It's just difficult to keep up with all of the various password managers out there and what they're doing, and update all of the 1Password apps accordingly, when there's a lot of other stuff we can improve that benefits all 1Password users all the time, rather than just once...so we're just not going to do that. Instead, we're moving toward having 1Password.com handle this, so we can support importing a given data type and update it more easily, in a single place, independent from the apps. We've added preliminary support in the last few updates, and there's more to come. Thanks for the nudge!

    Seriously, I can't emphasize enough how bad that process was. I watched a relatively technically savvy person try and go through the process for about half an hour and they got nowhere (except incomprehensible perl exceptions) and, had I not rescued them/insisted, they would never have used 1password again for anything, ever. That's probably enough to be going on with :) let me know if you want more details on any of these (the script errors on the dropbox signin page, etc)

    I'm really sorry for the trouble, but I'm glad to hear that you figured it out. If you hadn't though, we're here to help in any way we can, and I know @MrC is always happy to as well. I'm sure he'd appreciate any feedback you have on the scripts themselves, and I'd be interested to know the specifics as well since it may benefit others. :blush:

    Oh, also, in discovering 2 above, I removed the 1password extension from chrome to re-add it, and suddenly all the password save/login prompts I hadn't been getting for the last day or two all popped up at once.

    Now that's really interesting, and not something I've heard of before.

    To some extent that's on me for not closing my browser occasionally,

    Nah. Certainly it's helpful to restart the browser, especially if things aren't working as expected, but really that's on us if 1Password is misbehaving.

    but I shouldn't have to do that for an extension to work, and I'm curious what queuing it's using such that attempts to use the extension a day and a half ago can pop up once the hung thread is killed (I assume that's what it was but who knows?) but before the uninstallation is finished (I assume again, otherwise there's a different problem with chrome)

    Agreed. I'd appreciate any additional details you can provide. And thank you again for taking the time to share all of these thoughts with us. I promise we'll use all of this to make 1Password better. :chuffed:

  • dan_o
    dan_o
    Community Member

    This is a problem with your browser. On Windows 7, that will be Internet Explorer, which is used for that web view to load the Dropbox website (on Windows 10, Edge will be used). If you go to Internet Options in Control Panel and select the Advanced tab and Reset, that should clear things up.

    Here's the script errors I get:



    I have reset the flags on the advanced tab, though none of them had changed. As mentioned, I don't have internet explorer installed (it is possible to actually remove it) which ?? maybe that's an issue.

    If you quit 1Password 4 completely (Agile1PAgent.exe in Task Manager), then it won't interfere with 1Password 6 connecting to the browser. It's really better to use one version or the other, but if you need to use both for some reason, let me know and I can offer some tips to make it a bit easier.

    I figured this out after my post, but also after trying to find a way to properly quit 1p4 from the app or the systray icon.

    This isn't a limitation of the new Windows app; rather, 1Password.com Accounts don't support attachments, only Documents, so this affects all versions of 1Password. We're open to feedback though, so it may be something we can add in the future.

    I did not know that! It seems like an odd decision to me (not having any idea what your backend is like, etc).

    Certainly it's possible to share an account with a loved one. I know some folks do this. But I think in most cases it's really nice to have one's own Master Password and Personal vault. I guess what I'm saying is that there isn't a one-size-fits-all solution, and we don't really want to be telling people how to run their families. But we'll continue to try to at least make the possibilities clearer. :)

    Thanks - I think it's probably ok to suggest someone with a families licence use families features, because if they're sharing a vault they are effectively an individual.

    Ah, that's interesting. I'd definitely recommend only exporting sensitive data on a trusted machine, regardless of the location. I'm not sure that the "security by obscurity" offered by defaulting to a nested folder is a real benefit though. We're starting to use Windows Encrypted File System for some things, so perhaps that's something we could utilize in the future. Unfortunately this is only available on certain Windows versions (Pro, Ultimate, Enterprise, etc.)

    This isn't a security by obscurity thing, it's just that desktops are where files go to die/mix with several hundred other random unsorted files, for a lot of people, and so once you've finished laboriously exporting your attachments, it's much easier to find them if they're all in one directory, rather than on the desktop with all the other .txt and .pdf files people collect. It's also a pretty standard windows UI thing to 'save' to the last directory a person saved to, rather than always defaulting to something that can't be edited by users.

    That's really strange. Have you tried one of your backups? It sounds like something may have been damaged at some point. You may also want to see if this data is present on any of your other devices. Let me know what you find!

    they were in the backups/on my old phone which hasn't been connected to the network. It was specifically, I think, items which weren't 'documents' but only had file attachments. The attachments were pretty misc, mostly ascii text but a pdf or two also.

    I'm not sure I'd dismiss the scripts — which are human readable, and not quite like running untrusted executables — but I get your point.

    I haven't seen someone claim perl is human readable for a while :) I have heard it described as a write-only language, though...
    I understand this is a difficult feature and I really appreciate @MrC writing, publishing and maintaining these scripts (thanks!), but the lack of import-from-other-password-managers, or even import from csv, which was an ok intermediary, was extremely surprising to me. I get that features take time/people/work to develop and that it's not high on your priority list compared to other features, but it's rare (imo) to see companies not prioritising their onboarding/funnel stuff.

    Now that's really interesting, and not something I've heard of before.

    I've had it happen before, but usually not for so long. The extension: 1password thread in chrome locks up and the integration stops working, then if you kill the thread in chrome's task manager (or, apparently, uninstall the extension) you get a flurry of queued activity. I don't have a good way to reproduce this, though. I'm not sure I've seen it on OSX/chrome, but it's definitely happened on W7U/chrome over the last ~year or so.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I have reset the flags on the advanced tab, though none of them had changed. As mentioned, I don't have internet explorer installed (it is possible to actually remove it) which ?? maybe that's an issue.

    @dan_o: Wow. I guess I misunderstood. Indeed, if you don't have Internet Explorer installed at all then there's no way for 1Password to load the Dropbox site for you to login. It isn't clear how that could be though, given its deep integration into the OS — isn't that what the whole antitrust thing was about? Also, you shouldn't be able to reset any flags for IE if IE is missing.

    This isn't a security by obscurity thing, it's just that desktops are where files go to die/mix with several hundred other random unsorted files, for a lot of people, and so once you've finished laboriously exporting your attachments, it's much easier to find them if they're all in one directory, rather than on the desktop with all the other .txt and .pdf files people collect. It's also a pretty standard windows UI thing to 'save' to the last directory a person saved to, rather than always defaulting to something that can't be edited by users.

    Tha's a fair point, but the converse is true as well: If you save a file to a remote location in your filesystem, you're all the more likely to forget about it. And then it's just sitting there unencrypted for all time. But you're right on about the "last saved location" thing. It would make more sense for it to open to the most recently used folder by default. Thanks for bringing this up!

    I haven't seen someone claim perl is human readable for a while :) I have heard it described as a write-only language, though...

    Haha touché. :chuffed:

    I understand this is a difficult feature and I really appreciate @MrC writing, publishing and maintaining these scripts (thanks!), but the lack of import-from-other-password-managers, or even import from csv, which was an ok intermediary, was extremely surprising to me. I get that features take time/people/work to develop and that it's not high on your priority list compared to other features, but it's rare (imo) to see companies not prioritising their onboarding/funnel stuff.

    I hate to say it because it's probably going terrible, but while we certainly appreciate new users, I think it would be a shame to focus solely on "sucking you in". I think we need to find a better balance for the reasons you mentioned, but at the same time we don't feel good about companies that only care about getting us in the door and getting our money.

    I've had it happen before, but usually not for so long. The extension: 1password thread in chrome locks up and the integration stops working, then if you kill the thread in chrome's task manager (or, apparently, uninstall the extension) you get a flurry of queued activity. I don't have a good way to reproduce this, though. I'm not sure I've seen it on OSX/chrome, but it's definitely happened on W7U/chrome over the last ~year or so.

    I really appreciate this. It's something we'll keep an eye out for. It definitely sounds like a bit of an edge case. But in edge cases we may find bugs. And where we find bugs, we need to be on the lookout for things that might be exploited.

  • MrC
    MrC
    Volunteer Moderator
    edited January 2017

    @dan_o,

    While I fully appreciate your frustration about having to use some arcane conversion process to help you convert your data from one password manager, I do feel some of your rhetoric is a bit strong, but you're frustrated, so fine, I'll accept it. I'll try to clarify choices more, some of this will appear defensive (explanation of rationale always runs that risk).

    That said, I can't speak for Agilebits, their wishes, or their plans. I can speak to the converters, since I am fairly familiar with them. I wrote them to help users who would otherwise be stuck entering data manually, often hundreds or thousands of records. The effort is overwhelming to almost anyone. So while the process, on Windows, is a little bit of work, its trivial compared to manual transfer of records.

    In almost every case, the issues that occur are due to users not following directions (at all, or accurately) - I've written them, the README.pdf, to be as clear as I can, a step-by-step walk through, and refine them as users provide feedback (direct or indirect), and still, users have problems following detailed instructions of this nature. Its unfamiliar ground for them, for which I am sympathetic. So I offer help, in any form that is best for users, from the AgileBits forum, email, or even remote help. The converters have helped thousands of users convert their data, most do it without issue, some with a question or two, and a few who struggle (its the nature of the beast).

    I've recently become aware of an Agilebits instructional web page that essentially summarizes my README instructions, but in the shortening, the directions have become incorrect and inaccurate. I've brought this to Agilebit's attention. I've been wondering for a while now why suddenly some many people were having the same basic issues.

    As for the "human readable" jab, its funny, sure. But by "human readable" I mean, "those who would audit", and those obviously would be knowledgeable in the art. The same jab can be stated about every computer language - they are all arcane, bizarre, syntactically ridiculous, unforgiving beasts (I've developed in probably 100 different languages, so speak with some authority here).

    That said, there are essentially two choices today in scripting languages that may be read as text, are cross platform, have rich libraries available, and that do not have major security issues (cough - Java): they are JavaScript, and Perl. For me, JavaScript was DOA for the converters project. I do not want user's exported data touching a browser, with its caches, interfering plugins, etc. Its also a horror to do simple or basic things, which the converter must do. That leaves Perl, supported natively on OS X, but requires a run-time package on Windows. It was a no-brainer.

    So there it is - the converters are an external tool suite to help users save lots of time, done in a way that is as non-compromising to user's security as I could think of, which allow for rapid issues resolution, facilitate rapid new converter development (by me or others), can support hundreds of password manage export variations, can be localized, and are flexible in their customization possibilities, are standardized, and modular.

    In closing, I do find some humorous irony that you are coming from KeePass2, an essentially Windows-only password manager (the Mono-requirement / implementation for OS-X and Linux is a disaster, worse than the dog's business), which is at its essence a random community supported password manager with gazillions of randomly supported plug-ins and conversion tools! Touche?

    Enjoy 1Password.

  • dan_o
    dan_o
    Community Member

    Apologies, I do actually really appreciate the work you're doing on these converters, and it was a lot better for this other person to be able to import their keepass stuff than to not do it at all! I know how hard it is to write technical docs covering lots of different use cases and audience technical abilities and I don't envy keeping that up.

    I didn't mean to cause trouble with my throwaway joke about perl (though I do find it very difficult to read in the best of times, which "in notepad on someone else's computer" is not, this despite having spent a lot of time writing it as a younger person (it's been years, though)). In something that handles *nix line endings and syntax highlighting it's a lot more comprehensible.

    I would suggest checking for the existence of the input file before calling the import/export methods, though, and reminding users to check extensions/file locations if it doesn't, as a small ux improvement. Otherwise you get xml parsing (or whatever equivalent) errors which are loud and difficult for people untrained in the art to read. It's especially bad on windows terminals because they're fixed width and the line wrapping does not line up well.

    Thanks again!

  • MrC
    MrC
    Volunteer Moderator
    edited January 2017

    Hey @don_o,

    No problem, and no apologies are required. I wasn't offended in any way.

    From the version 1.09 Changes.txt file:

    Fixed:
    - Check for the existence of the export file before passing it onto the converter.

    $ perl convert_to_1p4.pl  keepass2 nonexistent.xml
    The file 'nonexistent.xml' does not exist.
    

    You were using an older version (1.08).

    Its very difficult to discuss file extensions to users, since by default they are disabled and users often don't know about them, and then you have to explain how to enable them, avoid double extensions, be sure the export is actually in the format they expect, that you can't just change an extension and expect the content magically to be conformant, etc. At some point, I have to draw a line. Instead I help users with hints to get the command shell or terminal to auto-complete file names for them, so they don't have to worry much about this.

    The README makes file locations very, very clear, many times, as does the converter suite post. But users still have trouble.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @dan_o: Great feedback, both for 1Password itself and the converters! To be clear, I wasn't trying to throw MrC under the bus there, as we all know that his scripts are the only reason a lot of folks can get their existing data into a usable format to import into 1Password in the first place. We're working to improve the importing capabilities of 1Password itself, but I'm not certain we'll ever be able to catch up to him. :blush:

This discussion has been closed.