Set up Family Sharing but app is in read-only mode on other Mac

This discussion was created from comments split from: Spouses version of 1Password is read-only. Family sharing not working.

Comments

  • tasarz
    tasarz
    Community Member

    I am having the same problem. I have two different AppleIds, one for work and one for home. I purchased 1Password from the App store on my home account, and it works fine on my home computer. I have enabled Family Sharing in iCloud, and when I install 1Password using my home account's credentials it shows up as "read-only" on my work computer. Can someone help me with this?

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @tasarz,

    Sorry to hear you're also having some trouble! This can sometimes be a bit confusing because "purchased 1Password from the App store" can actually mean a few different things. For example, the Mac App Store version of 1Password has been a free download since version 6.6 (released in February), but will be in read-only mode unless you paid for it on the Mac App Store before it was free to download, or you make a new in-app purchase to use it as a standalone app, or you sign up for / sign into a 1Password.com account. Another thing that can make it confusing is that if you downloaded 1Password from the Mac App Store for the first time in the last few months (since February), the Purchased tab of the Mac App Store will show 1Password as a "purchased" app, even if you haven't paid for it.

    If you launch the Mac App Store on your home Mac and check the Purchased tab, what is the date shown next to 1Password? If it was before February 2017, it sounds like you definitely paid for 1Password on the Mac App Store. If the date is in the past few months, that means you downloaded it for free and may or may not have paid for the in-app purchase to use the standalone app. Are you able to edit items in 1Password on your home Mac, and can you use the 1Password extension there to fill web forms?

    Also, can you clarify the steps you took to install 1Password on your work Mac? You mentioned this:

    I have enabled Family Sharing in iCloud, and when I install 1Password using my home account's credentials it shows up as "read-only" on my work computer.

    Did you sign into your home Apple ID in the Mac App Store on your work Mac? If so, it should have recognized your purchase and you wouldn't need to use Family Sharing. Or if you added your work Apple ID to your home Apple ID's Family Sharing settings, that won't work if you downloaded 1Password in the past few months and paid for it via in-app purchase, because in-app purchases aren't supported in Apple's Family Sharing feature.

    As you can tell, this can all be a bit confusing (even for us), especially without knowing more details about the steps you took or when you downloaded/purchased 1Password. If you can let us know about all that, we should have a better idea about what's going on. Thanks in advance! :)

  • tasarz
    tasarz
    Community Member

    Hi Drew,

    I purchased the app in September 2011. I am logging into the App Store with my work AppleID on my work computer -- I can see the 2011 purchase and have installed it from that link, but it is still in read-only mode.

    The version on my home computer works fine, I can edit forms, use the web clipper, etc.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Thanks @tasarz! I hope you don't mind, but since this is a slightly different situation than the previous thread, I've moved your post to a new discussion so we can focus on this specific issue.

    It sounds like you recently added your work Apple ID to Family Sharing for your home Apple ID in order to share the purchase from 2011. Unfortunately, that won't work now that 1Password is free to download with an in-app purchase option. Even though you bought it back when 1Password was still a "paid up front" app on the Mac App Store, it won't work to try to share that purchase for the first time with a different Apple ID now. I'm afraid we don't have control over that - it's the way Apple's Family Sharing feature works (or doesn't work, in this case) for apps in this particular situation.

    I'm sorry I don't have a better answer for you about that! However, a workaround for this would be to delete the 1Password app from your work Mac, then sign into your home Apple ID on your work Mac and reinstall 1Password from the Purchased tab in the Mac App Store. Open the app to make sure it's no longer in read-only mode, then you can switch back to your work Apple ID in the Mac App Store. The only drawback is that you would need to switch to your home Apple ID again in order to install an update for 1Password.

    Alternately, you might want to consider signing up for a 1Password.com account, which will make this all much easier now and in the future. With an account, it doesn't matter which Apple ID you originally used to buy 1Password or whether you download it from the Mac App Store or from our own website, because signing into your account in the 1Password app would fully activate it. There are also many other benefits, which you can read about here: What are the benefits of a 1Password membership?

    I hope this all helps to explain what's happening and what your options are, but please let us know if you have more questions about that. Cheers! :)

  • ebarronh
    ebarronh
    Community Member
    edited May 2017

    So in other words. In the past we could pay full price up-front and then share our purchase through the Family Sharing program.
    But now that you decided to make the app free, it won't be recognized as a valid purchase in other family member's apple ids. Forcing us to purchase one of your Family Plans?
    Why didn't you start offering the free app as a separate one, then let us share our Pro features with Family as always? That's what we signed for, guys! If you want, release another version or stop giving us updates but don't take away our ability to share Pro features with family!

    This is not playing nice, AgileBits. At all!!

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @ebarronh,

    I'm sorry if this caused any inconvenience for you! However, I think you may have misunderstood some things I mentioned, so I'd like to help clear that up:

    In the past we could pay full price up-front and then share our purchase through the Family Sharing program.

    Yes, although keep in mind Family Sharing is an Apple feature that applies to certain purchases made through the App Stores, and is not a 1Password feature. In other words, although it's a feature that worked with 1Password, it's not something that we ever added to the 1Password app - it's just the way the App Store works.

    Unfortunately, Apple decided not to include in-app purchases in Family Sharing when they introduced it a few years ago. Likewise, there are other types of purchases through Apple which cannot be shared, as explained on Apple's support site here: https://support.apple.com/en-us/HT203046

    But now that you decided to make the app free, it won't be recognized as a valid purchase in other family member's apple ids.

    Not necessarily - it really depends on a few things. If you bought 1Password from the Mac App Store and shared it with family members when it was still a "paid up front" app, that should still work with those family members. But as far as I know, if you didn't share 1Password with family members before, Apple won't let you do it now, regardless of when you made the purchase. Personally, I'd really like for that to depend on the original date of purchase, but it seems as if that's not the case (and it's something Apple would need to change).

    If you paid for 1Password as a standalone app through the in-app purchase option, then it definitely isn't eligible for Family Sharing because Apple doesn't include in-app purchases in Family Sharing.

    Forcing us to purchase one of your Family Plans?

    No, not at all. 1Password Families is a great option and there are many benefits to a 1Password.com account, but the Mac App Store version of 1Password can still be purchased as a standalone app via in-app purchase.

    Why didn't you start offering the free app as a separate one, then let us share our Pro features with Family as always?
    [...]
    If you want, release another version or stop giving us updates but don't take away our ability to share Pro features with family!

    Are you referring to the Pro features in 1Password for iOS? Those have been an in-app purchase since before Apple started Family Sharing, so nothing has changed there.

    That's what we signed for, guys!

    Do you mean you had purchased 1Password from the Mac App Store when it was still a "paid up front" app? If so, then as I mentioned above, the family members you shared it with back then should still be able to share it now.

    Again, I'm very sorry if changing the Mac App Store version of 1Password to a free download with an in-app purchase option caused problems for you. Our goal wasn't to take away the ability to use Family Sharing (indeed, it should still work now if it had been working before), but due to the way the Mac App Store works, it was an unfortunate side-effect.

    Please let us know if you have additional questions or concerns about that. Cheers! :)

  • fabianzeindl
    fabianzeindl
    Community Member

    What worked for me:

    • Copy the 1Password app from the original computer to the family computer
    • Open it, OSX will prompt you to log into the appleId that purchased it.
    • Start the app
    • Switch to the other apple-Id again.

    I agree that this is terrible behaviour on behalf of AgileBits. Many companies move to subscription to guarantee a steady income.
    I'm a software-developer myself, I appreciate that and good work. I don't mind paying 5$ per month, it's really not expensive.

    BUT 1Password is already the most expensive app I own. As far as I recall i paid THREE TIMES for it. Once in 2012, then again for a lifetime-upgrade or how it was called, then for the iOS version.

    And second: As I said I'm a software-engineer and I actually know something about security.

    I don't WANT the online-vault. I don't even want family members to enable it by accident.

    Why? It's bad security. Creating a secure app is extremely hard, I trust 1Password to do that.
    But keeping a computer-network secure is impossible.

    Especially when every hacker knows that their are many vaults with potentially insecure passwords lying around to brute-force them.

    AgileBits won't even KNOW if they haven't already been hacked.

    THAT is the reason most security experts who praised 1password now refrain for that.

    Don't store everything at one provider. It's bad.

  • fabianzeindl
    fabianzeindl
    Community Member

    Ok I just realized my method only works until you restart the app.

    This is really annoying, unfortunately there is no better app yet, but if there is one, I'll be the first to leave.
    AgileBits could at least offer a discount.

  • Lars
    Lars
    1Password Alumni

    @fabianzeindl - I'm sorry you've had a frustrating experience with 1Password and the Family Sharing program in the Mac App Store. Let's see what we can do about that. And thanks for your comments/questions regarding security of 1Password. I'm actually going to reply separately to those two things, since they seem separate to begin with: one's about helping you get access to what you've paid for, the other is a more philosophical and practical discussion about security.

    As far as I recall i paid THREE TIMES for it. Once in 2012, then again for a lifetime-upgrade or how it was called, then for the iOS version.

    A couple of points here. First, although we're not able to see what purchases a user has made from either the Mac App Store or the App Store because Apple controls those points-of-purchase, we have never had any "lifetime upgrade" for 1Password in the Mac App Store, to my knowledge. If you can point me to a receipt or an offer we made that states otherwise, please let me know.

    Secondly, yes, 1Password for iOS has always been a separate purchase for the Pro features. Until the release of 1password.com accounts, 1Password was sold per-person and per-platform. Because we take the time to develop native 1Password applications on four different platforms (Windows, Mac, iOS and Android), we priced them individually so users could choose to pay for only those platforms which they actually used. So although purchasing once at the Mac App Store for 1Password for Mac and another time at the App Store for 1Password for iOS makes sense, I'm surprised to hear you say you made a third purchase for a "lifetime upgrade" of 1Password for Mac.

    I'm not surprised that copying the 1Password application from one computer to another didn't work; Apple has mechanisms to prevent that sort of thing. The way you'll need to do this is to delete 1Password by dragging it to the trash if you still have it installed. Don't use any app cleaners or uninstallers to do this, as these programs can remove more data than we want them to. Just drag the 1Password app to the Trash, then restart your Mac. After restart, open the Mac App Store and sign in using the Apple ID you initially used to purchase 1Password for Mac, then go to the Purchased tab at the top of the store, locate 1Password there, and the button to the right of it should say "Install." If so, go ahead, and you should have restored your purchase, allowing you to pick up where you left off. Let us know how that works for you. Security reply to follow. :)

  • Lars
    Lars
    1Password Alumni
    edited February 2018

    @fabianzeindl

    Creating a secure app is extremely hard, I trust 1Password to do that.

    Thanks! :) In the eleven-plus years we've been developing 1Password, we've never had a breach of a user's encrypted data, whether from local vaults or 1password.com.

    But keeping a computer-network secure is impossible.

    Arguably. Since that's your view, I won't get into all the lengths to which we go in order to keep miscreants and thieves out of our servers themselves. However, I will point out that although 1password.com is relatively new, it's far from the first "cloud-based" sync option 1Password users have had. In fact, many if not most of our users have been merrily using either Dropbox or iCloud for years, to sync their 1Password data between devices (and in the case of Dropbox, to share it with family members). This has been available since version 3 for Mac (2009), and we've still never had a breach of encrypted data in all that time.

    That's not to suggest 1Password is invulnerable in all circumstances, forever. Instead, it's merely differing with your idea that storing encrypted data in "the cloud" constitutes "bad security." If that were the case, given the size of our user base, I'd think that we'd have had something less than a perfect record with our lengthy history of 3rd-party cloud-based sync solutions.

    Especially when every hacker knows that their are many vaults with potentially insecure passwords lying around to brute-force them.

    Indeed, we were quite aware when developing 1password.com that the presence of many users' encrypted data all stored on the same servers might prove a tempting target for some attackers. Fortunately, 1Password has always been developed - since long before 1password.com - with the assumption that an attacker has ALREADY gotten hold of your data file. Real security doesn't come through the obscurity of trying to hide one's data from potential attackers by not "putting it in the cloud," it comes through good security design. That's why we go out of our way to be transparent about our security protocols, even to publishing a security white paper on the subject: so anyone can see for themselves.

    That's why, for 1password.com, we created 2SKD (2-secret key derivation), using the Secret Key, because it means that even IF our servers are breached and an attacker makes off with the encrypted ciphertext that (if decrypted) would be a user's 1Password data, the attacker would need to not only know, guess or crack the user's Master Password but also a 26-digit string of random alpha-numeric characters which was created on the user's device when they signed up for 1password.com, and has never been transmitted to us in any form. It is these two "factors" if you will that together derive the AES256 key which decrypts a 1password.com user's data. That means even the worst, easiest-to-crack Master Password would be strengthened by a 26-character string of unknown data, giving even that weakest password an entropy of 128 bits, minimum. If that's below your comfort threshold then by all means you should look for a password management solution that better suits your own assessment of your threat model. We'll be happy as long as we know you're using something other than sticky notes or an Excel spreadsheet. :)

    And in truth, you're more than welcome to continue using 1Password with only local vaults, not synced through 1password.com or any other cloud-based sync service.

  • fabianzeindl
    fabianzeindl
    Community Member

    Hi, lars thanks for the quick reply. i looked up my purchase history. I paid once for mac and twice for the iOS app, once for version 3, then version 4.

  • Lars
    Lars
    1Password Alumni

    @fabianzeindl - thanks for that. Were you able to restore your Mac App Store purchase by installing from the Purchased section of your Mac App Store account?

  • fabianzeindl
    fabianzeindl
    Community Member

    Lars, but if I use the cloud on 1password.com isn‘t my vault available online from any computer using only my masterpassword?

  • Lars
    Lars
    1Password Alumni
    edited November 2017

    @fabianzeindl No. Try it: one of our own 1Password accounts is https://agilebits-inc.1password.com. When you visit there, are you asked only for your Master Password? Or are you asked for an email address, Master Password and Secret Key?

    In any given browser, once you sign in the first time to an account (i.e. - provided all three of those pieces of data), the browser will save the email address and the Secret Key you entered, so that subsequent uses of that browser will require only the Master Password to login...but if you're using an unknown computer (or even, really, any computer you don't own), make sure to check the box that says "This is a public or shared computer." This will prevent any local storage of your email address and Secret Key.

    Of course, it won't prevent something like a fully-compromised computer on which there is a malicious rootkit installed from capturing anything you input (including your Master Password or Secret Key) -- but if you suspect or even worry about such a thing on any given computer, the solution is: don't access your most-sensitive 1Password from that computer. If it's the computer at your mom's house, you can probably trust it enough that just checking the box I mentioned is enough. If it's a squirrely-looking PC at Hackers-R-Us Internet Cafe, then probably not. :)

    Also: re-installing, resetting or emptying the cache of any browser will dump any saved Secret Key as well.

  • fabianzeindl
    fabianzeindl
    Community Member

    Hi Lars,

    regarding the purchase-restore: My original intention was to install my own purchase on my fiancees computer with her AppleId, I thought I had found a workaround for doing that. My own purchased copy on my computer works of course.

    A follow-up to the pricing discussion: Can you tell me why the iOS was sold twice, I paid

    • 7.99€ for 1Password for iPhone, v3.6.5 in 2012 and also
    • 7.99€ for 1Password - Password Manager and Secure Wallet, v4.3.2 in 2014

    Regarding the security discussion: Thank you for the lengthy write-up, I did not know about the security-key, I will certainly factor that into my consideration of signing up for the service.

    Also I'm not against storing encrypted data in the cloud. I had my vault at dropbox (which got hacked) and at iCloud as well.
    Since the dropbox-webvault didn't use a security-key at the time (does it now?) that was probably more insecure than using 1password.com.

    My primary concern is the concentration on a single highly-visible provider for storing this data.

    Hackers might access the network, download all the vaults and keep them somewhere in case some part of the crypto is weakened in a couple of years enabling bruteforcing.

    And the point is you can never be sure that hasn't already happened.

    This issue is the same for other cloud-providers, but I figure hackers rather attack a juicy target like 1password.com where they don't have to download or search through terrabytes of irrelevant material.

    Anyway. Like stated above, I will reconsider signing up. Thank you for the support.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @fabianzeindl: On behalf of Lars, you're most welcome. Glad he was able to help. :chuffed:

    A follow-up to the pricing discussion: Can you tell me why the iOS was sold twice, I paid
    7.99€ for 1Password for iPhone, v3.6.5 in 2012 and also
    7.99€ for 1Password - Password Manager and Secure Wallet, v4.3.2 in 2014

    You purchased two different versions. Version 4 was not free, so it was a separate purchase from version 3.

    Regarding the security discussion: Thank you for the lengthy write-up, I did not know about the security-key, I will certainly factor that into my consideration of signing up for the service. Also I'm not against storing encrypted data in the cloud. I had my vault at dropbox (which got hacked) and at iCloud as well. Since the dropbox-webvault didn't use a security-key at the time (does it now?) that was probably more insecure than using 1password.com.

    Not insecure, but certainly when building our own service which relies on hosting the data, we wanted to add an additional layer.

    My primary concern is the concentration on a single highly-visible provider for storing this data. Hackers might access the network, download all the vaults and keep them somewhere in case some part of the crypto is weakened in a couple of years enabling bruteforcing. And the point is you can never be sure that hasn't already happened.

    Indeed. That's our primary concern as well. We operate on the assumption that someone could break into our server and steal everything we have. So, with that in mind, we do two things:

    1. We never get the "keys" to user data, not even when you sign into the website.
    2. Both the Master Password and Secret Key are used to encrypt the data. That way an attacker who steals the database from us cannot perform brute force attacks on people's Master Passwords — which certainly not everyone will be using a strong one.

    This issue is the same for other cloud-providers, but I figure hackers rather attack a juicy target like 1password.com where they don't have to download or search through terrabytes of irrelevant material.

    Totally. We need to protect against smart attackers. The stupid ones are less of a concern. ;)

    Anyway. Like stated above, I will reconsider signing up. Thank you for the support.

    Likewise, thanks for your interest! Be sure to let us know if you have any other questions! :)

  • fabianzeindl
    fabianzeindl
    Community Member

    Hi Lars and brenty,

    just wanted to let your know I signed up for a family subscription a while ago, in part because of the helpful discussion here.
    The experience so far has been superb, sharing vaults is especially useful.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2018

    @fabianzeindl: Thanks so much for taking the time to let us know you're enjoying it! We don't often hear from folks when everything's working. We're here for you if you ever need help though (but I think you know that!) Happy new year! :chuffed:

This discussion has been closed.