Does OTP information get saved in the DB?

imthenachoman

I see that I can add OTP information for sites like Google. Will the OTP information be saved in the local 1password DB? And will it work with WLAN sync for iOS and Android?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:otp

AGAlumB

@imthenachoman: If you add a TOTP secret to a login in 1Password so it can generate the code for you, yes that will be saved in that item in your vault, and can sync to other devices. I hope this helps. Be sure to let me know if you have any other questions! :)

imthenachoman

Awesome. Thank you!

No other questions for now. Just waiting for y'all to support custom cloud or WebDAV options so I can use my personal home NextCloud server. I don't want to save my DB to Dropbox or iCloud and it doesn't look like y'all are adding WLAN support to the newest version. :(

rickfillion

Just waiting for y'all to support custom cloud or WebDAV options so I can use my personal home NextCloud server.

I'd love to know what you mean by "custom cloud" there. WebDAV support isn't coming though. We've tried to build it in the past and could never get it to work reliably enough for us to want to put it in the finished product. A feature that doesn't work consistently is worse than no feature at all.

Rick

imthenachoman

By custom cloud I mean self hosted cloud services like NextCloud. I've got my own cloud server with WebDAV and other hosting/sharing features. My laptop already syncs to my NextCloud server. So my local 1password vault is synced there. Ideally I'd want the iOS and Android app to let me use WebDAV or something to get the vault file from my NextCloud server. https://nextcloud.com/

However, I am starting to realize y'all are moving away from local vaults to your online hosted vaults. The newest windows client doesn't let you use a local vault.

This was my whole reason to move to 1Password. I would even be willing to pay as long as I could self-host the vault. Without local vaults I don't see the value/benefit of moving to 1Password. :(

AGAlumB

@imthenachoman: WebDAV and NextCloud are not, but WLAN Server is at least a possibility. We just have a lot of other stuff to do before we can even think about that seriously. I'm curious about why one or the other would matter to you though. Can you elaborate? Since 1Password data is end-to-end encrypted, so 1Password simply doesn't depend on the sync service to protect your data. So in any of those cases you'd be in the same boat. If 1Password isn't secure in one, it wouldn't be in the others either. I think there are compelling reasons to trust 1Password's security, but I don't understand how the specific mechanism would factor into that.

AGAlumB

By custom cloud I mean self hosted cloud services like NextCloud. I've got my own cloud server with WebDAV and other hosting/sharing features. My laptop already syncs to my NextCloud server. So my local 1password vault is synced there. Ideally I'd want the iOS and Android app to let me use WebDAV or something to get the vault file from my NextCloud server. https://nextcloud.com/

@imthenachoman: Ah, I missed your most recent reply there. Sorry about that! Thanks for clarifying.

However, I am starting to realize y'all are moving away from local vaults to your online hosted vaults. The newest windows client doesn't let you use a local vault.

I think maybe you've missed some pretty big news over the past half year or so. In August we announced that 1Password 7 would support local vaults, and the public beta began last month. The latest version of 1Password for Windows most assuredly does support local vaults. We've spent a lot of time and energy building that feature.

This was my whole reason to move to 1Password. I would even be willing to pay as long as I could self-host the vault. Without local vaults I don't see the value/benefit of moving to 1Password. :(

Security, for one, but also our dedication to privacy. And there aren't a lot of places you can get personal support in a timely fashion either. Believe me, I've tried to get it! Those companies that do offer it are invariably the ones I stick with, but that list is pretty short.

imthenachoman

@brenty Yes. I saw that 1Password 7 is adding local vaults back. Can't wait for it to come out of beta.

And I realize that y'all are dedicated to privacy but there are no guarantees. Such a big company like 1Password is a big fish with a lot of hackers targeting it. One day hackers may get access to your data/vaults. Now, I know the vaults are encrypted but if hackers can download the vault, with enough time and a powerful enough computer, they could eventually crack it. It isn't outside the realm of possible.

imthenachoman

For now I would much rather have a local vault. I still have to figure out how to get it into my iOS and Android phone but I'm sure I can figure something out.

AGAlumB

Yes. I saw that 1Password 7 is adding local vaults back. Can't wait for it to come out of beta.

@imthenachoman: :) :+1:

And I realize that y'all are dedicated to privacy but there are no guarantees.

I have to stop you there, because while I understand the sentiment, there is one really simple guarantee that our privacy and security is based on:

**If we don't have it, it cannot be taken from us. **

So we go to a lot of trouble to know as little as possible about our customers. After all, we could be bought out, stolen from, or simply become evil in the future. But if any of those things happen, one thing is certain: nothing bad can happen to customer information we don't have.

Such a big company like 1Password is a big fish with a lot of hackers targeting it. One day hackers may get access to your data/vaults. Now, I know the vaults are encrypted but if hackers can download the vault, with enough time and a powerful enough computer, they could eventually crack it. It isn't outside the realm of possible.

Possible, but infeasible. Certainly, given enough time and, perhaps, monkeys with typewriters. Brute force attacks exist. And they will eventually succeed. That sounds scary, but the length of time needed (spoiler: none of us has that long) makes it infeasible. Having a long, strong, unique Master Password is critical, but 1Password also slows down attempts on the data using PBKDF2 to make more, non-accelerable work for the attacker. For each guess. That makes all the difference. We also encourage security researchers to hammer away to find any flaws so we can fix them. We prefer to not even give the bad guys a sporting chance if we can help it. ;)

For now I would much rather have a local vault.

Fair enough. :)

I still have to figure out how to get it into my iOS and Android phone but I'm sure I can figure something out.

iOS is problematic because there's no way to sync data to an arbitrary folder. But perhaps Apple will have some new toys for all of us in a few months. Cheers! :)