How can Share Version 7 data/vault with Version 3

DocC
DocC
Community Member

At work I have to use an OLD Mac Mini running OS X 10.6.8 and 1Password v3.8.22. At home I'm running the Mojave Beta and 1Password v7.

I used to store my data/vault—I'm not sure what to call it—in DropBox to keep my passwords synched, but DropBox no longer supports OS X 10.6.

I just tried copying the 1Password and 1Password.opvault to a USB stick and transferring them to the Mini, but the old version couldn't find anything to open.

Is there any way to transfer that information via USB stick?


1Password Version: 3.8.22 & 7
Extension Version: No longer works on MIni
OS Version: 10.6.8 & Mojave latest public beta
Sync Type: Physical media
Referrer: forum-search:Share Version 7 data with Version 3

Comments

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    1Password for Mac version 3 was before OPVault's time. It used the ancient Agile Keychain format. 1Password 7 will import Agile Keychains (we never want to see people locked out of their 1Password data), but 1Password 7 will not write them or modify Agile Keychains. If you can get 1Password 4 running on that mini, then you should be able to work with OPVault.

    For security reasons we need to remove certain support of older data formats or operating system versions. Agile Keychain was fine in its day, but that day is gone. And frankly the same applies to OS X 10.6. You should not be doing anything security related on unsupported operating systems that don't receive security updates.

    A rant

    I'm going to rant a bit.

    Probably the worst thing to happen with Internet security in this century was the overly long life of Windows XP (or NT4). The pressures that kept people on it for so long (typically having software that would only run on it) weakened Internet security for everybody.

    The typical way this happened is through "downgrade" attacks. More secure systems still had to support interoperation with less secure legacy things, and so they could be tricked into using the less secure and "options" and then having those exploited. So even Alice had her systems all up to date, she still interacted with services that worked for Bob's unsafe systems, and this became a way to break into Alice's systems.

    Aggressive insistence on up to date systems

    The world has learned from what happened over previous decades, and we along with it.

    • We will not update 1Password versions for operating system versions that are receiving security updates.
    • We will import from legacy data formats, but we will not allow creation of them in current versions.
    • We will build 1Password to make use of the best security features an operating system has to offer, which may make it insist on recent versions of the OS.

    We need to do this to keep 1Password secure.

    Sympathy yes, but we are not going to enable insecure behavior

    I'm sure you have very good reasons for running OS X 10.6, but we can't accommodate those without running a real risk of weakening 1Password for lots of people. I am genuinely sympathetic, but that sympathy will not result in us changing course on this.

    Now you might find a solution in which you use 1Password 6 (which still allowed Agile Keychain Format), but eventually you will run into problems, where 1Password 6 no longer runs on future versions of macOS. You could create a chain of maintaining an OS version that can run 1Password six and using that to translate between Agile Keychain and OPVault. But that would be an incredibly fragile arrangement that might only buy you a couple of years before the whole thing crashes down on you.

    But the short answer is that you cannot count on modern security systems and products interacting with systems that haven't been upgraded in half a decade. Again, I'm sure you have your reasons for your setup, but it is not a tenable one with respect to security whatever your reasons.

    I know that this isn't the answer you were hoping for, but I hope you understand why it is the answer I have to give.

    Cheers,

    -j

    –-
    Jeffrey Goldberg
    Chief Defender Against the Dark Arts @ 1Password

  • DocC
    DocC
    Community Member

    Thanks for the information (and the quick response. While I am in complete agreement with you—note that my home setup is completely up to date—at work I'm knee-capped by an incredibly cheap IT department—that is still running a LOT of XP based machines. They were extremely reluctant to even let me use a Mac, so until that Mini shudders, gasps, and grinds to a halt, I'm stuck with it in all its 32-bit glory. Last weekend found me bent over it with a putty scraper swapping out a defective CD drive, just to keep it operational.

    Is it possible to simultaneously run 1Password version 6 on a machine that is also running version 7 without corrupting my data? If so, that would be an adequate solution for me.

    Thanks

  • Lars
    Lars
    1Password Alumni

    @DocC - I really wouldn't recommend it. It CAN be done, but the potential for problems is increased considerably. And even if you DID to so, why would you want to -- i.e.: how would you keep 1Password 7 for Mac synced with 1Password 6 for Mac and your aging work Mac?

    If you absolutely must violate everything jpgoldberg said above, I'd stick with 1Password 6 for Mac if I were you. That at least allows you to use the Agile Keychain to sync between the work Mac and your home setup. To be clear, however, this is a terrible long-term strategy, for both security and usability, to remain on such aging systems. I know it's out of your hands to some degree, but, well...just reiterating for anyone else who comes across this thread: we don't advocate such measures, for exactly the reasons jpgoldberg enumerates.

This discussion has been closed.