Windows sync with shared dropbox account

Hi there. I purchase the family pack to give my wife a Windows copy of the program. I use the OS X version. She'll be using a separate password file than I will. However we use a shared dropbox account. My wife has an iPhone.

Is there any way to sync her phone and computer using Dropbox so as to not have our password files collide? Is there any other way to perform this synchronization?

Comments

  • DBrown
    DBrown
    1Password Alumni

    It sounds like you want to sync your 1Password for Mac data with your wife, and she wants to sync her separate 1Password data between her PC and iPhone. Is that correct?

    If so, you'll need to use two 1Password vaults (called 1Password data folders, on the PC).

    You could name yours BobZef.agilekeychain, and she will call hers SomethingElse.agilekeychain. :)

    You'll both have a copy of the two vaults (.agilekeychain folders) in your local Dropbox storage (because that's how a single Dropbox account works), and she'll need to know the master password for the BobZef.agilekeychain folder.

    In 1Password for Windows, she can use the File > Open 1Password Data Folder command to switch between BobZef.agilekeychain and SomethingElse.agilekeychain, using the appropriate master password for each.

    Important:

    • The extensions included in the current version of 1Password for Windows will always save new Login items to whatever data folder was most recently opened in the main 1Password program, so she'll want to keep that in mind as you switch among them, to make sure Logins are saved where she wants them.

    • 1Password for iOS will always sync with whatever data folder was most recently opened in the main 1Password program, so she'll want to make sure she opens and unlocks SomethingElse.agilekeychain before she opens the 1Password for iOS app on her iPhone, triggering a sync; otherwise, she'll have the items from both data folders merged, and that will be sync'ed back to her PC, which will be a mess.

    We’re working around the clock to get version 4 of 1Password for Windows ready, and I hope it will include a switching mechanism that feels more like the one on the Mac. I also hope that it will include solutions to the two important points above.

  • bobzef
    bobzef
    Community Member

    Thanks for the response. What I want is a little different. I want my wife and myself to have two completely separate password files. It's OK if that's accomplished using vaults. I want my wife to sync her password file between her Windows computer and her devices. I want to sync my password file between my OS X computer and my devices. The only thing in common between us is a shared dropbox account.

    To be honest it never occurred to me to use vaults. Vaults introduces a lot of complication and confusion for me. I wonder if the complication is arising from how I sync. On the Mac I use iCloud. But since I want to use "1Passwordanywhere" I have my iPhone syncing with iCloud as well as Dropbox. The Mac version can't do both. Now my wife is using windows so her only option is to sync with Dropbox.

    I made a vault for my wife on my Mac and it didn't create a separate file. Is this because all the data is maintained in an sqlite database in Application Support? Then I tried to set up syncing for the new vault. It didn't let me select iCloud like I had for my primary vault. So I selected Dropbox. The subsequent dialog prompted me to select a vault (it didn't allow me to create a new one). But the only vault I had on Dropbox is the one my iPhone put there for my primary vault. I resisted selecting that thinking I was heading into a big mess.

    Will things get simpler and clearer if I just stop syncing with iCloud? Would I then see two separate keychain files on Dropbox?

    I was resisting using Dropbox exclusively for 1Password syncing. I think I read on the forums here that the iPhone is not "officially" supposed to be syncing with anything other than iCloud.

    Suppose I switch to just Dropbox. When I select different vaults on my Mac does that alter the top level pointer which locates the keychain (.ws.agile.1Password.settings). If that's the case then if I open one vault on my Mac would my Wife would be stuck on that vault when using her iPhone?

  • bobzef
    bobzef
    Community Member

    One of my confusions from above was just silly. The button for setting up syncing to dropbox is labelled "choose vault...". It used to be labelled "choose folder..." (as shown at http://learn.agilebits.com/1Password4/Mac/en/Tutorials/share-vault.html). I found that if there is no keychain in a folder then selecting that folder creates the keychain with name the same as the vault's name.

  • DBrown
    DBrown
    1Password Alumni

    It's kind of complicated, but the database itself is separate from the sync point (in this case, the .agilekeychain package/folder in Dropbox).

    Even though you can create "secondary" vaults in 1Password for Mac, that's not the solution. Regardless of whether you're sync'ing to your iOS devices, too, the solution is still the same:

    ...you'll need to use two 1Password vaults (called 1Password data folders, on the PC).

    That's two separate primary vaults, in 1Password for Mac terminology.

    Note that a "vault" is (from the user's perspective) the same thing as a 1Password data folder. In fact, 1Password data folders are called vaults in 1Password 4 for Windows, currently in beta development.

    Your question about the .settings file is a good one. As far as I know, we're still ironing out the kinks. :/

    The best bet is to follow the instructions and heed the warnings in my earlier post.

  • bobzef
    bobzef
    Community Member

    I appreciate all your feedback. Your responses have prompted me to study the issues. That's always a good thing. :-)

    I did misunderstand your use of the word vault in your first response. I thought the separate vault files on Windows corresponded to separate vaults on the Mac. I see now that the keychain file vault is not the same as a vault on the Mac. The exception to that is when you choose to backup a vault on the Mac to Dropbox then 1Password asks you to choose a vault (a keychain file) as your sync point.

    It's unfortunate that keychain files are called vaults. It's funny that the "What's New in 1Password 4 for Mac" advertises the new feature "Multiple Vaults". I believe that prior to version 4 your main data was kept in a keychain files rather than in the "~/Library/Application Support/1Password 4/Data" folder. So in actuality we always had multiple vaults (if you call keychain files vaults). It was only made more usable in version 4 (and made incompatible with the Windows usage).

    I guess the pointer at the root of the Dropbox folder is only serving the iOS app so as to allow it to find the keychain file. If there two different keychain files then it can only find one unless you change the pointer. The keychain files in Windows don't know about each other. So each one attempts to take over and redirect that pointer when it's open. The use of Dropbox for syncing secondary vaults in the Mac version doesn't seem to modify that pointer. That makes since since the iOS app doesn't even see those secondary vaults.

    I think the use of multiple keychain files is very perilous if a shared Dropbox account is being used. Each person affects the other. Suppose I'm using my iPhone to sync to Dropbox file A. Then my wife uses her Windows version to change the root pointer on Dropbox to point to file B. Then my iPhone will start syncing to file B. That's the mess you mentioned. If only one person is involved the odds of messing up are high. With more than one person involved it's almost certain that it will get messed up.

    I'm looking forward to when iOS and Windows 1Passwords are brought in line with the new approach. Then the sync point to Dropbox will be a single file holding all the vaults. iOS and Windows apps would be able to switch amongst them just as the Mac version does.

    For now I've concluded what I originally requested is not practically possible. I'll probably just start using iCloud exclusively and let my wife use the Dropbox account. I'll let my desire to use 1PasswordAnywhere slide. I'll just encrypt a pif export. If I ever need access to my passwords without using the 1Password program I'll decrypt it and look there. It's just a text file.

  • DBrown
    DBrown
    1Password Alumni

    You're technically correct, @bobzef, but unless you're really digging into the nitty gritty of things—not typically necessary for successful use of 1Password—it's perfectly reasonable to think of a .agilekeychain folder (or a .opvault folder, for that matter) as a vault. The folder is simply a manifestation-for-purposes-of-sync'ing of a vault, whether it's a "primary" or "secondary" vault. The confusion comes from the fact that 1Password for Windows doesn't yet include the concept of "primary" or "secondary" vaults: all vaults are independent and unrelated.

    You are also correct about the .settings file in your Dropbox "root" folder. It tells the 1Password "mobile" apps where to find the .keychain folder with which they'll sync. That's why you have to be so careful in 1Password for Windows which vault you open last before you launch the mobile app. I got my own data in a muddle—only once!—by forgetting that.

    You are also correct that 1Password on all platforms needs to use the same vault model. We are in active discussion of that very topic. :)

    In the meantime, a simple solution to your specific scenario would be to ask your wife to use a separate Dropbox account. They're free, as well as easy to set up.

  • bobzef
    bobzef
    Community Member

    We have to use one dropbox account since we share a lot of files. But thanks for all your efforts. I appreciate it.

  • DBrown
    DBrown
    1Password Alumni

    You can put the files you need to share into a separate folder under your Dropbox "root" folder, and use Dropbox's "share folder" feature to share that separate folder with anyone her, even though she's using a separate Dropbox account.

    That's still my recommendation.

  • bobzef
    bobzef
    Community Member

    I'll consider it. She has a lot of documents for which she's signed confidentiality agreements. I can't have them secured by just an obfuscated link. But I'll check it out further.

  • DBrown
    DBrown
    1Password Alumni

    I don't know what you mean.

    If you're already sharing them in your joint Dropbox account, how is it worse to store them in a different Dropbox account that only she will have access to?

    Also, what obfuscated link?

  • RichardPayne
    RichardPayne
    Community Member

    I think bobzef assumed you meant to use the public folder and was unaware of folder sharing.

    You can't browse the public folder but can link directly to the files. In principle it would be possible to brute force someone's public folder by repeatedly trying different access urls. It's a method of obfuscation, which I think it what he was getting at.

    As you said, folder sharing is a private thing between two accounts and so isn't open to this sort of attack. It's also a lot more secure from the point of view of his wife's confidentiality agreements because he only gets to see what she chooses to share rather than give him complete access to her entire account.

  • DBrown
    DBrown
    1Password Alumni

    I hope @bobzef lets us know whether that's the issue. Thanks, @RichardPayne!

This discussion has been closed.