Big bug that caused two of my synced vaults to be merged [fixed with 4.3 update]

aaronadams · March 2014

Oy.

When I did the 4.2 update, I had to set up syncing again.

Preferences > Sync, set it up for my first vault.

Switched to my second vault, started setting up Dropbox sync, was prompted to choose folder, then was prompted to enter password for the second vault.

Switched to my first vault to get the password, copied it into the dialog… which, instead of completing sync setup for the second vault, changed sync setup for my first vault, and merged all of my entries!

AHHHHHHH

aaronadams · March 2014

…Furthermore, when I originally tried restoring my original unmerged primary vault, 1Password closed and couldn't be reopened, error message "Failed to open 1Password database" because the database is locked.

I had to use Activity Monitor to quit the 1Password Mini process.

When I reopened 1Password, the vault backup had been successfully restored; so I had to manually delete the original synced vault in Dropbox, and create a new synced vault in its place.

This was a pretty major annoyance for me, and for others I could see it being the type of problem that would be very very difficult to fix.

jtalton · March 2014

We also experienced this bug today. It is a HUGE problem for us: our company password file was polluted by several users' individual password files...

Ben · March 2014

Hi folks!

First please let me apologize for the difficulty here... we certainly understand the importance of data integrity and so we're very interested in getting to the bottom of this.

First please let me see if I understand the situation correctly:
You have multiple Agile Keychains in Dropbox
You set up syncing between your primary vault and one of the keychains in Dropbox
You set up syncing between your secondary vault and a different keychain in Dropbox

Result:
Somehow the data from the primary vault got merged into the secondary vault's keychain in Dropbox?

Please let me know if I have that right.

Ben

aaronadams · March 2014

Yes.

Here it is again, with more detail.

Background:

Upon updating 1Password to version 4.2, syncing was disabled for both of my vaults (why?!).
I keep the password for my secondary vault in my primary vault.

Order of operations:

With the primary vault active, go to sync preferences.
Choose Dropbox, select existing .agilekeychain file.
1Password prompts for primary vault password; I know it, so I enter it.
I'm prompted to allow my data to be merged with the existing file; I say yes.
Switch to secondary vault, then return to sync preferences.
Choose Dropbox, select existing .agilekeychain file.
1Password prompts for secondary vault password; I don't know it, so I switch to my primary vault, copy it, and paste it into the prompt.
I'm prompted to allow my data to be merged with the existing file; I say yes.

This order of operations should complete sync setup for the secondary vault; instead, it modifies the existing sync setup for the primary vault, merges the entries, and (in a shared vault scenario) pushes those entries out to the rest of the organization (this might even be categorized as a security risk).

It strikes me that there may not be a "simple" interface fix, based on the fact that the Sync and Backup tabs in Preferences are indeed vault-specific (whereas the other preference tabs are not). If you prevent vault switching while in that preference panel, you prevent people from retrieving their secondary vault passwords, which is probably a very common use case; if you just make sure the right vault's preferences are affected by the change, the user doesn't actually see the result of that change.

Perhaps it might be smart to combine Sync and Backup into a single tab, and add a pane on the left to choose which vault's preferences are being modified? Similar to the Extensions preference pane in Safari, or the way I choose a vault item in 1P4's second pane and then edit it in the third pane.

jtalton · March 2014

Just chiming in again to +1 aaronadams's reply: that is EXACTLY what happened at our organization, too.

dteare · March 2014

Thanks for the detailed explanation everyone. I see exactly what you mean.

Honestly I never expected the vaults to be switched while in the middle of configuring the sync method. This window should be modal for the entire application, or we should close it when the vault switches. I will work with our team to find the best solution here and hopefully have the fix soon.

Thanks again!

aaronadams · March 2014

Thanks!

Just keep in mind that not knowing the passphrase to a secondary vault by heart, and therefore storing it in the primary vault, is probably going to be a majority use case for multiple vaults and vault sharing. So it would be really really nice to still be able to access the primary vault while adjusting the settings for the secondary vault.