how to access 1p in Dropbox

securethinker
securethinker
Community Member

In the past I could log into Dropbox in my browser and view the 1password html file. It appears you have done away with this feature:
https://discussions.agilebits.com/discussion/63045/moving-beyond-1passwordanywhere/p1

Unfortunately I need that. In an emergency, I want a trusted friend to be able to log into Dropbox and then access my entire 1p data.

How can I do so now? I don't want to share my computer password and I don't want that person to be required to have my physical device. I want them to be able to access my 1p file from the web. How can I do this?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • danco
    danco
    Volunteer Moderator

    For security reasons, AgileBits stopped developing 1Password Anywhere some time ago. An equally important reason for the change is that Dropbox recently ceased to provide the framework that allowed 1PW Anywhere to work.

    Ify ou feel you need this emergency access, you will need to move to the new subscription model. There are currently three versions at different pricing points of that, 1PW for Teams (not relevant for you), 1PW for Families (doesn't have to be a physical family, so can be useful) and the very new 1PW (for individuals). The individual version seems as though it will be best for you, your friend can access your data through the web but will not be able to make any changes.

    One advantage of the subscription model is that it covers all updates on all platforms. I think this is probably the best route to go for newcomers, current users of the stand-alone version (which will continue to exist) may not want to make a further payment but I think it probably still makes sense

  • securethinker
    securethinker
    Community Member

    I don't see any information on 1PW for individuals. Can you share this?

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @securethinker,

    Sorry you're having trouble finding information about that! You can find information about both the individual and Families accounts here: https://1password.com/sign-up/

    Either type of account will give you web access to your 1Password data. Because you would also like your friend to have access to your data, you might want to consider signing up for 1Password Families, as that would allow your friend to have their own account on your Families plan. In other words, they would have their own master password, so they wouldn't need to know yours. 1Password Families makes it extremely easy to share your data with others, and you could share as much or as little data with your friend as you'd like. They'll be able to access it from the web, or from the 1Password app on Mac, Windows, iOS, or Android - those apps are all included for free with Families.

    If you have any questions about that, please don't hesitate to let us know. Have a great weekend! :)

  • securethinker
    securethinker
    Community Member

    Thanks Drew.

    I'm a little confused why two hours ago the "Pricing" link showed the family subscription and standalone app. Now it appears to show family and individual subscriptions only. Are you eventually going to move away from the standalone?

    It's disappointing you got rid of 1passwordanywhere. I get the issues with Dropbox, but it could still be saved to my server or I could sync it somewhere online in case of emergency. If I lose access to my devices for some reason, it appears I'm toast until I get access to my backup hard drive with another device. Basically I want the web access in Kathmandu when I've lost my mobile device, but I don't have a need for the subscription as I don't need the bleeding edge updates and am fine updating the standalone every 2-3 years.

    Have a great weekend yourself!

  • danco
    danco
    Volunteer Moderator

    AgileBits have said that they will continue to sell the stand-alone version. I guess it's just a matter of how they design the information and pricing page.

    If you look through the (rather long) discussions you will find that it is still possible to use !PW Anywhere with your own server. However, AgileBits strongly recommend that you do not do so as they regard it as insecure, and don't give instructions on how to do it.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @securethinker,

    I'm a little confused why two hours ago the "Pricing" link showed the family subscription and standalone app. Now it appears to show family and individual subscriptions only.

    Sorry for any confusion! The link I gave you in my previous reply should be showing you the latest information (individual & Families). It's possible you had been looking at another page on our site which still needs to be updated.

    Are you eventually going to move away from the standalone?

    We still offer standalone licenses for those who can’t or don’t want to sign up for an account/subscription, and we don't have any plans to stop offering them. We think an account is the best experience for most new customers, but there are certainly many other customers who would prefer a standalone license - that's why we offer both. In the link I gave you, you'll find information about standalone licenses in the FAQ.

    It's disappointing you got rid of 1passwordanywhere.

    It was definitely a cool feature, and I'm sorry you miss it! I understand why it's an important feature for you, and why you don't want to sign up for a 1Password account just to continue having web access to your data.

    As you may have already read, 1PasswordAnywhere was an old feature designed years ago (originally around 2008), built into the old Agile Keychain format, relied on older Dropbox APIs, and had very limited capabilities (it never had the ability to edit data or create new items, and the interface was a basic, shallow copy of 1Password 3). It also had much weaker security than the main 1Password apps because 1PasswordAnywhere is a JavaScript app that can easily be modified to do malicious things. It was a great solution back when security concerns were less severe, but I wouldn't recommend using it on a public computer these days.

    The new, fully-featured web app included with a 1Password account is far more secure, advanced, and easier to use than 1PasswordAnywhere. It's just one of the many great features and benefits you get with an account, but if web access is the only feature of an account that you're interested in, I can understand why it might not seem like the right fit for you. However, please know that you can sign up for an account and try it out for free, so there's nothing to lose if you simply want to check it out to see what it's like.

  • securethinker
    securethinker
    Community Member

    Thanks Drew. Makes good sense.

  • Drew_AG
    Drew_AG
    1Password Alumni

    :+1 :)

  • fourwheelcycle
    fourwheelcycle
    Community Member

    securethinker,

    If you want a securely-encrypted replacement for 1PasswordAnywhere you can open 1Password on your desktop, select All Items (or just the Logins) in the upper left corner of the program window, then go to your top menu bar and select File, Print.

    1Password will next ask to to type in your Master Password and then you'll get your local computer print window. Adobe Acrobat now provides 256-bit AES encryption, so if you print to a PDF file and select Security Options at the bottom of the window that asks where you want to save the file you can enter a strong password and then share that password with your friend. You can store the resulting password-protected PDF file on Dropbox or anywhere else.

    One additional note - the PDF print-out will not include any Secure Note attachments, so if you have any attachments you want to capture you will need to print and save them separately as password-protected PDFs.

  • khad
    khad
    1Password Alumni

    We cannot vouch for the security of an encrypted PDF document.

    1Password accounts are protected by both your Master Password and Account Key. From our Understanding the Account Key article:

    Your Account Key:

    • Protects against a weak or reused Master Password because the Master Password alone is not enough to decrypt your data.
    • Protects your data even if someone else obtains it. The data is useless without the Account Key.
    • Protects your data when you reset your browser. If you reset your browser, the Account Key used by the 1Password.com web app is wiped out instantly, making doubly sure that no one can get at your data.
  • fourwheelcycle
    fourwheelcycle
    Community Member
    edited July 2016

    khad,

    I'm sorry, I did not mean to imply that Adobe Acrobat's encryption is vouched-for by AgileBits, or that it as strong as the security offered by a subscription-based 1Password account.

    I only intended to suggest that a 256-bit AES encrypted PDF file with a strong password could serve as an alternative to 1PasswordAnywhere, which is what securethinker seemed to be looking for in the original post.

  • khad
    khad
    1Password Alumni

    :+1:

  • securethinker
    securethinker
    Community Member

    Thanks for the creative suggestion, Khad. I hadn't thought of that option, but I mainly wanted a dynamic solution that stays updated constantly. In the event of my death, it would be terrible if some critical password had been changed and my main contact had no way to access it because it was in an old exported PDF. But again, I appreciate you sharing your suggestion.

  • khad
    khad
    1Password Alumni

    @securethinker,

    I would not recommend a PDF. That was fourwheelcycle who mentioned it. I think you would be best served by a 1Password account as Drew mentioned earlier. It's always up to date since it is a live copy of your data.

    Cheers!

  • securethinker
    securethinker
    Community Member

    Sorry, I meant to say fourwheelcycle! I'm not planning to use the pdf approach anyway.

  • khad
    khad
    1Password Alumni

    :) :+1:

  • danco
    danco
    Volunteer Moderator

    With 1W Anywhere we needed the 1PW master password and the Dropbox password. The Dropbox password would be chosen by us, and so could be both memorable and strong, particularly if created by Diceware.

    With the subscription model, we need the master password and the account key. The account key is not memorable. It could be written down and kept in a wallet, but when we are thinking of extreme emergency cases, there is always the possibility of the wallet being stolen or destroyed along with the computers or other devices.

    At the moment I am thinking of storing the account key in my Dropbox, the file does not need to be labelled as what it is. That way, I would have emergency access to it. There is some security loss in doing that, but I am inclined to say that the loss is small.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited July 2016

    @danco: I hate to say it, but I am hard-pressed to think of a concrete example in which all of my devices and wallet are lost, stolen, or destroyed, but somehow gaining access to my 1Password vault is my first priority. If you or anyone else has one from your own experience, I'd really be interested to hear how you dealt with it. It's definitely an interesting discussion!

    I think it's important to keep in mind that we can come up with an infinite number of hypothetical "extreme emergency" scenarios, but no software or service should be designed to thwart the products of our collective imaginations. If we try to do something like that, nothing will ever get done. So I prefer a practical approach.

    1Password is designed to keep our data secure no matter what, but that will always necessitate reasonable barriers (vault availability, Master Password, Account Key, etc.) be in place for that security to exist. And quite honestly, if my pants are stolen with my iPhone and wallet in them, I've got bigger problems than accessing my 1Password vault! :dizzy:

  • securethinker
    securethinker
    Community Member

    It's actually very easy to find yourself in a situation when all your devices are gone. Just travel. It is very easy to find oneself in a situation where you are very vulnerable and could lose everything on your person. This is the primary reason why I posted this question. If I am in a foreign country and have lost everything, I would like to remember two passwords and have access to everything.

  • danco
    danco
    Volunteer Moderator

    Even with the old 1PW Anywhere you would have needed to remember two passwords (Dropbox and 1PW master password).

    I am more and more inclined to follow my suggestion further up this thread, but wondered if the AgileBits people saw any major disadvantages to it.

    @brenty is obviously right that in the situations we are thinking about (such as being mugged and losing both device and wallet) there are more IMMEDIATE problems to be solved than access to 1PW but I am not sure that they are more IMPORTANT

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited August 2016

    It's actually very easy to find yourself in a situation when all your devices are gone. Just travel. It is very easy to find oneself in a situation where you are very vulnerable and could lose everything on your person. This is the primary reason why I posted this question. If I am in a foreign country and have lost everything, I would like to remember two passwords and have access to everything.

    @securethinker: I understand and agree completely. My concern is that if I am traveling and lose my Passport, government officials will not accept a scanned copy of the document on any device as proof of my identity/nationality/etc. That's what I'm talking about: not that it can't or won't happen that important things are lost or stolen — even near my home — but that 1Password can't bail me out in these situations regardless. :(

    Even with the old 1PW Anywhere you would have needed to remember two passwords (Dropbox and 1PW master password).
    I am more and more inclined to follow my suggestion further up this thread, but wondered if the AgileBits people saw any major disadvantages to it.

    @danco: Ah! You're right! I completely failed to address that! I'm sorry! :(

    At the moment I am thinking of storing the account key in my Dropbox, the file does not need to be labelled as what it is. That way, I would have emergency access to it. There is some security loss in doing that, but I am inclined to say that the loss is small.

    So, while I'm not sure security by obscurity is something we can recommend, ultimately it's up to you! It's your data, and if this is a tradeoff you're comfortable making as a concession to a hypothetical emergency situation, it isn't our place to say "do" or "don't". I think it's apparent that my stance differs a bit:

    @brenty is obviously right that in the situations we are thinking about (such as being mugged and losing both device and wallet) there are more IMMEDIATE problems to be solved than access to 1PW but I am not sure that they are more IMPORTANT

    You're absolutely right! "Importance" is super subjective, and since it's our own sensitive information at stake, we each have to make these kinds of judgement calls for ourselves. I'm sorry for not being clearer about that. These kinds of discussions are — in my opinion — "important", not so we can proscribe what others should or shouldn't do, but because a dialogue involving different ideas can make us think from different perspectives and make informed decisions about our security. And I think that's pretty awesome. :chuffed:

This discussion has been closed.