Unable to create a new vault since my account is prior to December 3rd, 2015

Fooligan
Fooligan
Community Member

I was going to try the new vault feature, but it looks like my account is restricted.

I am curious why this would be? Can you share the technological reason that this is the case? Will older accounts be able to use this feature eventually?


1Password Version: 6.6.660016
Extension Version: Not Provided
OS Version: iOS
Sync Type: 1Password

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Fooligan: Me too. Hopefully we'll be able to find a solution, but this is a pretty serious technical problem. As you can imagine, as early adopters this affects our own accounts as well. For example, you and I also can't use 1Password.com in Safari or Edge:

    Accounts created prior to December 3, 2015 cannot sign in using Safari. You will need to use Chrome, Firefox, or Opera.

    You're probably like, "Huh?" but, long story short, we had to make some significant changes under the hood with the way encryption keys were handled when it became clear that Safari (and later Edge) wasn't going to support WebCrypto fully, and older accounts cannot be safely migrated to the new setup. And because iOS uses Safari for all of this under the hood, the same limitation exits here. So I'm not holding my breath on this one. :(

  • Fooligan
    Fooligan
    Community Member

    @brenty: Thanks for the info.

    That is sad, but not a big deal. Creating vaults using iOS is going to be an advanced feature for the rest of my family anyway. I would be the only person doing this sort of thing and would probably default to doing this on a desktop browser.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Fooligan: Yeah, but it sure would be nice to be able to do this right in the app. Most people will be able to do this as they signed up after 1Password.com was out of beta, but that isn't much consolation to those of us who may never be able to escape some of these limitations. I'm sorry about that, not just for you and I, but for other early adopters in the same boat. :(

  • dude1234
    dude1234
    Community Member

    Just going to raise this for attention, as I've encountered the same when trying to use the new ability in Mac v6.8...

  • AGAlumB
    AGAlumB
    1Password Alumni

    @dude1234: Ah, yep. Sorry about that. While I can't make any promises, this may work someday soon. I have noticed that prerelease Safari builds on macOS do now support the WebCrypto standards that 1Password.com was originally using. So, for example, I'm able to sign in to my own account in Safari Technology Preview on my Mac. And since this is built into the OS, 1Password should be able to take advantage of that upgrade as well if and when it ships.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited July 2017

    I just wanted to follow up here since this is ostensibly an iOS thread and I dragged macOS into it. I should at least give an update on iOS.

    I'm not running the iOS11 beta, but I've asked others to check for me and so far original 1Password Teams beta accounts still do not work in Safari there (which also impacts this feature), even though they do on High Sierra beta.

  • dude1234
    dude1234
    Community Member

    Understood on macOS vs iOS. Intended to bump the same issue due to time lapse.

    Not a deal-breaker, but would be a plus to see this remedied rather than be a lifetime account issue.

    Does this affect users created after the relevant date but associated with the same overall 1PF account?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @dude1234: Absolutely. I just wish I had better news for you. This affects members of any account created before December 3rd, 2015 during beta, and that includes all of us here on the AgileBits team.

    The problem is that we did remedy this issue in our implementation, but it requires the encryption keys of the account to support it. That's why we recommended people create new accounts during the beta to take advantage of this change. Migrating keys is dangerous as it could potentially result in data loss (it's done locally in the client but needs to be negotiated with the server, and things could get bad if there's a connection issue), so that hasn't proved a good option. So the only safe way to get brand new keys using the new method is to create a new account and copy the data over. Obviously this becomes less and less desirable to do as time goes on, which is why we recommended at that time that anyone participating in the 1Password (for) Teams beta setup a new account to be able to use it with Safari (and Edge).

    But of course none of us could have envisioned that this would impact features in the apps as well coming up on two years later. When designing 1Password.com we had originally expected that Safari would get WebCrypto with the release of El Capitan and iOS 9. Obviously that hasn't quite happened yet. If it does the issue becomes moot, but that definitely isn't a given at this point. I'd guess that it's only a matter of time, but we've already lost one bet on that so I'm not sure I'd put money on it. :(

  • vplewis
    vplewis
    Community Member

    @brenty Is this the WebCrypto you're speaking of? If so, it's implemented in Safari 11 on High Sierra.

  • vplewis
    vplewis
    Community Member

    @brenty Just noticed that "Subresource Integrity" has a red X next to it on the iOS version of Safari 11. Is that what AgileBits is waiting for?

  • @vplewis,

    I'm not sure which specific WebCrypto feature is preventing it from working. I do know that the system level framework Apple makes available to developers isn't the same as the framework they use for Safari updates. So even if Safari 11 is installed on a Mac, the system level framework isn't that same version. Its certainly possible that a similar situation exists on iOS where Safari uses the compatible version of the framework and 1Password is relegated to the prior incompatible version.

    Rudy

  • Fooligan
    Fooligan
    Community Member

    It seems like everything has been fixed in Safari 11.0 on macOS and iOS 11. I am able to log into 1password.com and create vaults using 1Password on both my Mac and iPhone.

    I think this can be closed?

  • @fooligan,

    Safari 11 will let you sign in to your account, but you still wouldn't be able to use any of the in-app web views (such as for creating an account) unless you were also on macOS 10.13.

    iOS 11 and macOS 10.13 provide the appropriate level of WebCrypto that native application web views have access.

    So, the answer to "I think this can be closed?" is sort of. anyone on macOS 10.10, 10.11, 10.12 doesn't get the in-app web view, but they do get the Safari level access if Safari 11 is installed.

    Rudy

This discussion has been closed.