On WLAN Sync in 1Password 7

1246715

Comments

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    You guys officially lost me. This is not a product for me.

    I wish you well with whatever you choose.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Yea, I have zero idea what's happening. That post was 100% gone (as verified on several devices) and now it's just magically back.

    @2e9rhj2389hfnduafsdn: I'm really sorry about that. All of the posts I've seen of yours were here when I showed up today (I was off yesterday), so I suspect one or more may have been stuck in the spam queue temporarily, which tends to happen when multiple posts/edits are made in a short time. It sucks, but it's the best seem filter we have currently. Nevertheless, I apologize for the confusion and inconvenience that caused. I wouldn't want my posts to disappear either. :(

    That's why I mentioned in my comment (which you agreed with by the way) that you cannot guarantee you will implement it flawlessly (not encryption broken, but in some manor where how you coded it or deployed it gets exploited) OR that it never gets cracked. You agree that you cannot, yet you still try to convince people 1password.com is the way to go. Remember, you guys just cut and paste encryption code (more on that in a minute.) So this makes my argument even stronger that you cannot guarantee it will never be cracked.

    Yeah...I was afraid you'd jump on that, but I wrote it because it's the truth. But you seem to have ignored the rest because that seemed to you to support your position. That's unfortunate. :(

    The reality is that you also cannot guarantee the security of your setup either, and we're better equipped to find and respond to issues. That's nothing against you. We simply have more resources at our disposal. You're just one person, and we also have many others outside the company incentivized to find flaws.

    The problem is you can't "continually improve it" once the data on your servers has been leaked. So, the fact that you think this is an argument is silly. "Well, all of your data was stolen, but don't worry, we figured out the problem on our last qualys scan and we patched it! So we're good now! Oh... but your data is still stolen. But we're good!" You must live in a dream world where 0days don't exist.

    You're ignoring the part where a server breach doesn't give an attacker 1Password users' data. And with the added security of the (128-bit, randomly-generated) Secret Key, they won't even be able to perform brute force attacks against users' Master Passwords, as that's needed to decrypt as well.

    You will get hacked. It will happen.

    You may be right. But again, we don't have what an attacker would need to access any of our customers' data.

    And when it does you'll have to send out the email of shame and tell everyone that their data was stolen and they should probably change all their passwords.

    Nope. Certainly we'd have something to say publicly if someone broke into our server, but our customers' data getting stolen won't be part of that.

    I guess we'll have to wait for that to happen to actually get wlan sync.

    I don't think either of us have the ability to predict the future.

    You guys clearly think sending all of our data to your servers is what's best. And you're gauging this on feedback of people clicking on a blog post, then scrolling down to the comments, hopefully finding this one dudes comment, then noticing that one of your guys replied to it, then noticing that he posted a link to a newsletter, then having a click through on that, then signing up. Then you come here with stats like "no one is signing up so clearly no one cares! Told you!" Yea, ok. Make a blog post addressing this with a poll, post it on your social media. Then come back here with some actual feedback. The fact you consider a link buried on a reply, to a comment, on a blogpost actual feedback is ridiculous. You've effectively whispered a question in a loud room them proclaimed that since no one heard you, you must be good. Heck, even the OP to this thread didn't even post a link to it, nor has it been edited and added.

    This whole discussion is devoted to this topic, and it's pinned here in the Windows forum, where it is relevant. It seems like you want this to be a monologue, but this is intentionally a dialogue so we can hear what other Windows users think, not just get people to sign up for a newsletter. I'm sorry if that wasn't clear.

    You clearly aren't reading what I or others are saying. Your keys argument isn't an argument. As you ALREADY said you cannot guarantee it will never be cracked. So I don't care that you don't have my keys. Once our data gets stolen it's just a waiting game until it is cracked. You already agreed to this, so not sure why you're still trying to make this a good point?

    I'm sorry, but you're just not making sense...

    Not rude at all.

    I think most people will agree that "get over yourselves" is kind of rude.

    You're asking us to trust you with zero guarantee.

    Nope.

    I'm pretty sure if you went to buy a car and they told you we don't guarantee it's actually a car, but give us your money anyway, you'd say no as well.

    That's a really weird analogy. But regardless, 1Password data is also always end-to-end encrypted, and we never have the keys to decrypt it.

    I opened it just now, hit ctrl-f and typed in "employee" which returned zero results. So either you didn't address employee theft in this, or you didn't use the word employee but did address it.

    Or, you didn't bother reading any of it. Or anything else I wrote. "Employees" cannot steal from the company what the company does not possess. That's just common sense.

    Regardless, you keep trying to change the argument away from something YOU YOURSELF

    HAVE ALREADY AGREED UPON.

    Hold on there. I agreed that someone could potentially break into our server someday. But, as noted multiple times by myself and others, both inside and outside of AgileBits, 1Password's security model doesn't depends on the hope that no one will ever get the encrypted data. That's the fundamental thing you seem to be missing.

    My argument has never been "I don't trust this isn't encrypted!" Keep in mind your company even agrees it knows nothing about encryption and you guys don't want to know about it.

    We know enough about security and encryption that we don't try to reinvent it. There are time-tested ciphers and implementations, after all. Every few years someone tries inventing a new one, and those are often found to be flawed. So we're using things like AES, which everyone has been hammering away at for decades, because it's been proven to be solid. We're also very open about how 1Password uses this and other technologies...but you'd have to read the documentation to know that... :(

    You even made a post about how 1password "...must not require a single line of encryption code to be written. Encryption code is tricky and is best left to experts." So again, you're just implementing and trusting that what you've done will never be exploited like hundreds of other encryption methods. I'm sure you guys paid someone a lot of time to make a pretty word doc with lots of clipart on it, but that doesn't address the issue here. And again... the issue you already agreed with me on is a problem.

    You seem to be taking a single sentence — or, rather, part of one — in the Agile Keychain design document far out of context and using it to make assumptions and sweeping generalizations about something made literally a decade after that. I really think you should read the white paper before critiquing it.

    I don't know why you think that's pretty clear, you literally designed one password crippled to force us to use a cloud service to sync.

    Nope.

    And no, I'm not passionate about 1p7 anymore. You guys officially lost me. This is not a product for me.

    I'm sorry to hear that, but if you care about the security model without being willing to actually look into the details, I'm not sure there's anything more we can offer you. So we'd rather you use something else to protect your data rather than nothing at all. Stay safe out there. :blush:

  • YellowVista
    YellowVista
    Community Member

    @YellowVista:

    With 1Password 7, is it possible to manually copy a vault from Windows to iOS via iTunes?

    @bundtkate:

    In short, no. Circling back to the ends WLAN sync accomplishes, iOS is actually the only operating system that cannot easily provide an alternative to WLAN sync. On other operating systems, it's at least possible to utilize folder sync to keep your vault off "the cloud" without WLAN sync. This isn't possible on iOS. This stinks because folder sync is just better than WLAN sync. It not only allows folks to sync locally, but it's more flexible for folks who fall somewhere in the middle and are okay with cloud syncing so long as it's a server environment they control.

    I don't understand why it wouldn't be possible to manually copy a vault from Windows to iOS via iTunes. In the File Sharing section of iTunes, you can drag and drop files from Windows to copy the file to apps installed on the iPhone/iPad. Why couldn't that be used to copy a local vault (a .opvault) file to the 1Password iOS app and prompt to replace the existing local vault with the same name? I understand this would be a copy and replace operation and not syncing, but it would allow Windows users to view passwords on their iPhone and add/edit/delete passwords in 1Password on Windows. It's not ideal by any means, but at least it's something. Also, I noticed that the current version of 1Password for iOS has an option to "create a backup you can download through iTunes file sharing" and an option to Restore from Backup. Couldn't that functionality be modified to allow "restoring" the master version that is edited on the desktop?

  • Lars
    Lars
    1Password Alumni

    @YellowVista

    Couldn't that functionality be modified to allow "restoring" the master version that is edited on the desktop?

    The short answer is: no. If you create and download a backup, you'll see it's in a format called .1p4_zip. This isn't the same thing as a sync keychain like OPVault. It's instead the actual SQLite file - because it needs to be such in order to be opened directly in 1Password. At some point in the future, Apple may open up the (relatively) new Files app to be more accommodating of such a concept (sync via "folder," using the Files app and an OPVault), but for now, Kate's correct that iOS remains the only platform on which the lack of WLAN sync means no "local only" sync formats with a Windows PC.

  • YellowVista
    YellowVista
    Community Member

    @Lars
    Thanks for the explanation, but I am still having trouble understanding why the 1Password iOS app couldn't be modified to open multiple .opvault files and to allow those files to be transferred back and forth through iTunes file sharing. Is that not an option? (I'm just looking for alternatives to WLAN sync, which I could prefer, but which the 1Password team seems resistant to adding to 1Password 7 for Windows.)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @YellowVista: I think it could, technically, but with the tools available now it would be an awful user experience. We scrapped WebDAV back in the day for not meeting a reasonable standard, and what you're describing, while perhaps acceptable to you, would not be acceptable to us or the vast majority of our customers; and it's hard to justify in that case. I think we can all agree that an alternative is desirable, but that's not one that I think is worth putting energy into — never mind that you and I here would be volunteering others for the job. ;)

    I think you misunderstand why we're not committing to developing, testing, and supporting WLAN Sever in the new Windows app now. Granted, it has some severe shortcomings (which have been enumerated ad nauseam above, so I'll spare you). But given unlimited resources, I have no doubt we would add it. After all, it wouldn't hurt anyone. However, since we do not have unlimited resources, we have to be selective of what we work on. For a long time, people had the same complaint about local vaults. But of course if we'd added local vaults first, there would have been little functionality in the app for anyone to use. So we've been iterating over time, and now we're building local vault support. Even if we decided to do WLAN Server, we simply cannot have that unless local vaults are supported. :blush:

    So this is an opportunity for us to gauge interest and feedback before we even go down that road. Based on what I've seen so far, there's definitely some real passion for it, but not tons of people who want it. And it also seems like many of those who do want a local sync option don't particularly care if it's WLAN Server or something else that fills that role for them. So I'm not sure what we'll do, or even what the best solution is. It's probably a long shot, but who knows? Maybe Apple will have something to share at WWDC that could factor into all of this. In the mean time, we have plenty to do to in the beta. :)

  • Jul
    Jul
    Community Member

    Hello, just to be clear : we. don't. want. sync. throughout. 1password.com
    Is it so hard to understand ?

    Sorry man, you just avoid all these posts telling you to keep the WLAN sync (or equivalent option) to focus on irrelevant topics instead or crying that this is so hard to maintain (Hello ?! This is your job ! Provide people what they want ! Remember ? If you don't want make your job, other companies will.).

    During my whole life, I have sticked to this mantra : "passwords should be known by 1 person, no more".
    You can tell whatever you want with your super mega platform : this is outside of my home, outside of my control. So bring the control back thanks.

    Ah and another thing. Today USA has Patriot act which forces any service provider to implement backdoors in their system for various secret agencies. Of course some of these backdoors access were stolen by hackers...
    Nothing guarantees today that you'll have not to do such things one day, wherever you will be.

    I hope this will be clear enough. I expect answer from my post, not this typical "our platform is super great" but something like "we heard you people, we will put WLAN back". Thanks.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Hello, just to be clear : we. don't. want. sync. throughout. 1password.com
    Is it so hard to understand ?

    @Jul: No need to be rude, but thank you for sharing your opinion. You certainly don't have to use 1Password.com if you don't want to. No one is saying that you do. :)

    Sorry man, you just avoid all these posts telling you to keep the WLAN sync (or equivalent option) to focus on irrelevant topics instead or crying that this is so hard to maintain

    Nothing's been avoided. We've said countless times that we're not adding WLAN Server to the new Windows app, but that we're accepting feedback from users to see how much interest there is, and the different use cases people have in mind. That's the purpose of this discussion.

    (Hello ?! This is your job ! Provide people what they want ! Remember ? If you don't want make your job, other companies will.).

    Our job is to provide the best experience we can to people who pay us for our product. We cannot, however, satisfy everyone. We get all sorts of requests, so we have to say no to a lot of them and focus on the ones that make the most difference to the greatest number of people. So unfortunately if we apply your principle of "Provide people what they want" without that constraint, you'd still have to get in line: there are a countless other requests we'd have to grant first. We'd prefer that you were happy using 1Password, but we also have to be realistic: we can't please everyone. So if another tool better meets your demands, you should use it. We can't make everyone happy ourselves, so if you can find happiness somewhere else we're all for it. :blush:

    During my whole life, I have sticked to this mantra : "passwords should be known by 1 person, no more". You can tell whatever you want with your super mega platform : this is outside of my home, outside of my control. So bring the control back thanks.

    No one has removed control over your passwords. You can continue to secure them the same way you always have, with a Master Password that only you ever know. 1Password's security has never depended on hiding in a dark corner; rather, it uses encryption to prevent attackers from accessing your data, whether they steal the encrypted database from a "server" on the internet or from your internet-connected computer. That's 1Password's security model, and it hasn't changed.

    Ah and another thing. Today USA has Patriot act which forces any service provider to implement backdoors in their system for various secret agencies. Of course some of these backdoors access were stolen by hackers... Nothing guarantees today that you'll have not to do such things one day, wherever you will be.

    Sure it does. We're a Canadian company, and only comply with lawful requests under Canadian Law, not the US. But more importantly, the scenario you describe simply doesn't apply 1Password. Since only each individual has the "keys" needed to decrypt their data, we just don't have the kind of information that would be useful to anyone targeting 1Password users, whether that be malicious hackers or governments, and that makes 1Password a much less interesting target for both. 1Password's "guarantee" isn't based on something mutable like politics and legislation; it's based on math, and math doesn't lie or change its mind later on. We simply aren't in a position to decrypt any 1Password users' data.

    I hope this will be clear enough. I expect answer from my post, not this typical "our platform is super great" but something like "we heard you people, we will put WLAN back". Thanks.

    I'm afraid that if you expect and will only accept "Yes, we'll do whatever you want" as a response, then you will not be satisfied with this. But I do hope you'll find some of this information useful to you. We're just not going to drop everything and implement WLAN Server today. After all, if we don't finish local vault support, it wouldn't do you or anyone else any good anyway. But we'll continue to listen to feedback from you and others to see if it makes sense for us to add this or a similar feature in the future when other work is complete. In the mean time, thank you for taking the time to weigh in and tell us how important this matter is to you.

  • prime
    prime
    Community Member
    edited April 2018

    @Jul

    Ah and another thing. Today USA has Patriot act which forces any service provider to implement backdoors in their system for various secret agencies.

    When did this happen? I did a quick search and found none of this true so far, that the US government is requiring back doors to encryption. Do you have links to show that this happened?

  • YellowVista
    YellowVista
    Community Member

    @brenty:

    So this is an opportunity for us to gauge interest and feedback before we even go down that road. Based on what I've seen so far, there's definitely some real passion for it, but not tons of people who want it. And it also seems like many of those who do want a local sync option don't particularly care if it's WLAN Server or something else that fills that role for them. So I'm not sure what we'll do, or even what the best solution is. (emphasis added)

    I don't think this forum is the appropriate way to gauge the number of people who want WLAN sync or some other form of sync or manual Windows --> iPhone copy (overwrite as opposed to sync). Most people don't test beta versions of products and most people don't spend time reading/commenting in product forums. Unless you actually polled your customers (e.g., e-mail specifically asking about local vaults and syncing Windows --> iPhone), I don't think you can assume that there aren't many people who want this important feature.

  • Lars
    Lars
    1Password Alumni

    @prime - I agree; no explicit stories I can find which indicate this is the case. There are always those who suspect the government knows or is doing far more than can be proven...but that goes to the point brenty made to @Jul previously: we're a Canadian company, and we wouldn't have to comply with United States directives of that nature because they wouldn't apply to us, even if such a thing existed.

  • Lars
    Lars
    1Password Alumni

    @YellowVista - this forum isn't the only way we hear from our customers, either. There are a few other means of communicating with us, and we monitor all of them. I do understand what you're getting at, but even if we thought an outbound email was a good idea (which I don't think we do), that wouldn't be the kind of "comprehensive" poll you and others seem to be referring to. As I understand it, the knock against having people sign up for this WLAN sync newsletter is that it doesn't take into account enough of our user base which (in the opinion of those making this argument), if undertaken properly, would show us there's a ton of support for WLAN sync. I don't know whether that's true, but even if we had an email address for every one of our users (which we don't -- 1Password for iOS users are unknown to us by definition, since they download directly from Apple, not us), there'd be no way for us to ascertain all of customers who are currently using WLAN sync, or those who might be considering it. We'd have to try to contact every email address we've ever had for users...and that still wouldn't give us anything near our complete customer base. Unless circumstances change, I just don't think we're going to be abusing the trust our users place in us when they share personal details like email addresses with us, by sending out a mass-mailer asking a question about WLAN sync use/interest that isn't even relevant to probably 80% or more of those for whom we do have an email address.

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    @prime Could be he is referring to the exploits the NSA collected and did not disclose (which were then stolen by somebody). I would sort of do the same if that were my job, but it is different from requiring backdoors. In fact, the NSA has one overwhelming "tell" they don't recommend anything to the Government that they have hacked or otherwise since a backdoor is just somebody else's exploit. They are OK with AES so they haven't cracked it yet, meaning it can be used to secure US Government items.

  • Lars
    Lars
    1Password Alumni

    @AlwaysSortaCurious

    They are OK with AES so they haven't cracked it yet...

    This is an excellent point. I don't want to read too much into the NSA's actions or statements, but it is indeed a fact they continue to use AES, which certainly lends credence to the idea it hasn't been cracked.

  • AGAlumB
    AGAlumB
    1Password Alumni

    it is indeed a fact they continue to use AES, which certainly lends credence to the idea it hasn't been cracked.

    Also, everyone else has been trying for decades. If and when weaknesses are found (and given that everyone — Apple, Google, Microsoft, etc. — are using AES, there's plenty of incentive), it would be big news, to put it mildly.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Oh. I see the conversation has taken a turn to the fun side. (I consider talking about NSA capabilities fun.)

    One point that I like to make when talking about NSA and FBI (and other similar entities around the world) capabilities that they have smart people in them and so for the most part they will attempt to go around cryptography instead of through it if it is at all decent. Are you going to spend millions dollars trying to crack someone's master password or are you going to spend a few thousand dollars to break into their house and modify their computers?

    I'm not saying that we shouldn't try to make our cryptography as strong as possible, including "NSA proof" as a goal. We agree with Bruce Schneier's observation that

    There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.

    The first kind isn't good enough for 1Password data and so we aim for the second. But unless we have really screwed up, the cryptography is by far the strong part of the system. So in terms of actual, realistic threats, its not the cryptography that you should worry about if you are worried about governments or well-resourced organizations targeting you. Instead, an attacker will go after your operating system.

    opsec and infosec

    If you are Edward Snowden, you will be using an operating system that you compiled yourself on hardware that you manually inspected yourself. And you will always carry a towel, not merely because you'll be a frood who really knows where their is towel is, but so that you can cover your head, hands, and keyboard when you type a password. That is, there is a point at which ones defenses need to move into operational security (opsec) instead of information security (infosec).

    Your level of opsec depends on both your threat assessment (what capacities will attackers bring to bear) and on your own capabilities (you may just find a lot of opsec too burdensome or costly to be worth it when you could do other things.). Do I close the blinds every time I display a password on my screen? Not often. Do I close them when I use large type? Depends on what the password is for, but I do take the state of the blinds into consideration. Should you? Probably not. It depends on your needs and threats.

    This, of course is if you are individually a target. No, I don't actually think that someone is watching my window with a telephoto lens from across the street, but if someone wanted our codesigning keys (which I don't have access to), they might try to first take over my internal accounts and then social engineer from there. Likely? No, but it is something that I do at least have to think about.

    Again, that is for a targeted individual. We also need to consider threats and defenses with getting caught up in mass surveillance.

    Mass surveillance

    For mass surveillance we have different sorts of concerns. It's too expensive to break into everyone's domicile and tamper with their computers. It's too expensive to set up telephoto cameras watching every window. So in these cases, the attacker does have economies of scale by targeting things like Amazon and Dropbox and our servers.

    That, again, is why we developed the Secret Key and 2SKD. We want there to be nothing useful to the attacker on our systems. That is why everything is end-to-end encrypted, so that someone who "owns" are servers can do very little harm. It not only keeps you safe, it keeps use safer by making us a less attractive target.

    Driver carries no cash and is naked

    We have to assume that encrypted 1Password data can be acquired by people who shouldn't have it. We also have to assume that many people will have Master Passwords that – other things being equal – may be guessable with less than 20,000 USD worth of effort1. Had we not developed the Secret Key mechanism, that would just leave a trove of 1Password encrypted data far too dangerous to host in one place. I wanted to explain our design motivation in terms of cowardice, but others in the company thought it might not play well to say that we designed the system as we did because we are cowards.

    The Secret Key forces an attacker to perform an individually targeted attack. They have to get your Secret Key before they can begin password guessing. This, along with end-to-end encryption is how we defend against mass surveillance of 1Password data.

    NSA and crypto

    The NSA has interfered with the standards process to produce a backdoor-ed standard. I wrote about how it works (and fails) in When backdoors go bad: Mind your Ps and Qs. And so people are justifiably concerned that they may have backdoor-ed other standards, such as AES.

    But I would like to point out some enormous differences between AES and Dual_EC_DRBG.

    1. Academic cryptographers had quickly discovered that Dual_EC_DRBG could be backdoored. (We didn't know that it had been until 2013, but we knew that it was backdoor-able well before hand.) AES does not have the kinds of mathematical structures that would allow for any kind of back doors that academic cryptographers can imagine.
    2. Dual_EC_DRBG did not hold up well to public scrutiny for a variety of reasons. It's design to be backdoorable had side effect that made it just icky for other reasons.
    3. Dual_EC_DRBG did not go through as public a development process as is typical of NIST cryptographic standards. And certainly nothing like the openness and scrutiny that the AES standardization process was subject to.

    So although cryptographers were outraged and furious to finally learning 2013 that there actually was a backdoor in Dual_EC_DRBG, it was not a technical revelation. But a backdoor in AES would require math that no one has yet imagined. Also because of 1 and 2 above, nobody actually used Dual_EC_DRBG unless they were paid to.

    As I've said before, what the Dual_EC_DRBG case taught us is not anything new about the NSA's technical capabilities, but instead about what kinds of things they are willing to do. So yes, it led to renewed review of the standards that we all use, and it led to review of non-cryptographic attack points in actual software and systems. This is why over the intervening years, things like OpenSSL and other commonly used cryptographic libraries have undergone bug hunting. Things like Heartbleed were discovered and fixed through this process.


    1. We don't know how strong people's Master Passwords are, and we can only guess at how expensive it is to crack one of a particular strength. But for the latter case, we are running a cracking contest to help get us better information. ↩︎

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    I bet you just loved writing that post... assessment... my password is long because i dont have a towel and one of the folks i work with just loves looking at peoples hands as they type passwords.... and always around when it happens. He is an active threat, and while he is incapable of cracking a sunday word jumble, he is shrewed enough to remember an easy passeword. Hes not 1PW threat, but mine.

    Its also long because i have faith in AES and faith in future optimizations for speed.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @AlwaysSortaCurious: Indeed, that's a good summary of the different elements involved: information security and operational security, both from the perspective of defense (1Password, you) and also offense (technology, malicious attackers). Don't forget to bring a towel. (Yeah, I know, wrong reference; but seriously what's wrong with that guy?) :)

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    How to register your desires and reasons for WLAN sync

    I've just updated the first post in this thread with

    Please let us know why you want WLAN sync server added to 1Password 7 for Windows. That list is where we are keeping track.

    Although we are very much paying attention to comments in this discussion and elsewhere, please use that form to help us better track interest and reasons.

  • cellsheet
    cellsheet
    Community Member
    edited May 2018

    One way I plan to solve/replace WLAN sync is through a software I use daily for syncing everything else inside and out of local network... encrypted resilio sync folders since it syncs locally through P2P, and on any network outside without configuration whatsoever while being encrypted end-to-end ;) . Also for iOS, but I've not tested it on mobile... yet. Though personally I own an Android so I do plan to test with that very soon. :chuffed:

  • @cellsheet: While I'll note that 1Password.com syncs everything end-to-end encrypted as well, I'm glad you've found a solution that works for you. Really, this is what we prefer – for you to choose how you'd like to sync, using a cloud service or otherwise. Thanks for taking the time to share. :chuffed:

  • cellsheet
    cellsheet
    Community Member
    edited May 2018

    No problem! I wanted to put that out there for my solution for 1password 7 since syncing doesn't exist afaik on windows/iOS exactly yet and its pretty seamless so far.

    Also, how can I add local vaults to 1password beta for Android? Whenever I selected local storage, then selected my opvault, it went into the folder then when I selected 'default', it said 'No vaults can be found in this folder' and am unsure how to actually select the vault itself once I navigated to it.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @cellsheet: 1Password for Android currently supports the AgileKeychain format for local storage, but we'll be adding support for OPVault in a future update.

  • cellsheet
    cellsheet
    Community Member
    edited May 2018

    @brenty thank you for the information! Also, do you know if 1password for chrome extension will also support local vaults in 1password 7 in the future for Windows/Mac? I currently just have windows, but I definitely know there are Mac users out there too. Sorry for derailing, just a last question of mine.

    Edit: Nevermind, it works with the 1password extension instead of 1password X.

  • Lars
    Lars
    1Password Alumni

    @cellsheet - no worries, thanks for the discussion. :)

  • Finke03
    Finke03
    Community Member

    Is there already an intermediate state of the survey? Can customer expect this kind of WLAN sync feature, based on the current results of this hidden survey?

  • AGAlumB
    AGAlumB
    1Password Alumni

    Is there already an intermediate state of the survey? Can customer expect this kind of WLAN sync feature, based on the current results of this hidden survey?

    @Finke03: What do you mean?

  • Finke03
    Finke03
    Community Member

    Hi Brenty,
    my question was: How much feedback did you already get via the survey form for WLAN Sync? Are there existing some first interim results, which will give us some hopes, that WLAN Sync will be implemented?

  • Hi @Finke03,

    It is too early to say anything because 1Password 7 is not out yet to the public as it is still in beta stage of development. Once we release the first stable release, we'd get more feedback since more people will try it.

    As of right now, we're not getting a lot of sign-ups to our newsletter.

  • ohreally
    ohreally
    Community Member

    where are we at with this? any closer to implementing??

This discussion has been closed.