1Password Question: Sharing a keychain

[flynz4]

Here is a question for all of you... especially Kyle.

My situation: I use 1Password quite extensively... across my iMac, MBA, Windows (under parallels on MBA), iPad, and iPhone. All share the same dropbox account, and use 1Password dropbox syncing.

My wife has a copy of my 1password keychain in her dropbox account... but almost never will she add new entries. She is afraid she will screw something up. Occasionally, I'll add entries for her, at her request, but those instances are rare. Instead, she will just use a common password that she used prior to use getting the 1P program.

I do realize that there is the one liability of a "joint keychain" if we both have different accounts/passwords for a specific site. We have been handling that situation (using iCloud as an example)... two separate login entries such as "iCloud (Jim)" and iCloud (Deb)". Then, when we hotkey... a list pops up and we each choose the appropriate item.

My Question:

Is there any reason why we cannot share our "1password folder" using "dropbox sharing" across two different users? That way she will continuously get the most up to date copy of our "joint keychain". I cannot think of any reason that this will not work... but want to be sure that I do not make a fatal mistake here.

/Jim

 

[AGKyle]

Here is a question for all of you... especially Kyle.

My situation: I use 1Password quite extensively... across my iMac, MBA, Windows (under parallels on MBA), iPad, and iPhone. All share the same dropbox account, and use 1Password dropbox syncing.

My wife has a copy of my 1password keychain in her dropbox account... but almost never will she add new entries. She is afraid she will screw something up. Occasionally, I'll add entries for her, at her request, but those instances are rare. Instead, she will just use a common password that she used prior to use getting the 1P program.

I do realize that there is the one liability of a "joint keychain" if we both have different accounts/passwords for a specific site. We have been handling that situation (using iCloud as an example)... two separate login entries such as "iCloud (Jim)" and iCloud (Deb)". Then, when we hotkey... a list pops up and we each choose the appropriate item.

My Question:

Is there any reason why we cannot share our "1password folder" using "dropbox sharing" across two different users? That way she will continuously get the most up to date copy of our "joint keychain". I cannot think of any reason that this will not work... but want to be sure that I do not make a fatal mistake here.

/Jim

I don't really suggest doing this with the current version. It's really designed to be used with a single keychain. The web browser extensions don't really like it when the keychain gets switched out from under them and require a remove and reinstall (not just a reinstall) to recognize the new keychain being used.

Also, due to the way the Mac App Store version works (if you're using that version) it requires the keychain be in: ~/Dropbox/1Password/1Password.agilekeychain due to sandbox limitations.

If its not there then it will open the file and either try to merge or copy it to the default container folder.

I'd suggest just sharing the same file, or just edit the logins on her computer only for her items.

Also, Dropbox shared folders have failed so many times for our users, it just stops syncing that folder to Dropbox, I really don't recommend using shared folders with Dropbox for anything important. It may work fine for many but if you're that person it decides to stop working... Ouch

We're aware people want to do this though. Hopefully in the future we'll be able to better accommodate this situation

 

[flynz4]

I don't really suggest doing this with the current version. It's really designed to be used with a single keychain. The web browser extensions don't really like it when the keychain gets switched out from under them and require a remove and reinstall (not just a reinstall) to recognize the new keychain being used.

Also, due to the way the Mac App Store version works (if you're using that version) it requires the keychain be in: ~/Dropbox/1Password/1Password.agilekeychain due to sandbox limitations.

If its not there then it will open the file and either try to merge or copy it to the default container folder.

I'd suggest just sharing the same file, or just edit the logins on her computer only for her items.

Also, Dropbox shared folders have failed so many times for our users, it just stops syncing that folder to Dropbox, I really don't recommend using shared folders with Dropbox for anything important. It may work fine for many but if you're that person it decides to stop working... Ouch

We're aware people want to do this though. Hopefully in the future we'll be able to better accommodate this situation

Kyle... 1P really would still be using the "single keychain"... just as each of my personal machines currently do. From my train of thought... each machine currently has a single keychain locally... and dropbox synchronizes these across all of my machines.

Wouldn't this be the same? Deb's account would still synchronize with the single keychain... and her machines would still have its own local copy.

I have a second question. I originally had the version purchased directly from Agile... but then last November I purchased (and reinstalled) the version from the MAS. However... my keychain is NOT located in:
~/Dropbox/1Password/1Password.agilekeychain.

Instead, it is located in: ~/Dropbox/stuff/1Password.agilekeychain

Is this something that I need to (or should) fix?

/Jim

 

[flynz4]

Kyle,

One more question. Would it help if her copy of the keychain was treated as "read only". She really does not ever create new entries.

/Jim

 

[AGKyle]

Kyle... 1P really would still be using the "single keychain"... just as each of my personal machines currently do. From my train of thought... each machine currently has a single keychain locally... and dropbox synchronizes these across all of my machines.

Wouldn't this be the same? Deb's account would still synchronize with the single keychain... and her machines would still have its own local copy.

I have a second question. I originally had the version purchased directly from Agile... but then last November I purchased (and reinstalled) the version from the MAS. However... my keychain is NOT located in:
~/Dropbox/1Password/1Password.agilekeychain.

Instead, it is located in: ~/Dropbox/stuff/1Password.agilekeychain

Is this something that I need to (or should) fix?

/Jim

Looks like I missed a crucial bit of what you said. You basically copy your keychain to her account manually then? I.e. you use the same file but you have to move it from your Dropbox to hers by hand?

As for the location, yes. You should probably fix it. Not sure why its working now, perhaps a bug in sandboxd.

Create a 1Password folder in Dropbox. Drag the keychain in. Quit 1Password. Then double click the keychain to have 1Password open it and update the file path.

Kyle,

One more question. Would it help if her copy of the keychain was treated as "read only". She really does not ever create new entries.

/Jim

I think this depends on my questions above. So, lets start with that.

 

[flynz4]

Looks like I missed a crucial bit of what you said. You basically copy your keychain to her account manually then? I.e. you use the same file but you have to move it from your Dropbox to hers by hand?

As for the location, yes. You should probably fix it. Not sure why its working now, perhaps a bug in sandboxd.

Create a 1Password folder in Dropbox. Drag the keychain in. Quit 1Password. Then double click the keychain to have 1Password open it and update the file path.



I think this depends on my questions above. So, lets start with that.

Kyle,

Yes... I was going to move (by hand)... a copy of my 1Password file from my computer to hers. So... at this point, we would each have an exact copy of the same 1Password keychain... with both of our data in it.

Then... I would set up our two ~/dropbox/1password/ folders to sync (as shared dropbox folders). That way, if I add new site or new 1password items... she would have them as well.

It seems to me that it would work. In theory, it should be no different than when I add a new entry on say my MBA... and then it is automatically synced to iMac as well.

/Jim

 

[AGKyle]

Kyle,

Yes... I was going to move (by hand)... a copy of my 1Password file from my computer to hers. So... at this point, we would each have an exact copy of the same 1Password keychain... with both of our data in it.

Then... I would set up our two ~/dropbox/1password/ folders to sync (as shared dropbox folders). That way, if I add new site or new 1password items... she would have them as well.

It seems to me that it would work. In theory, it should be no different than when I add a new entry on say my MBA... and then it is automatically synced to iMac as well.

/Jim

If you ever use Dropbox sharing always share the containing folder that has the keychain in it. This is more for others who may stumble on this. Never share the file directly or things will certainly not work.

1Password's keychain is a bundle. It's shown as a file in Finder but it's really a folder. Sharing the file will turn the file into a folder on the account that accepts the share. This is bad.

Keep in mind what I said previously about Dropbox shared folders suddenly stopping syncing. If you're fine with that warning, your idea will work. I still don't suggest it but can't stop you

 

[flynz4]

If you ever use Dropbox sharing always share the containing folder that has the keychain in it. This is more for others who may stumble on this. Never share the file directly or things will certainly not work.

1Password's keychain is a bundle. It's shown as a file in Finder but it's really a folder. Sharing the file will turn the file into a folder on the account that accepts the share. This is bad.

Keep in mind what I said previously about Dropbox shared folders suddenly stopping syncing. If you're fine with that warning, your idea will work. I still don't suggest it but can't stop you

Thanks a lot Kyle. I am OK with it... because for all practical purposes, I do not think she will really be adding new items into her account. This will essentially be a one-way sync. She is a technophobe who is afraid she will break things. If anything... she will tell me that she signed up for a new site... using her default email/password... and then I'll log in with my computer... change her password to a 1P autogenerated one... and then it will sync back over to her account.

Worst case, if the shared dropbox folder stops syncing... I'll have to manually copy the entire keychain over again.

Thanks again for great service.

/Jim

 

[flynz4]

As for the location, yes. You should probably fix it. Not sure why its working now, perhaps a bug in sandboxd.

Kyle,

I did fix the location as you suggested... and then, without further action, it was working across all of my OSX machines.

There is a hidden 1password settings file at the root of dropbox. I didn't look inside, but I suspect that file has a pointer to the keychain location.

Thanks again for your help. I'll work on the IOS devices next.

/Jim

 

[AGKyle]

Kyle,

I did fix the location as you suggested... and then, without further action, it was working across all of my OSX machines.

There is a hidden 1password settings file at the root of dropbox. I didn't look inside, but I suspect that file has a pointer to the keychain location.

Thanks again for your help. I'll work on the IOS devices next.

/Jim

Hi Jim,

It's possible that they'd pick that change up, though, a bit unlikely. If you've verified the new path and it's set to that in each app then you're fine

Let mek now if you run into any trouble along the way.

 

[flynz4]

Hi Jim,

It's possible that they'd pick that change up, though, a bit unlikely. If you've verified the new path and it's set to that in each app then you're fine

Let mek now if you run into any trouble along the way.

Kyle,

I didn't take any chances with my iOS devices. I just deleted the app from my iPhone and iPad... and then reinstalled. Just followed the instructions that I was already a user... and to sync from dropbox. Perfect!

/Jim