Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password Updated With iPhone 6 and 6 Plus Support, Improved Touch ID Functionality
- Thread starter MacRumors
- Start date
- Sort by reaction score
Hi, mate. Would you PLEASE consider making FTP an alternative for syncing data across all my devices? It's the perfect balance between the convenience of the cloud and the security of local storage.
FTP? You mean the not-encrypted during transport and login FTP?
Yea, no way that'll happen
The data is encrypted in 1Password but we generally want encrypted transports as well. Dropbox and iCloud both use SSL between your device and the service. SFTP probably won't work either but for different reasons. Hopefully I can explain the reasoning.
At the moment the most common format 1Password uses across all devices is called AgileKeychain, it's something we designed way back when we were making 1Password 3. (2008-ish) And this format has a separate file for each item in the database. So, if you have 100 items, you have approximately 105 or so files in the data format. FTP doesn't inform us really which files have changed since the last attempt at syncing, this leaves us in a tricky situation that usually means we have to download the entire set of files to check against the existing data. This would be extremely slow.
The new format we are pushing to get into all the applications going forward is called CloudKeychain but it's a slow process since we have 4 major platforms that are all different. Mac and iOS both mostly support it and as does Windows. But Android does not. So, we can't make it the default for that reason. Hopefully soon though.
With CloudKeychain we have a lot less files as each item is assigned to 1 of around 15 band files. This means there are often far less than 20 items that need to be downloaded, until you factor in attachments, those are all separate files as well and scale linearly with each attachment added.
So, things like WebDav and SFTP might be more likely once we switch to CloudKeychain for all users, but I can't promise anything... we have to support the services that the most people will end up using. We have to test, support and maintain each of the sync services we add to the application. That's a lot of work and each time we add more we have fewer people who are experts in all areas of sync and that makes supporting customers even more difficult. Plus, when it comes to WebDav and SFTP you have to worry about individual implementations of it that may cause bugs and issues that are out of your control but users expect you to support and fix. The big nice thing about Dropbox and similar types of services is that they mostly work consistently and we don't have to worry about those details.
I'm not saying it won't happen, but I'm also not saying it will. We'll see how it all pans out in the end but I hope the details above show that there are a lot of details that come into play with how we choose and decide to support various sync solutions. It's not as easy as just adding support for it.
Your house just burned down, or was washed away in a flood! Along with your computers, backups, etc. You're phone got wet and became defective in the process. You're locked out of everything, no passwords for you!
----------
Dropbox has been hacked numerous occasions, and also doesn't encrypt your data on their servers. Peaky peaky! What do we have here?...
FTP? You mean the not-encrypted during transport and login FTP?
Yea, no way that'll happen
SFTP probably won't work either but for different reasons. Hopefully I can explain the reasoning.
At the moment the most common format 1Password uses across all devices is called AgileKeychain, it's something we designed way back when we were making 1Password 3. (2008-ish) And this format has a separate file for each item in the database. So, if you have 100 items, you have approximately 105 or so files in the data format. FTP doesn't inform us really which files have changed since the last attempt at syncing, this leaves us in a tricky situation that usually means we have to download the entire set of files to check against the existing data. This would be extremely slow.
The new format we are pushing to get into all the applications going forward is called CloudKeychain but it's a slow process since we have 4 major platforms that are all different. Mac and iOS both mostly support it and as does Windows. But Android does not. So, we can't make it the default for that reason. Hopefully soon though.
With CloudKeychain we have a lot less files as each item is assigned to 1 of around 15 band files. This means there are often far less than 20 items that need to be downloaded, until you factor in attachments, those are all separate files as well and scale linearly with each attachment added.
So, things like WebDav and SFTP might be more likely once we switch to CloudKeychain for all users, but I can't promise anything... we have to support the services that the most people will end up using. We have to test, support and maintain each of the sync services we add to the application. That's a lot of work and each time we add more we have fewer people who are experts in all areas of sync and that makes supporting customers even more difficult. Plus, when it comes to WebDav and SFTP you have to worry about individual implementations of it that may cause bugs and issues that are out of your control but users expect you to support and fix. The big nice thing about Dropbox and similar types of services is that they mostly work consistently and we don't have to worry about those details.
I'm not saying it won't happen, but I'm also not saying it will. We'll see how it all pans out in the end but I hope the details above show that there are a lot of details that come into play with how we choose and decide to support various sync solutions. It's not as easy as just adding support for it.
I understand. Obviously it's not a matter of saying "hey, add support for this" and I'll wait the magic to happen sooner than later.
However, I really hope you consider adding support for SFTP or WebDAV in the future, once Android stops putting behind all your developing plans.
I understand that you might want to give priority to the most common sync services, like iCloud or Dropbox. However and being a security-focused company you might agree here those are far from ideal solutions, specially considering the recent news and the current state of the art in terms of online security and privacy.
Cheers.
I can certainly pass your requests along. I didn't mean to make it sound like you were thinking it was a wave of the hands and it's available type of thing. I know you likely know that isn't the case, but I seen it as a great opportunity to explain a bit more about why we don't just add more sync services as we get requests.
The majority of the team here at AgileBits uses Dropbox, I don't see that changing anytime soon either. If we didn't think we could trust our data sitting in Dropbox we wouldn't make it available as an option. I believe that a lot of people are gun-shy about syncing to Dropbox (or iCloud) but the fact that we are syncing to them should be a pretty big deal for those who don't trust them. We know how the technology works and knowing all of what we know we still sync to Dropbox, that should be an endorsement for security at least. We don't pick favorites, but the endorsement should be that "1Password data is safe in the cloud" with the caveat that you use a strong master password.
What are your feelings on other solutions that are private cloud based, like OwnCloud and File Transporter? Or standardizing on an API like OmniPresence? These might be more likely than just standard webdav and webdav is far more likely than SFTP. Writing our own SFTP library doesn't sound like fun
As much as we love the folks at Panic for the work they've done with Transmit I'm not sure we want to follow in their shoes.
Last edited:
Seriously? how is THAT any different writing you passwords on some paper and the same thing happens? Most accounts will have a back up way in like using you phone number to verify you
Yes it has, but those are people who didn't use 2 step verification also. I use Dropbox to sync my 1Password and a person would need:
1) log in/Password
2) my cell phone for the 2 step verification (which is password protected, and not with a 4 digit PIN either)
3) my long password for the 1Password vault
So they need 3 passwords (and my cell phone in their had that is password protected, so technically 4 passwords) to get into my Dropbox.
Dropbox can peak all they want, they STILL need my password to get into my 1Password vault. 1Password does all the encryption on their end, they do not rely on others to do this for them.
Dropbox is a syncing option, and 1Password has other ways like WiFi syncing that will be on your network or even iTunes (for iOS Stuff). I use Dropbox because I have a 2nd back up for my passwords. I have my Mac Mini with 1 Password as a "Backup" as well. No one is telling you that you have to use Dropbox, that is one of the nice things about 1Password is that you have many options to sync your data.. if you even want too.
Last edited:
dude, are you serious?! if my house burns down, my office burns down and my iphone is stolen all at the same time then yeh, I will temporarily loose access to my passwords until I get 1password installed on a new computer. But the likelihood of this is somewhere on par with me being abducted by aliens. I'm not worried. I like 1 password a lot but it is not perfect - it misfires on some websites and there is no option to shut it up if I don't want something to get stored (I think there used to be one?) - that's super annoying.
I am not beholden to 1 password. I will look at other apps if they are good but posts like yours in this thread are not likely to make me do so.
this definitely can be a useful feature in certain situations. but personally I've never felt this to be a detriment as far as 1password is concerned. I DO NOT want to access my bank or credit card site on some random computer while traveling. when I travel I bring my iphone, my ipad and my laptop and it's very unlikely I would loose all of them at once.
You can click the little gear in the lower right of the save window to disable it for the current domain.
Last edited:
I make offsite backups with Crashplan (using my own encryption key, which is an option in the preferences) and I backup my data to a couple of rotating flash drives that go in a safe deposit box. In the safe deposit box is also all the information needed in order to handle my estate should I cease to exist or be capable of handling things myself. It serves two purposes.
But, if the information is valuable it serves a great purpose to:
1) Make offsite backups of your valuable information (Crashplan for me)
2) Local backups (I use Carbon Copy Cloner)
3) I make a third set of backups to Flash drives which go into a safe deposit box in case it's ever needed.
I've lost information before and I'm a bit overly paranoid of making backups but if it's valuable you should make copies of it and put it in safe locations.
What exactly were you meaning when you wanted to shut it up? As in not asking you to save a login for a domain? You can do that.
http://i.agilebits.com/kyle/macrumors/DontSaveLogin.png
Someone beat me to it
1Password Anywhere FTW. Any computer, anywhere, anytime: all your passwords. Easy.
What exactly were you meaning when you wanted to shut it up? As in not asking you to save a login for a domain? You can do that.
http://i.agilebits.com/kyle/macrumors/DontSaveLogin.png
Someone beat me to it
yes, thanks, that was it.
Kyle,
What are the chances, that 1Password will support the storage sites Copy or Box in the future?
What are the chances, that 1Password will support the storage sites Copy or Box in the future?
Last edited:
This?
https://www.copy.com/home/
If so, probably unlikely. This is the first I've heard of it
We have a lot more requests for much more common services (OneDrive, File Transporter, Google Drive, Box, SpiderOak etc) so we'd likely end up doing something with one or more of those before we did anything with an unknown that we haven't heard any requests for.
This?
https://www.copy.com/home/
If so, probably unlikely. This is the first I've heard of it
That's it. If you can get support for OneDrive or Box in the future, that would be great. I use Onedrive, Dropbox, and Box more than Copy.
No promises but they're likely far higher on the list than Copy
It's all more or less based on demand.
Not sure if this is a new "feature" but I've been copying everything into 1Password from Dashlane and one thing that was bugging me is anything past the first word in an account name was not automatically capitalized. Today I noticed that it's automatically capitalizing all words.
Now if we could just have some kind of auto-fill or predictive text on login names it'd be perfect, I'm getting tired of typing out my email address over and over again!
Now if we could just have some kind of auto-fill or predictive text on login names it'd be perfect, I'm getting tired of typing out my email address over and over again!
Been using 1PW on my mac since the beginning. Before Safari kept my passwords, 1PW was helping me maintain a secure database of my logins, accounts, passport, etc.
I can't tell you how much I appreciate have touch ID as a part of 1PW in a very usable way. I have memorized a difficult and somewhat lengthy password for 1PW, and typing it in on my iPhone/iPad has always been a total pain! It works wonderfully quickly now!
Now if we could just incorporate touch ID into my MBP and my bluetooth keyboard for my Mini at home, I'd be in security heaven!
I can't tell you how much I appreciate have touch ID as a part of 1PW in a very usable way. I have memorized a difficult and somewhat lengthy password for 1PW, and typing it in on my iPhone/iPad has always been a total pain! It works wonderfully quickly now!
Now if we could just incorporate touch ID into my MBP and my bluetooth keyboard for my Mini at home, I'd be in security heaven!
Sad
Can't believe how many people would actually willingly take all their passwords to their most sensitive information about everything they do in their life, put them all in one CENTRAL PLACE and then just TRUST 'EM not to share their info... CRAZY. Sorry guys you're going to have to do better than just tell me everything is going to be ok, and promise me that everything is encrypted and you don't have access... prove it
Can't believe how many people would actually willingly take all their passwords to their most sensitive information about everything they do in their life, put them all in one CENTRAL PLACE and then just TRUST 'EM not to share their info... CRAZY. Sorry guys you're going to have to do better than just tell me everything is going to be ok, and promise me that everything is encrypted and you don't have access... prove it
If you don't want to test the software out via the 30 day trial, that is fine. It is not our job to prove that the software meets your needs and expectations.
Last edited:
How can they have access to something they don't have? The info is on YOUR device, not on their servers.
My mom was asking how it's safe to have all my passwords in one place, as she writes all her passwords in a notebook that anyone can see at home....
Just because you see one thing on the screen don't think they can't do something else. Just because they say everything is encrypted and they don't store it, DOES NOT mean it's true. You can't tell what the code is doing in the background - no one can. That's what makes an app like this inherently dangerous.
You're missing the point. There is NO data on any of there servers. So how can they have access to my data if it's not even on their severs at all? A hacker can hack 1Password servers all they want and the hackers will not get anyone passwords at all. So how can the makers of 1Password have access to something they don't have?