Wi-Fi Syncing

jhm

I'm another user who upgraded the moment I heard about the release of 1PW4 - trusting that AgileBits would make it worthwhile - but then found out that wi-fi sync (which has never given me any problems) has been removed.



I note the (long!) discussions about the cloud but I Do Not Want to Put **My** Encrypted Password Data in the Cloud. End of discussion.



I can handle the hassle of iTunes "sync" (i.e. file copy) but it is even more tedious now because each time I have to change the password on iPhone back to the easier to type password from the more secure one on my laptop.



I know that I can ask for a refund but I will (for the moment at least) suck and bear the hassle this "update" has created. My opinion of AgileBits has gone down - particularly given the way they have tried to "sell" iTunes sync when it is nothing more than a basic file copy; the lack of any warning (when I bought the upgrade) about the removal of wi-fi sync; and their unwillingness it seems from their posts on here to listen/understand our viewpoint.

TheMaJa

[quote name='dteare' timestamp='1355608989' post='65500']

Then there's the user experience itself: even when Wi-Fi worked it was a huge PITA.

[/quote]



And you really think iTunes file sharing is good user experience? Most Apple users do not even know that it exists at all. And if you change different entries on both the Mac and the iPhone this 1-way "sync" is what I would call a PITA.



[quote name='dteare' timestamp='1355608989' post='65500']

I never say never but for these reasons I'm pretty sure Wi-Fi syncing will not be added back into 1Password. If you cannot use Dropbox, hopefully you will be able to use iCloud in the new year when it's available on Mac. If you are unable to use iCloud and Dropbox and the iTunes File Sharing doesn't suit your needs, you will need to stick with version 3 until we find a solution that works for you.



We're always evaluating new sync options and if possible we hope to someday add a solution where you can sync without relying on a central server. Hopefully we can find a solution that meets everyone's needs.

[/quote]



Your recommendation to stay on version 3 shows that version 4 is not a well-planned update. It forces all customers to go the cloud route, which - according to my observations of the last days - is no option for a significant part of your user base. If you think your keychain encryption is good enough for cloud storage please publish your personal keychain on your Web site. Not going to happen? Well, than you better start to add the WiFi sync to version 4 now and not "someday".

Carl

[quote name='Thorgeir' timestamp='1355647965' post='65556']



Here we speak about a very important file and about it's security. I will not put it to the internet, whoever will say me that this is secure. It isn't.

[/quote]



and Wi-Fi is secure and has never been cracked...oh except WEP...oh and WPA... and the WPS mode issue even with WPA2



By the way, all those logins you're protecting in 1Password are for sites that are on... (drumroll please) ... THE INTERNET ... this includes your bank, credit card company, etc. etc. etc. - YOUR accounts are ALREADY on the internet



and let's talk about all the customer info databases that has been compromised from lost/stolen laptops by government & private employees

1User

Please return function WiFi Sync! I do not trust public clouds and do not want to keep my container on them.

TonyK

Good keys and other security measures are always needed. But with WiFi my data does not live on some unknown server. It rests on my local drive behind passwords and security.



So yes, I want WiFi syncing returned.



[quote name='Carl' timestamp='1355666889' post='65579']

and Wi-Fi is secure and has never been cracked...oh except WEP...oh and WPA... and the WPS mode issue even with WPA2



By the way, all those logins you're protecting in 1Password are for sites that are on... (drumroll please) ... THE INTERNET ... this includes your bank, credit card company, etc. etc. etc. - YOUR accounts are ALREADY on the internet



and let's talk about all the customer info databases that has been compromised from lost/stolen laptops by government & private employees

[/quote]

TerryP

[quote name='Carl' timestamp='1355666889' post='65579']

and Wi-Fi is secure and has never been cracked...oh except WEP...oh and WPA... and the WPS mode issue even with WPA2

[/quote]



My Wi-Fi is only reachable for people in my neighbourhood - not for millions of people in the internet. Small but significant difference. And otherwise a good argument for not being to optimistic. A few years ago much people thought, that WEP is safe. Today many people assume the cloud is safe.



[quote name='Carl' timestamp='1355666889' post='65579']

By the way, all those logins you're protecting in 1Password are for sites that are on... (drumroll please) ... THE INTERNET ... this includes your bank, credit card company, etc. etc. etc. - YOUR accounts are ALREADY on the internet

[/quote]



You cannot assume, everybody is using 1PW the same way like you do. Many users will store non-internet related stuff in 1PW. And so do I. (You can now stop that drumroll)



[quote name='Carl' timestamp='1355666889' post='65579']

and let's talk about all the customer info databases that has been compromised from lost/stolen laptops by government & private employees

[/quote]



Thank you for your support. Exactly that is the reason, why i only want to store a part of my 1PW data on my mobile device and it is the reason for not distributing my data all over the world. But AgileBits will not allow me that on 1PW4 like it worked (with Wi-Fi Sync) in 1PW3.

RichieB

[quote name='TerryP' timestamp='1355671384' post='65588']

My Wi-Fi is only reachable for people in my neighbourhood - not for millions of people in the internet. Small but significant difference.

[/quote]



Are you saying my iCloud and Dropbox data is reachable by millions of people in the internet? I beg to differ.

TerryP

[quote name='RichieB' timestamp='1355672949' post='65589']

Are you saying my iCloud and Dropbox data is reachable by millions of people in the internet? I beg to differ.

[/quote]



What i'm trying to say is: if someone wants to hack my Wi-Fi, he has to be in my local neighbourhood. If someone tries to hack a server, that is connected to the internet, he can try it from all over the world. I don't meant, that your data is actually reachable by anybody else than you.

bring wifi-sync back

[quote name='Carl' timestamp='1355666889' post='65579']

and Wi-Fi is secure and has never been cracked...oh except WEP...oh and WPA... and the WPS mode issue even with WPA2

[/quote]

Yes, but the files must be captured in some seconds when I'm sync. If I see a foreign us car outside of my home, then I can choose for myself if I'm sync or not (I'll always disable sync when I don't need to sync) <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/wink.png' class='bbc_emoticon' alt=';)' />

When the 1Password file is saved in the cloud, it's accessable not only for seconds, it's accessable the whole time for the cloud hoster. I really don't understand why people doesn't accept that I don't want that. End of discussion.



[quote]Then there's the user experience itself: even when Wi-Fi worked it was a huge PITA.[/quote]

Really no one [u]must[/u] use Wi-Fi sync if she/he think it is a huge PITA. And that's the reason why this discussion about Wi-Fi sync yes/no gets boring:

I don't want to convert anyone to use Wi-Fi sync. It's your choice not my choice. Please sync through cloud and have fun.

But everyone who think Wi-Fi sync is a pita or iCloud/Dropbox is the best way to sync wants to convert me away from Wi-Fi sync. [u]Let me choose what's right. I can think for myself.[/u]

Neocybersailor

I would assume that Agilebits has noticed that this thread has had some of highest ever replies and views ever on this forum, and is therefore indicative of the interest a significant number of your customers have on this issue. With the exception of mostly defensive replies from your administrators and one rather strident apologist forum member (or ringer?) "Carl", the vast majority of customers have voiced their concern on being forced put their password files on a public server if they are to expect a decent hassle free file synchronization experience. (Even more so, if you plan on eliminating wifi synch on the next update to the Mac 1Password update.)



I would hope that you allow this thread to continue, rather than to give in to the urge to shut it down in order to suppress bad publicity. Perhaps the continued discussion will eventually result in some satisfactory solution, rather than simple resignation that Agilebits feels no urgent need to address it. Even if you did terminate the thread, it would not stop the ever increasing comments on this subject in the iTunes ratings and reviews section for your program. I have always appreciated Agilebits attention to customer experience in the past, and your recent efforts to improve the UI are indeed appreciated. But in the end, what you are really selling is "peace of mind". Giving your customers that nagging feeling about whether their password file has been or will be potentially be compromised on file servers they have no control over does nothing to promote that peace of mind.

thightower

[quote name='Neocybersailor' timestamp='1355675931' post='65593']

I would hope that you allow this thread to continue, rather than to give in to the urge to shut it down in order to suppress bad publicity. Perhaps the continued discussion will eventually result in some satisfactory solution,

[/quote]



Whats really damning to the thread is the reported posts from those of you whom do not share your point of view. This is a forum and its a place for discussion both for and against a subject.



We keep getting reports just because someone has a counter point to yours. Everyone has a right to express a point of view.



I personally have no desire to close it but the paid staff may who knows. Thats there call.

thightower

On a personal note most of you guys sound like more technically inclined individuals. WIFI Sync was a huge problem and I use to make sure and leave those topics to the paid staff just because of the sheer amount of time it would take to get a sync going. Your guys setup sounds like great setups but there were sooooo many problems with it. You cannot imagine the headaches try to get people to reboot a router whats a router etc. and I do this for free because I love it. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/wink.png' class='bbc_emoticon' alt=';)' />



At some point the developers have to make a decision on what featured to build into an app. They have decided against wifi sync. But many features have returned after customers voiced there opinion, just like your doing.



Obviously being a pro bono mod and not truly affiliated with he team I cannot speak for adding features requests back. I am just stating things i have seen in the past from other developers.

luke1970

WiFi Sync was an easy way to sync between Mac <-> iOS device [b]without [/b]a cloud.

Save passwords in clouds is not a good idea. It's [b]always[/b] a security risk.



We must find now an easy way for local sync.

iTunes File sharing is no alternativ. It's only a "backup" and very circumstantially. I must find 1password.keychain file which is in Library folder.

And Library folder is hidden in "Lion" and "Mountain Lion".



Greetings,

Bernd

bring wifi-sync back

[quote]You cannot imagine the headaches try to get people to reboot a router whats a router etc.[/quote]

We always read "rebooting the router"... but what happens when a usual router at home restarts:



- OS of router including all network drivers (wireless and wired) restarts

- ARP table is cleared

- restarts DNS daemon

- restart DHCP daemon

- connecting to the Internet



Please explain the technically background what's exactly related to avoid syncing in 1Password? Your customers [u]must have other network problems too when rebooting a router is needed.[/u]



PS: using Wi-Fi sync isn't a [u]must[/u] have for your "rebooting router"-customers. They have iCloud support now...



There are so many hard- and software around Apple/Mac which use local network services:

- printing

- scanning

- Remote control iTunes with iPhone

- EyeTV Netstream

- AirPlay with Apple TV

- setup AirPort (Extreme/Express)

- AirPlay with AirPort

- ...



And [u]only[/u] with 1Password Wi-Fi sync the users switch into "stupid" mode to fill your trouble ticket system? I really can't imagine this is the real reason...

bring wifi-sync back

Now I'm getting angry. This page is one of your support page:

http://support.agilebits.com/kb/troubleshooting/wi-fi-sync-troubleshooting-guide

You write: "[b]but really, Wi-Fi sync works flawlessly[/b] for many thousands of our customers"



And in this forum thread, much of us are advanced users, you want to tell us that Wi-Fi sync does make to much trouble??? Please don't kidding us.

BrianMojo

[quote name='dteare' timestamp='1355608989' post='65500']

I never say never but for these reasons I'm pretty sure Wi-Fi syncing will not be added back into 1Password. If you cannot use Dropbox, hopefully you will be able to use iCloud in the new year when it's available on Mac. If you are unable to use iCloud and Dropbox and the iTunes File Sharing doesn't suit your needs, you will need to stick with version 3 until we find a solution that works for you.

[/quote]



Here's what it comes down to: I don't think anyone really cares if it's Wi-Fi sync that ultimately returns. There just needs to be a [b]local sync option[/b] that avoids the cloud and [b]actually syncs[/b] between the two devices. Frankly, for a company that is focused on security, this should be a priority (partly because access to the cloud is not always an option -- my case -- and partly because as a password storage service you are likely to have a healthy dose of paranoia in your customer base).



If there is a way to automatically mine the iOS backup, let iTunes do the syncing (avoiding all of your WiFi woes -- if people are doing iOS backups to the cloud then they really shouldn't be complaining about this) and let your Mac/PC application ping the backup and then do the storing, sorting, and securing. Much more easily said than done, I am certain, but really your only practical solution option.



[b]And ultimately a practical, secure solution is what people are looking for.[/b]

jhm

[quote name='BrianMojo' timestamp='1355695575' post='65638']mine the iOS backup[/quote]



Not easy I'm sure and the data format may change but the iOS backup can be mined - that's what MobileSyncBrowser does.



http://mobilesyncbrowser.com/manual/man_plus.html#Files

TonyK

Sorry for a quoted reply but this forum software has an artificial limitation on "Like This" and I've hit my limit for the 3rd day running.



Yes, what I want is a local sync option and iTunes is not a local sync option. Something that is simple to use and just works is what I want. WiFi was it in 1P3. Having migrated from a Treo 650 using DataViz's Password Plus we had to be cable connected to sync our data. Too bad this cannot be done. Maybe it is a limitation of Apple and iTunes yet I feel there has to be some method to provide users local sync without having to copy files around, navigate to hidden folders and manually manage multiple devices. That would truly be a PITA.



Thanks,



[quote name='BrianMojo' timestamp='1355695575' post='65638']

Here's what it comes down to: I don't think anyone really cares if it's Wi-Fi sync that ultimately returns. There just needs to be a [b]local sync option[/b] that avoids the cloud and [b]actually syncs[/b] between the two devices. Frankly, for a company that is focused on security, this should be a priority (partly because access to the cloud is not always an option -- my case -- and partly because as a password storage service you are likely to have a healthy dose of paranoia in your customer base).



If there is a way to automatically mine the iOS backup, let iTunes do the syncing (avoiding all of your WiFi woes -- if people are doing iOS backups to the cloud then they really shouldn't be complaining about this) and let your Mac/PC application ping the backup and then do the storing, sorting, and securing. Much more easily said than done, I am certain, but really your only practical solution option.



[b]And ultimately a practical, secure solution is what people are looking for.[/b]

[/quote]

thightower

I am not disagreeing with you at all. At first I distrusted Dropbox, and was very head strong about that. It grew on me and slowly I changed after I learnt more about it etc etc etc.



If I however had never embraced Dropbox I would be right here with you.

davethis

I agree, please bring back wi-fi syncing. I do not like the idea so having all my passwords in Dropbox or iCloud. With Wi-Fi syncing I was able to select which passwords I wanted on my phone and only sync those.



So far I am very disappointed with 1P4.

Carl

[quote name='Neocybersailor' timestamp='1355675931' post='65593']

With the exception of mostly defensive replies from your administrators and one rather strident apologist forum member (or ringer?) "Carl", the vast majority of customers have voiced their concern on being forced put their password files on a public server if they are to expect a decent hassle free file synchronization experience.

[/quote]



"Neocybersailor" (with your 2 total posts here at the present),



One forum thread with a little over a hundred posts (several posts each by some users) does not represent the "vast majority of customers". Not even "close"



I'm not a huge fan of "the cloud" but the encryption is key for me. It would take a cloud compromise AND a crack of the encryption in order for someone to get the 1Password data. I'm not trying to convince you to go to the cloud. The choice is yours.



Basically, adding everything on the desktop and copying it over via the cable for updates is the MOST "secure" method.



"Carl"

davethis

If the reason this feature was removed because it was a support headache. Steer the people having issues to use cloud syncing and let the power users continue to use wi-fi syncing. Even make it a hidden feature that you have to unlock some how (but not with an in app purchase). You could also say that wi-fi syncing is not a supported and use at your own risk <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />

rwha

[font=Helvetica][size=3]

I hope you reconsider requiring the cloud to sync. I have had no problems with wifi syncing and have no interest in putting my data in the cloud.[/size][/font]

[font=Helvetica][size=3]

Also keep in mind that many companies, mine include, do not allow cloud access from their networks. I am unable to use iCloud or Dropbox from my office. This would exclude 1Password from corporate purchase.[/size][/font]

Neocybersailor

[quote name='Carl' timestamp='1355708220' post='65658']

"Neocybersailor" (with your 2 total posts here at the present),



One forum thread with a little over a hundred posts (several posts each by some users) does not represent the "vast majority of customers". Not even "close"



I'm not a huge fan of "the cloud" but the encryption is key for me. It would take a cloud compromise AND a crack of the encryption in order for someone to get the 1Password data. I'm not trying to convince you to go to the cloud. The choice is yours.



Basically, adding everything on the desktop and copying it over via the cable for updates is the MOST "secure" method.



"Carl"

[/quote]



Hi Carl, While we may be at opposite ends of the pole when it comes to trusting Apple and Dropbox, we both seem to agree that local control of synching is the most safe. All I am, and I think a lot of other people are saying on this thread is that the current iTunes file option is a kludge at best. No one is saying that Agilebits has to restore wifi synch if something better is at hand. Just don't stop trying to give us the option of a user friendly locally secure option for those of us who do not want their password files exposed, encrypted or not.



Fully realize you have thousands of posts and I only have two. Quite frankly I felt no need to particpate, because until at this point I was entirely pleased with Agilebits" product.



Peace

thightower

[quote name='rwha' timestamp='1355712462' post='65661']



[font=Helvetica][size=3]I hope you reconsider requiring the cloud to sync. I have had no problems with wifi syncing and have no interest in putting my data in the cloud.[/size][/font]



[font=Helvetica][size=3]Also keep in mind that many companies, mine include, do not allow cloud access from their networks. I am unable to use iCloud or Dropbox from my office. This would exclude 1Password from corporate purchase.[/size][/font]

[/quote]



Now this is truly a great point

ville

I would also like to have the wifi sync back. Or some other form of local sync.



I dont trust the cloud to store all my passwords. Its not even uncommon to cloud providers to leak files through securityflaws/mistakes/usererrors and so on. Then my password file is in wide open.



Things like this are more and more common.

http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/



If somebody gets my password file its only matter of time when somebody just brute forces it open.

khad

[quote]If somebody gets my password file its only matter of time when somebody just brute forces it open. [/quote]

With a strong master password, "only matter of time" is on the order of thousands or millions of years. I am not sure my bank account will still be active then.



[img]http://tooagile.wpengine.netdna-cdn.com/wp-content/uploads/2012/07/JtR-1P-crack-times-750x305.png[/img]



(via [url="http://blog.agilebits.com/2012/07/31/1password-is-ready-for-john-the-ripper/"]1Password is Ready for John the Ripper[/url])



If you are not sure about the strength of your master password, please do review our article (which is also linked in the John the Ripper article):



[url="http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/"]Toward Better Master Passwords[/url]



In addition to our post on John the Ripper, you may also want to read our post that was written as a follow up to [url="http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/"]the original article that broke the story about Gosney's work[/url]. The follow up was written even before Ars ever published their take on it:



[url="http://blog.agilebits.com/2012/12/05/hashing-fast-and-slow-gpus-and-1password/"]Hashing fast and slow: GPUs and 1Password[/url]



If you have any further questions or concerns about the security of your 1Password data, please let me know.

jhm

[quote name='khad' timestamp='1355738862' post='65692']With a strong master password, "only matter of time" is on the order of thousands or millions of years.[/quote]



A brute force attack maybe but unless Agilebits can confirm that no way of attacking the current encryption will ever be found (similar to the attacks found for SHA-1 etc), then I'd rather have my data on my laptop accessible only by myself (and anyone who may steal/hack my laptop etc) rather than on the cloud and potentially accessible by anyone worldwide who may steal my data (e.g. the past Dropbox security breach).

DirkR

[quote name='khad' timestamp='1355738862' post='65692']

With a strong master password, "only matter of time" is on the order of thousands or millions of years. I am not sure my bank account will still be active then.[/quote]



You are missing the point. It takes up to thousands or millions of years. But maybe they match my strong password after 2 years and my bank account is still valid? Cloud sync is a no-go for such sensitive data.

DirkR

@AgileBits: I will discontinue my usage of 1Passowrd if the only sync mechanism between Mac and iDevices is via Cloud.



I will stick to Version 3 on iPhone and Macs and keep my excellently working WiFi-Sync. And maybe you or your competion will solve the problem in near future.