Wi-Fi Syncing

rconn2

Neither of your 2 assumptions are correct.



1. There are risks with technology. The risks attendant with the use of a computer or having the computer connected are well known and a given. This is irrelevant to the issue of requiring cloud based sync. Cloud based sync adds a further risk.



Is that risk necessary or does it provide benefits that outweigh the cost. That's the issue. Many of us intuit that when 2 devices are sitting side by side, that sending sensitive data across town (as someone phrased it) and storing outside our control, to get to each other, doesn't make good sense. A point-to-point transfer (without the middleman cloud dependency) is the better method.



2. I'm not concerned that the government is going to use a quantum computer to break encryption and order stuff from my amazon account. I'm concerned that my gf or other family and friends will use the name of their pet as a password. And, on a cloud, if their password data is obtained, that password, unlocking a treasure trove of other passwords may be guessed. And, I'm concerned about not knowing what I don't know.



Yes, a laptop could be infected with a trojan or lost or stolen. So, there is a need for taking security measures. But, a cloud only adds yet another point of failure regardless. If a laptop is stolen, for example, then at least it'd be known and follow-up action can be taken. With a cloud, who knows what may happen with present or past data?



In any case, I won't recommend any password management system that requires a cloud to sync, as is the case with 1Password and those using Windows.

Jeff Shiner

Thank you all for your thoughts and comments on this thread. It is clear that there is currently a hole with 1Password 4 for iOS for those who prefer to sync directly. Each of you are important to us and we'd like to find a good answer. We need your help.



We would like to ask for some volunteers to join our 1Password 4 for iOS Beta program to help us determine a good direct syncing solution. If you are interested and willing to help, please sign-up to our Beta program [url="https://agilebits.com/beta_signups/new"]here[/url]. We have a limited number of spaces available so be sure to include your forum user name and add Direct Sync in the "How do you use 1Password" field.

rconn2

Is the beta program strictly for Mac users or Windows also?

bring wifi-sync back

[quote name='Carl' timestamp='1355786255' post='65811']

Your credit card information is more likely to be compromised at a restaurant over any other place.

[/quote]Yes, and I don't use a credit card in restaurant etc.. I live in a country where a credit card isn't required or common. I use cc for 3 companys only, so I need that in 1Password. I never go out with the credit card. It's saved in 1Password only.

And for example, I'll never ever use PayPal. It's the same category like clouds, Facebook and all the others, a no-go.

bring wifi-sync back

[quote name='roustem' timestamp='1355792824' post='65822'] do not see any other option to access the data on iOS from Mac at the moment.

[/quote]

Very easy. Add an option for an own WebDAV server:

url

user

password

folder-name

accept self-signed certificate



And I'll pay two times: give us this as an in-app purchase please.

jpgoldberg

Duly noted, rconn2 (and others) when you say:





[quote name='rconn2' timestamp='1355850913' post='65895']

In any case, I won't recommend any password management system that requires a cloud to sync, as is the case with 1Password and those using Windows.

[/quote]



I'd like to turn this now to helping me and other here get a better understanding of what might work for those who share your objection to cloud-based synching.



Would you be willing to run a dedicated network service, say managed through 1Password Helper on Mac or 1pAgent on Windows, used for syncing?



Note that the reasons behind us dropping WiFi sync apply a zillion times over for something like this so I am extremely doubtful we would go down such a route and it would have its own security implications. But I would like to gather ideas and a better understanding of what sorts of approaches people would be comfortable with.



Also how would you feel if we could get genuine syncing like behavior (dealing with "simultaneous" changes from both sync sources) working through iTunes File Sharing? Again, I foresee practical problems in getting that to work reliably, but I don't want to rule anything out at this point.



Cheers,



-j

Meku

I would also like to voice my opinion for the need of direct sync with the desktop app. First of all in my private life cloud sync is fine but when dealing with data related to professional life I need direct sync (actually I would prefer wired sync over WiFi). iOS 1Password 4 dropping WiFi sync was huge disappointment for me. I truly hope Agile can come up with direct sync solution for those who need very high security.

Carl

[quote name='rconn2' timestamp='1355812218' post='65859']

You raise an excellent point. If titles or url's aren't encrypted, then browser histories are being put on a cloud. This is exactly what I meant about not knowing what we don't know. I want a password management system to make things simpler, not create uncertainties and more headaches.



[/quote]



In the case of DropBox, SSL is used and data is encrypted with AES and is encrypted for both transmission and storage of data.



So even if 1Password does not encrypt the titles/urls they are not going to the cloud or stored in the cloud unencrypted.

Carl

[quote name='bring wifi-sync back' timestamp='1355855325' post='65904']

Yes, and I don't use a credit card in restaurant etc.. I live in a country where a credit card isn't required or common. I use cc for 3 companys only, so I need that in 1Password. I never go out with the credit card. It's saved in 1Password only.

And for example, I'll never ever use PayPal. It's the same category like clouds, Facebook and all the others, a no-go.

[/quote]



Ok, maybe you should discontinue using electricity too. I hear that a short can happen and burn your house down. You can also get accidentally shocked and killed by it. It sounds like way too big a risk to use.



Plus, if you have electricity someone might tap into it and run your bill sky high. Yup, definitely a huge risk.



And what about someone poisoning your water coming in your house. All they would need to do is tap into the line where your water meter is at and inject some nasty agent into your water supply. Very big risk. Better get that water shut off too.



Utilities - definitely a no-go.

ville

[quote name='Jeff Shiner' timestamp='1355852095' post='65897']

Thank you all for your thoughts and comments on this thread. It is clear that there is currently a hole with 1Password 4 for iOS for those who prefer to sync directly. Each of you are important to us and we'd like to find a good answer. We need your help.



We would like to ask for some volunteers to join our 1Password 4 for iOS Beta program to help us determine a good direct syncing solution. If you are interested and willing to help, please sign-up to our Beta program [url="https://agilebits.com/beta_signups/new"]here[/url]. We have a limited number of spaces available so be sure to include your forum user name and add Direct Sync in the "How do you use 1Password" field.

[/quote]



Its great that you listen! Signed to help you test the solutions!

Carl

[quote name='jpgoldberg' timestamp='1355855956' post='65907']

Duly noted, rconn2 (and others) when you say:









I'd like to turn this now to helping me and other here get a better understanding of what might work for those who share your objection to cloud-based synching.



Would you be willing to run a dedicated network service, say managed through 1Password Helper on Mac or 1pAgent on Windows, used for syncing?



[/quote]



I am wondering if something like rsync with SSH would be a practical solution. Do it based on IP address instead of computer name (bonjour, etc.).

rconn2

j - I think USB (wired) sync is a necessary foundation. In order of importance:



1. USB, iTunes, sync;

2. WiFi, convenient subnet sync;

3. Cloud sync.



I'd be happy with #1. This is how I use KeePass / MiniKeePass. I copy my iPad's kdbx file back and forth through iTunes. In Windows, using KeePass, I sync/merge my Windows kdbx file with the iPad one, and then copy the now sync'ed iPad one back. Since it's a single file, copying to/from the App's documents folder works. It's not a big deal. And, I recognize that transferring files through iTunes is Apple's thing.



If the 1Password folder (under Windows) can be pushed to the iDevice (we already can copy from) and have a way to sync the desktop program's folder with the iDevice folder, then that'd be a basic working method. Perhaps just zip the folder? And, allow a choice to sync folders.



This is what I'd focus on. It would provide the point to point option. As for WiFi, I'd say "working on a good solution". I wouldn't shut the door on it which would just cause upset. And, I would look for an optimal solution. They have a way of appearing in time.

roustem

I found something that might allow us to sync iOS and Mac using USB connection without iTunes. This is great because it would allow syncing the connected iPhone without any manual file copying.



I will keep you posted.

LosInvalidos

roustem: This really is a heated discussion. Take it as in "people really like your software and don't want to jump the ship, unless you make them to". There must be an off-net solution to sync data. Curious to see what you guys come up with.

roustem

[quote name='LosInvalidos' timestamp='1355870576' post='65939']

roustem: This really is a heated discussion. Take it as in "people really like your software and don't want to jump the ship, unless you make them to". There must be a off-net solution to sync data. Curious to see what you guys come up with.

[/quote]



It appears that we can read and write in iTunes File Sharing data on a Mac without iTunes. I could write a special utility that will sync the local data file with the device when it is connected.



If anyone wants to help beta test, please let me know. I might have something running in a week or so.

rconn2

The iExplorer Windows software bypasses iTunes (there's a trial download). It's pay software and glitchy, but allows mounting a drive to an apps' documents folder. So, it can be done with windows as well. If not a direct file access like this, then if the agile folder is zipped or made into a file, then at least it could be copied onto an iDevice through iTunes.

jpgoldberg

Hi Carl,



[quote name='Carl' timestamp='1355860152' post='65917']

I am wondering if something like rsync with SSH would be a practical solution. Do it based on IP address instead of computer name (bonjour, etc.).

[/quote]



I'm a great fan of rsync over SSH, and have been using it for various tasks for more than a decade. But ...



I hate to always say "no that can't work" at a time when we are seeking to find an approach that will work. Still I'll raise an issue that gives me the opportunity to talk about one of the differences between the Agile Keychain Format and the Cloud Keychain (in addition to the fact that URLs and Titles are encrypted in the Cloud format).



An rsync based solution would be possible for the Agile Keychain Format. Each item is its own separate file. So rsync just using file modify times could do the job. (The Agile Keychain format was designed for syncing based almost entirely on information available from the file system.) Although this made some aspects of syncing really clean, it led to users having thousands of files. This worked great with the Unix-like filesystem on the Mac, but 1Password for Windows users will know that 1Password can be slow to load.



It wasn't just that, but there is overhead to transferring any file, even if it is small. At the same time, we didn't want to have a monolithic file. So the Cloud Keychain groups items into 16 band files. A change in one item in the band means that the entire band file needs to be transferred.



Now consider the case where we have two items, A and B, both in the same band file. Suppose you modify A on one device and B on another. In a sync conflict with those bands, neither modified band file will be correct. Instead we need to merge the changes which involves looking at modify times of items within the band files.



So we need to put in some sort of smarts that actually reads the band files instead of just relying on the kinds of things that can be done with rsync.



Please keep ideas coming.



Cheers,



-j

1Password-User

[quote name='roustem' timestamp='1355861783' post='65922']

I found something that might allow us to sync iOS and Mac using USB connection without iTunes. This is great because it would allow syncing the connected iPhone without any manual file copying.



I will keep you posted.

[/quote]



This is great news roustem! Thanks for the updates and to the other Admin's who have been posting here as well. I really appreciate this issue getting tracking and you all actively working to solve it.

ville

[quote name='roustem' timestamp='1355861783' post='65922']

I found something that might allow us to sync iOS and Mac using USB connection without iTunes. This is great because it would allow syncing the connected iPhone without any manual file copying.



I will keep you posted.

[/quote]



Dont forget us Windows users.

jpgoldberg

Hello ville,



We love our Windows users, too. WiFi sync had only been available on the Mac. So I wouldn't be surprised if initial efforts focus on the Mac, but hopefully that will also provide the basis for a non-cloud sync solution for Windows folk as well.



Cheers,



-j

TerryP

[quote name='roustem' timestamp='1355861783' post='65922']

I found something that might allow us to sync iOS and Mac using USB connection without iTunes. This is great because it would allow syncing the connected iPhone without any manual file copying.



I will keep you posted.

[/quote]



Hello roustem,



Thank you for your support! [color=#282828][font=helvetica, arial, sans-serif]With Wi-Fi sync, I was able to only sync selected folders to my iPhone. I don't know how many users have used this feature, but for me it is essential to sync only a part of my 1PW data to the mobile device. (Yes, [/font][/color][color=#3C3C3C][font=Arial, sans-serif][size=3][/size][/font][/color]because I am convinced that the most effective data protection is data avoidance <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/wink.png' class='bbc_emoticon' alt=';)' /> ).

Neocybersailor

I appreciate the priority must be on getting a basic local sync ASAP. But it would be very nice if the selected solution at least easily allow through a future upgrade the ability to only sync selected passwords between the MAC and the iPad'iPhone (similar to the sync only selected folders feature in the curret MAC 1Password 3 app). Prior post comments about portable devices being easily stolen are also very valid, and some passwords may be preferred to remain only on the home PC.

TerryP

[quote name='Carl' timestamp='1355859926' post='65914']

Ok, maybe you should discontinue using electricity too. I hear that a short can happen and burn your house down. You can also get accidentally shocked and killed by it. It sounds like way too big a risk to use.



Plus, if you have electricity someone might tap into it and run your bill sky high. Yup, definitely a huge risk.



And what about someone poisoning your water coming in your house. All they would need to do is tap into the line where your water meter is at and inject some nasty agent into your water supply. Very big risk. Better get that water shut off too.



Utilities - definitely a no-go.

[/quote]





Carl, with great pleasure i read your really helpful posts and I would not like to miss them for anything in the world, so i have to take the risk to use electricity. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/wink.png' class='bbc_emoticon' alt=';)' />



But seriously, the reputation of companies like PayPal or sites like Twitter and Facebook varies from country to country very much. Here in germany PayPal has a very bad reputation. The usage of creditcards differs also very much. Few people pay smaller amounts with a creditcard, because it is not welcome.

Carl

[quote name='TerryP' timestamp='1355939511' post='66015']

Here in germany ...

[/quote]



Yes, definitely some differences in your country.



As I understand it you also have no telemarketers bugging you with phone calls trying to rip you off which is awesome.



Also, 6 weeks vacation is pretty standard for workers from what I hear which is also awesome.

daniel110928

[quote name='TerryP' timestamp='1355938415' post='66013']

Thank you for your support! [color=#282828][font=helvetica, arial, sans-serif]With Wi-Fi sync, I was able to only sync selected folders to my iPhone. I don't know how many users have used this feature, but for me it is essential to sync only a part of my 1PW data to the mobile device. (Yes, [/font][/color]because I am convinced that the most effective data protection is data avoidance <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/wink.png' class='bbc_emoticon' alt=';)' /> ).

[/quote]

Just want to echo what [b]Terry[/b] wrote, I too find the "sync only selected folders"-option invaluable!

TerryP

[quote name='Carl' timestamp='1356100702' post='66142']

As I understand it you also have no telemarketers bugging you with phone calls trying to rip you off which is awesome.

[/quote]



At least, it is forbidden to advertise by phone without an existing business relationship. Unfortunately, not everyone follows the rules.



[quote name='Carl' timestamp='1356100702' post='66142']

Also, 6 weeks vacation is pretty standard for workers from what I hear which is also awesome.

[/quote]



Four weeks vacation according to law. But up to six weeks in many companies. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/biggrin.png' class='bbc_emoticon' alt=':D' />





But I think, we are OT ...

Chris100

I have read here and in other threads that people distrust Dropbox because of multiple security breaches.



I would like to point out that there was only ONE breach where, if you follow password best practices, your Agile keychain might have been at risk.



This was in June 2011. A code upate enabled users to login without the correct password. To my mind, this was a serious breach, and does raise doubts about the ability of Dropbox to safeguard my account.



(See [url="http://www.informationweek.com/security/vulnerabilities/dropbox-files-left-unprotected-open-to-a/231000111"]http://www.informati...-to-a/231000111[/url])



BUT: The subsequent event(s) were MUCH different.



The next breach occurred this summer when hackers stole passwords elswhere and used them to log onto dropbox. (See [url="http://www.eweek.com/c/a/Security/Spam-Campaign-Caused-by-Stolen-Dropbox-Employee-Password-344694/"]http://www.eweek.com...assword-344694/[/url])



For Agile users who use unique passwords, their Agile keychains were not at risk during this second breach.



Related to that breach (but sometimes cited as a third): one of the hacked accounts was a dropbox employee. They had a list of email addresses (not passwords). The hackers used that list to send spam. Should that list have been in a dropbox, unencrypted? No.



But no Agile keychains were exposed in this third "breach." This was email addresses.



I totally understand that many people do not have faith in Dropbox. But I think it is only fair to get the facts straight.



The press likes to say they have had "multiple breaches", but they were not all on the same level.



It is up to each of us to decide if we trust them, based on the facts. I understand if you do not trust them, and I am behind you 100% that we need another way to sync.



But to me, only one of these 3 events gives me pause for concern.

Macrina

^^^ Thanks for posting this, because it is important that the 'perceived truth' be separated from the facts as things actually happened.

I do believe most folks are responding to the 'perceived truth' rather than true events.



No, I don't work for Dropbox <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' /> , but I use it with confidence. And really, who here believes Agilebits would recommend Dropbox without its being a safe choice?

BrianMojo

[quote name='roustem' timestamp='1355873790' post='65947']

It appears that we can read and write in iTunes File Sharing data on a Mac without iTunes. I could write a special utility that will sync the local data file with the device when it is connected.



If anyone wants to help beta test, please let me know. I might have something running in a week or so.

[/quote]



This is great news, I'll keep my fingers crossed. I don't have time in my schedule to beta test, but I appreciate the work you are putting into this.

dbarton

[quote name='roustem' timestamp='1355873790' post='65947']

It appears that we can read and write in iTunes File Sharing data on a Mac without iTunes. I could write a special utility that will sync the local data file with the device when it is connected.



If anyone wants to help beta test, please let me know. I might have something running in a week or so.

[/quote]



roustem: I'm looking forward to help with the beta test, because I'm really interested in a Wi-Fi sync alternative. Let me know if I can do something to help you guys.



Cheers from Switzerland

Domi