This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
[RESOLVED: 3.8.3.BETA-2] Delayed but impressive response from 1Password support team to security con
[b]Edit 2:[/b][list]
[*][b]The response I received from the team was very impressive.[/b]
[*][b]I retract all my criticism -- these guys really do care and are trying their best to provide quality service. Their response makes this apparent.[/b]
[*][b]I will continue to use 1P and would feel comfortable recommending it to friends[/b]
[/list]
Edit: I don't want the title to mislead -- it's a [i]very[/i] minor security issue and very unlikely to affect anyone. My problem is the lack of response.
Hey, I just thought I would share my frustrations with 1P and AgileBits here.
First, twice I have opened the application and found all of my data absent. A screenshot is attached. Both times it has reappeared after restarting the app, but that's a horrible and worrisome bug. I just hope the bug is only in the code that displays data and is far removed from where it can cause real data loss. (I encourage everyone to back up their data.)
Second, 1P support is in a terrible state. For such a critical application, the company ought to have reliable and quick support. I hate how AgileBits has over-extended itself.
Third, back when support was up I wrote the team about a (very minor) security flaw: if you type in your master password in 1P and close the window, the password is not cleared. In the case where you type your whole password and close the window, anybody could open 1P and just hit Enter to get all your data.
My problem isn't with the security flaw -- it's very minor and unlikely to ever be a problem -- but the fact that my email and the follow-up I sent a week later were both completely ignored. Furthermore, the auto-responder email I got was terrible:
"If your message doesn’t fit into one of those categories, we’ll read it and get back to you just as soon as we can. Otherwise, we’ll assume that you’ve found your answer, so if you still have questions after reading the above material, just write back to us and we’ll be happy to help you."
What does this mean? They are saying that if you do nothing they will "get back to you just as soon as we can" while simultaneously assuming that you've "otherwise found your answer." I believe they're saying you need to send a follow-up email saying that your question was answered but the first sentence of that quote contradicts that. It should read that "if your message doesn't fit into one of these categories [b]send us a follow-up email / reply[/b] and we'll get back to you as soon as we can."
Overall I'm very dissatisfied with 1P and would not hesitate to switch to a competitor with better service than this.
Edit: I believe I was running whatever build of 1P came before 3.8.2. I'm was/am not running a beta version. I'm on Lion 10.7.1.
[*][b]The response I received from the team was very impressive.[/b]
[*][b]I retract all my criticism -- these guys really do care and are trying their best to provide quality service. Their response makes this apparent.[/b]
[*][b]I will continue to use 1P and would feel comfortable recommending it to friends[/b]
[/list]
Edit: I don't want the title to mislead -- it's a [i]very[/i] minor security issue and very unlikely to affect anyone. My problem is the lack of response.
Hey, I just thought I would share my frustrations with 1P and AgileBits here.
First, twice I have opened the application and found all of my data absent. A screenshot is attached. Both times it has reappeared after restarting the app, but that's a horrible and worrisome bug. I just hope the bug is only in the code that displays data and is far removed from where it can cause real data loss. (I encourage everyone to back up their data.)
Second, 1P support is in a terrible state. For such a critical application, the company ought to have reliable and quick support. I hate how AgileBits has over-extended itself.
Third, back when support was up I wrote the team about a (very minor) security flaw: if you type in your master password in 1P and close the window, the password is not cleared. In the case where you type your whole password and close the window, anybody could open 1P and just hit Enter to get all your data.
My problem isn't with the security flaw -- it's very minor and unlikely to ever be a problem -- but the fact that my email and the follow-up I sent a week later were both completely ignored. Furthermore, the auto-responder email I got was terrible:
"If your message doesn’t fit into one of those categories, we’ll read it and get back to you just as soon as we can. Otherwise, we’ll assume that you’ve found your answer, so if you still have questions after reading the above material, just write back to us and we’ll be happy to help you."
What does this mean? They are saying that if you do nothing they will "get back to you just as soon as we can" while simultaneously assuming that you've "otherwise found your answer." I believe they're saying you need to send a follow-up email saying that your question was answered but the first sentence of that quote contradicts that. It should read that "if your message doesn't fit into one of these categories [b]send us a follow-up email / reply[/b] and we'll get back to you as soon as we can."
Overall I'm very dissatisfied with 1P and would not hesitate to switch to a competitor with better service than this.
Edit: I believe I was running whatever build of 1P came before 3.8.2. I'm was/am not running a beta version. I'm on Lion 10.7.1.
Flag
0
Comments
-
djb,
I'm really sorry that you've not had a reply to your e-mail, we really do thank you for reporting the issue.
[quote name='djb' timestamp='1314660026' post='43212']If you type in your master password in 1P and close the window, the password is not cleared. In the case where you type your whole password and close the window, anybody could open 1P and just hit Enter to get all your data.[/quote]
Let me start by saying that I can confirm what you're seeing here and I've added an issue to our system to have this fixed, while it is a minor issue and in general most users will unlock 1Password after entering their master password, we do want everything to be right in this regard.
[quote]Twice I have opened the application and found all of my data absent.[/quote]
This sounds like a bug that only a relatively small number of our users have seen and it's related to the cache we use to speed up access to your 1Password data, which as you've seen is never actually gone. If you go to Help > Troubleshooting > Clear Cache this should prevent any further occurrences of the problem.
[quote]I encourage everyone to back up their data[/quote]
As do we, and in fact 1Password makes automatic daily backups of your 1Password data by default and you can restore from these by going to File > Restore Data File from Backup from within 1Password at any point as we detail [url="http://help.agilebits.com/1Password3/data_backup.html"]in our user-guide[/url].
[quote]Second, 1P support is in a terrible state. For such a critical application, the company ought to have reliable and quick support.[/quote]
This makes us really sad, it used to be the case that we could reply to e-mail within 12 hours, but in the last month of so we've received close to 6,000 messages in our inbox and even with every member of the team putting in extra effort we're still working to catch up.
That's the reason we've made it clear on [url="http://agilebits.com/contact_us"]contact page[/url] that there is a delay in getting back to e-mails and that the forums are likely the best place for general support where the information in question isn't private.
[quote]What does this mean? They are saying that if you do nothing they will "get back to you just as soon as we can" while simultaneously assuming that you've "otherwise found your answer." I believe they're saying you need to send a follow-up email saying that your question was answered but the first sentence of that quote contradicts that.[/quote]
I'm sorry for the confusion here, what we mean by this (and I'll see if we can have this updated) is that someone on the team will read every message we receive and if we believe that the links in the auto-responder answer the question then we won't respond unless we receive a follow-up to say that you still need help.
If we believe the links didn't help then we'll reply to every message as soon as we can with a response from someone on the team. Of course, dropping us a reply to let us know the auto-responder didn't help helps too.
We're working hard to get back to our normal response times, all we ask is for a bit of patience and understanding.Flag 0 -
I had all my data disappear, too. Happened only once, about 2 versions ago (and Lion 10.7.1). I had been using 1P for 30 minutes or so when the data disappeared. I closed 1P and re-opened. Passwords and data were there. Still, this gave me uneasy feeling that it could happen again. Thanks for reporting it djb and for adding it to the "fix" list, stu.Flag 0
-
[quote name='jimphil100' timestamp='1314744227' post='43406']
Still, this gave me uneasy feeling that it could happen again. Thanks for reporting it djb and for adding it to the "fix" list, stu.[/quote]
I can certainly understand that feeling, Jim, the good news is that once you've used Help > Troubleshooting > Clear Cache you should find no further data disappearing and this has been the experience with all the users we've heard back from.
[quote name='djb' timestamp='1314746424' post='43416']
Thanks Stu. Your and Brent's responses were impressive, and I've edited my post to make it clear that I no longer stand behind this criticism. I feel bad about it now.
[/quote]
Don't feel bad, djb, we let you down in this case. Thank you so much for your edit to the post, it really does mean a lot and I'll be sure to pass on the kind words to Brent too.Flag 0 -
Thanks so much, David. I don't think you were unfair at all in your criticism. We need and want to do better for you and all the rest of our awesome customers, and we appreciate both your honesty and generosity. We will work harder. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />Flag 0
-
David, just wanted to let you know that Dave just published a beta with a fix for the issue you brought up. Here's the relevant part of the changelog:
[code][CHANGED] When 1Password is locked, the Master Password field is now cleared if the main window is closed. Previously the password was only cleared after unlock.[/code]
Thanks for reporting this issue! We really value input from users like you because you help us make 1Password better every day. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />Flag 0 -
Hey David,
We think you're pretty special too!
Cheers!
BrandtFlag 0
![[Deleted User]](https://wd.vanillicon.com/v2/d67898e43981d615d2bad887d3056ef6.svg)
![[Deleted User]](https://w3.vanillicon.com/v2/347e7921d8fe973d8142aaba842f1419.svg)