I’m having a difficult time following the story. What were you working on that required you to turn 1Password sync off?
When you disable 1Password Sync, does it wipe every cloud-connected device that is on the internet at that time? I would have assumed that every device you had 1Password on would continue having access to the same keyset, but would no longer sync/update if any was changed. Are you saying that removing sync will force any 1Password device to wipe itself the next time it connects to the cloud?
My heart is beating faster in fear and I feel lightheaded. Crazy!
I’ve been using 1password as intended (all unique passwords), but need to follow up and give some people access to my devices. As it is, if anything happened to me no one would be able to access anything.
I’m sorry you had to go through that, glad things worked out in the end, and I thank you for the lesson.
I gave a talk about life (and death) online a few years ago, with a friend of mine who’s a lawyer. Our advice was about this was, and remains to keep as much account information in a password manager and to keep all master passwords in a safety deposit box or with the lawyer who’s keeping your will (if that’s how you have things arranged).
It’s also important to include in your will who should get access to which accounts. If there are accounts that you wish to keep from your survivors then the information for those should be kept separately from the others.
There is a small amount of risk incurred in this, but for nearly all of us it is far outweighed by the value to our survivors. Likewise, it requires a small amount of effort to keep up to date.
One of the reasons that I like 1Password is that they clearly document the structure of their vault so that (at least in theory) it should be possible to recover the contents even if the program itself stops working and the company vanishes, provided that you have a good backup of the vault and access to the master password.
That being said, your practice is probably a good one, provided that the .csv file never resides on disk unencrypted (by dumping the file directly to an encrypted disk image, for example).
I like it and I’m going to adopt the practice, unless I can think of a really good reason no to.
I always have a backup 1password db on a the safe at the bank, along with The 1password emergency kit. A bit of a pain to copy the db over once every quarter, but I feel a little more secure now I know if something happens to me my family can get to the passwords.
That is a REALLY good thought–I sometimes us a different language, and it’s possible it booted down in the wrong one. Will add that indicator onto the boot screen, but don’t think that was the issue most of the time. FWIW, Mojave seems to have fixed the bug, so think I’m ok now
And @GlitterPony I didn’t get into all the details of it because the story was long enough as it was, but I was switching my 1Password vaults from iCloud sync to Dropbox sync. When you do, it asks what you want to do with the data left in iCloud, so I deleted it–which then deleted the data the other devices could access. So just turning off sync wouldn’t give the error, no, but turning off sync and deleting the data would. That’s why the iPad–on Airplane Mode–saved me.
Hmm that’s about the only scenario I can think of. Now I’m terrified because a certain key on my TouchBar MPB has gotten sticky again and it is part of my login password…
Man, your post gave me the willies! I’m putting a few essential codes in my safe. I’ve not done that before but your scenario tells me I need to do so, now!
I see the big mistake is deleting the iCloud sync before making sure the Dropbox sync is working. Would you erase an old Mac after using migration assistant to copy data to a new Mac before making sure the new Mac was working correctly?
I don’t see the need for obfuscated userids since you have very strong passwords and 2fa when available. A better approach would be to use an email of the form sitename@mydomain.com That gives you a unique name for each site. Do a catchall forward for your domain so all emails go to one place.
There are certain passwords that have to be memorized. The ones I consider most important are email account passwords, computer passwords, and 1Password master key. I use dice words for those passwords since it’s easier for me to remember.
I teel slightly queasy reading this because I know my own password management process wouldn’t help in a similar situation. Time to store a few key passwords and details somewhere offline, I think…
I use LastPass bu I do have a db backup in a safe, know my mail, banks and master passwords. If worst comes to worse at least I can hit the “forgot password” for most things.
And, even if you use a subscription you have a Secret Key that should be kept in a safe place.
It’s that key that gave me confidence that my data would be safe using the subscription model.