How 1Password resolve edit conflict without sending unencrypted data to server?

Question

If everything in the vault is encrypted and never leaves the server unencrypted, how does 1Password resolve edit conflicts? Does everything happen automatically, or does the user need to intervene?

1p_simonh · Answer

Hi nawan​,There's no push notification or popup within 1Password – if two people edit an item seconds apart, the more recent edit will be reflected in the item. The earlier edit will still be saved in the history of the item, so no data will be lost in the unlikely scenario that two users are editing the same item simultaneously.

1p_simonh · Answer

Hi nawan,Good question! You might be interested in our Security Design documentation to get an in-depth understanding of how your data is kept secured. In less-technical language, the data is always encrypted when vaults or items are syncing across devices.For conflicts, are you imagining a scenario like two members of a family account editing the same item at the same time?

nawan · Answer

For conflicts, are you imagining a scenario like two members of a family account editing the same item at the same time?

Yes, sort of. The operational transformation used by Google Docs and many others seems impossible due to the end-to-end encryption of the data.

1p_simonh · Answer

Hi nawan​,I asked my colleague ScottS1P​ about your questions to try and get a more detailed answer for you! Here's what he told me:
Every item in 1Password is versioned, and each version triggers an automatic sync to every connected device (offline devices also sync on unlock). Typically this means that conflicts are rare, but if there is a problem, it is resolved locally on the device with the conflict by keeping both the local and remote changes.&nbsp;Consider this hypothetical login item:

Title: Test item Username: hello_world Password: 1234 website: example.com&nbsp;

Two users have access to edit items in the vault with this item, and while offline, both make edits.User 1:

Title: Test item Username: hello_world Password: 12345 website: example.com

User 2:

Title: Test item Username: hello_world Password: abcdef website: example.com

The first change would apply normally when they next unlock and sync with 1Password. When the next user unlocks while online and becomes aware of the change, their device will change the item to persist both sets of changes. This is then synced to the server so everyone has all of the info.

Title: Test item Username: hello_world Password: abcdef Password: 12345 website: example.com

After this, a user will have to notice the change, confirm which is correct, and edit the item to remove any extraneous or incorrect info. All of these revisions would be captured in the item and password history, so no data is lost.Everything is encrypted before syncing to the server, and decrypted locally when syncing back down to a device, so it's easier to reason about how we handle the conflicts by thinking about the plain text on the device, but all of the end-to-end, zero-knowledge encryption is still happening in the background like always.
I hope this is helpful!

nawan · Answer

After this, a user will have to notice the change, confirm which is correct, and edit the item to remove any extraneous or incorrect info. All of these revisions would be captured in the item and password history, so no data is lost.

Everything is encrypted before syncing to the server, and decrypted locally when syncing back down to a device, so it's easier to reason about how we handle the conflicts by thinking about the plain text on the device, but all of the end-to-end, zero-knowledge encryption is still happening in the background like always.

Forum Discussion

How 1Password resolve edit conflict without sending unencrypted data to server?

5 Replies

Recent Discussions

Linux desktop client crashes on startup

Edge browser update fails

Can I Delete 1Password Account Export Files?

Support for Zen browser

Native Password AutoFill Extension macOS