Why can we not have an explicit statement about 1Password being a subscription-only service?

124678

Comments

  • ThoughtfullyYours21
    ThoughtfullyYours21
    Community Member

    Agree with the above comments: the licenses were purposely hidden, so it’s incredibly dishonest to say users “picked” subscribing 30x more than purchasing a license — you didn’t give users an honest choice.

  • astrostl
    astrostl
    Community Member

    Over the last 3 years our customers made it perfectly clear to us that they saw the value of our membership plan as they picked subscribing over 30 times more often than those who purchased a license.

    Or perhaps they made it perfectly clear to you that the standalone license was extremely well-hidden by you on your web site? I've been a paying customer since 2008. I've also referred countless people to the product, and in recent years have had to help them locate the standalone license because they didn't believe me that it was still available.

    I subscribe to lots of things, and I would consider subscribing to 1Password too. What drives me nuts is how completely dishonest I find 1Password's presentation and communication of subscriptions. If 1Password wants more money and thinks the product is worth it, please just say that. Statements like, "There is just so much more that we can offer [with subscriptions]" are especially hard to stomach when features like local vaults are apparently being removed.

  • claus
    claus
    Community Member

    @dteare : In German we use "Sich etwas schön reden". No idea what the correct translation might be.
    Maybe "to whitewash"?!
    I had this feeling that you try to "whitewash" all these changes ...
    Sorry, but I, and many many others users are very disappointed by the changes!

  • paul_wilky
    paul_wilky
    Community Member

    I've used 1Password for many many years as a standalone license holder and I have absolutely loved the experience of using this amazing piece of software, however, this decision to go with a membership-only subscription is so disappointing. I don't understand why you can't offer the new updated 1Password 8 (which I have to say looks beautiful) as a standalone purchase to your existing users who aren't bothered about "exciting new features" and just want a password manager that "does what it says on the tin" and does the basic things well.

  • standalone
    standalone
    Community Member
    edited August 2021

    It’s time to say goodbye to standalone licenses

    After more than a decade, it’s time to say goodbye to 1Password :(

  • blankspace
    blankspace
    Community Member
    edited August 2021

    So I just still don't understand why subscription user's aren't allowed to make local vaults. Call me crazy but I just don't see the justification. These are people's most valued possessions. I had crypto key's, bios passwords, and SSL keys stored locally inside 1password as I'd be an idiot to store them anywhere else, especially onine. Now that local vaults are gone I can no longer do that.

    To be clear I'm a paying customer and you've taken a core feature away. To be more clear, I'm happy to pay a subscription for both 1password.com/ca AND local vaults. You've really screwed me and I'm sure others on this as I now need to have two vault solutions because of this.

  • chongolcn2
    chongolcn2
    Community Member

    The loss of local vaults and the loss of smart folders that use those local vaults is deal breaker for us.

    It appears that after many many years of our excellent use of 1Password as come to an end.
    We do not plan to upgrade to 1Password 8. Instead we are starting a search for different product.

    Good bye.

  • xalexx
    xalexx
    Community Member

    People said the recent VC funding was going to cause major changes with 1password - and here it is.

    I'm disappointed enough that I'm going to look at alternative solutions to replace our business 1password subscription with.

  • Lifeisabeach
    Lifeisabeach
    Community Member

    Welp, I'm more than just a little peeved off here. I'm not going to do a subscription.. Full stop. Period. End of discussion. I don't give two flying flips about the "benefits" of a sub. They don't benefit me. I sync my two Macs and two iDevices via iCloud with 1P7. It works. It works GREAT. I prefer and TRUST iCloud more. I have explicitly stuck with and recommended 1P over others that store passwords on "their" cloud for this reason. I'll continue using 1P7 until a future version of macOS breaks it, then I'm moving on after, gosh, at least a decade of being a 1P customer? Maybe I'll just stick with the built-in Keychain at that point. Apple has been buffing its features and no doubt will continue to do so.

  • prd9
    prd9
    Community Member

    Honestly, I’d respect you more if you just wrote a one line post saying “Killing the standalone vault is better for our bottom line. Deal with it.”

    Everything else is ex-post facto justification, and full of double speak.

    This comment in particular is laughable—and you know it—as you made it impossible to find the non-sub version using dark UX patterns:

    Over the last 3 years our customers made it perfectly clear to us that they saw the value of our membership plan as they picked subscribing over 30 times more often than those who purchased a license. When over 95% of our users voted with their money for subscriptions we knew we had our marching orders.

    At least half a dozen other commenters also pointed this out:

    • "If there was a genuine interest in a real bake-off, burying the standalone option under several layers of confusing language on website and app was probably not the best move.”; and
    • "I think it’s a bit disingenuous to say the membership sales are off the charts compared to standalone license when it was nearly impossible to actually find the hidden page to buy a license. You had to jump through a ton of hoops to hunt it down (if you were even aware it existed!)."
    • "When you mention "Overwhelming Popularity of 1Password.com" that seems unfair. When subscriptions/membership was launch not long after the ability to buy a license was not easy to find. I remember seeing people on forms asking if it could be bought and how. So if you funnel all users into memberships and hide the one time license are you surprised if the vast majority "pick" membership?"
    • PS: Your marketing was focused on selling subscriptions and not in selling individual licences for e.g. 1Pwd7. So please do not say that most of your users preferred to buy a subscription. It was just not easy to find the option to buy a "lifetime" licence for 1Pwd7, very well hidden. So users had to buy a subscription.
    • Sorry, but are you joking? The option to buy a "normal" licence was so well hidden, users hat only the option for a subscription.
    • Or perhaps they made it perfectly clear to you that the standalone license was extremely well-hidden by you on your web site? I've been a paying customer since 2008. I've also referred countless people to the product, and in recent years have had to help them locate the standalone license because they didn't believe me that it was still available.
  • twilight78
    twilight78
    Community Member

    Dave,

    First of all, a sincere THANK YOU for 13 years of an outstanding piece of software.

    I first began using 1Password 2 with a license from MacHeist in January of 2008. It has been ROCK SOLID the whole time — did exactly what I needed with finesse. Not having to copy and paste passwords into the browser anymore has probably saved me months of time over the years. Prior to 1password, I used a rinky-dink program called Pastor to keep track of my passwords, and Yojimbo kept track of my program serials and licenses.

    I liked 1password so much I wanted to use it for Windows while I was maintaining my own laptop as a consultant. Initially I could only purchase v4 in 2017 because v7 was cloud-only, but once v7 gained the ability to use stand-alone vaults I upgraded happily.

    I will continue to use 1password v7 for as long as it's safe to do so, but unless something changes it will be my last version of 1password.

    I appreciate your candor on your reasoning, even if I disagree with your conclusions. 1password is an excellent piece of software that fills a vital need for anyone who uses the internet in this day and age — so, basically everyone. Out of regard for the years of service protecting my digital life, I want to be equally candid about my reasons why I will not upgrade to v8 and recommend against using it to anyone.

    1) I think it is a monumentally silly idea to store passwords in the cloud. Your service, by virtue of what it guards, is a high value target to every digital miscreant the world over, from wannabe script kiddies to full-on professional state-sponsored hacking groups. The odds are not good here.

    When 1password.com was first announced, I honestly thought it was an early April Fool's joke. "They want to store my passwords in the cloud?" When I realized it wasn't, I vowed then and there to walk away if the time ever came that my passwords would be forced into the cloud.

    Granted, I'm not a typical consumer, so I'm sure I'm in the minority on this. I'm willing to sacrifice the convenience of syncing passwords to my phone or tablet in order to keep them out of the cloud. I'm also an IT professional, so I know how to protect myself with good security practices, decent AV ("even" on a Mac), and regular 321 backups.

    2) The other reason I have no interest in upgrading to v8 is because I am besieged by all the companies that want me to pay them every month now instead of selling good old fashioned perpetual licenses for a fixed price.

    I think there's a case for charging businesses monthly fees since they exist to generate revenue, but I think it's anti-consumer to charge a monthly subscription to consumers for software. At least those of us still earning a living are generating revenue to pay for subscriptions. What about retirees living on a fixed income? I would feel a bit discriminated against if I were retired.

    I do understand your reasoning for the business model you're adopting. I'm just not convinced by it.

    I believe that SaaS for software is a raw deal for consumers, and I am against targeting consumers with that business model. If you — or any software publisher — can't charge a fair price to own your software, then I think there's a problem with your business.

    Out of curiosity, I did a little back-of-the-napkin math on the difference between fixed-price licenses and subscription pricing in this case. I estimate I spent about $200 (probably more) over 13 years for 6 different versions of 1passsword on the Mac, and $60 over 4 years for 2 versions on Windows. Assuming I had a single subscription that whole time priced at $3/mo that covered my usage for both Mac and Windows (if I understand the model correctly), then I would have paid $468 vs the ~$260 I did pay on perpetual licenses.

    With this new model, you're asking me to pay more for less control: I would be required to keep my OS/hardware up to minimum 1password requirements (I eventually lose the ability to keep my old hardware as a daily driver); for features I don't want (cloud); and one most important feature I can no longer have (local vault).

    As a consumer, I want to pick and choose when I buy/upgrade my software, and I want to own it. An archeologist who finds my laptop in 1000 years should be able to boot it up (not likely! :) and open my 1password vault with the master password. At the very least, I (or my family) should be able to boot up my mothballed-laptop in 2031 and retrieve my passwords from 2021 if necessary.

    Again, I'm probably in the minority on this. I think consumers don't really understand what they're giving up when they opt for subscription software, and I think they will eventually live to regret it in most cases.

    I write not to convince, merely to inform for whatever that's worth to you. I do appreciate the 13 years of password bliss, which is why I took some time from my evening to write this.

    Honestly, if there was any software I would pay a subscription for, 1password would be at the top of that list since I use it all the time. I'm bummed knowing that eventually I'll have to find some other software to fill this gap, but I just can't support having my passwords in the cloud or paying a subscription indefinitely for any software.

    Again, my heartfelt thanks for making my life easier for 13 wonderful years.

    Best,

    Tim from Lansdale, PA

  • henrik415
    henrik415
    Community Member

    I've been using the standalone version since version 4 but I don't think I'll be updating to version 8.

    I understand that it's easier to handle sync using only your own services but I really don't want to put all my eggs in one basket.

    I would prefer a standalone version but I'll probably go for a subscription model if I wasn't forced to store my password on your servers.

    It makes me frustrated that I now have to look for another solution for a problem that I thought were solved. I know this post doesn't change anything, it's just annoying that something that I've been very happy with decides to go in a different direction.

  • alex11_
    alex11_
    Community Member

    Hi,

    I don't understand one thing here. Why are you trying to convince people that Cloud subscription model is so much better ? What you basically doing is centralizing the most important users data on your servers. Sorry, my bad. Those are not even your servers, because they are probably rented AWS or some other cloud system. You only provide your services by it, to yours clients. And yes, I would call it centralizing because during a potential 'hack', all members of your 'secure' subscription service would be subjects of potential data leak. I doesn't matter if that data is encrypted. Trying to convince people that this is the only way and that data will be more secure in cloud service is such a bull**** because every security specialist will disagree with it. You are trying to gather sensitive data on a closed-source subscription service, hosted on 3rd party cloud system. How insane is that ?

    You might say: Hosting data in a cloud might be more secure because data is not stored on client computer so it cannot be easliy hacked. I think that you understand that this is not true ? This data is also stored on client computer. It needs to be, otherwise how client would use it ? I would guess how it works here and I'm probably correct. There is some kind of local copy of external data hosted on a computer during synchonization. It needs to be, otherwise client would not have access to his passwords when his internet connection is down. So now it's now only a cache, local copy that might potentially be 'hacked' but also cloud service that is out of user control, basically blackbox.

    You cannot guarantee that your service is 100% bulletproof. It is just not possible. Every major company had big security issues connected to hacks, leaks or other security threat. This is an issue especially now during switching to remote work plan. You only need one person, yes one, to prove at some point in a time that what you trying to say is just overconfident, not understanding security world. PR, babble, and when that happeds it will couse damage on your company, trust me. I am speaking here from experience. Company image that you been building through past your will be gone. Big companies can take that hit it's just a scratch for them but for 1Password that would be a big blow.

    The only advantage for you here is of course money, constant money flow, and easier development. Don't try to hide behind fake walls trying to explain that it is not possible because that's not true. You built it in such a way that it wouldn't be possible. and that's your fault.

    Caring user.

  • claus
    claus
    Community Member

    I have more and more the feeling that Agile tries to "whitewash" their new version.

    I hope, I really hope, they stopp now with the actual v8, and make a restart - with all the feedback they got during the last hours.

    I remember once OmniGroup did this with OmniFocus - they published a beta/test version, they got very bad feedback, "in the end" they started again with developing the new version having the feedback from the costumer (!) in focus.

    I hope Agile will do something similar ...

  • kappuchino
    kappuchino
    Community Member

    Thanks for all the fish.

    Now. Most has been said, still my 10 cents in bullet-points:

    • I once thought (about 10 years ago) of Agilebits like I thought of Panic . Those two companies are not the same any more ... while I am a paying customer for each and every new version for one, I have to leave the other because the won't let me pay for single licenses :'( .
    • One of them gave me two great games and will give me a handheld console with a crank 8-). They also would give me keys to expired products. Of course no support any more, but you would have legacy software working on your "antique" computers forever. How wonderful. But this only works in niches, right?
    • Everyone here, face the reality: The owners of standalone licences will not be missed ... by the bookkeeping. Because when subscription dominates, you do not exist (at least after a certain point, being written of over time). So all of "us" who will switch somewhere else will not create a dent in sales. ¯\_(ツ)_/¯
    • What started as "the greatest password manager I know and can vouch for" (my words to employers, customers and students over time) is now in its own cycle: My guess is, that agilebits will loose the techies who drove 1password to its peak, since they are not the "subscription types". I wonder how this will play out. No idea.
    • Consider to look at the changed landscape: A large number of companies have now outsourced, centralized IT Support. 1Password "cloud" is perfect for them, since they got rid of the on site individuals and switched to monthly payments for a number of incidents, etc. - they don't want to own hardware, software, ... for the sake of bookkeeping. Good luck with that.
    • These special customers will create their own demands and path for development. As for the people wanting to work for 1password in the future, it will also be a choice what model the support. And given that 1Password still has an excellent export feature, those are only one cancellation and rollout away to switch somewhere else. Or in case of Apple: It might be come redundant aka. sherlocked.
    • For those companies who still have dedicated IT staff ... well, I can only speak for me and IT-people I know: "We" have begun to set up a lot of Vaultwarden (like the super easy docker images) in the last year and everyone is happy as a clam ... . My family is using Vaultwarden on a raspberry, which also doubles as a fileserver and smart-home relay. Yeah, nerd setup, not so simple, right? Except that I only had to give them the URL and the login, the rest was nearly the same. And no recurring charges ... so thats a no-brainer. Before I would sent them a reminder that 1Password had to be upgraded - and they just "paid". Again, not be missed.
    • Thinking of the long run ... well, there is "some" competition for one company ... and I expect the other one to be positively suprising me again and again. ¯\_(ツ)_/¯

    I wish everyone to be well, 1Password explicitly included. I would have paid more (for standalone), but you did not let me. Now choices were made ... that look to me shortsighted and only the long future will tell.

    Until then: Enjoy the venture capital, you really earned it (no irony).

    Cheers!
    (And sorry for my bad english)

  • kappuchino
    kappuchino
    Community Member

    Great. Editing my comment for spelling just ate it.
    As I said: Thanks for all the fish. The bulletpoints I won't repead.

  • seraph2k
    seraph2k
    Community Member

    I've been a license user for personal use for a very long time too, and while I understand AgileBits being quiet about its availability and pushing people towards subscription, it's disappointing to hear standalone licenses going away altogether (on top of the fact that local vaults are being taken away, a feature I also exclusively use for personal use).

    As the Chief Security Officer of my company, however, we are also subscribers of 1Password Teams, which I am very happy with. Companies are now used to the subscription model and simply factor these costs into their balance sheets, but individuals are far less interested to pay twice as much for a subscription service when a standalone license gives them what they need.

    The primary purpose of the subscription is to support 1Password's cloud operational costs, but many users who only want offline vaults have no need for this cloud (and use other existing services, such as iCloud, for sync). These users are also less interested in some of the features (albeit good ones) of the subscription model.

  • kirkmc
    kirkmc
    Community Member

    @dteare

    "Over the last 3 years our customers made it perfectly clear to us that they saw the value of our membership plan as they picked subscribing over 30 times more often than those who purchased a license. When over 95% of our users voted with their money for subscriptions we knew we had our marching orders. As great as our 1Password.com service is already there are a ton more features we want to add and we'll be able to do so with much higher velocity by focusing all our efforts there."

    This is gaslighting, pure and simple. Users bought subscriptions - not "memberships" - because it was so hard to find the standalone license option. Own what you've done rather than pretending it's what people want.

    I've been using 1Password since version 2, and this is likely to be the end of the road to me. It's clear that the VC money you've gotten has one goal: make the company attractive for an acquisition.

    I'm not happy that you took away standalone vaults, and, while I've been using your solution for the past year or so, that's another reason why I won't continue with you.

    Finally, while I don't care if the new Mac app is Electron, Catalyst, or whatever, it's clear that it's not designed for individual users, but for "teams," because categories, which were the main focus of the app, are now hidden behind a menu. If you want an enterprise version of the app, make one, but don't foist enterprise features onto individual users.

  • kcastill
    kcastill
    Community Member

    I've got serious issues with the new update, only took me a few hours to decide I need to roll back to 1p 7.

    Update aside, though, and good, bad or indifferent...it amazes me how many people will come to comment on a decision like this and say something to the effect of "this is a money grab" or "you did this because of your bottom line benefit"!

    Um, 1password is and always has been made in a capitalist system? Because of that, I've got news for everyone: every decision is made with the bottom line in mind. As individuals, we do the same—see people on this very thread saying that a subscription is not "worth it" to them as proof—unless you do your work for free, which I highly doubt. I don't understand why people want and/or need this to be spelled out, it's implicit. If you thought otherwise, at any point, then that was willful obfuscation to yourself, probably so you could feel better about your buying decisions.

    If you pay money—for anything—whether it was standalone licenses for 7 versions (my choice before switching to a sub for family features) or a recurring monthly payment, all of those options were made with the bottom line in mind, directly or indirectly.

    There's are good points and arguments to be had—some already raised—about the weaknesses/strengths of this new direction for 1p, and I myself see more weaknesses than strengths at this point in time (which is why I'm heavily leaning toward moving to a different solution).

    What I think is over-the-top is when people characterize a business decision as though it was some nefarious, malicious Machiavellian master plan from the start, as if 1p set out to lie and deceive its customers.

    Businesses have to adapt to changes in the market, and we as customers can choose to continue our support or withdraw it. That's it, that's the deal. Let's not delude ourselves otherwise.

  • ameliebourienne777
    ameliebourienne777
    Community Member

    If I could just vent for a little bit...

    I completely understand the need to move over to a subscription model. If you want to add more features at a faster rate or dedicate more engineering time toward big ideas and long term goals, then you'll need the steady revenue to maintain that runway.

    However, I didn't really appreciate the way it was approached. I purchased the 1password 7 license almost a year ago, and it was actually quite difficult to find where to get it. I had to dig through the website before finding the link to purchase it. I see @dteare 's screenshot of the website featuring both subscription and license, but that is not what I saw.

    Again, I completely understand the move to subscription, but I would've appreciated a more upfront approach with clear announcements in order to manage expectations of current customers. You have a newsletter and you did mention something about upgrading licenses...

    If you’re still rocking a license for the standalone version, there’s never been a better time to upgrade to 1Password Families.

    With 1Password Families you can protect your family with smart online security habits, securely share items, and enjoy the latest updates on every platform.

    There’s a ton of benefits to using a 1Password membership and with 1Password Families you can extend the protection to all your loved ones.

    Trade in your 1Password 6 or 1Password 7 standalone license today and you won’t pay a dime until September of next year. That’s 10 free months of 1Password for the entire family!

    Upgrade your license to a 1Password Families account

    Once you create your account you’ll be able to easily move over your data without missing a beat.

    ...but you never mention that 1Password was planning to phase them out, which might be why you were trying to incentivize the upgrade.

    I guess you figured most people might not notice the change? Maybe it doesn't matter, since you know people will pay anyway. I dunno.. it just feels sneaky to me.

    It's a great product, and I will probably shell out the money for it anyway, as I depend on it for everything. But seriously, please please please be clear and obvious when managing expectations around changes for people who are already used to the old way of doing things, especially when it comes to money.

  • ThoughtfullyYours21
    ThoughtfullyYours21
    Community Member
    edited August 2021

    Not to mention moving to a subscription model (ie charging more) while at the same time taking away features (ie iCloud or Dropbox sync).

    Want to move to a subscription model? Then add new features like Google Drive sync, for example!

  • mikokim
    mikokim
    Community Member
    edited August 2021

    I echo the sentiments of the other longtime users who are disappointed by your move with 1Password 8 (and your past marketing moves). I’ve been using your software since 2009. I’ve been using (and paying for) standalone versions because, frankly, I have no need for all those fancy little bells you’ve been adding and for which you prefer to use your cloud because it’s easier for you.

    Like others, I have to say goodbye to 1Password. No longer being able to use iCloud is a dealbreaker for me. I’ll keep using 1P7 until a future macOS update will break it, while starting to transfer my data to another solution.

    Bye

  • StevenBedrick
    StevenBedrick
    Community Member
    edited August 2021

    I'll just add my voice to the chorus- I am yet another very happy long-time 1Password user who is dismayed at the move away from local vaults. I personally prefer to avoid software subscriptions, but have happily made an exception for 1Password, because I see and agree with the value proposition: y'all need stable and predictable cash flow, I need 1Password to be regularly updated and maintained, the pricing was reasonable, and--- most importantly--- in a worst-case, AgileBits-goes-out-of-business scenario, I would still have access to my data. I honestly don't know if I can keep using 1Password without a local/standalone vault option, and that makes me really sad, since I love the product. But I also am having a very hard time imagining using a password management product whose design would expose me to the risk of not being able to access my data in an emergency, or in the inevitable event that the cloud service is somehow compromised, etc.

    Note that in terms of the "confidentiality/integrity/availability" triad, my concerns are mostly about "availability" and "integrity", in that order- after reading AgileBits's security whitepaper, I'm much less concerned than I initially was about confidentiality (thanks, BTW, for such a thorough whitepaper!). Of course, one of the things I have always valued about using a local vault is that it makes this sort of risk assessment far easier, as entire categories of risks can be entirely ruled out.

    Anyway, given what I'm reading from AgileBits folks replying on this forum, I'm not holding my breath- the lack of a local vault option sounds like a pretty deliberate design choice that was baked deeply into the architecture of the next version of 1Password. But if it's not too late to reconsider, please consider doing so; at the very least, having a robust, secure, and well-documented data export feature (so, not just a giant CSV file) would go a long way towards helping me be more comfortable using a cloud-hosted password syncing service, and I suspect I'm not the only customer who feels that way.

  • philkim
    philkim
    Community Member

    The sad reality is, as Dave Teare proudly boasts, about 97% of the customers (perhaps higher by now) are on subscription plan.

    Many of us would gladly pay subscription if it means we can store our most sensitive data on Dropbox, iCloud, or local. But the company's messaging suggests they would rather lose 3% of the customers than pour engineering resources into migrating these "legacy" storage service code to their shiny new (and ironically named) Rust engine.

    So there's that.

    On more positive note, I suspect we can at least continue using 1Password 7 with Dropbox, iCloud, or local for some time. If you are on Apple's ecosystem, macOS Monterey, iOS 15, and iPadOS 15 are bringing 2FA and Watchtower like auditing feature. macOS Monterey now has a dedicated Passwords section on System Preferences with new import passwords functionality (CSV with "Title,Url,Username,Password" format).

    It takes additional efforts to migrate 2FA into Apple, and non-login data like credit cards and driver licenses need to find another home (e.g., Notes with locked note option). And obviously, no shared vaults and other power user features.

  • Kaffeepause
    Kaffeepause
    Community Member

    I just want to say a quick goodbye to 1Password at this point. I've had two perpetual licenses since version 2 and have dutifully paid for every upgrade. I also paid for the iOS version.

    I completely reject subscription software and will never use it. Since Agile Bits is deaf to the arguments for perpetual licenses and local vaults, and doesn't want to hear arguments against subscription compulsion and cloud vaults, there's no point in explaining my reasons another time.

    Since Agile Bits is now going the subscription route, my time with 1Password is now coming to an end.
    The purchase of the perpetual license was made massively more difficult with the last versions, so it was foreseeable for me that the force into subscription would come soon.

    Therefore, I looked for an alternative in time and have been maintaining the two password vaults in parallel for about three quarters of a year. If 1Password 7 will no longer offer the full range of functions in the foreseeable future, I can safely delete it from my devices.

    Good bye.

  • MikeV99
    MikeV99
    Community Member
    edited August 2021

    @Kaffeepause

    What alternative have you been using?

  • PeterG_1P
    edited August 2021

    Hi @StevenBedrick, thanks for this considerate and thoughtful post. I hope I can speak to some of your concerns here.

    I also am having a very hard time imagining using a password management product whose design would expose me to the risk of not being able to access my data in an emergency, or in the inevitable event that the cloud service is somehow compromised, etc.

    This is a great point. We don't want to put you in that position, either - and even with the cloud-based sync approach that we currently use for subscription customers, and which is the basis for 1Password 8 going forward, there is still a local element to how your data is handled and stored. I think there's a strong case to be made that this combined approach increases availability.

    Specifically:

    1. 1Password's secure servers maintain an encrypted copy of your data (if you're a subscription customer, this is what you see when you log into 1Password.com today). We do not hold the key to this data - your account password and Secret Key stay with you, so we have no ability to read your data. These servers also synchronize changes between your local databases, which safeguard against the danger of losing data. More on that 👇

    2. Every device where you log into your 1Password app contains a local database (an encrypted SQLite file), which is always accessible to you once you've signed in on that device. So as long as you've successfully signed in once on the device (and haven't done a factory reset or something), and you still know your account password, you can access your data - and that's true even if your subscription lapses, or you are somewhere without internet access, or any other manner of thing interferes with 1Password's ability to provide a server sync to you.

    If you make any changes while offline or unsynced in this state, 1Password waits until you have server connectivity again, then syncs the updated items across your devices.

    It also follows then that by having several devices signed into 1Password (say, a desktop, a laptop, and a mobile phone) you now have several local databases, in addition to 1Password.com, that can be a source of your data if something goes wrong somewhere. It also means that we provide multiple opportunities for data recovery - if your laptop dies one day, that doesn't mean you've automatically lost everything.

    That's a brief overview of our approach to the availability part of the CIA triad.

    I understand that folks will have concerns about local vaults that go beyond the availability question, but I hope this provides some clarity about how this currently works now and in the near future. And we're always happy to hear what you think!

  • StevenBedrick
    StevenBedrick
    Community Member

    @PeterG_1P That is a really helpful reply, thank you! It is very reassuring to know that there will be an accessible local copy of the vault, even if it's not in the OPVault file format.

    Are you able to say whether the encryption method and table structure of the SQLite database will be documented somewhere, in the same way that the OPVault format is? Knowing that, in an absolute worst-case-scenario, I could roll up my sleeves and code my way out of trouble without needing to do any real reverse engineering is something that I have always found reassuring about OPVault...

  • PeterG_1P
    edited August 2021

    No problem @StevenBedrick, always happy to chat security. 🙂

    I'm not sure about the table structure - maybe that will be part of our evolving documentation. I can check in with our security and documentation teams about this.

    In any case, from 1Password7 to 8 many of the security basics are continuous: the SQLite database is encrypted with AES-GCM-256, the password you use to log into your account is strengthened with PBKDF2-HMAC-SHA256, everything is end-to-end encrypted while in transit, and your account password and Secret Key stay with you, so that we can't unlock your data even if we're hacked.

    Whether you'd be able to code your way out of trouble ... I'm not totally sure. But I can say we do want to design things so that it never comes to that. We understand that the essence of a password manager means asking someone to put a lot of eggs in one basket, so availability is definitely definitely something we prioritize.

    And we hear your call for a strong export feature, by the way. Duly noted!

  • StevenBedrick
    StevenBedrick
    Community Member

    @PeterG_1P Thanks! And I can totally see how the table structure might need to evolve over time. Just having documentation saying what the protocol would be in order to end up with a decrypted SQLite file would be a big start; realistically, that would be the biggest piece of the puzzle, I imagine.

    And regarding the strong export feature- y'know, if you're looking for a high-quality, well-documented file format that is designed for this sort of use case, and for which there exists a wide variety of I/O libraries, I hear there's this thing called OPVault... 🤣

This discussion has been closed.