What is the future of local/standalone vaults?

thimic

I am also disappointed in local vaults disappearing. I use 1password.com for most passwords, but there are some things, such as banking info that I prefer not to store in the cloud. Importing the vault to 1password.com is not really an option. Self hosting, while technically a potential solution, feels too onerous for wanting to store a handful of passwords offline.

m4rkw

I agree with the comments of others here. This claim that "97% of our users preferred the subscription/cloud service" is wrong at best, disingenuous at worst. Have you surveyed your users directly with an unweighted unbiased question explaining the pros/cons of each? No. What you've done instead is bury the standalone vault option on your website such that only people who really knew to look for it (or who were previously using it) would even know it was there, and the vast majority of people would sign up to the cloud service thinking that was the only option. To then claim after doing this that 97% of customers prefer the cloud service just feels disingenuous.

I reluctantly gave up on using standalone vaults given the obvious trajectory of the company but I still think they should continue to be supported. Your customers obviously want them. You already had perfectly working code that handles syncing via iCloud and Dropbox, how much effort would it be to port that to rust, really?

As a longtime user of 1P all of this is starting to feel like a cynical effort to maximise revenue and limit overheads.

The offer of letting us run our own instance of your cloud service is frankly ridiculous in my opinion. All you're doing with that is giving people more ways to mess things up - like running it on their own unsecured vps. Even in the best possible scenario it's running locally, wasting value system resources when it really should just be what it was before - an encrypted file on disk.

I have not heard good things about 1P8. The fact that it's been ported to Electron really saddens and worries me. I'm going to wait for the final release before making a decision but currently I'm leaning heavily towards ditching 1P7 and using something else.

rscohen

@Ben Might I clarify this matter in my own terms. Please excuse if this seems redundant:

I spend a great deal of time in places that are remote and off the grid. Lacking cell service and wifi, I will thus not have connection to the 1Password servers. Am I to understand that, with version 8, I will no longer have the ability to see information in my 1Password vaults when I am thus located, i.e., that passwords, private notes, secure documents, etc., will not be electronically stored directly on my laptop or phone, as well as in the cloud?

Of course, I understand that changes in my 1Password vaults will not propagate across the account when I am not connected to the internet. That's fine. But obviously the 1Password app is useless to me if I can use it when, and only when, I am connected to a 1Password server.

m4rkw

It sounds like the ship has sailed already but what the hell, here's some more:

Network isolation is a valid principle of security. Governments air-gap machines for a reason, and it isn't because they didn't have AgileBits designing their cloud service for them. Any company that cares about security will conduct network isolation of some kind for sensitive data. There is no data more sensitive than the credentials to someone's entire life.

All the enthusiastic blurb about how super secure the cloud service is is just a marketing pitch - the reality is that AB can at any time change the cloud service such that credentials are captured and people's private vaults are decrypted. We only have their word that they won't, and more importantly, that nobody else can.

For people who have things that they really care about, this is never going to be sufficient and it's somewhat intellectually insulting that it's presented as if it should be.

How do we know that someone won't some day penetrate the AB service and steal credentials? How do we know that hasn't already happened? How do we know they won't have a rogue employee some day who finds a way to steal vaults and credentials? How do we know that security standards won't slip when managers change roles in the future? How do we know an intern won't one day be debugging the frontend and leave a debug flag enabled that exposes all the form inputs into central log storage and accidentally push this into production? There are so many ways this can go wrong and zero ways for us to ever be sure it won't go wrong. Even with no malicious intend our credentials could still be accidentally exposed, humans are flawed.

Contrast this with the idea of a local vault. It never leaves the machine it's on. The owner of the computer manages their own backups and (optionally) syncing via services they trust, with the data being encrypted before it leaves the device. They never enter the keys to the kingdom (eg master password and secret key) into a web form where they could be stolen if a bad actor was present.

It is impossible in this second scenario for AgileBits to intercept the credentials because they are never sent to their network.

Local vaults ARE more secure. AB claims to care deeply about security. I think it's clear what they care about most.

m4rkw

@Ben Why is it necessary to "move forward"? People using standalone vaults were happy with that solution. No "moving forward" was necessary, we just wanted to continue to give you money and use an awesome product. You appear to have killed that for no good reason.

crg9385

@rscohen I have never had issues using vaults that sync with 1Password Cloud in areas where I had no connectivity. Each device will have the last synced copy of the vault available. When that device (eventually) gets connectivity, any updates to/from the device should sync automatically.

rscohen

@crg9385 Thanks for your reply. I have never had that problem before either. However, I am under the impression that the next version of 1Password will kill this functionality: local vaults and the storage of personal materials on one's personal devices will no longer be possible because all data will be housed solely on cloud servers. I hope this impression is mistaken, because I do not want to have to switch to a different password service.

roustem

Thank you for your question, @rscohen!

All 1Password apps have a full copy of your data locally that is always available to you even when the network is done. The new 1Password 8 includes redesigned database and sync engine. It also includes an option for exporting encrypted backups, something the our users wanted to see for a long time.

At the same time, we are moving away from supporting iCloud/Dropbox that was used purely for syncing the database because of the many limitations. The 1Password.com is not just a sync service, it provides vault sharing within family or business, item history, access control, account recovery, and more.

I hope this helps!

Tertius3

@m4rkw:
If someone steals my vaults from the cloud storage, they cannot be decrypted, because they are encrypted not only with my master password, but with my secret key as well. The secret key is never sent to the 1password website. You enter the key if you first log in to the website, with your app or with the browser extension, but this is a local form. The key never leaves the machine. It's never sent over the network. It is used locally to locally decrypt the downloaded encrypted vault.

Tampering with the app and the forms and steal the secret key with a tampered app is no different to tampering with the app and steal the data processed from a local vault. If you can tamper with the app and steal a secret key (which is, by the way, entered very seldomly, so the opportunity to grab a secret key is somewhat low), you can also tamper with the app and send any data from a local vault to an attacker.

So a local vault is not more and not less secure than a cloud-stored vault. It's the same security level. For secure processing, you need to trust the app vendor (1Password), for a local vault not less than for a cloud-stored vault.

m4rkw

@Tertius3 the secret key is only not sent to the website because the javascript code on the website doesn’t send it. If a malicious actor controls the website they can easily change this.

The risk vector is the credentials being entered into a web form at all.

vonstael

I have the same opinion as @uculc.
1Password Standalone user since version 3. I will keep using 1password 7 and then find an alternative...
Good luck 1password team

Bob_UW_LLC

Using a local vault (stored in Dropbox, in my case) allows me to access personal 1Password vaults on a personal device, and also access my Teams vaults. I'm OK with losing local vaults, but would need a way to authenticate to two different 1Password accounts. I'm sure that is a design/programming challenge, but imagine it is possible. I'm fine paying for the personal access (in addition to the team access).

StevenBedrick

@Ben I remain confused about why, if 1P8 is technically capable of being fully operational when working offline, it isn't possible to support local-only vaults. Obviously implementing two totally separate vault syncing systems (1P.com as well as Dropbox/wifi/etc., as 1P7 supported) is a ton of extra work, which I'm guessing is part of why the feature was removed in 1P8... but why not meet users half-way and support non-syncing, local-only, standalone vaults in 1P8, since the technical capability is clearly there in the software? That way users who genuinely cannot use a cloud-based password storage system would still be able to use 1Password, albeit at the cost of having their passwords etc. sync across device, which seems like a totally fair tradeoff given that the point is to not have one's data leave one's device.

System

This discussion was created from comments split from: Changes in 1Password 8.

Ben

Hi @Bob_UW_LLC

Multiple accounts is already possible in the currently shipping 1Password 7 apps (as well as the 1Password 8 Early Access). I have accounts from 4 different memberships added to my apps. :)

How to use multiple accounts

Ben

Bob_UW_LLC

Ben,

That's fabulous! Sorry I didn't find that in the documentation, but very glad to know it's there. Problem (already) solved :)

Bob

Ben

No worries! Glad to hear that helped. :)

Ben

fosple

tl;dr

I just signed up to the community to express my dissatisfaction with the direction 1Password is going.

For me, 1Password failed in all three dimensions with version 8:

1. Product: I don't want to store my most sensitive data in the cloud. I want to own my data.
2. Business: I don't want to pay subscriptions. I'm happy to upgrade once in a while.
3. Tech: I don't want another Electron app. I want a fast and native Mac app.

Details:

To 1: I know the data is encrypted, and it's maybe secure. But who knows? Why should I trust somebody else. And only because it's secure now, who can guarantee it's secure in the future. Encryption might get compromised in the future - and who knows on which data centers my data is replicated by then an who has access to it.

To 2: I know software development is a ongoing effort. Bug fixes, etc. are a ongoing task. And therefore I'm happy to spend money every few year on software I use frequently. And 1Password is this kind of software. But first I want to rest assured, that I don't loose access to my data once I stop paying. And secondly I calculated the price increase you did by switching the business model. It's really high. For me the benefit of the new version is just nowhere near the price increase. There is just too big of an gap between value for money.

To 3: So many apps nowadays use Electron. Slack, Notion,... I want fast apps which feel native. I don't want multiple browsers running on my system which slow everything down. Most users will not know whats going on here, but I do, and I just don't like the direction software development is going. It's saves money on the development side, but for the user it's worth.

Sadly, to me it looks like, 1Password is not driven by customer needs anymore but by increasing short term revenues. This is really sad to see.

With the changes in version 8 you lost a really loyal customer who recommended 1Password to all his friends in the past.

I'll now give the self-hosted version of Bitwarden a try and will certainly never go back to 1Password. It's because I lost trust that you put the customer first. And trust is the most essential value you should have in the security business.

neil_laubenthal

I agree wholeheartedly with many of the comments here. Dave as the boss is looking out for 1Password the company and to my estimation…abandoning users want both local storage of their vault and local backup capabilities for their vault. I have a current subscription even though my vault lives on DropBox…the subscription vault is just another of my vault backups button the primary one. I haven't seen any justification from Dave or anybody else at the company why local storage can't be an option for version 8…charge the subscription fee since I realize that a company needs a revenue stream and a more or less constant one makes planning easier…but. allow within the subscription both use of all the various apps on various platforms as well as local/DropBox storage vaults. Yes…I realize that the incredibly wonderful Secret Key doesn't function with a local/DropBox vault…but who cares. The Secret Key…when you get down to it…is just a second password required for accessing the vault…and doesn't provide any more security than the Master Password and the DropBox or local storage password does…either way it's still just 2 passwords.

I'm also not really interested in an "internet access required" solution…whatever I use needs to work seamlessly with…or without…any connectivity and properly sync changes made in offline mode back to the master copy. DropBox has been doing this perfectly with version 7…for years…and I've yet to see any explanation that makes sense for that other than "we get more money this way". Sorry if that sounds harsh…but it's the way a lot of users feel I'm sure.

m4rkw

A lot of the basic functionality of 1P is coming to iOS and macOS this year. They have to innovate or die and enterprise is where the money is.

webweasel

Don't need or want a cloud service. I have my Mac and I have my iPhone. All I need is for them to sync now and again. I also dislike subscription models. And I also don't like what I'm hearing about the 1PW8 Mac version using Electron. These are all wrong turns for me so I guess I'll be staying on version 7. I'm assuming Keychain will pick up the slack at some point but it's not there yet.

m4rkw

@webweasel the new iCloud Keychain stuff may be just what you need.

webweasel

@m4rkw You read my mind!

W4rl0ck

I work in a company with over 300 people and most of us are using 1Password as their password manager. Many of us have a company subscription, but because of compliance rules we are only allowed to use local vaults to store our passwords and use wlan to sync to the mobile app.

We already had a number of problems with the classic browser extension and a lot of people said it would only be a matter of time until local vaults would vanish completely.

I’m sad 1password is going this direction, I know this is not the electron thread but when the native apps are gone I’ll also end my private subscription.

System

This discussion was created from comments split from: a BIG THANK YOU and an important question about the 1Password8 model.

colacin

I've had multiple licenses of each version since 2 (maybe even 1) and I feel the same as most here. I was even a 'charter' member of the family plan, if only to get my actual family to use 1password by paying for it on their behalf. (and no one asked if i wanted a subscription... I was just sort of maneuvered into it)

I just found out that 1p8 on Mac is moving to Electron... and all I can say is that one of the original, best apps that was Mac and iOS first has now abandoned the platform. I did not want to rethink my password management, but like others have said, this ship seems to have sailed somewhere I don't want to go.

There is one good thing about Electron - it allows linux desktop users (which I also am) a chance at having some popular apps that would likely never make it to linux in a timely fashion... but even then it's still a steaming bloated mess that generally doesn't work right.

Lars

@neil_laubenthal - local backup capability is one of the things coming to later releases of 1Password 8 for Mac, because we agree that it's an important part of being in control of your own data. One of our goals has always been never to be in a position - even by accident or misfortune - where we could lock a user out of their data. Previous versions of 1Password created backups on-disk because that was often the only way to guarantee that there were backups. With 1password.com accounts, there are multiple redundant backups online -- which takes care of the main worry, not having data redundancy -- but with 1Password 8 moving to account-only, restoring the ability of users to keep local backups of their data as well as the backups that have always existed on the 1password.com servers, is a priority.

I'm also not really interested in an "internet access required" solution…whatever I use needs to work seamlessly with…or without…any connectivity and properly sync changes made in offline mode back to the master copy. DropBox has been doing this perfectly with version 7…for years...

With 1password.com accounts, there is always the local SQLite cache of your data in every 1Password app on every device you've installed it onto. That's why/how you're able to unlock that data and view/use it even when you don't have an internet connection. We have never distributed a "requires internet connection" method of using 1Password, and I can't imagine we ever will, for the very reason you outline: people need their data when they need it, not whenever their internet connection is online. If you make changes to your data while offline, the next time you have internet connectivity when 1Password is open, changes will be synced to the 1password.com servers.