What is the future of local/standalone vaults?

danco

Is this local backup capability part of the self-hosted option currently under consideration or is it different?

Would there be a way of preventing syncing to 1password.com if one had set up local backups? It seems to me that most of the people asking for standalone vaults do so because they don't want their data on 1password.com at all. So just having local in addition would not suit them.

Ben

Hi @danco 👋

Is this local backup capability part of the self-hosted option currently under consideration or is it different?

These are independent concepts.

Would there be a way of preventing syncing to 1password.com if one had set up local backups?

Having local backups by itself would not have any impact on if your data does/can sync with 1Password.com.

So just having local in addition would not suit them.

Indeed; if those folks are so inclined and feel self-hosting a 1Password.com instance on their own infrastructure would be a solution I'd encourage them to fill out the self-hosting survey: https://survey.1password.com/self-host/

Ben

neil_laubenthal

Thanks Lars…local backup is a step in the right direction but does not solve the no local vault issue. I have yet to see a decent (or any) explanation for why local vaults are not supported in v8 or for why DropBox sync is no longer supported other than “it doesn’t meet our needs”. Yes…it is true that the vaunted Secret Key doesn’t apply to either of those…but who cares. The Secret Key is essentially just a second password…providing little additional security and no more than the DropBox password and device passcode or biometric ID do. Yes…I also realize that the company wants the subscription model for consistency in revenue…but that doesn’t explain the removal of wanted and used features…just explain with your best marketing speak how much smarter y’all are and users should just trust you and use your servers…and leave the features available for those Luddite users who just don’t see the light and insist that an app should meet their needs, not the other way around.

As I said…I hate the Electron app but that’s not a deal breaker…I would prefer (like most users) a native macOS or at least a Catalyst app using the iOS code…but I could live with that. I can’t accept an app that removes perfectly working features that I use and need daily just because the company wants to focus on enterprise users and minimize individual users as much as possible. I accept that your recent infusion of VC money means they get to demand a better ROI on their investment…but I see no reason to pay for features I could care less about, don’t use, and don’t want…although I have licenses (multiple) for back to v2 or v3 of the app I would pay a reduced subscription fee gladly if it only allowed local vaults that work the way I need them to…and might pay the full subscription fee and use your servers as another backup method if local could still be my primary vault. Y’all claim that your solution is better…but for many of us as evidenced by this thread it just isn’t better. Some users have multiple clients and thus multiple separate vaults that the client requires be on local storage only…your system inherently breaks that. I’m just a single user…but I’m not interested in being forced to use your sync servers.

You state that your servers have multiple backups…which is fine for you…but that’s completely inadequate for your users who need their own backups.

Lars

@neil_laubenthal - I replied to your comment with something I thought might be of interest to you - the fact that local backups are indeed coming in 1Password 8 - which would seem (to me, anyway) to address your "inadequate for users who need their own backups" issue. You'd of course know your own situation, needs and preferences better than anyone else, but it seemed to me while reading your reply that this is the real sticking point for you:

Some users have multiple clients and thus multiple separate vaults that the client requires be on local storage only. I’m just a single user…but I’m not interested in being forced to use your sync servers.

If that's the case - that you either have clients who require you to store data only locally, or you simply aren't interested in a 1password.com membership - then for the foreseeable future in 1Password 8, at least, there isn't going to be a solution that meets your needs, with the possible exception of the self-hosted version of 1password.com that's been previously mentioned in this thread and others.

Outside of that, 1Password 7 for Mac will continue to work on the forthcoming Monterey, and probably (though not certainly) beyond, as well. If history is a guide, 1Password 7 for Mac likely won't receive compatibility updates past early versions of Monterey, but as with older versions of most software, they do not typically become INcompatible immediately. I'm not sure where that leaves you as you assess your options, but: local backups are indeed coming. Self-hosting is possibly (though not certainly) going to be an option, depending on the feedback we receive. And 1Password 7 for Mac will continue to work for some time. I'm not sure what that adds up to for you, but standalone vaults as you've become accustomed to them won't be a part of 1Password 8.

neil_laubenthal

Lars…my comment re consultant clients was a general one as I am retired. You’re missing the point…or ignoring the point maybe…

The company has decreed that local vaults and DropBox storage re verboten with v8 despite them working perfectly on v7. I’m not against paying the subscription fee at all…what I’m against is the removal of capabilities that I and others consider requirements…local storage, backup, and DropBox sync. I’m quite happy to pay the fee as I realize the company and the VC people want to make money…but my preference…along with many others if this thread is any indication…is not to have my data on your servers period. Frankly, y’all are blowing this rollout. Go ahead and switch to a subscription only licensing model…that might cost you customers…might not do so…and you may or may not care bout individual users as much as before. Charge the subscription as you will…but then allow users to keep their data where they want. If they’re happy giving up the supposed advantage of the Secret Key for DropBox and device access codes…which currently works perfectly…you should let them rather than just arbitrarily removing the features we chose 1Password for.

It appears to me that the company is changing to an enterprise oriented business model and just doesn’t care bout individual users any longer…and that’s a shame when you could have easily both shifted licensing models and keeping desired features… it in your desire to cut costs by using a cross platform environment you are not delivering an app that is as good as it could and should be on each platform…because you’ll make more money that way.

ingorenner

+1000 to Neil. I would WANT to give you money since 1P is an essential tool that I use countless times everyday. Heck I could even deal with Electron if I really had to - I would still despise it though.

However, storing my passwords on 1P servers will not happen, ever; that is where you will lose me as a customer. That's a hard non-negotiable requirement.

Lars

@neil_laubenthal - it's certainly true that 1password.com accounts have allowed us to pursue larger business and enterprise customers in a way that simply wasn't possible previously with standalone licensing and local vaults using third party syncing with its much more fragile and limited sharing. What doesn't follow from that (and isn't the case) is that we "don't care about individual users any longer." There are individual 1Password accounts as well as 1Password Families accounts, and they've been adopted and enjoyed by most of the community, starting as far back as 2017. For those users (not just the enterprise folks), we'll continue to bring out features people need/request that just weren't possible with the comparatively limited APIs of third-party sync services, like Travel Mode, individual item history/restore, and much more. We just no longer offering local vault or third-party sync support in the yet-to-be-released 1Password 8.

neil_laubenthal

Lars…sorry, I can only call things the way I see them. Pursuing larger business and enterprise customers is a good thing for the company…and with the VC guys involved in the company now I can't argue with increasing profits…but taking away capabilities that work fine now and have been working fine ever since v7 was released seems pretty user unfriendly. You say that you still care about those users…but if they're 20% of your revenue then then the enterprise users that are the other 80% you're obviously going to care about them more…and that's just fine.

Frankly…I really don't care that much about syncing anyway…the vault contents don't get changed that much and moving the file around via email and manually updating various devices when needed would be just fine. The big deal is that the user's data should be immediately available to the user…always. Yes…most of your new users since 2017 are on subscription…but as has been note in several threads here one big reason for that is the stand alone license stuff was carefully squirreled away and not readily available from the main "buy 1Password" page. So…claiming that 97% of your users choose this option is sort of disingenuous…but I realize the company has made it's decision and you have to use the company line.

I also have a current license for Password Wallet…which still supports local storage and while it doesn't have the seamless sync of DropBox it's still pretty easy to sync. The only reason I haven't decided to switch back to it instead is that it doesn't support image attachments to entries or secure notes. I can resolve the latter by just using the notes section in entries but haven't figured out how to support images yet.

Questulent

I have also been using 1Password since version 3. While I don't love subscription software, I do think 1Password is offering a decent deal on this (especially with their upgrade pricing), but like most others here, I am very concerned about the deprecation of standalone vaults.

With so much personal data in one place, I find it a far better security system to have 1PW encrypt the vault on my machine, and then have a different sync service (DropBox in my case) handle the sync and encryption of that. (See @apike comments for a good explanation here: https://1password.community/discussion/121554/why-can-we-not-have-an-explicit-statement-about-1password-being-a-subscription-only-service/p1 )

For a personal user, I'm not going to try run my own server - way too complex.

I guess I'll continue to use 1PW7 till it's no longer usable and then find an alternative, but it will be with sorrow...

neil_laubenthal

Questulent…you've hit my thoughts almost exactly. While I trust that the combination of Master Password and Secret Key keep them from reading my data…having two different cloud based organizations like 1PW and DropBox seems to me to be a superior solution overall…not to mention the backup/restore capabilities it provides.

However…I've thought about this a bit more and see several drawbacks to the new v8. However…having looked around for another well supported local storage/backup DropBox capable iOS/macOS/iPadOS option that provides both Secure Note capability and image attachment capability…and having not found anything although I could sorta make do with a combination of Sync for the latter two needs and something like Password Wallet for passwords although it is supported by a one man shop and has a somewhat more difficult sync solution. I really don't require full time sync as the contents don't change much in my vault…but it is nice to have and having it happen automatically is nice as well.

Looking at my objections to the new business model…I see several issues.
-loss of local storage options including DropBox. While this is important to me…it isn't because I don't trust 1PW as with the Master Password and Secret Key (essentially a second password in reality) they don't have access to my data. The issue is then that all the backups are on their end…so in some sort of catastrophic corruption or loss of data on their end I as the user am pretty much completely screwed since I don't have a backup copy of my data that can be reimported into a new online vault after the catastrophe is over. While I personally prefer the local storage option…I do not consider not having it a show stopper…but this is mostly accepting reality since I've not found another system that provides both this and the other features needed.
-loss of a macOS native application. Again…while I don't like this I don't think it will end up being a showstopper. It would have been better IMO to take the native iOS/iPadOS version and convert it to a Catalyst app…it's still not macOS native but it's a lot closer than Electron is. Seeing as I haven't found another option though…not a showstopper.
-the loss of local backup capability that allows me to have my own copy of my data that is kept on DropBox, Time Machine, drive clones or the other backups I maintain…and the loss of the capability to create a new online vault in my account and import my backup data file into it once whatever catastrophe that resulted in the loss of the online vault (fire, flood, corruption, hacking, whatever) is over…will be a show stopper on any upgrade to v8 for my use. Not being able to reconstitute my data without any outside assistance is unacceptable…especially as I'm quite sure that the company's enterprise users will get higher priority for restoring than individual lower paying users. I don't like that attitude or approach…but it isn't my company and I understand why they will give enterprise users higher priority…I just don't have to agree with it.

Assuming that eventually v8 will get local backup/restore to the cloud capabilities in the future…I may eventually end up upgrading to v8…but until that happens I will keep using v7. If v7 fails to work with future OS upgrades and it is not at least maintained in it's current working order which I think users are at leasts morally owed due to the loss of capabilities and subscription only licensing that v8 forces us into…but which I highly doubt will happen. I will also keep looking for other alternatives as most of the supposedly great new features that v8 and the standard code base and all that will allow the programmers to do…simply aren't relevant to my use.

For users who are consultants who have clients that require no cloud storage of their data…my only suggestion is to either switch to Password Wallet…but it's essentially still shareware and supported by a one man operation…which tends to give one pause despite it's long record…which does allow local vaults. Failing that…I would suggest that those users simply use a series of small encrypted .dmg files one for each client and then keep text files or a Numbers worksheet or whatever with the passwords, keys, and what not in it…and simply mount/unmount these .dmg files as required. Combining those local storage files with either clones, Time Machine, external drive copies or DropBox/Sync/whatever if a particular client allows it provides sufficiently adequate security. There's always the possibility of remaining RAM fragments of the Numbers or text files after a particular .dmg file is unmounted…but a quick reboot would take care of that beyond some serious nation-state level hacking ability.

Finally…I'm really not happy with the new approach of the company…and I have to admit if I had found another option that solved all the issues I have I would seriously consider switching immediately…but that system just doesn't exist. Thus…I've had to reevaluate my options and decide which issues would be deal breakers…as noted above the eventual (maybe) provision of local backup/restore/import capabilities may be enough to keep me around and convince me to upgrade to v8.

DenalB

Hi @neil_laubenthal !

…but that system just doesn't exist.

Maybe you should check ArchiCrypt Passwort Safe. I bought a license some years ago. It only works with local vaults, which you are able to sync via Dropbox or WLAN. For me, it was a bit to complicated, to manually sync vaults, but maybe for others it is the right program. But I don't know if the program is available in English language. I just installed it, and it was in German and I couldn't find a setting for this. Personally, I like the way of syncing my passwords via 1Password.com, so I don't need a local-vault-only program. ;)

Oh, just recognized that there seems to be a Windows version only... :cry:

PS: Sorry for advertising. If it isn't okay, please feel free to delete my post!

Lars

@neil_laubenthal -

The big deal is that the user's data should be immediately available to the user…always.

It is? In that case, I'm not sure what the issue is -- 1password.com memberships, whether in 1Password 8 or 1Password 7, and whether on Mac, Linux or Windows, iOS or Android, have always had a local cache of your 1Password data on your device. That's how you can unlock and see/use it even when you don't have an internet connection. The only exception to this is Document items previously added to 1Password, which are available if you downloaded them prior to not having internet connectivity.

danco

@Questulent

For a personal user, I'm not going to try run my own server - way too complex.

It CAN be extremely easy to run one's own server, particularly if it has limited functionality. Whether AgileBits can create an easy server that ensures satisfactory security is another matter, but I am sure that if they do introduce a server option it will be secure.

Lars

@Questulent - you must do what you feel is best for your situation, of course, though we'd be sad to see you go - and I want to make sure you don't leave due to a misunderstanding of the security properties involved. Separating the syncing service from the encryption mechanism by using two different services/companies doesn't have nearly the advantages some folks assume it does. Whether it's a 1Password vault that's housed on the 1password.com servers or a 1Password vault that's synced via iCloud or Dropbox, the fact of that "separation" between the encryption and the syncing is what's by far most important, not choosing a different service/company for each.

In a theoretical worst-case scenario, compromising the 1password.com servers would net an attacker nothing but encrypted ciphertext for which neither we (AgileBits) nor they (the attacker) have the decryption keys. That's the same as it would be for an attacker who came into possession of your data by taking the encrypted database from your own device, either directly (physically) or remotely (via remote compromise), and also the same as it would be if an attacker obtained the encrypted database from iCloud or Dropbox. Being able to break into our servers is entirely separate from being able to decrypt user's data.

Only, it isn't just the same as obtaining your data by breaking into iCloud or Dropbox.

The reason data on the 1password.com servers is considerably more secure than data synced other ways is due to the Secret Key. You may have already read about this previously, but if not, it's worth a read through that article, or - if you're more technically inclined and would like a fuller explanation - our full 1password.com security white paper. The Secret Key protects your data if the 1Password servers should ever be compromised. It adds a (for practical purposes) uncrackable 128(ish) extra bits of entropy to whatever entropy already exists from your chosen 1password.com account password, and the Secret Key is never sent to us, so again, it cannot be retrieved from our servers (just like your account password).

On your own local device(s), it is your password which provides the protection against attackers being able to decrypt your 1Password data, just as it has always been with standalone vaults - your password protects you (technically, it is used to derive the encryption key without which your data cannot be decrypted). But online, in a sync situation, the Secret Key is only available in 1password.com accounts because it is only possible in 1password.com accounts. We wanted to make very sure your data on our own servers was as secure as possible, which is why the Secret Key exists. Some clever attacker slips past Dropbox or iCloud's server protection and makes off with your data, it is protected by your password (just as it is on your local device). Someone slips past our server protections, and it's the strength of your password plus your Secret Key.

I hope you'll stick around, and of course feel free to ask any questions you might have. Whatever you decide, stay safe out there. :)

neil_laubenthal

@lars - Well…in order to get the encrypted blob from DropBox…they need to bypass the DropBox password first and then the Master Password. You’re right…if they somehow got into DropBox servers without cracking passwords they could make off with my ncrypted blob…and then would only need to crack master password instead of that and secret key…but who cares because that is irrelevant. A 22 character master password consisting of all four of the basic password food groups takes trillions of centuries to crack at 100 trillion attempts per second…see grc.com/haystack.htm. That’s way more than good enough…so the fact that the math says that the double combo takes trillions of trillions of centuries is both completely accurate and completely worthless from a security standpoint…simple trillions of centuries is just fine.

You’re technically correct…although getting the DropBox data without cracking that password seems unlikely to me…but you’ve carefully constructed your scenario to say your way is more secure…and while that statement is correct it is both disingenuous and carefully crafted…when in truth just the master password is way, way, way more than secure enough.

But I’m happy to have a secret key on .com accounts even though it is a mostly meaningless increase in security…but users have become accustomed to their software working a specific way and for you to deliberately break what works now just because it is a better business decision for t(e company is both sneaky and reduces the trust users have that the company is acting in the users best interests rather than the company’s.

neil_laubenthal

@danco - Running the server yourself means the user has to maintain, configure, and configure whatever back end database is used…presumably SQLite as noted in another thread but no matter what it is it won’t be a simple thing to setup…and then the user has to backup the server and how does that work with the database open and a whole lot of IT related things. So it won’t really be an “any user can do this” option…it will be more of a “the enterprise user has an IT department so can run their own server” thing.

I’ve said in another thread that could live with subscription, crappy macOS client, and no local storage…but not being able to save full up local backups of the entire dataset and restore that local backup to the cloud servers is just nuts…and I can’t believe that a security related company doesn’t understand that…actually I believe they do understand that and just don’t care because it doesn’t fit the new business model/corporate vision/enterprise focus/whatever.

m4rkw

@Lars with all due respect, I take issue with these statements:

In a theoretical worst-case scenario, compromising the 1password.com servers would net an attacker nothing but encrypted ciphertext for which neither we (AgileBits) nor they (the attacker) have the decryption keys

The reason data on the 1password.com servers is considerably more secure than data synced other ways is due to the Secret Key

The Secret Key protects your data if the 1Password servers should ever be compromised

If the 1password.com website were compromised and the front-end js modified an attacker could steal the master password, secret key and 2FA code (if enabled) all at once for anyone who logged in while it was compromised. The fabled Secret Key does nothing to mitigate this.

Contrast this scenario with a standalone vault, there is no website that could be compromised that would net an attacker both the encrypted data and the key material with which to decrypt it.

uculc

@m4rkw I totally agree with you. Also, if I understand correctly, and 1P stores a local copy in a SQLite DB (which is also just a file), why can't I just use ONLY that local version? Whether you call it local vault or local SQLite cache, I don't care. "Local" is the magic word....

fosple

@m4rkw Thanks for pointing this out. This is also the attack vector which worries me the most. Storing really valuable data of many people all in one place is always (!) a bad idea. It just generates to much incentives for criminals to hack that one place.

Lars

@neil_laubenthal - I'm glad to hear you've chosen a password for your 1Password data of at least twenty-two characters. Presuming it was generated randomly on a good CSPRNG, it will indeed be quite resistant to attack. However, not all users who create passwords - even their 1password.com account password - are so careful. That's one of the reasons the Secret Key exists - to make sure all users have password security equivalent at a minimum to what you've created for yourself. :)

m4rkw

@fospie it's also a far more desirable target for a would-be attacker. Unless you're a very high-profile target, the risk of a direct attack on your local standalone 1password vault or iCloud account is unlikely in the extreme. But the 1password service itself, where credentials could be exfil'd en masse for tons of users and companies all at once.. that's a goldmine. To claim that using such a service is an improvement in terms of security is in my opinion wrong at best and disingenuous at worst.

fosple

@m4rkw Agree 100%

creaaz

The removal of local vaults is a no-go for me and the only counting reason to say "Bye Bye" to 1Password.
For legal reasons (in a corporate environment) I am required to keep certain credentials local only.
1Password was a great way how to have a single password manager, which holds my personal credentials via 1Password.com and my corporate credentials via a local vault, accessible and integrated in a single app and the most important: compliant with my corporate guidelines. Unfortunately I will now look for alternatives and cancel my annual subscription.

neil_laubenthal

@lars - my master password was actually generated as 3 random words in 1PW and I added special, digits, and uppercase. Your instructions for starting out with the app tell users to choose a strong Master Password because that’s the keys to the kingdom and IIRC they say strong but memorable is preferred. As you likely know…length is really the only thing that matters as long as you’re long enough so that previously hacked password dictionaries, rainbow tables, and the other quick hacking tricks fail…and you need more than 17 to force the NTLM v1 hackers on the Windows side into the stronger NTLM2.

Frankly…if users are too stupid to choose a strong and memorable password…they don’t deserve any security IMO…because you just can’t fix stupid.

As I said…I don’t really have an issue with either subscription or the no local vaults although I prefer them over the online only ones. I do have issues with the Electron client which is generally getting trashed on the forums by most of everybody that isn’t a 1PW employee. Loss of macOS native client, buggy plug in, no sort by categories, the list of flaws just keeps getting longer and longer but @PE employees keep saying it’s the greatest thing since sliced bread…I tried it and it is at this point terrible. However…it’s still beta and maybe all of those bugs and missing common sense features will get fixed before release.

The deal breaker for a lot of users is going to be the lack of any ability to save a full encrypted copy of the vault on our computers where we can back it up with Time Machine, clones, copying to mother drive, sticking it on DropBox or whatever…and also the ability to restore that backup to the online vault in the event of some catastrophic corruption 9t failure on either your end, the user end, or the network that is syncing the data. We all know that oops it’s happen…and it doesn’t matter how many copies 1PW claims are backed up on your end…if a user can’t have his own backup copy and restore from that copy…then the new model is simply an non starter.

So…fix the client…doesn’t mean dump Electron but that’s the best solution…but a non native client that actually doesn’t suck and does things like sort by category and doesn’t have all the UI issues that are noted elsewhere on the forums would be at least acceptable. I personally think that sticking macOS users with a non native, non Mac like client is a bad idea and a slap in the face to macOS users that gave the company its start…but it ain’t my company so y’all get to make the rules.

But it absolutely must include local user backup and restore capability…and if you’re concerned about users with weak passwords then just double encrypt the backup copy with master password and secret key but dump the copy on the users computer…that seems like an obvious solution.

Failing that…many users will stick with v7 until it breaks and/or move to another product. That’s been said multiple times in multiple ways by multiple users here…but so far it appears that management either isn’t listening or doesn’t care since no official statement says we er going to fix xxx or yyy or zzz…all we get is how wonderful it is. All of the “enhancements” in v8 are obviously aimed at enterprise users…very few of the normal single or family users need to see “which passwords are shared with which people or groups”. That’s all fine…add features as y’all wish to attract enterprise…but give mere mortals who aren’t enterprise an app that supports their needs as well.

danco

@neil_laubenthal Either you or I has a severe misunderstanding of things. It could well be me, I admit, but I think it is you (coupled with poor terminology by AgileBits who do not make clear the distinction between "local" and "stand-alone" vaults).

What is going away in 1PW8 is stand-alone vaults, which never have a connection with the internet (though there is a chance they may come back by a self-hosted server option). But a local copy of the online vault does exist and, I think, will continue to exist. And that copy does get copied over when cloning, could be manually copied to another drive (one has to know where it lives, but that's not hard). And presumably it can be copied back to restore (I haven't tried that).

Most of the faults with 1PW8 seem to be general beta issues, and will, I feel sure, be solved by release time. Given that AgileBits started out developing a native UI as well as an Electron one, but ran into difficulties, I think they were right to provide the Electron beta when they did. I hope they will produce a native version in time. I would be happy with a statement that they had to go back to the start for a native version, and so it may take a long time to develop, and that they are aiming at a release version of Electron much sooner than any native version. Unfortunately, their Mac enthusiasts seem to be much happier with the Electron version than any others who have tried it, so a native version may not happen. On the other hand, many of the objections to the Electron version seem (apart from beta issues) just a complaint that it is not the same as it was.

I'm sticking with 1PW7 myself for a fair while. I will probably stay with 1PW indefinitely, but for me there's no value in running a beta, so unless things change quickly I will be with 7 for six months, maybe even up to eighteen months. That's long enough for 1PW8 to be as good as it can be.

Lars

Welcome to the 1Password Support Community, @creaaz! :) If you've got a hard requirement from your employer (or possibly clients), then we understand. I'd suggest if on-prem credentials are an absolute must that you direct whoever is in charge of such decisions to register their interest in the self-hosted version of 1password.com, as we're gathering feedback on that right now, and it would allow you to continue using your own account plus your employer's self-hosted account, right within the same 1Password app you're already familiar with. Whatever you decide, stay safe! :)

Lars

@neil_laubenthal - I mentioned 22 characters that's what you originally said, not three words. The entropy calculations for word-based and random character-based passwords are different, but it's not particularly relevant to what we were discussing - how useful the Secret Key is - and you're correct: we do suggest people make their Master Password memorable, as a forgotten Master Password is of no use to anyone.

But it absolutely must include local user backup and restore capability...

And now, I feel as if we've come full circle to the point we began, where I mentioned:

...local backup capability is one of the things coming to later releases of 1Password 8 for Mac, because we agree that it's an important part of being in control of your own data.

Hope that's helpful. :)

neil_laubenthal

@danco - yes…I realize the difference in terminology between a local storage and stand alone vaults (they’re the same actually in my view) …and don’t worry as I misunderstand plenty of things…perhaps my explanation wasn’t clear enough. V8…as do previous versions that use a cloud vault…maintains a local copy for offline use. In v8 this is a SQLite database as stated by tech support…for earlier versions I do not know if this is a full copy of the same file that would be stored for a local storage vault, SQLite, or something else. The issue is that for a local storage vault…which many users prefer so that it is synced via DropBox, Sync, SpiderOak or whatever…easily allows the user to make backup copies of the vault and restore them if needed. Even for cloud vaults in earlier versions than v8…this is easily possible by just copying entries to a local storage vault from the cloud vault…again allowing for personal backup and recovery. That capability is gone in v8…to be “added in a future release” according to @lars …and I’m not enough of an SQL guy to know if those databases are preserved by Time Machine/cloning or whether they’re properly encrypted, or whether one must speak SQLese and do things inside SQL to back them up. The point is that for 99% of users this is equally true…so the user has zero backups other than those on the cloud end…and has no visibility into the adequacy of those backup…and that is simply unacceptable.

@lars - yes…the entropy numbers are different for 3 word passwords than completely random…but on the folks who designed 1PW think they are adequate since the app will happily generate 3 word passwords separated by whatever special character one desires. As you may know…password cracking basically consists of dictionary attacks which are a list of known passwords and dictionary words. 3 word passwords…even if the individual words are all in the dictionary…will survive a dictionary attack unless the combination including the specials is included as a single entry. Next is rainbow tables which are precalculated tables of every possible password for a given set of character requirements and up to whatever length the table is calculated for…this attack fails at longer password lengths due to table size and essentially 18 or so long defeats this method of attack. Absent those attacks…the only thing left is brute force guessing of every possible password and that’s what gives you the long cracking king time based on complexity and length…and 3 word passwords with some specials and digits are plenty long enough. You’re technically and mathematically correct in saying that completely random passwords are “more secure” than 3 word ones since the cracker could eliminate possibilities that contain say qqq for instance if they KNEW the password was words…but they don’t know that and from a practical standpoint it is simpler to try every possibility than eliminate trying some of them because of reasons. However…even if they followed those reasons and eliminated 99.9% of all possible combinations…so they only actually tried 0.1% of the possibilities…that factor of 1000 reduces the trillions of trillions of centuries to millions of trillions of centuries…and again that’s more than secure enough. The reason for words is to make the Master Password random but memorable…and more importantly easier to type…while still maintaining way better than good enough security.

The statement that local backup is “coming in a future release” of v8…is simply obfuscating the issue and ludicrous. Releasing v8 without this capability is simply unacceptable…and defending that decision is equally wrong. Absent a commitment that v8 will not be released without that capability will simply force users into an unacceptable situation as we have no idea when or if that future release will come and many users will simply refuse to put their data at risk and solely in your possession…and they’ll vote with their feet.

As I said…I believe most users will live with subscription only licensing even if we don’t like it…and most will deal with the non native macOS client and the loss of local only vaults and our sync of choice even if we don’t like it…but not having local backup and restore capability from the initial release of v8 is a terrible violation of the user’s trust and will result in either continuing to use v7 or abandoning 1PW for something else. My belief is that the company knows that and if v8 is released half baked they just don’t care because corporate management has decided that enterprise users are more important…but that’s just my opinion.

cyberskier

Just wanted to chime on the self-hosted version, in case AgileBits is looking for this kind of feedback:

It shouldn't affect me, but there are some industries (some law firms, for example) where syncing with a remote server is a strict no-no, but setting up a self-hosted server isn't going to happen either. It falls into the category of, "Yea, you can use that app if you want to, but don't let the content leave your device, and don't look to us to support it."

Lars

@cyberskier - thanks for the heads-up, and yep, we're aware there aren't any methods which will satisfy all corporate requirements (primarily because those requirements differ from company to company). ;) We've been getting requests for self-hosting since the very beginning, so we know there's at least some significant level of interest in it, and that's what the current survey is for - to gauge it! :)