What is the future of local/standalone vaults?
Comments
-
You’re right @ingorenner, we absolutely don’t want to add local vaults the way they existed in previous versions into our new release. It’s not out of malice against local vaults as they did a fantastic job over the last 15 years, and until 1password.com came along they were the best option available.
As great as they were, we pushed standalone/local vaults as far as we could and it is time to move on to something better. I touched on this in my first reply on page 1 of this thread but I didn’t have the luxury of diving deep there on the technical side of things. Let’s do so now.
One of the biggest challenges with local vaults is they need to rely on a generic file sync protocol like iCould or Dropbox. At first glance this almost sounds like a benefit as what could be better than a generic api that can be used across a bunch of situations? It’s kinda neat even as it means you can use a single service for all your needs. It absolutely does sound like a good thing.
In practice, however, this doesn’t work well for 1Password. The api is simply too generic and prevents us from doing many things to improve the performance, reliability, and security of syncing itself, as well as greatly limiting the features we can provide.
Here’s some of the benefits that a specialized service is able to provide:
- Our api provides an
overview
end point that allows each client to find out if there are any updates to any items within an account. With one single request our apps can determine if there’s any work that needs to be done. And since we know theoverview
end point is the hot path for clients while syncing, we’re able to optimize the hell out of it on the server side. The result is syncing is much much faster, uses less networking, and conserves battery. - Syncing is so much faster and light on the battery that we’re able sync on iOS from within Safari’s share sheet.
- We’ve incorporated versioning info deeply throughout our protocol to greatly increase reliability.
- With online vaults the server is the single source of truth. The benefits of this cannot be understated as it enables us to avoid sync conflicts and protect from data loss. For example, what was 1Password supposed to do when your data folder disappeared from Dropbox? Was it a deliberate act or a file cleanup operation gone awry? Should we nuke the vault or go recreate the files on disk? Similar questions existed for individual items. Our specialized protocol resolves all these issues and more with an robust, performant, and I’d even go so far as to say eloquent solution.
- Sync issues have gone from our #1 issue to being nearly completely non-existent. Our customers and customer support team were both able to breathe a huge sigh of relief.
I’m sure there’s more benefits on the client app side of things that I’m forgetting but let’s switch gears and jump over to some higher level features that are now possible:
- All your communication with 1password.com is protected by an additional layer of encryption over and above what SSL provides. Along with the encryption of your items themselves, there’s 3 layers of encryption at work here.
- We use the Secure Remote Password protocol to establish the session key used to encrypt all your data for each session. This protocol not only protects you from ensuring your Account Password and Secret Key never leave your device but it also allows client apps to verify the server is who it purports to be.
- The encryption design is more modern and incorporates the Secret Key along with the Account Password using Two Secret Key Derivation to massively strengthen your defence against brute force attacks launched against our server (i.e. in the event data was ever captured from our server).
- Account recovery can be configured with trusted individuals to restore access to your account in the event you forget your password or lose your secret key. What’s extra cool about this is the recovery can take place without this individual ever obtaining access to the data within your vaults.
- Item history is incredibly useful as the server is able to keep track of each encrypted blob of data an item had so you’re able to restore previous versions whenever needed.
- Device setup is so much easier with 1password.com, especially when using multiple vaults.
- Multiple vaults are so easy to setup now that the barrier that prevented many people (including myself) from using them is completely gone. It’s really handy for organization and sharing to be able to collect items in specific vaults.
- Sharing in general is a huge plus here and you’ll see us continue to roll out additional features here. With our service we know exactly who an item and vault is shared with and are able to highlight this in the UI. With standalone vaults we had zero information here.
- We’re now able to provide 2FA
- Inviting friends and family and colleagues is so much easier for everyone involved now
I feel I’m missing some important ones but if you take these two lists and combine it with the practicalities of having a single service to support (both in terms of development and supporting our customers), I think you can see why we’re so excited about online vaults that rely exclusively on our 1password.com service.
So ultimately yes it is indeed true that we decided not to bring support for local vaults forward into 1Password 8. It It was a decision we made but it wasn’t a decision we took lightly. Thankfully the overwhelming benefits of doing so were able to strengthen our resolve and provide us confidence that it was the right decision. And our decision matched what our customers were telling us when we asked them in the 1Password 7 upgrade window.
Now, to @claus’ point, why do we need the survey? The primary reason is we have no data analytics within 1Password. We believe strongly that you are our customer and not the product. So much so that we rail hard against the generally accepted approach of spying on how people use the app. It’s your app and you can use it how you see fit. It’s not our place to spy on you.
The reality is we simply have no idea how many people are still using local vaults. Furthermore, when folks mention local vaults, it means different things to different people. To some it means purchasing a license. For others it means ensuring no data ever leaves their local network. For some it’s a preference and for others it’s a mandate. Lastly we have no idea how folks have things configured.
We believe strongly that having a specialized server is the best way forward and from a technical point of view adding support for local vaults the way they used to work is a non-starter. Depending on what you’re looking for from local vaults, it’s possible that a self-hosted 1password.com service would fit the bill and allow us all to have our cake and eat it, too. But we’re not entirely sure exactly how and why you’re using local vaults or if self-hosting would be of interest to you.
So we thought we’d ask. 🤗
0 - Our api provides an
-
Is there any reason local vaults keep getting associated with syncing? I put my most secure keys in a local vault to ensure they are NOT synced, then I manually backup and control that vault
Sounds like syncing was the big road block, so why not just say its not supported for syncing?
Anyway for now I have cancelled my subscription, its probably the only way to really show the investors (albit not much) that AgileBits has lost their focus
0 -
That's a good question, @semaja2.
You're right that at the technical level syncing and local vaults are separate in that one is a protocol for exchanging information and the other is a specification of how data is represented and stored on disk. In general, however, I talk about them in the same breath because in practical terms they are so tightly interwoven that they are basically the same. This is because the data format is such a critical aspect of syncing that it dictates how the sync protocol can work. So much so that the data format was created the way it was because of how it was synced. And while yes it's technically true you can have data on your machine without syncing it to other devices, in today's day and age with so many devices, this isn't a use case most people want and it's not one we recommend. Given the importance of the data stored within 1Password we need to make sure it is synced and available on all devices.
Data availability is a huge reason for us not wanting to provide a sync-less option. Now of course it is possible to have anyway but the complexity involved in supporting multiple approaches shouldn't be underestimated. In the early years @roustem and I continually choose complexity over simplicity and it took us a while to learn that it wasn't the best approach. While it was fun developing and shipping code that could sync in 4 different ways (5 if you include no syncing, 6 if you count the WebDAV project that never made it out of testing), it wasn't free. All these options slowed us down tremendously and added an incredible burden on the support team. As we've gotten older we've come to the realization that the simpler something is the better. Especially now that we have so many millions of users. It's just too complicated to manage all the possible ways that such a large number of users might use 1Password. For example, I still remember the pain optional syncing caused when folks would setup 1Password and just assume we'd take care of everything. This was a perfectly reasonable expectation but one that we didn't fulfill because we made things so tremendously flexible.
If these decisions mean that we're no longer the app for you, I'm truly sorry to hear that. We'll do our best to try to win you back in the future but a sync-less option won't be one of them. Please do fill out our survey on self-hosting as I do think that could be a way to fulfill our requirements and yours.
Take care and stay safe out there. 🙏🏻
++dave;
1Password Founder0 -
Hi there, I'm enjoying using the beta for 1Password 8 but have one question: has support for standalone local vaults been removed? If so, is it planned to add it back for the final release? I work for a large software company and our IT policies forbid using 3rd party services to store passwords. I've been using a local vault on my work computer so I can stay compliant with our policies. It would make my life a lot easier if this functionality didn't go away.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided0 -
Hello @JCook21, 👋
The short version of the story is 1Password 8 will not support local vaults and we're not planning on adding this old approach to the new apps. The longer story is much more interesting and we have a survey out to gauge interest on supporting this use case in a way that's more compatible with our new data formats and service.
Please check out my comment earlier in this thread for all the details.
I hope that helps. Take care,
++dave;
1Password Founder0 -
Hi all
I want to just jump in and ask a related question to the fact there are no local vaults. I wonder in terms of long term sustainability. what happens if 1pass goes away or i just want to leave to another password manager? having all my passwords online, i can only see an option to export to
1pux
. is that readable by anything? will there be other formats once its out of Beta?thx!
Z
0 -
Hi @zeltak !
i can only see an option to export to 1pux. is that readable by anything?
I tried some password managers to import 1PW8 export. But actually, this doesn't work. Hopefully, developers of password managers will implement support for
1pux
.
Also, I tried exports from 1PW7 and also had lots of problems importing the data. There seems to be a lot of manual work to get an export working.
At this time I don't want to switch, so I don't have to argue with this, but it could be hard to switch to another password manager if you are using more than "normal" login entries...0 -
1pux is an unencrypted export. It is human readable. If you open it with a text editor you'll be able to view all of the details of all of your data. As such we have to urge extreme caution with how you're storing and transporting such a file.
In terms of other password managers importing it... that should be something relatively easy for them to implement.
The two primary export formats we'll be targeting are 1pux (unencrypted) and 1pex (encrypted). We are also looking to support exporting some subset of data to csv, but this is not likely to be lossless. Items in 1Password have an unlimited fieldset due to custom fields and sections, which doesn't translate well to csv. It should be possible to get the basics such as title, username, password, and TOTP secret, though. :+1:
I hope that helps!
Ben
0 -
You're welcome! :)
Ben
0 -
Good catch. The 1PUX is actually a container (zip file) so that it can also store exported files such as Documents and attachments. Inside that container is an
export.data
file, which is the one you can open in your text editor and see all of the values. I did this by opening the whole 1PUX with BBEdit on Mac, which supports opening containers.Ben
0 -
Is the export of Documents and attachments a feature slated for a future release? I see a files directory, but it's empty.
0 -
You're welcome. :)
Ben
0 -
Hi. I am writing in the hope that you might re-consider your decision to abandon local network sync. The increase in ransomware and other breaches, I think, makes you a rich target to an attack, and I would rather my data be kept elsewhere. Thank you for listening!
0 -
@srbuwsnyc - thanks for asking, seriously. However, if you've read through this thread instead of arrived here from a Google search or a link from somewhere else, you'll have seen multiple examples of our founder, Dave Teare, explaining how we arrived at our decision (including touching on some of the things you mention), and that we won't be offering local vaults and WLAN syncing (or indeed any syncing except 1password.com) in 1Password 8. If you're interested in keeping things local, please
0 -
Yes, I will read through the entire thread. Looks like your message got cut off, though. "If you're interested in keeping things local, please"?
0 -
@srbuwsnyc - well that's weird, you're entirely right -- it does look like it was cut off, not sure what happened. ¯(º_o)/¯ What it would have said (and I could swear it DID say, when I pressed "Post Comment") was: "...please take the time to fill out our survey on self-hosting of 1Password." Sorry for the confusion. :)
0 -
Cool. Thanks for reposting—and for the really thorough (and fast!) responses on this. Did the survey!
0 -
@srbuwsnyc - :) :+1:
0 -
While I understand your business reasons for forcing everyone into the cloud. It is a bad idea.
Regardless of any claims how secure the could should be, there is no 100% security. I will never trust the cloud with my most private secrets or important passwords. Its just a bad, a very bad idea.
However I love the 1password apps. I have been using it for your years. But only locally stored on my encrypted Mac and locally synced with my iOS device over a very strong secured and guarded WLAN.
I'm worried about the new development. The new Safari integration in the latest iOS Update is not working with local faults anymore.
Please consider a "Pro" subscription for your apps. Only for the apps, not the cloud - a subscription which allows us user to keep our faults local. I would even pay double the price for such a "Pro" subscription. I have no problem paying for good software, but I have a big problem with being forced into the cloud service.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided0 -
As I’m one of several here complaining about the crippling of 1password on iOS today with 7.8, I’d like to propose a viable solution rather than continuing to complain non-productively.
What if you forked the old 1password app and re-put it into the Apple store and updated it to work with iOS 15 but kept all old features. Don’t need any new features.
You charge $5 or $10 or whatever it would reasonably cost to handle this. Estimate the programmer/developer-hours to launch this and divide by how many of us “crazy” anti-subscription holdouts who prefer offline vaults exist. Add some profit. $5 to $10 seems fair.
Then when iOS 16 comes out in a year, prevent new sales of this “Legacy 1.0” app from the store but allow everyone who purchased it to keep using it. If iOS 16 breaks the app, tough luck for us. We paid for the one guaranteed year. Launch Legacy 2.0 which is a new app that costs the same $5 to $10 and has no improvements or support past the one year.
If legacy 1.0 keeps working without bugs on ios16, which of course no one can know until next year. Then we don’t buy the legacy 2.0, and you don’t have to do anything but let us continue using the product we already paid for.
Eventually an iOS update will break one of these and you’ll launch legacy 3.0 or whatever and it will be a new app with a $5 to $10 charge.
Or spit in our faces, remove functionality we had yesterday and paid for already, and tell us you have zero interest in non-subscription models because it’s impossible to run a business without a subscription and all of us low-lives will move on, badmouthing you along the way, likely hurting some future subscription sales.
There is a way to do this without pressuring people into subscriptions and crippling features, including downgrading security by forcing people into cloud vaults. All done to manipulate people into subs.
And yes, yes, I know it’s “really hard” to crack an encrypted 1password vault even when (not if) hackers or state actors copy your cloud server of everyone’s encrypted vaults. Really hard <> impossible and what was unbreakable encryption a decade ago can be cracked with a pocket calculator in a few minutes today.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided0 -
The thing is I’m not even opposed to a subscription. However, I’m not interested in 1Password 8, so I’ll continue to use 7 with my local vault as long as I can. This means I’m without the extension on iOS and the highly useful Share Sheet extension I had two days ago.
I have an even simpler suggestion. Just publish 7.7.8 as is for legacy users. It worked fine on iOS 15 during beta. No updates, no dev hours. If it breaks in the future, fine.
AB has engendered a lot of ill-will among long-time users. Users who paid for upgrades and the “Pro” iOS app. Users who evangelized 1Password to their friends and family members.
I’ve worked in software development for 20 years, and if we did anything like this we’d have a lot of angry customers. Our customers had more leverage than I feel 1Password users have, unfortunately.
I’m sure there’s at least one dev or QA at AB who tried to advocate for us but did not succeed.
0 -
I'd be happy with 7.78 being made available again. Although I'd like a way to download it so I can use it in perpetuity. I'd love a new iPad but refuse to buy one since I too am not interested in 1Password 8, I require local standalone vaults, and the iPad is at least 30% less useful to me without the share sheet 1Password function. I'd want a way I can put it on a new iPad as well.
I have multiple accounts on various websites for work purposes and auto-fill can't cut it. I need to manually pick which one of a dozen different logins to use for the same website.
Is that a common use care for 1Password customers? Probably not. But it was working fine and could work fine again if the legacy app was made available with no additional dev hours.
0