What is the future of local/standalone vaults?
Comments
-
ttesty, you seem to be on some mission to enforce the ongoing availability of standalone vaults. Don't waste your time with this, it's a business decision about the product that has been made and you have to adjust your relationship to the product accordingly.
In contrast, I myself chose 1Password explicitly because of the subscription and the integrated cloud that comes with it. And what 1Password has done with v8 is exactly what I would have wanted if asked. It's not that I wanted standalone vaults to vanish, it's just nothing I care about, because cloud sync is what I need, because it is far superior.
And more, I thought about not renewing my subscription after the 1st year and move on, after I learnt (too late) that the Windows version of 1Password 7 is not on par with its features with the Mac version. I detected (too late) 1Password is a Mac-first app, and as Windows user I didn't want an app from the 2nd tier with less features. Now, the new V8 is designed as cross-platform and everywhere the same, so this is what will make me stay.
0 -
I didn’t want to answer this discussion, but…
I myself chose 1Password explicitly because of the subscription and the integrated cloud that comes with it. And what 1Password has done with v8 is exactly what I would have wanted if asked. It's not that I wanted standalone vaults to vanish, it's just nothing I care about, because cloud sync is what I need, because it is far superior.
That’s exactly the same with me @Tertius3 . When I started with 1Password 7 I choose a subscription. That’s what I need. I liked 1Password 7 and now I get used to 1Password 8. I‘m a Windows user and don’t use a Mac. So everything is fine with me.
Yes, I don’t like what happens to many long time users who used a local vault. I never used one but it would be horrible when I did.
0 -
This content has been removed.
-
I'm still confused. As @m4rkw and others pointed out, there is the use case of cloud-less sync. This has been the default behavior in 1P for many years. I like offline vaults that sync via shared folders or WLAN. Will cloud-less sync still be available in 1P8? Do I have to upload all my vaults to the cloud in 1P8?
0 -
Thanks for your reply, @m4rkw. It confirms my bad feeling. It felt a bit fishy, when 1P7 prompted me to "trade in" my license in order to "get 50% off an individual 1Password membership for 3 years".
I get the business logic behind their decision. They have built a reputation with their offline apps. Now they are leveraging this reputation for their online services. More users, more subscriptions, higher prices, more revenue.
I have been a satisfied customer since 2009, because I could manage my vault offline. Even with 1000+ items everything works smoothly.
I'm shocked, that 1P8 is removing the one feature that I loved and trusted in 1Password for so many years. I do trust 1P with offline vaults. But I'm not there yet with vaults in the cloud.
0 -
Cloudless sync may become available again, but it may not. Take a look at the survey at https://survey.1password.com/self-host/
The thought is to allow syncingand database control through a local server, so the data doesn't get to the cloud.
0 -
Bootstrapping family accounts is still a PITA now that iCloud syncing has been removed.
0 -
I’m sure the account security gurus will chime in here but..
Your secret key does the heavy lifting in regards to account security and entropy. And you should always be able to remember your master password and use it regularly enough to remember it. I personally have mine set to have it re prompt me every 2 weeks. It should never be too long and complex that you can’t remember it.
I’m not entirely sure what you mean by bootstrapping. But sharing your families secret keys in a shared vault, with a couple of offline copies in a couple of different location, in the form of the provided emergency kit, is more than enough for them to never be locked out of their accounts. Unless of course they forget their master password, which shouldn’t happen. But then you could encourage them to physically write that down also if that’s a potential situation (forgotten, lost memory due to accident etc).
For me personally if I lost any iCloud device whilst away from home or my other devices it would be harder for me to access my iCloud account than it would to access my 1Password. Mainly because of 2FA on my iCloud account and the fact you need a trusted device (a device signed into your iCloud account or trusted phone number). iCloud doesn’t provide you the TOTP secret or a one time backup code.
Just my 2 cents so to speak.
0 -
Yeah, again, my immediate family is international. Having paper copies doesn't help unless I send them in the mail.
And I'm not worried about MY memory. I'm worried about my childrens’ memories as they only bother to do good password stuff because I pester them about it. Since I can't physically be there, having the credentials backed-up in iCloud (which is auto signed-in on their iDevices) made things really, really easy, and was also secure.
"Bootstrapping" refers to getting logged into a new device in the first place. Before, I had separate home-facing vs web-facing passwords, the latter of which was much stronger, and I didn't have to remember it because I could store it in my iCloud-synced vault. I set this up for my wife and kids, so that if something breaks and I need to support them, I could walk them through the process.
Now that 1P8 forces the same password for both 1P.com + other vaults (because there are no "other" vaults anymore), I've had to simplify my password to something I can reasonably remember and type. Which sucks.
0 -
Hi @rainden, I can confirm that there are some relevant changes in 1Password 8 - for example, the new generation of 1Password apps is synced using the 1Password.com service, and does not support standalone vaults (however this is different from supporting local vaults, as Roustem discusses above).
While we recognize that this model may not be for everyone, there are many advantages to handling things this way, both in terms of the value we can provide to customers, improved ability for our customer service teams to help when something goes wrong, features like item history, access control, family accounts, and more. There really were hard limits on the old approach, and we're trying to provide a secure solution that provides a good fit for everyone from developers to folks who are installing 1Password as the first app they've ever had. The new sync service makes that actually doable in a different way.
As @danco mentioned, we do have an open survey about whether a self-hosting option is something we should pursue, what the audience for that looks like, and what kind of approaches might be best if a self-hosting option does become available. And we'd be happy to have your feedback there!
If you're open to it, I'd be interested to hear what specifically about the new approach gives you pause. Just to let you know, we still don't have access to your items or the keys you use to decrypt them (we don't want this info, either), 1Password 8 still instantiates a local copy of your data on each device where you unlock, so you can access it offline, and we still don't share or sell your data to third parties.
Part of what 1Password subscriptions allow us to do is continue to build products (and better ones) that put your security and privacy first. I hope that folks can understand that what we're doing now is an outgrowth of the same mindset that garnered such good will over the decades, not a break from it. And we welcome your feedback - on usability, security concerns, you name it - to make the best product possible.
0 -
@PeterG_1P At least from my perspective, the biggest thing that gives me pause about the cloud-based subscription model as the only option is how using 1Password quickly becomes not just a nice tool, but a necessary tool for users. It's great for your business model and I mean that in the most complimentary way.
When I started using 1Password 10 years ago or so, I quickly realized how great it was and used it on everything. My personal 1Password vault has 1.6K+ unique logins now and I am grateful for the level of security that 1Password has afforded me in being able to do that without memorizing 1.6K unique logins. I happily paid for every new version that came out because I was excited about the new features, but more than that, I wanted to support 1Password financially because I wanted you guys to keep working on building and supporting the "better mousetrap".
What really endeared me to 1Password was the standalone vaults feature because it didn't try to hook users into ongoing payment plans. Instead, it seemed to operate on the idea that the users will want to keep paying AgileBits because the product was that great. It'd didn't force users into paying for a product just because it was too painful to quit it. But the best part about that setup was that 1Password also seemed to promise a semi-future-proof tool for paying users. I trusted and bought into the 1Password ecosystem because I knew that if the company or product went sour, I could at a bare minimum keep using my standalone vault in the last version of the app to access my thousands of passwords.
I've been burnt WAY too many times by companies going out of business or abandoning support for their products. Not just little companies either. Everything from Chumby to Sony to Goole to Apple, etc. It always sucks when it happens and I know there's no way anyone can guarantee that won't happen, but the worst of these situations is when it's a SAAS product that has become vital to my day-to-day life like 1Password is. When Chumby went belly up, my "smart clock" became a "dumb paperweight" because the cloud support went away. Chumby even dangled the idea of releasing a modified version of their code to allow you to host your own server too, but as you can imagine, it was a rushed idea that never really came to fruition as they were closing shop. I bought a Logitech Harmony smart remote two years ago and now I rue the day because they recently announced EOL for the product line. They promise they're going to keep the cloud support running, but clearly at some point costs of supporting the last X users will no longer make sense and they'll cut the cord too.
In the above scenarios, I lose the money in the hardware and that sucks. I need to buy a new clock or a new remote. I get upset/angry. But none of that will compare to the if/when 1Password decides to shift business models and no longer thinks password vaults are what they want to be doing. Or you guys get some crazy buyout, decide to live the comfortable life on a yacht somewhere in Bora Bora (good for you if that happens, truly!), and the new parent company decides to hike the subscription to $500/month because they know we're hooked (a la drug dealers or...cable companies). Who knows why it might happen, and it perhaps sounds far fetched and glass-half-empty for sure...but it may happen...and if that happens, and if all of my passwords are ONLY on the cloud SAAS, then my easy access to those 1.6K+ websites also effectively goes poof. Even if 1Password tells me there's a way to export my logins as a CSV or PDF, it neuters the users greatly because AgileBits sold them on the idea that we need a tool to manage the complexity passwords require and now we're being told there's no option to own the tool we now know we need.
It's really a somewhat unfortunate shift for users who thought they were buying a product rather than a service. Though I guess in some ways, as long as I can keep running 1P7 with a local vault, it's basically the exact scenario I worried about above. It's as if "1Password Standalone" went out of business, but because I was a previously paid licensee (several times over), I can download the legacy app and browser extensions, save them for safe keeping, and just continue in my stubborn ways. I guess the subscription-based users just won't ever be able to do the same thing going forward.
0 -
What gives me pause about the new approach, @PeterG_1P, are two issues:
Security. Too much sensitive data in one place makes 1P's servers a highly valuable target for identity theft. You may trust your encryption scheme, but things do go wrong. Local vaults provide a simple yet effective additional barrier. They are much harder to access and much less probable to be attacked than the one big central server with millions of users' data. Too many eggs in one basket. :-(
Feature bloat. Too many features make the product harder to use. You are describing features, that I simply don't need. 1P wouldn't be the first app that adds so many features, that it becomes a usability mess . I prefer simpler tools. Sometimes less is more. :-)
0 -
This content has been removed.