When will 1P7 be EOL?
Hi folks,
Like some of the others here, I am saddened to see the departure of standalone licenses and local vaults. I've been with 1Password since version 4 and still enjoy using version 7 multiple times throughout my day. I'm quite tech savvy, so I filled out the self-hosting survey as this option is definitely of interest to me. At the end of the day, while I understand the data sent and stored to 1P's infrastructure is encrypted, it's still my data - and some of my most sensitive data (my credentials) at that. I prefer for that to remain in-house as much as possible. I know how I administer my systems. I don't outsource my systems administration and I keep tight control of my archives and backups. I don't feel that same level of integrity with the remote solution that's currently being forced with version 8.
All that said, I've got to plan for the future. If self-hosting is not going to be a thing, is it possible for us to know when 1Password 7 will be end of life for the Mac (and iOS)? Will I still be able to use the iOS app, with my local data, when 1Password 8 is finalized?
Thanks!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hi @JC_Denton,
Thanks for asking. The short version we simply don't have an answer on what future support for 1Password 7 will look like after 1Password 8 has been launched on all platforms. What I can provide as an example is after the launch of 1Password 7 for Mac, 1Password 6 for Mac received zero updates, security or otherwise. While past behavior doesn't define the future, it certainly can be helpful. As for using 1Password on iOS, 1Password 8 for iOS will be a separate app in the App Store from the currently available 1Password 7 app.
Additionally, we can't guarantee that functionality will continue to remain as expected as operating systems and browsers make updates. For example, if iCloud or Dropbox were to make a change that we haven't accounted for, syncing may not function as intended.
To touch on your concerns about the integrity of your data:
1Password always works from a local copy of your data. Data you enter is encrypted before it is saved into this local database. The database is stored on your computer, and syncs when you are online. This means you can access your data while you're offline (or in the event that we are offline).
The Secret Key - This is explained more fully in our security white paper, but the short explanation is that if someone were to guess or bruteforce your account password, that still wouldn't be enough to get your data. The Secret Key provides a serious safeguard against this, and the mathematical complexity that it puts in an attacker's path is essentially insurmountable with current attack methods and hardware. It makes it such that even if someone could steal everything from our servers, they wouldn't be able to access any secrets you've stored in 1Password. This key is not available to us, either, so even in the case of a malicious employee with the highest levels of access, your data is protected.
We put our trust in encryption rather than authentication. This is because, in short, "Encryption means that 1Password does not face the kinds of threats a largely authentication-based system would face, and we have used an authentication mechanism that defends against many of the threats faced by many other systems." You can read more about this, if you're interested, in our short guide here: https://support.1password.com/authentication-encryption/
We undergo security audits and pen tests, which you can find here: https://support.1password.com/security-assessments/
Jack
0 -
following this
0 -
Hi @jack.platten,
Thanks for the info!
I understand and appreciate the encryption aspect. I think this is fine for quite a few types of personal and sensitive data. My 1Password data is at a higher tier than those. It is often going to be the case that my 1P data enables access to those other data stores. It is the proverbial, "keys to the kingdom." For that reason alone, I prefer to keep the data on systems I fully control. It's unclear who has access to my data files that I elect to sync with 1Password's servers if I go with a subscription. Some 1Password employees, sure, but are there other vendors involved? Can you guarantee that my data is purged when I choose to purge it? If you're compelled to release my data, you'll likely have to do so (even if it is extremely unlikely)... Again, all these arguments favor keeping my credentials data locally. Yes, it's encrypted, and yes, it's unlikely to be broken anytime soon. It's just a level of comfort I have with where I keep my data stored. I'm sure quite a few others agree as well. I genuinely hope 1Password implements the self-hosted option. I'd be happy to pay for a subscription to maintain local control of my data.
0 -
It's just a level of comfort I have with where I keep my data stored.
We totally understand :+1: And thank you for filling in the self-hosting survey!
0
![[Deleted User]](https://wb.vanillicon.com/v2/bc7c7583a941b7c5c899d1245c9ac83e.svg)
