The future of local/standalone vaults

dtearedteare Agile Founder

Team Member
edited May 3 in Mac

With today’s 1Password 8 for Mac launch announcement, I thought it would be helpful to republish my mini-essay from this thread in our beta forums as it’s own post here.

The heart of the question was as follows:

I use both online and local vaults and have no problem paying a subscription for actively maintained, critical security software. I will not do so if local vaults will not be supported or maintained. One of the main differentiators between 1P and other pw mangers is this support for local vaults alongside online ones.

It was a great question and I couldn't help doing a deep dive to answer it. Here was my full answer.


🔐

Before jumping in I want to say thank you for your kind words, well wishes, and your willingness to pay for a subscription. That means a lot and I appreciate you taking the time to share your kindness. 🤗

Regarding local/standalone vaults, the TL;DR is:

  • The next generation of 1Password apps sync exclusively with 1Password.com (including .ca🇨🇦 and .eu🇪🇺)
  • You can easily migrate your existing data over to a 1Password Membership and trade in your license for a hefty discount
  • 1Password 7 will not be changing and can continue to be used with all currently available sync methods

That’s the short version of the story. The longer version of the story is much more interesting, explains how we came to this conclusion, and provides a potential alternative for local vaults that might suit your needs. Please read on as I think you’ll enjoy it.

As I mentioned in the other thread, I’m not known for my brevity and I’m a sucker for nostalgia so please forgive me for not being able to edit this down. 🙂

Let’s start at the beginning…

The history of standalone vaults

Before hosting our own service we had what we called standalone vaults. The first of these were introduced in 2008 using the Agile Keychain format. These allowed you to sync your data however you wanted, with the vast majority chose to use Dropbox at the time.

We also had the ability to sync to iPhone using WLAN Sync and later in 2012 the OPVault format was introduced along with support for iCloud.

Users could choose the sync method for each of their vaults in preferences:

1Password preferences window showing the sync options available for Standalone Vaults

This worked quite well for individual technical users living in a desktop-centric world, but as iPhones and Android devices started to become ubiquitous and people expected to be able to share information securely with their teams, businesses, and families, it became clear that we needed to create our own service so we could provide a better experience.

So we did. 1Password.com was launched to the world in 2015 and it provided so much more than just another way to sync your data. Here are just the highlights on what our new service made possible:

  • 🔐 More secure encryption data format and authentication process
  • 📱 Two-factor authentication (2FA)
  • 👨‍👨‍👧‍👦 Teams and families and businesses
  • 🤗 Securely share items
  • 🕓 Item history
  • 🧯 Automated data backups
  • 💫 Account recovery

Along with all these features 1Password.com also enabled a more intuitive setup across all your devices. None of this was possible with standalone vaults and generic file sync services. We had pushed standalone vaults to their limit and weren’t able to innovate any further without connecting to a server to perform the heavy lifting.

The overwhelming popularity of 1Password.com

When we released 1Password.com seven years ago we knew it was the better solution but we wanted to give our customers time to learn this for themselves. So when we released 1Password 7 in 2018 we provided the ability to subscribe to 1Password.com as well as the option to purchase a license to continue using Standalone Vaults.

1Password 7 upgrade screen presenting 1Password Memberships alongside standalone licenses

The overwhelming majority of people choose to subscribe to our new service (97% in fact) and many of those who initially purchased a license later changed their mind and traded it in for a membership.

Given the overwhelming popularity of 1Password memberships and how much more capable 1Password.com is than everything else, we decided to design our next generation of 1Password apps to focus exclusively on our new service.

We’re incredibly excited about our next generation of 1Password apps that we’re working on. They’re faster, look great, are equally powerful across every platform and as of today have officially launched on Mac, Windows, and Linux, with mobile being released later this year. 😍

To make this possible we completely rewrote all the underpinnings of 1Password in Rust, a systems language known for safety and performance. While we’re all thrilled about the memory-safety, thread-safety, and incredible performance that Rust provides, the part I love the most is we’re now able to provide an equally great experience everywhere.

As you can imagine, rewriting over a decade’s worth of features across 6 operating systems takes a monumental effort. It forced us to make tough decisions about which features we should carry forward and which features to leave behind to make room for new ones.

Standalone vaults is one of the features that needed to be left behind. As such 1Password 7 will be the last version of 1Password to support standalone vaults.

A hosted 1Password.com service is the best option for almost everybody…

For all future versions of our client apps, standalone vaults as they existed are gone and won’t be coming back. Our new apps were designed to have a tight integration with our service and this aspect of the design is not going to change.

From our experience over the last 15 years we know that using a 1Password.com account is the best approach for almost every situation. Our service greatly simplifies things across the board, from user experience to customer support to upgrades.

With that said, we know some of our super technical users like yourself prefer doing things themselves and perhaps there are more use cases for standalone vaults than we realize.

It would be great if we all could have our cake and eat it, too. To this end we have been toying with the idea of allowing you to host your own instance of our cloud service. It would be your own personal 1Password service that runs entirely on your machine or within your own cloud that you control.

The big question is how many of our friends need this feature and would they host this themselves if we made the option available?

The reality is we simply have no idea how many of you want this ability. To protect your privacy we have no in-app analytics so we simply don’t know how many people have configured things to keep their data locally within their network.

So we thought we’d ask. 😘

A question for you: would you like a self-hosted 1Password service?

If we made self-hosting of 1Password.com available, would you use it? And how would you prefer to do so? Before we invest in making a standalone 1Password service a reality we want to gauge demand for this feature. If this is something you need please take this survey to help use better understand your use case.

✍️ Take the 1Password Self-hosted Service Survey

All information you provide will be uploaded to an internal 1Password vault using our new Secrets Automation workflow. This vault will only be shared with a select set of 1Password employees for the sake of this research and will not be shared with any 3rd parties aside from sending email updates to those who opt-in for them.

We will be basing interest in this feature by how many people complete this survey. We’ll also use the survey results to determine what type of solution we should build, if any. Consider it a kickstarter. 🙂

If we hear enough demand to create this feature then we will look into how to fit this into our product road map. It would be longer-term plan this year’s schedule was full before the year even started, and we have some amazing plans already forming for 2023.

In the meantime, for those who need this feature, 1Password 7 was the best version of 1Password we ever had (it’s only second place to our amazing next generation of apps!) and it will continue to support all currently available sync methods. I ask for your patience during this time and I invite you to add your voice to the conversation in the comments below and by taking our survey.

Thank you for your time and thank you for supporting us all these years. Your constant support and encouragement means the world to us. ❤️🤗

Take care and stay safe out there. 🙏

++dave;
1Password Founder

Comments

  • aebleaeble
    Community Member

    Well, I will not move over to a service hosted by you. If you remove the local vaults, you've lost a customer.

  • agilebitsforumuseragilebitsforumuser
    Community Member

    Just saw this news. I will never pay for software as a service.

    You made a commitment during 1Password development to continue to offer local vaults.

    Why alienate your long time customer base? Will not be upgrading if this is not solved. My entire family has been using 1Password since the first version.

    Offer a standalone vault feature and you have our support day one. Have filled out the survey.

    PS - What happened to the amazing security posts by Jeffrey Goldberg?

  • PeterG_1PPeterG_1P

    Team Member

    Hi @aeble and @agilebitsforumuser, I'm sorry to hear this. I hope someday we can win you back! And thank you for filling out the survey as well.

    In the meantime, as Dave mentioned, you can of course continue to use 1Password 7, which is a robust, solid, and performant app - and we'll be here to answer questions or provide any support that might be needed.

    @agilebitsforumuser - The illustrious Goldberg is still sharing his Goldbergian wisdom! He just recently opined on FIDO and "the password problem" in our Reddit AMA. Hope you enjoy the read.

  • machalemachale
    Community Member

    For me, this is not about money or SaaS - I'm already a Family subscriber.

    My employer does not allow storage of company data on any system not owned and managed by the company. It doesn't matter if the data are encrypted, if only I hold the keys, etc. No company data on non-company systems. Period.

    I'd like to use a split model - 1Password.com for personal passwords and a local vault for work passwords. Even hosting my own 1Password server feels like overkill, though I guess that would be better than nothing (if managing it is easy). Without a split model, I'm forced to manage passwords in two different tools (since I have no desire to move my Family off 1Password).

    P.S. I'm confident my employer will never, ever, set up a corporate deal with 1Password (we have a serious not invented here syndrome). I'm on my own to manage my passwords.

  • abdelabdel
    Community Member

    Its so sad to hear that you don't want continue supporting local/standalone vaults anymore. I was using 1Password since, i don't know, v 2.x? Upgrading from version to version. Now I'm paying 1password Family. I was hoping, that you'll continue your great work. But by telling us discontinuing one of the key features, why should I continue paying? Like @machale its necessary for business related stuff to be able to stay local. And even private, I'd like to choose my own method not to be forced to use one dedicated server for that.
    Selfhosting your own instance is nice, but it should be an additional option. Not replacing local/standalone vaults.

    maybe i should consider to move to a different solution. Its so sad after so many years...

  • QuestulentQuestulent
    Community Member

    It's been almost a year since Dave first published this. I would love to know what the results were of the survey, and if you are planning to offer a self-hosted option?

  • dtearedteare Agile Founder

    Team Member

    Hello @Questulent, 👋 you're right, I first wrote about this on June 19th, so I'm one month out from the one year anniversary. I had hoped I would have had a chance to sit down and write a detailed summary of the survey results by now but I've been spread too thin to find the time. I do read the survey results as they come in (my 1Password items are sorted by Date Modified so I see them as they get created) and I can say that this was a lot less popular than I was expecting it to be. We currently stand at 3,834 respondents, and a large portion of those made it clear they were a lot more concerned about subscription models than they are about anything else. I'd like to put more numbers to these though and am looking forward to using the 1Password CLI to work with the data. I'd love to create (and share) an anonymized word cloud as well as I think that will give a nice way to visualize the data quickly.

    @machale: I hear you and it definitely sounds like your current employer will be a tough sell on using 1Password. Still, I'd love to put your CTO and IT team in contact with our business support team so we could try. 1Password for Business has many customers who may surprise you as they've typically wanted to do everything in house. We don't share any clients that don't willfully share the news themselves so I can't share the more surprising ones I have in mind, but IBM has been quite public about rolling out 1Password for their entire company. When I worked at IBM back in the 90s and early naughts I can't remember using any external tools. Now the new IBM embraces them. Anyway, I'll save you the sales pitch but if we're successful we'd be able to wrap two gifts with one bow as 1Password Business comes with free family accounts for everyone. 🤘

    @abdel: Thanks for joining in on the discussion. And thank you for supporting us all these years. 🤗 It's hard to believe by 1Passwd 2 was first released over 15 and a half years ago, way back in November, 2006. It's been a fun ride ever since. As I was saying to @machale above, I'd love to put your CTO and/or IT team in contact with our business team as we very well might be able to wrap two gifts with one bow by getting you on the 1Password Business plan. Regarding standalone vaults, by the sounds of things you were using iCloud and/or Dropbox for your syncing and not WLAN Sync, is that correct? I tried to explain in my post that managing that many sync systems was incredibly difficult and we created a much-improved system with the introduction of 1Password.com. If my guess is right it sounds like you were already syncing data to the cloud so I'm hopeful we'll be able to convince your company that our cloud is even more secure. Because it is. If everything was 100% local (i.e. using WLAN Sync) then it'll be a tougher sell. But one we'd like the chance to try.

    In any event, please do fill out the survey so we can better gauge demand and understand the requirements.

    Take care, and stay safe out there. 🙏

    ++dave;
    1Password Founder

  • QuestulentQuestulent
    Community Member

    Thanks, @dteare - Look forward to seeing the data, tho I'm disappointed more people are concerned with subscription than self-hosted - opposite for me.

  • ronreadronread
    Community Member

    Regarding this, especially the need to keep some PWs local due to policy, etc. Are there any technical problems with running 1PW 7 AND 8 simultaneously? 8 for most things, 7 for a non-synced, local vault?

    Or how about making a per-vault option of simply turning off syncing?

  • bestlembestlem
    Community Member

    It is a fundamental piece of business that compaines go out of business so the process has to continue when that happens - which is why you need to have things not depending on 1password infra.

    The other issue as mentioned above is that for many businesses you can't store business information on sites outside your control.

    So the need for local vaults is a major business requirement for many.

  • stodanstodan
    Community Member
    edited May 25

    Or how about making a per-vault option of simply turning off syncing?

    I would like to know the answer to that as well.

    I understand why you would want to simplify syncing in your codebases, but as you already stated, vaults are local in the sense that they work offline. I don't see why you could not do this to address concerns of at least some of the users.

    We already have to trust you about your whole development and build chain, why do you also require us to trust that everything will always go fine with your servers.

    If you used different domains for syncing, I would even be able to block network traffic and have this feature already.

  • Pariah_ZeroPariah_Zero
    Community Member
    edited June 2

    Are there any technical problems with running 1PW 7 AND 8 simultaneously? 8 for most things, 7 for a non-synced, local vault?

    I'll say this: there's a very human problem, two of the same icon. It gets frustrating, even when you know which one is 7 and which is 8.

    More importantly: If there's a critical vulnerability in a library used by 1Password7... is it going to be fixed? 🤷‍♂️

    @dteare: Having a critical feature (for me) dropped, followed by the suggestion that is an attempt to wedge in a business license doesn't feel helpful. There is only one outcome of such a conversation to license 1Password Business: security would come to my desk, and I would be escorted outside with termination papers, and likely be served a lawsuit for violating an NDA.

    I love 1Password, and I've subscribed to the Family plan about as long as it's been offered... it's disheartening that the only response I've ever seen to requests for local vaults so I can comply with mandatory (audited) company policy is effectively asking me to get myself fired - or worse.

  • JAC3467JAC3467
    Community Member

    I too am dismayed by the elimination of a local vault option, and have no problem with the software-as-a-service model and currently subscribe to a family plan. I've been a 1Password user since version 2, I think it was.

    I've never used any of the sync options but for those I can locally control. The issue is pretty simple: Do I want my password data, some of the most important data I have, out there in the cloud? Answer - no. But let me add a bit more. I differentiate my password importance. That is, most of the passwords I have, if hacked, would cause minimum or very little damage. They simply are not that important. Then there are others: bank account passwords; credit cards, health care accounts, and retirement savings and investment accounts. These are the top level of accounts requiring the most security: complicated user names and passwords; 2FA; password-like answers to security questions. In short, all that CAN be done IS done, as the damage from a breach could be considerable.

    I do NOT want these account credentials under anything but local control.

    Over time I've migrated various account credentials onto 1Password's cloud as a means to share them with family members. This is convenient and as mentioned, a compromise is only of minimal concern. The others however, I have no intention of ever moving to any cloud infrastructure.

    There are two basic reasons for this. The first is, simply stated, hacks occur. Yes, the probability is low, and 1Password has done pretty much everything possible to prevent such a thing, but it can happen. I would think the 1Password cloud is a desirable if not difficult target.

    The second is forward looking. If my 1Password vault were "stolen" by a hacker, it's unlikely (most) anyone could get into it with today's technologies. With the current encryption level and presumably a very strong vault password, getting to the data is really not feasible. OK, what about 2 years from now? Or five? Can you anticipate and protect from the computing capabilities that WILL exist in the future? I'm not sure how anyone can do such a thing? Sure, you can make some guesses - which I assume you are - and if you're not, you should be. But who has that perfect crystal ball?

    I suppose a (the?) solution is simple enough: for critical accounts, regularly change the password. True enough. By my concern still stands. Clearly, all account credentials are not the same. And for those most important credentials, and as mentioned by others, local-control as an employer requirement, some kind of local-only vault option seems appropriate.

  • Pariah_ZeroPariah_Zero
    Community Member

    Can you anticipate and protect from the computing capabilities that WILL exist in the future? I'm not sure how anyone can do such a thing? Sure, you can make some guesses - which I assume you are - and if you're not, you should be. But who has that perfect crystal ball?

    There are a couple of things to unpack here:

    1. 1Password's vault design is published; secrets are encrypted using AES-256, and they have zero knowledge of the key.
    2. Quantum computing (and Shor's Algorithm) is only effective against certain asymmetric ciphers. RSA, DSA, and current Elliptic Curve ciphers are among them.
    3. Quantum computing is, at best, able to crack symmetric ciphers like AES-256 twice as fast as traditional computers.
      1. That would make AES-256 roughly equivalent to AES-128 right now. One reason AES-256 exists is precisely because of anticipated quantum computing. AES-256 will almost certainly never be cracked, quantum or otherwise.
      2. Even a quantum computer isn't going to be able to break your passwords in 1Password, as they're already encrypted in a quantum resistant cipher.
    4. For the public key encryption parts that 1Password uses (the obvious attack vector), there is an upgrade path to whatever the future demands.
    5. A public competition for post quantum encryption standardization, with several excellent candidates is nearing completion.

    Quantum computing is absolutely worth researching. However, it's important to remind ourselves the difference between the idealized theory and practicable reality:

    It's one thing to imagine a system (with no outside interference) where you have thousands of qubits in perfect quantum states infinitely close to absolute zero.

    We can imagine it, we can design it, but unobtanium is hard to come by, and it's even harder to manufacture with. A quantum computer that can break encryption may never be possible to build.

  • yosemite4yosemite4
    Community Member

    I've used your standalone product for over a decade. That was when I could get a call from a human being in support. I love the product but have spent the past three months trying to get help for a new account. I can't get my passwords transferred to the online version without having to hand enter them. And as far as I can tell, will have to login to the 1password website every time I want to use a password because my old OS and Windows don't read 1password 8. That's not going to work.

  • cuttstjrccuttstjrc
    Community Member

    Well, my employer just removed 1Password from its list of acceptable password managers because of this change. It's a real shame, and I'm pretty stuck on what to do now.

    All it requires to solve the problem is a single per-vault checkbox "do not sync this vault to the cloud" and allow that to be set by a Mac policy so that a company can enforce it through JAMF or whatever. That's hardly complex, and I cannot see how it would cause you support issues, or major development headaches.

    I suspect the real underlying reason for the change here is to force people to the [much more profitable] SaaS model.

  • Pariah_ZeroPariah_Zero
    Community Member

    I suspect the real underlying reason for the change here is to force people to the [much more profitable] SaaS model.

    There are plenty of other subscription software offerings out there that don't require a cloud component. I'm fine with paying for my personal subscription, as long as I have the functionality I need.

    The problem is that respecting my employer's boundaries is a pretty important function that 1Password is dropping.

  • MacUsr007MacUsr007
    Community Member
    edited June 24

    ok let's make it clear. I am a paying family customer for years i use BOTH local and cloud vault. I don't care about fancy new version 8 or 10 or wherever you are going . we talk security and life threat because the importance of password today. I pay a service and this service works great nothing to change.
    Just do what your we paid for and maintain the version 7 upto date and secure. It works it does its job end of the story. if you think some new fancy version will give you long term customer your are allready dead. in the end people that are not techies allways ask techies for advice you loose us you loose your business in the long term... so please maintain 7 uptodate and secure and spend your money pocket developing wathever new version you want if you need a hobby but be carefull of the consequence if you loose us ... you think maybe your are apple but you are not ...

  • d_stoned_stone
    Community Member

    The overwhelming majority of people choose to subscribe to our new service (97% in fact) and many of those who initially purchased a license later changed their mind and traded it in for a membership.

    The standalone licenses were hard to find in the last years – I had already requested this here. :( I think that this point is also responsible for the „overwhelming acceptance“.

    It would be nice and really honest if you openly said that it is your strategy. It is also okay to pay a regular fee.

    1Password 7 will not be changing and can continue to be used with all currently available sync methods

    But probably not forever, right? - Sorry please, here I would unfortunately be disappointed as with the licenses.

    I've been using 1Password since 2014 and found it amazingly good. I currently have about 350 items stored in the vault with confidence. The functions up to version 7 were completely sufficient. So the local vaults with the WLAN function were unique on the market and the reason (certainly of many users) to use 1Password.

    Unfortunately, the local vaults, WLAN sync and some settings of the app have been lost in version 8.

    a selfhosted version sounds very exciting.

    fyi @dteare

  • bbeyerbbeyer
    Community Member

    Well my (very large) company wont allow us to use version 8 due to it not having local vaults, so you are about to lose thousands of customers. Which means many will also switch their personal accounts as well so they can use the same tool at home and work.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file