The future of local/standalone vaults
With today’s 1Password 8 for Mac launch announcement, I thought it would be helpful to republish my mini-essay from this thread in our beta forums as it’s own post here.
The heart of the question was as follows:
I use both online and local vaults and have no problem paying a subscription for actively maintained, critical security software. I will not do so if local vaults will not be supported or maintained. One of the main differentiators between 1P and other pw mangers is this support for local vaults alongside online ones.
It was a great question and I couldn't help doing a deep dive to answer it. Here was my full answer.
🔐
Before jumping in I want to say thank you for your kind words, well wishes, and your willingness to pay for a subscription. That means a lot and I appreciate you taking the time to share your kindness. 🤗
Regarding local/standalone vaults, the TL;DR is:
- The next generation of 1Password apps sync exclusively with 1Password.com (including .ca🇨🇦 and .eu🇪🇺)
- You can easily migrate your existing data over to a 1Password Membership and trade in your license for a hefty discount
- 1Password 7 will not be changing and can continue to be used with all currently available sync methods
That’s the short version of the story. The longer version of the story is much more interesting, explains how we came to this conclusion, and provides a potential alternative for local vaults that might suit your needs. Please read on as I think you’ll enjoy it.
As I mentioned in the other thread, I’m not known for my brevity and I’m a sucker for nostalgia so please forgive me for not being able to edit this down. 🙂
Let’s start at the beginning…
The history of standalone vaults
Before hosting our own service we had what we called standalone vaults. The first of these were introduced in 2008 using the Agile Keychain format. These allowed you to sync your data however you wanted, with the vast majority chose to use Dropbox at the time.
We also had the ability to sync to iPhone using WLAN Sync and later in 2012 the OPVault format was introduced along with support for iCloud.
Users could choose the sync method for each of their vaults in preferences:
This worked quite well for individual technical users living in a desktop-centric world, but as iPhones and Android devices started to become ubiquitous and people expected to be able to share information securely with their teams, businesses, and families, it became clear that we needed to create our own service so we could provide a better experience.
So we did. 1Password.com was launched to the world in 2015 and it provided so much more than just another way to sync your data. Here are just the highlights on what our new service made possible:
- 🔐 More secure encryption data format and authentication process
- 📱 Two-factor authentication (2FA)
- 👨👨👧👦 Teams and families and businesses
- 🤗 Securely share items
- 🕓 Item history
- 🧯 Automated data backups
- 💫 Account recovery
Along with all these features 1Password.com also enabled a more intuitive setup across all your devices. None of this was possible with standalone vaults and generic file sync services. We had pushed standalone vaults to their limit and weren’t able to innovate any further without connecting to a server to perform the heavy lifting.
The overwhelming popularity of 1Password.com
When we released 1Password.com seven years ago we knew it was the better solution but we wanted to give our customers time to learn this for themselves. So when we released 1Password 7 in 2018 we provided the ability to subscribe to 1Password.com as well as the option to purchase a license to continue using Standalone Vaults.
The overwhelming majority of people choose to subscribe to our new service (97% in fact) and many of those who initially purchased a license later changed their mind and traded it in for a membership.
Given the overwhelming popularity of 1Password memberships and how much more capable 1Password.com is than everything else, we decided to design our next generation of 1Password apps to focus exclusively on our new service.
We’re incredibly excited about our next generation of 1Password apps that we’re working on. They’re faster, look great, are equally powerful across every platform and as of today have officially launched on Mac, Windows, and Linux, with mobile being released later this year. 😍
To make this possible we completely rewrote all the underpinnings of 1Password in Rust, a systems language known for safety and performance. While we’re all thrilled about the memory-safety, thread-safety, and incredible performance that Rust provides, the part I love the most is we’re now able to provide an equally great experience everywhere.
As you can imagine, rewriting over a decade’s worth of features across 6 operating systems takes a monumental effort. It forced us to make tough decisions about which features we should carry forward and which features to leave behind to make room for new ones.
Standalone vaults is one of the features that needed to be left behind. As such 1Password 7 will be the last version of 1Password to support standalone vaults.
A hosted 1Password.com service is the best option for almost everybody…
For all future versions of our client apps, standalone vaults as they existed are gone and won’t be coming back. Our new apps were designed to have a tight integration with our service and this aspect of the design is not going to change.
From our experience over the last 15 years we know that using a 1Password.com account is the best approach for almost every situation. Our service greatly simplifies things across the board, from user experience to customer support to upgrades.
With that said, we know some of our super technical users like yourself prefer doing things themselves and perhaps there are more use cases for standalone vaults than we realize.
It would be great if we all could have our cake and eat it, too. To this end we have been toying with the idea of allowing you to host your own instance of our cloud service. It would be your own personal 1Password service that runs entirely on your machine or within your own cloud that you control.
The big question is how many of our friends need this feature and would they host this themselves if we made the option available?
The reality is we simply have no idea how many of you want this ability. To protect your privacy we have no in-app analytics so we simply don’t know how many people have configured things to keep their data locally within their network.
So we thought we’d ask. 😘
A question for you: would you like a self-hosted 1Password service?
If we made self-hosting of 1Password.com available, would you use it? And how would you prefer to do so? Before we invest in making a standalone 1Password service a reality we want to gauge demand for this feature. If this is something you need please take this survey to help use better understand your use case.
✍️ Take the 1Password Self-hosted Service Survey
All information you provide will be uploaded to an internal 1Password vault using our new Secrets Automation workflow. This vault will only be shared with a select set of 1Password employees for the sake of this research and will not be shared with any 3rd parties aside from sending email updates to those who opt-in for them.
We will be basing interest in this feature by how many people complete this survey. We’ll also use the survey results to determine what type of solution we should build, if any. Consider it a kickstarter. 🙂
If we hear enough demand to create this feature then we will look into how to fit this into our product road map. It would be longer-term plan this year’s schedule was full before the year even started, and we have some amazing plans already forming for 2023.
In the meantime, for those who need this feature, 1Password 7 was the best version of 1Password we ever had (it’s only second place to our amazing next generation of apps!) and it will continue to support all currently available sync methods. I ask for your patience during this time and I invite you to add your voice to the conversation in the comments below and by taking our survey.
Thank you for your time and thank you for supporting us all these years. Your constant support and encouragement means the world to us. ❤️🤗
Take care and stay safe out there. 🙏
++dave;
1Password Founder
Comments
-
Well, I will not move over to a service hosted by you. If you remove the local vaults, you've lost a customer.
0 -
Just saw this news. I will never pay for software as a service.
You made a commitment during 1Password development to continue to offer local vaults.
Why alienate your long time customer base? Will not be upgrading if this is not solved. My entire family has been using 1Password since the first version.
Offer a standalone vault feature and you have our support day one. Have filled out the survey.
PS - What happened to the amazing security posts by Jeffrey Goldberg?
0 -
Hi @aeble and @agilebitsforumuser, I'm sorry to hear this. I hope someday we can win you back! And thank you for filling out the survey as well.
In the meantime, as Dave mentioned, you can of course continue to use 1Password 7, which is a robust, solid, and performant app - and we'll be here to answer questions or provide any support that might be needed.
@agilebitsforumuser - The illustrious Goldberg is still sharing his Goldbergian wisdom! He just recently opined on FIDO and "the password problem" in our Reddit AMA. Hope you enjoy the read.
0 -
For me, this is not about money or SaaS - I'm already a Family subscriber.
My employer does not allow storage of company data on any system not owned and managed by the company. It doesn't matter if the data are encrypted, if only I hold the keys, etc. No company data on non-company systems. Period.
I'd like to use a split model - 1Password.com for personal passwords and a local vault for work passwords. Even hosting my own 1Password server feels like overkill, though I guess that would be better than nothing (if managing it is easy). Without a split model, I'm forced to manage passwords in two different tools (since I have no desire to move my Family off 1Password).
P.S. I'm confident my employer will never, ever, set up a corporate deal with 1Password (we have a serious not invented here syndrome). I'm on my own to manage my passwords.
0 -
Its so sad to hear that you don't want continue supporting local/standalone vaults anymore. I was using 1Password since, i don't know, v 2.x? Upgrading from version to version. Now I'm paying 1password Family. I was hoping, that you'll continue your great work. But by telling us discontinuing one of the key features, why should I continue paying? Like @machale its necessary for business related stuff to be able to stay local. And even private, I'd like to choose my own method not to be forced to use one dedicated server for that.
Selfhosting your own instance is nice, but it should be an additional option. Not replacing local/standalone vaults.maybe i should consider to move to a different solution. Its so sad after so many years...
0 -
It's been almost a year since Dave first published this. I would love to know what the results were of the survey, and if you are planning to offer a self-hosted option?
0 -
Hello @Questulent, 👋 you're right, I first wrote about this on June 19th, so I'm one month out from the one year anniversary. I had hoped I would have had a chance to sit down and write a detailed summary of the survey results by now but I've been spread too thin to find the time. I do read the survey results as they come in (my 1Password items are sorted by Date Modified so I see them as they get created) and I can say that this was a lot less popular than I was expecting it to be. We currently stand at 3,834 respondents, and a large portion of those made it clear they were a lot more concerned about subscription models than they are about anything else. I'd like to put more numbers to these though and am looking forward to using the 1Password CLI to work with the data. I'd love to create (and share) an anonymized word cloud as well as I think that will give a nice way to visualize the data quickly.
@machale: I hear you and it definitely sounds like your current employer will be a tough sell on using 1Password. Still, I'd love to put your CTO and IT team in contact with our business support team so we could try. 1Password for Business has many customers who may surprise you as they've typically wanted to do everything in house. We don't share any clients that don't willfully share the news themselves so I can't share the more surprising ones I have in mind, but IBM has been quite public about rolling out 1Password for their entire company. When I worked at IBM back in the 90s and early naughts I can't remember using any external tools. Now the new IBM embraces them. Anyway, I'll save you the sales pitch but if we're successful we'd be able to wrap two gifts with one bow as 1Password Business comes with free family accounts for everyone. 🤘
@abdel: Thanks for joining in on the discussion. And thank you for supporting us all these years. 🤗 It's hard to believe by 1Passwd 2 was first released over 15 and a half years ago, way back in November, 2006. It's been a fun ride ever since. As I was saying to @machale above, I'd love to put your CTO and/or IT team in contact with our business team as we very well might be able to wrap two gifts with one bow by getting you on the 1Password Business plan. Regarding standalone vaults, by the sounds of things you were using iCloud and/or Dropbox for your syncing and not WLAN Sync, is that correct? I tried to explain in my post that managing that many sync systems was incredibly difficult and we created a much-improved system with the introduction of 1Password.com. If my guess is right it sounds like you were already syncing data to the cloud so I'm hopeful we'll be able to convince your company that our cloud is even more secure. Because it is. If everything was 100% local (i.e. using WLAN Sync) then it'll be a tougher sell. But one we'd like the chance to try.
In any event, please do fill out the survey so we can better gauge demand and understand the requirements.
Take care, and stay safe out there. 🙏
++dave;
1Password Founder0 -
Thanks, @dteare - Look forward to seeing the data, tho I'm disappointed more people are concerned with subscription than self-hosted - opposite for me.
0 -
Regarding this, especially the need to keep some PWs local due to policy, etc. Are there any technical problems with running 1PW 7 AND 8 simultaneously? 8 for most things, 7 for a non-synced, local vault?
Or how about making a per-vault option of simply turning off syncing?
0 -
It is a fundamental piece of business that compaines go out of business so the process has to continue when that happens - which is why you need to have things not depending on 1password infra.
The other issue as mentioned above is that for many businesses you can't store business information on sites outside your control.
So the need for local vaults is a major business requirement for many.
0 -
Or how about making a per-vault option of simply turning off syncing?
I would like to know the answer to that as well.
I understand why you would want to simplify syncing in your codebases, but as you already stated, vaults are local in the sense that they work offline. I don't see why you could not do this to address concerns of at least some of the users.
We already have to trust you about your whole development and build chain, why do you also require us to trust that everything will always go fine with your servers.
If you used different domains for syncing, I would even be able to block network traffic and have this feature already.
0 -
Are there any technical problems with running 1PW 7 AND 8 simultaneously? 8 for most things, 7 for a non-synced, local vault?
I'll say this: there's a very human problem, two of the same icon. It gets frustrating, even when you know which one is 7 and which is 8.
More importantly: If there's a critical vulnerability in a library used by 1Password7... is it going to be fixed? 🤷♂️
@dteare: Having a critical feature (for me) dropped, followed by the suggestion that is an attempt to wedge in a business license doesn't feel helpful. There is only one outcome of such a conversation to license 1Password Business: security would come to my desk, and I would be escorted outside with termination papers, and likely be served a lawsuit for violating an NDA.
I love 1Password, and I've subscribed to the Family plan about as long as it's been offered... it's disheartening that the only response I've ever seen to requests for local vaults so I can comply with mandatory (audited) company policy is effectively asking me to get myself fired - or worse.
0 -
I too am dismayed by the elimination of a local vault option, and have no problem with the software-as-a-service model and currently subscribe to a family plan. I've been a 1Password user since version 2, I think it was.
I've never used any of the sync options but for those I can locally control. The issue is pretty simple: Do I want my password data, some of the most important data I have, out there in the cloud? Answer - no. But let me add a bit more. I differentiate my password importance. That is, most of the passwords I have, if hacked, would cause minimum or very little damage. They simply are not that important. Then there are others: bank account passwords; credit cards, health care accounts, and retirement savings and investment accounts. These are the top level of accounts requiring the most security: complicated user names and passwords; 2FA; password-like answers to security questions. In short, all that CAN be done IS done, as the damage from a breach could be considerable.
I do NOT want these account credentials under anything but local control.
Over time I've migrated various account credentials onto 1Password's cloud as a means to share them with family members. This is convenient and as mentioned, a compromise is only of minimal concern. The others however, I have no intention of ever moving to any cloud infrastructure.
There are two basic reasons for this. The first is, simply stated, hacks occur. Yes, the probability is low, and 1Password has done pretty much everything possible to prevent such a thing, but it can happen. I would think the 1Password cloud is a desirable if not difficult target.
The second is forward looking. If my 1Password vault were "stolen" by a hacker, it's unlikely (most) anyone could get into it with today's technologies. With the current encryption level and presumably a very strong vault password, getting to the data is really not feasible. OK, what about 2 years from now? Or five? Can you anticipate and protect from the computing capabilities that WILL exist in the future? I'm not sure how anyone can do such a thing? Sure, you can make some guesses - which I assume you are - and if you're not, you should be. But who has that perfect crystal ball?
I suppose a (the?) solution is simple enough: for critical accounts, regularly change the password. True enough. By my concern still stands. Clearly, all account credentials are not the same. And for those most important credentials, and as mentioned by others, local-control as an employer requirement, some kind of local-only vault option seems appropriate.
0 -
Can you anticipate and protect from the computing capabilities that WILL exist in the future? I'm not sure how anyone can do such a thing? Sure, you can make some guesses - which I assume you are - and if you're not, you should be. But who has that perfect crystal ball?
There are a couple of things to unpack here:
- 1Password's vault design is published; secrets are encrypted using AES-256, and they have zero knowledge of the key.
- Quantum computing (and Shor's Algorithm) is only effective against certain asymmetric ciphers. RSA, DSA, and current Elliptic Curve ciphers are among them.
- Quantum computing is, at best, able to crack symmetric ciphers like AES-256 twice as fast as traditional computers.
- That would make AES-256 roughly equivalent to AES-128 right now. One reason AES-256 exists is precisely because of anticipated quantum computing. AES-256 will almost certainly never be cracked, quantum or otherwise.
- Even a quantum computer isn't going to be able to break your passwords in 1Password, as they're already encrypted in a quantum resistant cipher.
- For the public key encryption parts that 1Password uses (the obvious attack vector), there is an upgrade path to whatever the future demands.
- A public competition for post quantum encryption standardization, with several excellent candidates is nearing completion.
Quantum computing is absolutely worth researching. However, it's important to remind ourselves the difference between the idealized theory and practicable reality:
It's one thing to imagine a system (with no outside interference) where you have thousands of qubits in perfect quantum states infinitely close to absolute zero.
We can imagine it, we can design it, but unobtanium is hard to come by, and it's even harder to manufacture with. A quantum computer that can break encryption may never be possible to build.
0 -
I've used your standalone product for over a decade. That was when I could get a call from a human being in support. I love the product but have spent the past three months trying to get help for a new account. I can't get my passwords transferred to the online version without having to hand enter them. And as far as I can tell, will have to login to the 1password website every time I want to use a password because my old OS and Windows don't read 1password 8. That's not going to work.
0 -
Well, my employer just removed 1Password from its list of acceptable password managers because of this change. It's a real shame, and I'm pretty stuck on what to do now.
All it requires to solve the problem is a single per-vault checkbox "do not sync this vault to the cloud" and allow that to be set by a Mac policy so that a company can enforce it through JAMF or whatever. That's hardly complex, and I cannot see how it would cause you support issues, or major development headaches.
I suspect the real underlying reason for the change here is to force people to the [much more profitable] SaaS model.
0 -
I suspect the real underlying reason for the change here is to force people to the [much more profitable] SaaS model.
There are plenty of other subscription software offerings out there that don't require a cloud component. I'm fine with paying for my personal subscription, as long as I have the functionality I need.
The problem is that respecting my employer's boundaries is a pretty important function that 1Password is dropping.
0 -
ok let's make it clear. I am a paying family customer for years i use BOTH local and cloud vault. I don't care about fancy new version 8 or 10 or wherever you are going . we talk security and life threat because the importance of password today. I pay a service and this service works great nothing to change.
Just do what your we paid for and maintain the version 7 upto date and secure. It works it does its job end of the story. if you think some new fancy version will give you long term customer your are allready dead. in the end people that are not techies allways ask techies for advice you loose us you loose your business in the long term... so please maintain 7 uptodate and secure and spend your money pocket developing wathever new version you want if you need a hobby but be carefull of the consequence if you loose us ... you think maybe your are apple but you are not ...0 -
The overwhelming majority of people choose to subscribe to our new service (97% in fact) and many of those who initially purchased a license later changed their mind and traded it in for a membership.
The standalone licenses were hard to find in the last years – I had already requested this here. :( I think that this point is also responsible for the „overwhelming acceptance“.
It would be nice and really honest if you openly said that it is your strategy. It is also okay to pay a regular fee.
1Password 7 will not be changing and can continue to be used with all currently available sync methods
But probably not forever, right? - Sorry please, here I would unfortunately be disappointed as with the licenses.
I've been using 1Password since 2014 and found it amazingly good. I currently have about 350 items stored in the vault with confidence. The functions up to version 7 were completely sufficient. So the local vaults with the WLAN function were unique on the market and the reason (certainly of many users) to use 1Password.
Unfortunately, the local vaults, WLAN sync and some settings of the app have been lost in version 8.
a selfhosted version sounds very exciting.
fyi @dteare
0 -
Well my (very large) company wont allow us to use version 8 due to it not having local vaults, so you are about to lose thousands of customers. Which means many will also switch their personal accounts as well so they can use the same tool at home and work.
0 -
A comment I feel compelled to leave here, for all you talking about business use, if such a business works with the 1Password team, they can set up a secure server for that business. My understanding is that server would be owned and controlled by that business, not 1Password. Anyone feel free to correct me if I'm wrong, but that's my understanding. Just wanted to make that clear. The self-hosted 1Password server option is just an idea to make this option available to everyone, whether for business or not.
I, for one, refuse to have some of my data stored in any cloud, so the self-hosted version is critical for me, and I will not be upgrading to 1Password 8 unless and until this is available, or unless standalone local vaults were made possible again. A more in-depth review of my current setup, and how I use 1Password is in this thread: https://1password.community/discussion/comment/642140
After some of the arguments made in that thread, I have seriously been considering migrating data from 1Password vaults in Dropbox to 1Password cloud, but I still will not ever migrate data from my local standalone vaults to 1Password cloud. I have quite a bit of data which I refuse to have stored in any cloud.
To @dteare: it's important to keep in mind that not all people who care about this will have responded to your survey. I would guesstimate that probably for every 1 person who responded, there is at least 2-4 people who care but who have not responded, for various reasons. Some of these people will have simply stopped using 1Password without commenting here, others will have simply kept using 1Password 7(again, without commenting or reading here), still others may be blissfully unaware of the issue while they continue to use 1Password 7, and still others may have simply not found this particular thread and its survey.
I, for one, was not aware of the issue until I recently did a clean install on a new hard drive in my Mac, and went to reinstall 1Password, only to find this 1Password 8, without the option for standalone vaults(I've reealllllyyy been slacking in keeping up with news). I immediately went back to 1Password 7. I will continue using 1Password 7 until I have a personal option to keep my most sensitive data out of the cloud.0 -
A comment I feel compelled to leave here, for all you talking about business use, if such a business works with the 1Password team, they can set up a secure server for that business. My understanding is that server would be owned and controlled by that business, not 1Password. Anyone feel free to correct me if I'm wrong, but that's my understanding. Just wanted to make that clear. The self-hosted 1Password server option is just an idea to make this option available to everyone, whether for business or not.
To clarify: this is not something that is currently available.
Ben
0 -
I'd have sworn I read or heard that a business could set up and host their own server for 1Password.
0 -
Nope. I know I've been asked to let them contact my corporate licensing department so they could try to set up site licensing of 1Password 8 Teams.
I'd sooner put a grenade in my mouth and pull the pin. At least that would be painless and quick.
The last thing I need is a hosted service (and the associated paperwork signed in triplicate, sent in, sent back, queried, lost, found, subjected to public enquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters). -- all to support my personal software. That'll go over like a tungsten balloon.
Having to run a K8S instance on my laptop just to provide a 'local vault' to 1Password is, in my opinion, an overwrought solution.
0 -
I feel you are greatly exaggerating the complications of setting this up.
0 -
At my employer? Nope. They keep very tight control over anything listening to TCP/UDP traffic, and scan constantly. Every port has to be cataloged, justified, and approved.
Makes development a pain, as every app in every development environment has to be catalogued. If you haven't guessed, insider threats are arguably a bigger concern than the rest of the world.
For that matter, every Ethernet device has to match an allow list. Otherwise, if you plug a device in, you get nothing.
0 -
I can see the reasoning, but it ignores the possibility that a person may not need/care about synchronizing.
For one of the standalone vaults I use every day, I require that it NOT be synced. I don't want it in my personal vault of on my other devices.0 -
I have used 1Password for many years and currently use it as a subscriber. Today I clicked on the download update button in my 1Password app. After installation, all my passwords were moved to the 1Pass cloud without warning (used WLAN sync). It took several hours to manually delete all passwords from your cloud, as there is no option to delete all passwords at once from there. I perfectly understand the desire to promote and force using your cloud for synchronisation, but I will never trust any company and its services with all my passwords and sensitive data. No matter what you claim. You just lost 2 yearly subscribers. Good luck.
0 -
I have been a 1Password user for 13 years, I know the software very well. I really trust the 1P security algorithm that all my sensitive life is in there. I switched to Family Account from the beta days….6 years ago (I’m an early adopter). I have my account with 2FA and Yubico Security Key’s for maximum protection, works perfectly.
Anyone not trusting a company to store their data, already uses cloud services to store their sensitive data. Apple iCloud, Microsoft Azure, Amazon AWS, everything on earth is online on those services these days.
Thank you 1Password for protecting our online lives.
0 -
This content has been removed.