The future of local/standalone vaults
Comments
-
@JayBarcelo: in my case, it's not a matter of whom I trust. I'm fine with 1Password.
It's corporate policy, and the fact my continued employment depends on being able to satisfy auditors -- who know and can prove I use 1Password, and have to verify I'm not syncing corporate credentials to the cloud.
It sure would be nice if the feature had not been removed.
0 -
We are Family users and run our own business. Local vaults were and are very important. We are not happy putting ALL sensitive data in a third party company - what if you go bust? What if you are hacked? A good example is entering credit card details - I do not want to store my pin or security details within 1Password! I should secondly point out that when opening 1Password7 we have been prompted to upgrade which we have all done as a family - we were not told that we could continue to use 1Password7 instead. Given the industry tells us for security reasons, that we should always upgrade to the latest versions of software, upgrading directly to 1Password8 seemed the correct thing to do - it wasn't and it isn't. Disingenuous on your behalf? You are likely to loose a longterm customer.
0 -
Been using 1Password for a long time and the reason for choosing it over others is local vault. I’ve app for iOS, Android, Mac & occasional Windows. All sync to a vault in Dropbox behind 2FA. Don’t need self hosting nor dependent on 1Password.com yet everything is synced with no issues. With new v8, from App Store v7 is gone. If I change device, can’t get v7 anymore. I think this is it. I had something useful & now they’ve broken it. It may be profitable for 1Password but a very regressive step - degrade of service in simple terms. I supported 1Password for development & paid for whichever OS asked for when downloading, I’m not paying anymore for a service I don’t need. Give us back local vaults with sync of course. Otherwise, you’ll lose another customer very soon.
0 -
Hi @sixtdb:
We talk a bit about the 1Password security model here: About the 1Password security model
While we plan to be around for a long time, if anything were to happen to us, 1Password on your devices would still have access to all of your data. This is similar to how you're still able to unlock the 1Password apps, even if you're offline.
It's still possible to download 1Password 7 from the App Store purchase history.
Jack
0 -
Dear Jack, thank you for your explanation and link to further security reading. Although I have a good understanding of the security practises that 1P use, I think human conditioning will always err on the side of caution - even when good science is staring you in the face! No matter how hard I try to convince family members of the security of their data, they insist on that little bit of control that they had in their personal vault. Sometimes you cannot take the human out of the person, no matter how good the technology is. Perhaps a lesson many developers need to understand.
0 -
Hello,
How can I download 1Password 7 on iOS for local vaults if I set up a new device for example? Or if you remove the app you can never get it back ? Thank you.EDIT: I just saw you can download it from the Purchase history...
EDIT2: Disappointed about the no local vaults change, I only use the app to check passwords and sync on cloud, would love to be able to pay a one time fee just for that, no fancy stuff like autofill and no monthly fees. I spent a lot of time teaching my parents how to use 1Password with local vault, now I'll have to find another service :(.
0 -
I just installed 1Password 8 and, almost immediately, discovered that it’s reliance on 1Password.com means it simply doesn’t work on my work MacBook (since the network controls installed by the company block access to 1Password.com). Thus 1Password 8 simply doesn’t work on my work MacBook. Reverted to 1Password 7. :-(
Given the above, I have no option but to look for an alternative that supports local vaults. I've been using 1Password for 10+ years, on both work and personal machines, and will, sadly, have no option other than to leave the 1Password ecosystem. I seriously wish that 1Password would reconsider this design decision, but suspect that 1Password is tone-deaf to these sorts of requests / the "boat has already sailed".
0 -
I leave 1Password as well, because you offer no standalone version :(
0 -
So how about it Jack and other 1Password team members? This issue isn't going away. You have two valid use cases in this thread (I know there are other threads on the forum on the same topic) that require local vaults:
-Employees whose employer will not allow login credential cloud storage - or any access at all to 1Password's cloud.
-1Password users who for their own reasons will not store their most sensitive credentials in a cloud environment.Ya, I get it - it complicates things to support local vaults. So how many customers are you will to tell, sorry, not a feature we support any longer?
I suppose if enough like-minded users speak up, you'll be obligated to respond.
So speak up people!
0 -
This content has been removed.
-
I'm not interested in a version of 1Password that requires a membership, period. I will not be upgrading. I don't like the direction the company is taking in general — the lack of support for standalone vaults and the lack of care with the version 8 rewrite are very sad, to say the least.
I used to enthusiastically recommend 1Password, but now I will no longer recommend it at all.
0 -
This content has been removed.
-
personally don't care about it being in the cloud. I have to use a local vault because IT ISN'T MY VAULT.
It would be really nice if I wasn't getting prompted to upgrade each time I launch 1pw client.0 -
This service is about trust and security policies one has to follow. Having multiple technical/architectural options is crucial to fulfill these in a certain environment.
Now, we lost some of the options people used since the early days and need to re-assess architecture and security considerations.
I read the article mentioned above. The term E2E-encryption was abused so often (compare WhatsApp: the "end" was the client app and not the user, giving FB lots of possibilities when they changed their policy...).
How can we be sure now and in future, that AgileBits or any hacker will never get their hands on the encryption key? Finally, it is known by the app. A simple change to the app - completely unnoticed by the user - would be enough to expose it, intentionally or by error.I really like to trust, but removing these options makes me really suspicious about the reasons behind it...
"You can still use 1PW 7" is a really odd answer as using an unsupported version for a sensible task for a longer time is not really an option. Also, being not maintained any longer, the older version will finally be broken by changes to operating systems or alike.
0 -
10+ year user. Paying the subscription fee. But don't want LESS features so that 1Password can expand its business model. Value for value. There are some passwords that I don't WANT to sync. Or put in the cloud. My choice. I want a local vault. So I will look at other password managers for these passwords and pick one. 1password has been good enough that I never chose to do that before. But if I like that new password manager, especially if it is non-subscription based, I will look at total migration.
1 -
What forum should I follow if I want to hear about any plans/availability for self-hosted service?
0 -
Hi @nocturne:
If you haven't already, filling out the self hosted survey would be your best bet to stay up to date on future plans: Self-hosted 1Password kick-starter
Jack
0 -
Chalk up another. I was the driving force for getting 1Password standardized at our company and am the account admin. I also have a family subscription plan as well for personal. Standalone vaults are non-negotiable, both in our business and for my personal uses. I strongly encourage you to reconsider your decision here, as BitWarden, while not as nice to use, gets the core value prop right, and is not hard to pitch on a cost savings basis.
I haven't been paying for multiple subscriptions just so you could remove functionality my employer and I actually need. In fact, standalone storage is exactly why I chose 1Password over LastPass in the first place.
And no, self-hosting a cloud instance is not an option. In fact, that's a ridiculous suggestion that is an attempt to upsell and put the TCO burden on me and my team for a feature that already exists and works in 1Password 7. These are OUR passwords, I/We should have absolute control over local storage of them. And if AgileBits decides that shouldn't be the case, then I'm happy to move me and my employer to BitWarden.
Extremely disappointed in this move.
1 -
n/m
0 -
It looks like 1Password management and their new roadmap doesn’t really care about corporate and government customers and their limitations and legislation and version 8 is mostly focused on a consumer and small business level. I don’t believe these conversations and surveys will help us to convince them to change their strategy and we should simply move on to other solution or even open-source available options that we used to use before.
Good luck 1Password ! And be mindful of Vine syndrome!
0 -
This conversation has been going on for a long time and I confess not havening read the last months of it. But I too prefer paying for a standalone option that I can control. Just remember LastPass´s breach last week !
0 -
Dave, mate, you and your company seem to be doing all the wrong steps here. I took the time to create the support account just to dump this here.
I would've been willing to pay the lousy subscription for 1PW8, provided that I would've been able to create local vaults only. But, as you insist to shove down the users' throats that 1password.com site, you also seem to consistently lose users of your software AND be content with it. I understand, it's a calculated risk, and in the end, you just don't seem to care about that smaller percentage of users that DO want local vaults and/or standalone licenses.
That in itself speaks volumes about your attitude towards your users.
0 -
Here we are October 1st, and my attempt to use 1password 7 is getting very annoying. The browser extension is throwing up extra dialogs in the middle to upgrade, every day, so I had to see the status of this.
I read through this long commentary, and a single thing is super clear: 1password 8 is less secure than 1password 7. With all the improvements - love the rust! - and those improvements come by having a business model - and that business model is a service - those are not to be discounted.
But I don't think you understand the critical importance of my password manager. There's a large amount of money in the accounts whose passwords I store in 1pass. A large number of the accounts are trivial - everyone wants you to create an account - and I don't care about the bicycle store I've ordered from a few times - or even my autodesk account because I've only built hobbyist models - but there are a few big accounts that I really care about. and by really I mean my life is actively ruined if this account gets cleaned out. I am working to secure these counts further - hardware based 2FA - but right now password is better.
1password 8 is less secure and reliable, because I have to count on your servers. You have my password in those servers, you have the data file. You make all this mouth noise about how well you've built these servers, and how you don't store the passwords, but the fact is the servers have both parts of information, and that's less secure.
You've cast the feature as "local vaults" or "custom servers", but that's not what you implemented with Dropbox integration, and not what I use. I don't have a "custom server", I use industry standard file servers, and I can save a 1password file anywhere (like on a flash drive) and know that I can use it no matter what (if I have the master password). Storing to a flash drive and putting it in my safe deposit box is a crushingly awesome feature.
When I use an off the shelf file server as a password repository, I have a selection of services. I can move from one service to another, depending on who buys who and my overall risk profile with that providers (eg, I already have my privacy and security eggs in the Google basket right now, adding my password file there (remember they won't have the password) is my current choice, but I could change that yesterday.
Would I pay a subscription for this feature? Yes, absolutely. Having built open source and cloud based businesses, I understand what's going on. A feature that is more complicated to build (file-based), does not have a forcing function to pay subscription, is more feature rich (save to digital media), should cost more, but since there is no server (1password.com), most people will not pay for the service. This is a sad state of the world, but I am a realist, and that means I would pay more. Having a version with file support (which is not "local" files) which is an additional charge is a charge I would pay.
What I find especially sad about the situation is this thread does not admit that the removal of file-based storage dramatically decreases security and usefulness. This is something 1password clearly knows, and the denying means the company can't be trusted. If today you remove the most important security feature and try to tell people it's not true, there's no telling what the company will do in the future.
I honestly don't know if I can find the functionality I need now in the market. As I said, I understand the market forces that lead to this moment. I may be in a situation where I remove certain key accounts from my password manager, and use 1password for all the little daily uses. But first I will diligently look for the actual feature I need, and because of the lying, I mean marketing position, of 1password, if I go the "low security accounts" route, I will certainly have 1password at the very bottom of my list.
0 -
I will continue to utilize 1Password 7 as long as it's Supported but I will be gone once it's Not Supported!
0 -
Very simply, this is the kind of thing that happens when venture capital gets involved. Once outside investors come in, nobody else really matters anymore: not the founders, not the employees, and especially not the early customers.
0 -
Perhaps my use cases are "too simple" for the "vision" of where 1Password seems to be headed. You have removed local vaults, but are now considering offering "Self-hosted 1Password"?? If local vaults were removed because of the cost of maintaining that code (which I find a weak argument, personally), how does that cost compare to the cost of creating a self-hosted option?
As I've posted before, I cannot use 1Password 8 as my employer blocks access to 1Password.com (understandably, given their data loss prevention needs), and am thus in the same boat as @P0rsche991. When 1Password 7 stops working, I will have no choice but to abandon 1Password entirely.
I would (very much) like to hear a clear and complete answer from 1Password indicating that they "hear" these concerns and are willing to offer something other than the implicit "If you don’t like it, get lost" approach offered to date.
0 -
This thread captures all of the legitimate and thoughtful reasons I have for being disappointed and annoyed and has me threatening to switch password managers. Keep checking in every 3 months to see if they have thoughtfully recanted. As many have said, I am okay with continuing my subscription, 95% of my logins being in the cloud, but as others have said, I have access to millions of dollars of shared resources that would ruin numerous peoples lives that will never go into the cloud. A local vault w/o sync is all I need - WIFI was nice but I'll hand sync it and put it an a safe (again as others have said).
The irony is I think these jokers have already forced me into conceding because switching is so hard. Hit my dropbox 3 device limit on my cloud vaults. I've spent some time this weekend minimizing the critical accounts, migrating those to other vaults that aren't, and figuring out how I'm going to handle the last 15 or so. It has me debating going back to pen and paper, or encrypted spreadsheets, or some other stupid insecure stuff this app allowed us to give up a decade ago.
Made me wonder - ** can I have 1P8 and 1P7 installed at the same time ** ? Is that possible without having to do something stupid like a VM on my laptop? Hearing about people upgrading and downgrading I'm assuming not 1P7 for non-cloud local accounts as a special case that I manually copy in and out of, and 1P8 for all the not so important accounts with browser/app plugins.
0 -
This content has been removed.
-
Created an account just to comment, but a long time supporter of 1Password. I personally would pay again for a standalone local license for a self-hosted option and then pay for any subsequent major updates. I think this is a good compromise for those who want to have more control over their data while still supporting 1Password on major releases. Would suck to leave simply because these two popular grievances (non-subscription or a non-cloud option) weren't supported going forward.
Other options would be to have self-hosting be free with a subscription model (or a one-time purchase) to unlock other optional feature sets that aren't critical in compromising security or usability.
It took some time for me to find this thread so I'm sure there are more voices out there that would wildly benefit from a self-hosted version.
0 -
Sorry, I've been checking this thread regularly for a change of heart, but you've lost me as a customer; I canceled my subscription today. I'm happy to pay a subscription, but where my password database resides is non-negotiable.
0