Should I Upgrade

BarryW
BarryW
Community Member

I am using a stand alone version (7.9.4) on an IMAC. Should I upgrade to Version 8? Will it work as a stand alone version?


1Password Version: 7.9.4
Extension Version: Not Provided
OS Version: 12.3.1

Comments

  • @BarryW

    1Password 8 is a membership only version. It does not support standalone vaults. Our Founder, Dave Teare, posted a really informative outline of the reason for changing our support for standalone licenses as well as standalone vaults here: https://1password.community/discussion/comment/601917/#Comment_601917

  • BarryW
    BarryW
    Community Member

    I read his post but I still have a few questions. Today, I use 1Password V7, on my IMAC, IPAD, and my Iphone and my wife's Iphone all through 1 Vault. We can add or change a Password on 1 device and it becomes available to all devices. If I switch to the membership version, do I need a membership for both myself and my wife or just 1 membership. Will all four devices still have access to the Passwords? Can we still change the Password once and all four devices will see the change?

  • @BarryW

    You could share an individual membership between the two of you if you wish. All data would be shared equally among the both of you. You would add your account to all of your devices once all of your data is in your membership. Then you'll remove the Primary vault which is not part of the membership (mobile devices).

    I'd suggest working with two devices and once you have those working you'll find it much easier to add in the other devices. That's how I started out years ago. It served me well.

  • sailor0703
    sailor0703
    Community Member

    I want to comment on this new setup, and to do so, let me explain my setup and how I use 1Password to sync:
    I have three locations for vaults to sync to:
    1. 1Password.com
    2. Dropbox(this vault I feel is a little more secure, as to get to it, a hacker would first have to hack Dropbox's servers, then would have to crack encryption on the 1Password vault itself, so I use this to store passwords and data that are a little more sensitive, such as logins to banking websites)
    3. My Computer(this vault never goes through any cloud, if and where I sync to any mobile device, it is only through 1Password's WLAN Server, I use this for my most sensitive data, such Driver's Licenses, Social Security Numbers, Bank Account numbers, etc.)
    I, for one, am all for the subscription based membership licensing, especially at the prices 1Password is offering. I do not have a problem with this itself, and have been using this for the past few years. However, using standalone vaults is an absolute must for me, and if it comes to a point that I can no longer use standalone vaults as I described above, or in a similar way, then I will absolutely be looking for other options for a password manager.
    I would also like to take this opportunity to comment that I have always hated how Dropbox was always the only option I could use to sync to a cloud storage. Especially since anymore, Dropbox's free edition only allows you to sync to two computers, and their premium plans are too expensive for me.
    That said, if you really want a version of 1Password which only syncs to 1Password.com, and has no support for standalone vaults, you could keep that as "1Password 8", while keeping "1Password 7" up-to-date, supporting standalone vaults. This would make some sense, whether you want to do things this way or not. Either that, or just add support for standalone vaults back in to 1Password 8.
    Regardless of what you guys decide to do, I wish you the best of luck. I sincerely hope that I can continue to use standalone vaults in 1Password, though, as I have loved and used 1Password for quite a few years(at least 5-6 years, and/or before the windows version was available, I think the first version I used was on my PowerMac G4, back before I retired it). Thanks for your support!

  • @sailor0703

    Thank you for the thoughtful feedback and for sticking with 1Password for so many years! As my colleague Tommy mentioned, 1Password memberships are the future of 1Password and we're no longer planning to support standalone vaults moving forward. Our founder Dave has a recent post where he talks about our decision regarding standalone vaults here: The future of local/standalone vaults — 1Password Support Community

    With the launch of 1Password 8 for Mac, 1Password 7 for Mac is no longer supported and will only receive important security updates. We strongly encourage you to update to the latest and greatest version as soon as you have the chance.

    I appreciate that you took the time to explain how your current setup works and the reasons for why you've continued to use older standalone vaults. If your main concern is security then I encourage you to take a second look at migrating to a 1Password membership. Unlike older standalone vaults that are only protected using your password, your 1Password account data is protected and encrypted using a secret that is derived from both your account password and your Secret Key. A regular user's password is usually about 40 bits of entropy (a measure of how strong a password is) because passwords need to be memorized, this puts a ceiling on the security of your standalone vault. On the other hand, the Secret Key (which does not have to be memorized) has 128 bits of entropy which makes it impossible to guess or crack using today's technology.

    This makes using a 1Password account vault much more secure than using an older standalone vault. And in addition to the above, you're also able to further secure your 1Password account using two-factor authentication, something that you can't do with standalone vaults.

    I really recommend taking the time to read through our Security Design white paper, we've exhaustively documented the technologies and strategies that we use to make it impossible for someone to access your 1Password account data if they don't have your account password and Secret Key. And we go pretty deep into the technical details of the cryptography and security practices that we use.

    We're currently offering very large discounts on 1Password memberships to customers who have been longtime license users. If you're interested then you email our dedicated migration team at support+tradein@1password.com. After emailing in, you'll receive a reply from BitBot, our friendly support assistant, with a support ID that looks something like [#ABC-12345-678]. Please post the Support ID here and I'll make sure that your email gets to our migration team so that they can offer you a heavily discounted membership. 😊

  • sailor0703
    sailor0703
    Community Member

    @Dave_1P
    I already have a 1Password family membership, and it is plenty inexpensive as it is. So yeah, I am all for this model of payment, it is great, and a superb value! However, some data I have secured in 1Password, I do not want stored on any server, anywhere, so I absolutely will not abandon standalone vaults. EVER. As far as your security of vaults goes, I have a comment on that, where you say that it can't be cracked using current technology. That may be true today, but given enough time, if someone somehow gets a hold of my encrypted vault, they will eventually be able to crack it. It may take a few years, maybe even 10 years or so, before they could crack this vault, but eventually, they would be able to. So, I would not ever want to store my most sensitive data via this method. And btw, I guarantee my own password is much stronger than what most people use. No idea how to figure out how many "bits of entropy" it has, but it would be quite difficult to crack. Maybe I'm paranoid, idk, but I will never be ok with having all my data that's currently in 1Password stored on any online server, no matter how strong the encryption is.

  • @sailor0703

    Thank you for the detailed response! I can't argue that technology isn't constantly moving forward and we're always staying at the blazing edge of encryption and security. As newer threats to encryption arise our security and development teams will adjust our security techniques to better protect you, it's one of the benefits of having a 1Password membership! If you're interested then we describe our security in great detail here: https://1passwordstatic.com/files/security/1password-white-paper.pdf

    If SSL/TLS encryption were to be broken then the entire internet would break. Services like government, banking, insurance, medical institutions (and more) that rely on SSL/TLS to protect your sensitive data would no longer be able to function securely. 1Password also uses SSL/TLS to protect 1Password account vaults but we go beyond this to also use our own transport layer authenticated encryption and end-to-end encryption on top of SSL/TLS: Three layers of encryption keeps you safe when SSL/TLS fails

    I will also note that, even if you're using WLAN sync, the security of your vault is still reliant on encryption: the encryption of your local WiFI network and the encryption of the vault itself.

    That being said, I understand that everyone has a different personal threat model and I respect that. We're currently looking into a self-hosted version of 1Password for users who need that option, if you have the time then please contribute your opinions so that we can look into building a version of 1Password that works for your specific needs: Self-hosted 1Password kick-starter

    -Dave

  • sailor0703
    sailor0703
    Community Member

    @Dave_1P
    Is there a thread that I can see news on this self-hosted 1Password feature?

  • d_stone
    d_stone
    Community Member

    As a long time 1password user, I have loved the options that 1Password has offered to his users. There was something for everyone: the 1Passwort Cloud or local vaults with cloud sync or wifi – the last I prefer like the previous speakers here.

    It is a very big loss that 1Password removed a fundamental feature with version 8. I don't know if it was/is the only solution on the market with local vaults that now has disappeared.
    Understandable that the developers of 1Password have more trouble with these multiple variants. But for the users it was so great and a flexible solution.

    Unfortunately, with version 8 not only the local vaults have disappeared, but also an enormous number of features have been eliminated. Too bad. – I don't know how extensive a self-hosted variant is to develop, or if the local vaults with WIFI synchronization are better.

  • Hi folks,

    The most recent input from Dave Teare on this subject is available in this post. The tl;dr seems to be:

    I can say that this was a lot less popular than I was expecting it to be.

    But the self-hosting survey @Dave_1P linked is still open and collecting feedback on the subject. Dave T personally reads all of the responses.

    Ben

  • viswiz
    viswiz
    Community Member

    @Ben it would probably help if the survey would be pinned on top of each forum. Currently one either has to ask for it or find it by ‚accident‘.

This discussion has been closed.