1Password8 limitations are a potential deal breaker

amcd

As a 1P user since 2015 ( with subscriptions) my family and I (separate subscriptions) have enjoyed 1Password7 as the world's best password manager.

Having tried 1P8, I have encountered big difficulities plus; the quality of support nose-dived. In the end I gave up and returned to 1P7.

I have been watching the 1P8 Support Community for some months and offer the following comments in good faith.

1Password 8 removes options important to me. I do not see 1P8 as an improved user interface. 1P7's user interface is VERY intuative, fast and efficient.

Please do not misunderstand me.

I have no problems in principle with your online/cloud vaults in Canada or EU so long as they are strongly "hack-protected". Agilebits does not explain the security steps other than stating that you use encytption.

Also... what if your online vaults/servers suffer sophisticated hacking or physical disaster (who knows where your servers are located and what georedundacy you guys have?).

Also, if local or international internet services crash, 1P becomes a "dead duck".

So.... a real weakness of your single online vault storage philosophy is to insist that your cloud servers provides the ONLY vaults available.

While this may be convenient for Agilebits, this breaks all normal secure data backup principles.

I have read your single-source cloud vault rationales now for some months. I my opinion ( and other community members agree) your arguments are not sound.

Several companies I deal with have now removed 1P8 as an acceptable password management solution.

Inviting SMEs to engage in discussion and pay (expensive) for dedicated 1P8 servers is not the answer. NB:- Users MUST be in control of their own data both online and local.

Business and personal users need their-own, independent, LOCAL BACKUP options, that can be synced on demand (or automatically). These would be used if access to "my1password" online vaults are "down".

Let's face it, the current 1Password Vaults storage limit you impose is only 1GB (a trivial size for local vaults).

Such a low limit makes the safe storage of multiple documents an issue. There is no way that the amount of data used is visible in 1P7 or via "my1password". An email to support is needed to get this information.

Why do you not allow the storage limit to be increased on current accounts for a reasonable fee?

On a simpler backup level, 1P7 has the ability to create PDF archives of some or all logins. This function has "evaporated" in 1P8 because you see it as "insecure". Yes, if stored as native PDFs they are potentially insecure but; please do not tell me that local vaults or PDF archives have to be insecure.

Local Backup Vaults and PDF files can be easily stored on encrypted flash drives or as encrypted ".dmg" local vaults on HDD/SSD/RAID volumes. In all cases, strong 128 or 256 encryption is avalable via MacOS's Disk Utility.

To avoid MacOS Disk Utility (that many Mac users may not understand), perhaps 1P8 could consider a local vault encryption function?

Unfortunately, at the moment I still see 1P8 as a premature developmental product with significant problems. I note that the Mac App Store ONLY offers 1P7.

My family and I will continue with 1P7 until 1P8's functional limitations are resolved.

If you withdraw support for 1P7 at some point before fixing 1P8, sadly I truly believe you will lose many customers to the competition.

YOU ARE A GREAT CANADIAN SUCCESS STORY - PLEASE LET'S AVOID THAT SCENARIO.

That's it for now

amcd

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

danco

Also, if local or international internet services crash, 1P becomes a "dead duck".

I understand and accept some of your points, but this is plain wrong, as has been explained many times.

1PW always keeps a local copy on your devices of your data, even though the principal copy is online.

Straightforward backups of the old kind no longer exist, but any standard backup program will provide a backup of your data.

The main objection to the current approach seems to be that there is a vault stored on servers that are not in a user's control. For many businesses this is unacceptable, though for individual users it is a matter of preference.

amcd

OK.... That's news to me.... Please tell me where the local vault is located on MacOS and how to access it using 1P8 if the online vault is not accessible.

However, you have not answered some of my points that you accept.

thanks

amcd

bestlem

The problem is also when your machine dies and you restore a new machine from the backup - where is the local vault that you need to restore from backup?

Note that the restore is very possibly happening with no internet access

Dave_1P

@amcd

Can you clarify what you mean by "if the online vault is not accessible"? Even if you don't have internet access you'll still have the ability to access your data locally using 1Password 8. You can test this by disconnecting your internet and then opening the 1Password 8 app, all of your logins will be present and accessible.

@bestlem

If your device stops working or is lost then you can restore your data from your 1Password.com account by following these steps:

1. Download the 1Password app onto your new device: Download 1Password
2. Add your 1Password account to the app: How to add your 1Password account to the apps

And all of your items will appear on the new device.

-Dave

amcd

What I meant was this....

The my.1passwordcom online vault would be not be accessible if I have lost internet access for some reason.

Thanks for clarifying that 1P8 supports password access with or without internet via some sort of local storage.

---

I already know how to restore 1P7 or 1P8 from my.1password.com....

But the real gist of my series of emails is the apparant removal of fucntions in 1P8 that I use....

I understand local / standalone vaults within 1P7 and I use this function....

In 1P7, I can create a last ditch password backup via PDF (which is kept in a strong encrypted disk)

I can also create a local *.pif backup (again this would be kept on an encrypted disk)

So far, you guys have not explained how, in 1P8 how I can create a seperate local physical password backup for the online server?

Thanks for your help

amcd

Dave_1P

@amcd

Thank you for the reply. Yes, https://my.1password.com is the web app which allows you to access your 1Password items through the browser. However, I recommend that you install the 1Password 8 app which stores your items locally to ensure that you have access to your data even when without internet access. This local storage works the same way as it did for 1Password accounts with 1Password 7 for Mac.

I understand local / standalone vaults within 1P7 and I use this function....

Standalone vaults won't be part of 1Password moving forward. Our founder Dave wrote a post explaining our decision here: The future of local/standalone vaults — 1Password Support Community

In 1P7, I can create a last ditch password backup via PDF (which is kept in a strong encrypted disk)

With 1Password accounts your data is stored locally on all of your devices where you've installed the 1Password app and it is also automatically backed up to your 1Password.com account. That being said, we do have a feature request open to build a Print to PDF feature for 1Password 8 and I've added your comments there so that our developers are aware that this is something that you'd like to see.

I can also create a local *.pif backup (again this would be kept on an encrypted disk)

With 1Password 8 you can create a .1PUX export of your account which will contain everything in your account including files. You can read more about this here:

• About the 1Password Unencrypted Export format
• How to export data from 1Password

We're also working on a .1PEX encrypted export that will hopefully be available in the future.

So far, you guys have not explained how, in 1P8 how I can create a seperate local physical password backup for the online server?

With 1Password accounts then there is no need to manually backup your vault since your data is already backed up to your 1Password account in the cloud. If you accidentally delete an item you can always restore it from your 1Password account on 1Password.com: View and restore previous versions of items

Your encrypted data is also replicated to redundant copies on our end to guard against any data loss.

But, as mentioned, a 1PUX export would allow you to export your entire account to a local unencrypted file if that was what you wished to do. Let me know if that answers your question. 🙂

-Dave

ref: dev/core/core#9570

amcd

Thank you Dave.. that has helped me...

How can I get notified of new 1P8 functions?

I still have a small problem with my family. That are not at-all Mac experts and they use 1P7 ( with my help) they are on the EU servers.

They have 1P subscriptions but we need to maintain a common platform so, for the moment we will need to stay with 1P7.

Cheers..

amcd

bestlem

@Dave you say
@bestlem

If your device stops working or is lost then you can restore your data from your 1Password.com account by following these steps:

Download the 1Password app onto your new device: Download 1Password
Add your 1Password account to the app: How to add your 1Password account to the apps

But I would not be able to do that. The internet is down. (in some cases the credentials to get onto the internet are in 1password) I can restore from local disks But what do I need to restore?

alexander.b_1P

Hello @amcd! I'm one of the developers working on 1Password 8. In your first post you expressed concern that 1Password doesn't disclose our security practices except that we use encryption. I'm happy to say that this isn't true! Here you will find a bunch of data about how the system works to keep your information secure. At the bottom of the page you'll find a link to the 1Password security whitepaper, which goes even further (it's a hundred pages!) into the technical aspects of our security design.

In regards to notifications about new 1PW8 features, my first idea would be to sign up for the 1Password Newsletter.

I hope that's helpful!
-Alex

Dave_1P

@bestlem

Thank you for the reply. Am I correct in understanding that in your hypothetical scenario the following conditions are true?

1. Your Mac has completely stopped working or is lost.
2. The Internet is completely down.
3. You don't have 1Password installed on any of your other devices (such as your mobile phone).

Is that correct? If so then you would be able to restore your 1Password data from a full disk backup of your Mac like a Time Machine backup. The full disk backup would restore both the 1Password app in your Applications folder and it would also restore 1Password 8's local database located here: ~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data

You would then be able to open and unlock 1Password 8 and see your data even without an internet connection. Please let me know if this answers your question. 🙂

bestlem

Thanks for that

Dave_1P

@bestlem

I'm happy to help. 😊

amcd

Thanks to all...

I am now subscribed to the newsletter. I will watch this for all future 1P8 updates

Since 1P7 works perfectly for my family and I, I will still wait for an updated version of 1P8 when the devlopers have included some 1P7 functions that disappeared.. e.g. Print to PDF

amcd

Dave_1P

@amcd

While I can't promise that the feature will make it into 1Password 8, I've forwarded your suggestion to our developers. Thank you again for the feedback. 🙂

-Dave