Why force a 1Password account to get the latest version of the app?

mikeman7
mikeman7
Community Member

Hi there,

I hope this is the appropriate place to ask this question.... I have been a loyal 1password user since version 3 and would now like to upgrade from version 7 to version 8. However to do that I would firstly need to switch from iCloud sync (which works really well) to a central 1password account, and secondly I would need to switch from a software purchase to a software as a service payment model. I have an issue with both.

The most important one is security. By definition, all of my most confidential information (passwords to all of my online accounts) are stored in 1password. I am willing to store that in encrypted form in my personal iCloud account (which is already very well secured, and only I have access to it) for the benefit of being able to sync across my devices, however why would I (anybody?) want to move all of that private information onto your servers? Yes I understand that it is all encrypted and only I have the keys, however there are plenty of examples in history of unbreakable encryption being broken (search for "Enigma" for example). It would, in my opinion, be far more secure for me to leave it where it is, in the hands of a company I already trust to guard my online identity (Apple, who incidentally also have significantly more resources to dedicate to security/privacy - a core value they stake their business and reputation on), rather than moving it into the hands of a third party. Also, the fact that a 1password account would be centralised - what better place for hackers to target than a central repository of all secrets??

Secondly, I would prefer to pay for version by version upgrades (buy a product) rather than by subscription (pay for a service). However this is a minor issue in comparison to the above. For example, I appreciate the offer of a discount if I trade in my 1Password 7 license, despite the fact that I am of course absolutely not willing to trade in that license for exactly the security reasons I have already described above.

So - onto my question: how can I use 1Password 8 without having to subscribe to a 1Password account? I know that this is not currently supported, therefore I would like to request that support for iCloud sync is added to 1Password8. Otherwise I will need to find another solution.

I wonder if I am the only user that feels this way - comments appreciated :)

Thanks,
mikeman7


1Password Version: 7.9.5
Extension Version: Not Provided
OS Version: macOS 12.5
Browser:_ Not Provided

Comments

  • Hello @mikeman7! 👋

    We've decided to move away from standalone vaults because we ran up against the limits of local vaults and what they could support technologically and we introduced 1Password.com to push what 1Password can do forward. 1Password account vaults are more secure than older standalone vaults and they allow us to support advanced features such a two-factor authentication, a more secure encryption data format and authentication process, family sharing, secure item sharing, item history, and more.

    The most important one is security. By definition, all of my most confidential information (passwords to all of my online accounts) are stored in 1password. I am willing to store that in encrypted form in my personal iCloud account (which is already very well secured, and only I have access to it) for the benefit of being able to sync across my devices, however why would I (anybody?) want to move all of that private information onto your servers?

    That's a good question. Unlike older standalone vaults that are only protected using your password, your 1Password account data is protected and encrypted using a secret that is derived from both your account password and your Secret Key. A regular user's password is usually about 40 bits of entropy (a measure of how strong a password is) because passwords need to be memorized, this puts a ceiling on the security of your standalone vault. On the other hand, the Secret Key (which does not have to be memorized) has 128 bits of entropy which makes it impossible to guess or crack using today's technology.

    This makes using a 1Password account vault much more secure than using an older standalone vault. And in addition to the above, you're also able to further secure your 1Password account using two-factor authentication, something that you can't do with standalone vaults.

    I really recommend taking the time to read through our Security Design white paper, we've exhaustively documented the technologies and strategies that we use to make it impossible for someone to access your 1Password account data if they don't have your account password and Secret Key. And we go pretty deep into the technical details of the cryptography and security practices that we use.

    So - onto my question: how can I use 1Password 8 without having to subscribe to a 1Password account?

    1Password 8 only supports 1Password accounts. Our founder Dave wrote a great post here explaining our decision to go all in on 1Password accounts here: The future of local/standalone vaults — 1Password Support Community

    -Dave

This discussion has been closed.