When will 1Password offer a VPN service?

rjborleyrjborley
Community Member

I am really confused as to why the inclusion of a VPN solution with 1Password isn't part of the road map. Recently a victim of online fraud, I have signed up to ExpressVPN, to help protect myself online. I noticed they have a password management service bundled with the VPN software. I am seriously considering transferring my password management data to ExpressVPN Keys. This would allow me to replace one or the other with a single annual subscription and provider. Currently the only option for me doesn't include 1Password.

A VPN is becoming much more important these days for users managing or sharing financial information online, performing online financial transactions and online banking. Pretty much everyone these days??

I really like 1Password and would prefer to stay with it, but I also need a VPN and so I may leave 1Password at the end of this subscription period.

1Password has a good reputation, a great password manager and lots of subscribers. It seems to make sense as they already have a large customer base of security conscious, paying subscribers.

I would definitely trust 1Password as a VPN provider. I would prefer to stay a 1Password customer and cancel my ExpressVPN service.

I will be merging my VPN and password management subscription with a business that offers both services along with a family plan ASAP.

Currently that is neither 1Password (no VPN service) nor ExpressVPN (VPN & password, but no family option).

I know I am only one customer, but I’m sure I’m not the only customer asking for VPN and password management under one roof.


1Password Version: 8
Extension Version: Not Provided
OS Version: MacOS, Windows 11, iOS, iPadOS
Browser:_ Chrome and Safari
Referrer: forum-search:VPN

Comments

  • GreyM1PGreyM1P

    Team Member

    Hi @rjborley

    We don't have any plans to build a VPN service, and I'd like to take a moment to outline why.

    The vast majority of data breaches or other cybersecurity incidents are because of weak and/or reused passwords. 1Password guards against this by showing you weak and reused passwords in Watchtower so that you can do your own security audit and strengthen them. Similarly, if two-factor authentication is available for a Login item and isn't being used, Watchtower will prompt you to add it.

    VPNs offer little to no additional protection to your internet security. Almost all websites now use TLS (indicated by the 🔒 padlock icon in the address bar). In fact, your browser will typically warn you when you connect to a website that doesn't support TLS. Think back to the last time that happened, and you'll see how widespread TLS is. This means that only you and the website can see what's going on anyway. No one else on the network (or the wider internet) can see what traffic is being exchanged after the first handshake is completed. Think of it like this: an attacker may know what phone number you've dialled and could hear you say "Hello", but can't eavesdrop on the call itself beyond that point. You would need to be fairly certain that you're being individually targeted to be affected by this. As I said above, most breaches are opportunistic. Attackers will take credentials that work on one website and "stuff" them onto others to see if they work. Unless you're being specifically targeted by a malicious actor or a government agency, this won't give you anywhere near as much of a boost in security as a strong unique password for each website, and two-factor authentication where available.

    They represent a single point of failure. You need to trust your VPN provider completely. Any traffic that you send through it is associated with you personally (because you sign into the VPN with a username and password). Some VPN providers will log your traffic for a certain amount of time, and some don't. Some providers are located in countries where local law enforcement or government agencies could easily be given access to those logs. And this doesn't address the other concern, which is: what if your VPN provider gets hacked, and all your traffic logs are leaked? That's potentially devastating from a privacy aspect. Whereas without a VPN your traffic might go through your employer's network, your home internet service provider, the local coffee shop's Wi-Fi network, or your phone's data plan, using a VPN would consolidate all of your traffic, in all contexts, through one channel. That's a responsibility that we would rather not have. As it is, we cannot decrypt your 1Password vaults or see any of their contents. We prefer it that way – your stuff is yours (and secret!) and we only hold an encrypted version of it. You keep the keys. We don't have, or want, any way into your 1Password data. If law enforcement or government agencies asked us to decrypt your data or otherwise supply it, we simply wouldn't be able to. It protects you and us that way. And if 1Password were ever to be hacked (which hasn't happened), the only thing that attackers would get would be the encrypted version of your account vaults. They wouldn't be able to decrypt them any more than we are. Without the keys, they're scrambled garbage.

    We believe that your privacy extends even to between you and us. We don't know what's in your 1Password vaults, and we don't want to. If we did offer a VPN, it would be pretty trivial to use traffic logs to work out what items you have, and that doesn't sit right with us.

    Most people don't need a VPN day to day. Almost all their internet traffic is encrypted anyway between them and the website.

    If you need to access something behind your company's firewall, fair enough. If you want to watch Netflix from another country, that's understandable, although a lot of streaming services are getting wise to this and blocking access from VPNs completely, just in case.

    I'd be happy to hear your motivations for using a VPN to see if that's something we can help with. Please also let me know if you have any questions. :)

    — Grey

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file