Moving Beyond 1PasswordAnywhere discussion

124678

Comments

  • tanwald
    tanwald
    Community Member

    I guess since you're dropping 1PA making 1P useless for me at work where I can not install Dropbox to sync, I'm going to have to move on to a newer service that understands its customers.

    Same here. Why did I write this Linux client for 1Password?!? I will move to LastPass. They have all I need for free and if I want more it costs annually 1/6 of 1Password, apps are free and they even support Linux!!

    For what we offer, the math at 3$ for 3 just doesn't work

    Which math is LastPass using? I guess that of satisfied customers... Access everywhere is for me feature #1 and I'm not willing to pay for something I've already paid for.

    Good bye!

  • GJbrizzle
    GJbrizzle
    Community Member

    Further to my earlier comment, I've investigated further and I think I've found a solution for my use case (having emergency access to my 1Password data if I lose my phone while travelling).

    My solution involves downloading and unpacking Google Chrome Portable (the portable app version of Chrome). Once unpacked, this can be put on a USB stick along with the complete agilekeychain folder. The portable app can also be copied onto a file storage service (e.g. Dropbox) for copying onto a USB stick while travelling if the need arises. With the portable version of Chrome and the agilekeychain folder both on the USB, the portable app can be run with the following command line...
    googlechromeportable --allow-file-access-from-files
    ... and the 1Password.html can be opened and run.

    My testing of this so far (on a Windows machine) suggests that it works.

  • s4nji
    s4nji
    Community Member

    At this point AgileBits might as well make a CLI based client to access the vault :p
    It'd be really great if there's one :)

    Or a throw a single user web interface like 1P Family for already existing users :crazy:

  • At this point AgileBits might as well make a CLI based client to access the vault

    And that is something we may conslider in the future, but I'm not sure it would solve all of the problems folks here are trying to solve.

    Or a throw a single user web interface like 1P Family for already existing users :crazy:

    The problem with that is that with the standalone 1Password products your data is not stored anywhere that is web facing. To provide a web interface we need to have your (encrypted) data on a server somewhere. And having that data on a server, and then serving it via a web interface, has recurring monthly costs to us (which is why our new 1Password for Families and 1Password for Teams services are paid for by subscription).

    Ben

  • bens1password
    bens1password
    Community Member

    AgileBits... I can't count the number of times I've recommended your product to people over the years. So I am stunned by what I consider to be a phenomenal failure on your part to follow the most basic precepts of business. As the chief security architect for a Fortune 500 company, I face decisions around security issues and feature deprecation on a regular basis. You have failed on both points.

    You ended support for a critical capability on which many users rely with no announcement. No, posting something to the support forums is NOT an announcement. This could have been easily avoided. You could have just put out a patch to the client that stuck a fat banner at the top of the window. You could have done this months before you actually ended support, giving users time to consider whether they wanted to renew their subscription and implement workarounds, pay extra money for a new offering, or choose another product. Instead, like many other users, I got caught out and had to call someone at home at 2 AM to read me a 20 character long password over the phone while at a customer site in another time zone. It doesn't get a lot worse that this.

    But it does.

    Now you, a company responsible for securing highly sensitive data, have recommended to laypeople to configure their browsers in a manner that opens the door to known attack vectors. Fortunately your customers on the forums caught this and called it out. This causes me to seriously question your security practices. What shortcuts do your employees take when developing the code? How safe is the PID you store? This is a real hit to your reputation as far as I'm concerned.

    If either of these things happened at my company, we would be in major damage control mode. We would be issuing a public apology. We would be building and shipping an alternative solution as fast as we could. We would be retracting unsafe recommendations. Instead you are responding with a laissez-faire attitude and recommending that people spend $60 a year to get the same capabilities they had two months ago.

    Wow.. just.... wow.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2016

    @bens1password: 1PasswordAnywhere is (in internet terms) ancient technology that cannot function the way it used to. The idea that we should spam all of our users to announce that 1PasswordAnywhere is old isn't reasonable. And prior to last month that was the only message we could offer, as we don't have intimate knowledge of Dropbox's internal development.

    Anyone who's been using 1PasswordAnywhere over the years knew that it was old, and those that didn't use it don't care. Regardless, we don't know exactly who used it to target only those who did with your proposed message, and that would be creepy anyway.

    No one is telling you to behave insecurely. It's up to you if you insist on using 1PasswordAnywhere, but it's not something we've recommended for a long time — which is why it isn't even included in AgileKeychain vaults since last year. And if 1Password Teams/Families doesn't provide a value to you, don't pay for it. You can use it read-only (similar to 1PasswordAnywhere) for free. Or don't sign up and never use it at all. It's your choice. It's simply one option to fill a role similar to what 1PasswordAnywhere once did. And for the record, Dave's original post did not even mention 1Password Families/Teams.

    In fact, contrary to your accusations, what we're really guilty of is not telling people to stop behaving insecurely by continuing to use 1PasswordAnywhere sooner, and more vehemently. But the fact is that we didn't kill it, though we should have long ago. We knew some people may still rely on it, and we didn't have the heart. I'm sorry that we couldn't bring ourselves to kill it outright, instead waiting for it to die of technological causes. That may have solved both problems: deciding an "end of life" date in advance and therefore being able to announce it as well.

    But it isn't any more reasonable to berate us for 1PasswordAnywhere no longer working in Dropbox than it would be for 1Password 3 not working properly on El Capitan. Yet you say that we should have notified everyone sooner, and at the same time maintain that we shouldn't tell people about potential alternatives now. That doesn't make sense. It can't be both. I'm also nostalgic for 1PasswordAnywhere (and 1Password 3, for that matter), but that doesn't change the reality that it cannot continue to function for us as it once did.

    Did we handle it as well as we could have? No, and we're sorry about that. We were sorry before we announced the news here, we were sorry the day it actually ceased to function, and we're sorry every time we hear from someone else who's also feeling this loss. You may want to make us even more sorry, but I'm not sure that is possible. This event and the ensuing discussion is something we'll think about every time another product or feature reaches the end of its road. But there's never a "good" way to inform someone of a death, and regardless of how it's done it can't turn back time. The only thing any of us can hope to do is learn from the experience and move on.

  • danco
    danco
    Volunteer Moderator

    For future reference, if you need to inform people about changes.

    You mentioned frequently in the forums that 1PW Anywhere was going away. There was also a blog mention. I tend to agree with you about not emailing people, though others will disagree. But did you mention it on your Facebook and Twitter pages? If not, you should definitely have done so. Andy perhaps, when telling Mac news sites about 1PW for Teams/Families you should have taken the opportunity to mention that these offered alternatives to 1PW Anywhere which was due to go away.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @danco: I agree in principle, but each of these options seem flawed:

    • "Announcing" something like that on Twitter or Facebook means only people who've opted-in to those will see it...and of course it's easy to miss Facebook and Twitter posts. That would look like us "covering our asses" more than anything. Sure, we could say, "We did announce it! See?" It only helps those who happen to see it, which is no different to the legitimate criticism of those who found out by visiting this thread.
    • Mentioning 1PasswordAnywhere's end of life, had we known far enough in advance, in the context of 1Password Teams/Families, would have seemed either confusing (for those who don't know what 1PasswordAnywhere is) or opportunistic (to those who used 1PasswordAnywhere: "Subscribe to this because we're taking it away!")

    Better? Perhaps, but in each case there would be a lot of people it didn't help, and it doesn't solve the fundamental problem of 1PasswordAnywhere going away.

    I think we can all agree that we should have handled it better, but how that should have been done is highly debatable and fraught with peril, and that's precisely the problem. Were there a clear solution, we'd have jumped on it. But as far as I can tell, any choice we'd made would result in people being upset and us being sorry — and 1PasswordAnywhere not working in Dropbox. :(

  • nol
    nol
    Community Member

    See you do it again. You blame Dropbox for changing technology. Not one is arguing this. See it from customer side and get away from "old" and El capitain etc etc:

    1PasswordAnywhere = Web access

    You sold prodcut with web access now you charge more. You customers do not want 5 family members they want web access. Make you $60 / 5members and you have $12 for one member same like competition.
    Another repeating point: Informing your customers. You send out emails about security and information about you product, do not your customer deserve update about product change? This is no spam but information. It is same story with online banking. Do you want you bank to just cancel your access without information upfront? I do not think so.

    Another thing repeating is cost and hosting. Please why you try to sell us as dumb? We know how large our vault is, we know that storage is even for regular customer cheap. And for you it is even more cheap. But ok maybe it is cheaper to loose customer instead of keeping that customer with recurring money even if it is $12. I wonder how much different your product is to competitor.

    But I see now clearly what Agilebits now said, this is quote from you:

    And if 1Password Teams/Families doesn't provide a value to you, don't pay for it. You can use it read-only (similar to 1PasswordAnywhere) for free. Or don't sign up and never use it at all. It's your choice.

    I read as: We locked you vault without any information. Good you paid. Now pay more and you get back web access.
    And in addition: Read-only is useless in 1PasswordAnywhere you are able to put in new data.

    Is it really so hard for AgileBits to accept that they make a mistake? You should owne your mistake and look for solution and not bringing up old same story. You just go defensive mode saying it is debatable how you handle things. No it is not. Please read thru this thread and you see how wrong you are and what customers are looking for. But ok, just waiting until wave of anger is over seems like option as well.

    I am just happy I am not only one with you issue. I wish I had big blog or following and could post about this method. Yióu heare only couple of voice, only those which signe up here there are maybe many others not finding this post or just reading and hoping one will be able to switch on light at Agilebits. And just to make sure: Only people who love your product or love before are making heating discussione.

  • bens1password
    bens1password
    Community Member

    @brenty
    Thanks for the lengthy reply.

    Just to be clear, I was not berating you "for 1PasswordAnywhere no longer working in Dropbox." Products change, features deprecate. I know that. Rather, I was expressing my displeasure about how Agile handled it. You have apologized and I accept and trust that things will improve going forward. (What about putting a notifications widget in the 1Password app to communicate items of significance?)

    I'm concerned that you haven't really acknowledged that recommending that users allow local file access from their browsers without advising them of the security risks was a bad move. You can't assume that your users know much at all about computers and security. It's your responsibility to give them complete information so they can make informed choices.

  • tanwald
    tanwald
    Community Member

    @brenty

    You can use it read-only (similar to 1PasswordAnywhere) for free.

    Is it like that? Are items which are added or updated by apps synced to the account after the trial? If yes, I would say that this is fair...

  • AGAlumB
    AGAlumB
    1Password Alumni

    You can use it read-only (similar to 1PasswordAnywhere) for free.

    Is it like that? Are items which are added or updated by apps synced to the account after the trial? If yes, I would say that this is fair...

    @tanwald: A fair question, indeed! Your'e right. It is not exactly the same, as a "frozen" 1Password Account is truly read-only. You will not be able to make changes there. So it isn't a perfect replacement. It wasn't meant to be a replacement at all.

    However, if it were me, I'd simply sign up for a 1Password Account, add the most critical data to the vault, and then keep the account information for emergencies while continuing to use the same local vaults I'd been using previously. Obviously this isn't a perfect solution either, but I think in most cases we have a handful of logins (or other items) which we may need in such an event with long, strong, unique passwords already so that there's no need to change them. Since those live in a de facto "frozen" state already, having them in fact frozen in a 1Password Account makes no real difference.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @nol: You've chosen to ignore our apologies and willfully misinterpret our honest answers to the questions asked here. That isn't something I have any control over, so I'm not going to argue with you.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2016

    @brenty
    Thanks for the lengthy reply.

    @bens1password: You're most welcome! I just wish it were under more favourable circumstances.

    Just to be clear, I was not berating you "for 1PasswordAnywhere no longer working in Dropbox." Products change, features deprecate. I know that. Rather, I was expressing my displeasure about how Agile handled it. You have apologized and I accept and trust that things will improve going forward. (What about putting a notifications widget in the 1Password app to communicate items of significance?)

    Thank you for clarifying, and accepting my apology on behalf of all of us at AgileBits. The last thing we want is for anyone to have a bad experience with 1Password. We know what that's like more than anyone, and we go to a lot of trouble to shield the user from problems in the first place, or at the very least fix them quickly. In this case, we failed at the former, and while the latter is beyond our control, that doesn't change the fact that this is a big loss for a lot of people.

    Regarding doing better in the future, we instituted a notification in 1Password for iOS version 5 for update information, features, and news. It was universally reviled. We've since removed it. Maybe there's a better way of doing something similar. We're open to suggestions, but that experience is still fresh in our minds.

    I'm concerned that you haven't really acknowledged that recommending that users allow local file access from their browsers without advising them of the security risks was a bad move. You can't assume that your users know much at all about computers and security. It's your responsibility to give them complete information so they can make informed choices.

    You're absolutely right. I'm sorry for the oversight. Dave's original post was updated to mention the risk, but I'll be even more explicit: 1PasswordAnywhere is not recommended or supported. Moreover, enabling local file access in the browser is a security risk, as it could allow a malicious webpage (or a maliciously-modified 1Password.html) to be used as part of an exploit.

    In cases like this we're torn between the desire to help people use 1Password the way they want to and the risks associated with modifying browser settings (and it comes up with OSes too). But you're right that it's important that we send a clear message about the implications of doing this so that the user can make an informed decision.

  • nol
    nol
    Community Member

    @nol: You've chosen to ignore our apologies and willfully misinterpret our honest answers to the questions asked here. That isn't something I have any control over, so I'm not going to argue with you.

    1. Where is apology?
    2. AgileBits does not own this mistake so they do not know what to apology for
    3. I am not misinterpreting anything but you change story again and again. Also you blame dropbox for no working 1PasswordAnywhere if technology change you should keep up and not telling your customer he is stone old and does not know anything.
    4. You say new plan is expensive because of hosting 500kb vaults. I currently pay less a dollar for a lot of GB storage and LastPass shows that this is possible

    Ok let me try to list you once again what 80% of customers in this thread are all about.
    1. You did not inform paying customers about a feature which is getting removed even that you knew this before. You are saying: Sorry we do not want to spam people who do not use this feature.
    2. You have web access ready but do not give it to customers (only more money)
    3. You increase price for customers and say individuals should buy family plan in order to get web access
    4. There is no new feature for individuals (most do not need shared if no family)

    But ok maybe ignoring this facts and your customers or trying to change the story once again will work out for you. I am done with this. You showed us the company does not care and want to make us pay more for no new features and something we had for years.
    Good luck, you got at least one member less todaye and I will share my experience with this kind of handling issues you brought to customers.

  • ghamrihh
    ghamrihh
    Community Member

    For whatever reason, agilebits decided to stop supporting 1passwordAnyWhere.html, hence, no longer accessible this means you have come short with your customers who made the decision to pay for 1PW with 1passwordAnyWhere.html included. The idea of the families/work team is a big welcome, however, I see it came along at the account of the single user. What I am saying is taking 1passwordAnyWhere.html without replacing it with another free solution is not a fare deal! How can I access directly access my 1PW file since 1passwordAnyWhere.html is no longer accessible? You are saying Family Team is the answer, but if you don't pay the subscription it will be frozen i.e it will not be synced or updated which will eventually be useless!!

    I would like to recommend, if I may one of the following suggestions:
    1- The family team repository be open (operational) for single owners of 1PW Pro free of charge. This is as the replacement for the removal of 1passwordAnyWhere.html he/she will only be charged if he adds a single & up to 5 family members for a monthly fee that you consider it fare to you.

    2-It would be a a sweet gesture from AgileBits to invite all 1PW Pro owners
    to their own free web page 1PW as a replacement to 1passwordAnyWhere.html ( may rest in peace)

    I would appreciate agilebits favorable thoughts and considerations

  • tanwald
    tanwald
    Community Member

    Sooner or later AgileBits will realize that:

    • they cannot charge 4-5 times higher prices for subscriptions than competitors - especially not for users who already bought the overpriced perpetual license
    • they cannot remove top features for users with a perpetual license and force them into subscriptions to regain them
    • they have to offer plans for individual users like every other company does
    • they have to offer discounts for existing users when switching to subscriptions (follow JetBrains example)
    • their software is no rocket science and easy to replace
    • corporate identity is important for many people and people don't like greed
    • they should stop those embarrassing attempts to justify their decisions

    Follow the suggestion of @ghamrihh

  • dsjr2006
    dsjr2006
    Community Member

    I'm not one of these guys using outdated technology (seriously no smartphone or mobile device??) or joined using an unsupported platform (Chromebook) using essentially a workaround, but I would say that it would've been nice if maybe it was included in the release notes or something that the more technical users may read, maybe it was and I missed that.

    Also I think there should be maybe a $30/year individual team/family for web access instead of just a $5/mo for 5 people which many people don't want or need.

  • pier25
    pier25
    Community Member

    I have to say I'm very disappointed with you guys. Not providing a web based solution for your non family or team users is simply not right.

    I've bought 1Password for OSX, iOS, Android, and Windows. But if I somehow lose my phone when travelling, you guys are not giving me a way to access my passwords and so I can't access my email, or any of the services I need. Now I have a Chromebook and I can't access any of my passwords either.

    At the prices of your software the least thing you could do after all this 1PE massive fail would be to offer some form of hosting for the 1PE html version. Integrating S3 with your clients would be trivial and S3 storage costs close to nothing. I've spent close to $100 buying your software and I'm sure you can afford at least that.

    For now I'll be hosting an unsynced version of 1PE on my own server and syncing manually. But this is less than ideal, and this is something you should be solving if you care about your customers.

    Like many others, if Agile Bits doesn't solve this quickly I'll be moving to the competition which is cheaper and offers a solution to the problems exposed before.

  • ghamrihh
    ghamrihh
    Community Member

    Greetings to all my 1PW fellows
    Any plans, or ideas, options? as what to do next after agiltbites failed us?

  • fdavis99
    fdavis99
    Community Member

    This totally screwed me. I'm on vacation, using my wife's computer because we didn't want to bring two machines. . I purposely don't have a smartphone*. I have relied on the ability to occasionally login to 1passwordanywhere when I'm traveling, on a friend's machine, etc. Today I discovered I no longer can -- and you didn't send any notification about this change! This is a major break for me, and I am very unhappy that you didn't send proactive warnings. I no longer can do anything on this entire trip, because I need those passwords.

    I am not interested in paying for Families -- I'm the sole user in my family, and I paid for 1Password with all its features. I think if a major feature is going to disappear you owe it to users to:

    1. Notify everyone with plenty of advanced notice.
    2. Offer an alternative solution that doesn't require buying a new product. I'd be willing to pay $10 or so, but more than that seems usurious.

    I'm a very long-term, loyal 1Password user (I remember when i was "1 Password"!), a beta tester, and have given you the best feedback I could in the past. I hope you'll find a way to make me and everyone else who uses 1passwordanywhere whole. I wish you could salvage this trip, but it's too late, on a long weekend...

    Sorry to say, but LastPass is looking pretty attractive -- great price, works anywhere... I'll be looking into how to transfer everything over if you folks can't do better. I would be truly sad to leave 1Password.

    --Franklin

    • I worked on mobile web for 10 years at Nokia, before there was a mobile web, when I was telling the story of how great it would be. I've been excited to see it take off, but personally I have found that being online all the time interferes with my quality of life. With ADHD I tend to get "hyperfocused" on any activity that's dynamic, stimulating. The web is a perfect storm! I've found much freedom and peace -- not to mention all the newly available time! -- since I gave up my smartphone. A difficult choice, but for me the benefits outweigh the occasional inconvenience and the loss of constant entertainment and connectivity. I'm happier being connected to Nature and the people I'm with than getting lost in the virtual world. Ten hours/day on a computer at work and an hour or two at home (then my computer forces me off -- same reason) is plenty.
  • fdavis99
    fdavis99
    Community Member

    ++@tanwald. Like s/he said.

    Your tone around these kinds of issues has often sounded defensive (when you push upgrades without deeply discounting loyal users). I have always appreciated that your license is (mostly) perpetual -- there's NO WAY I'll pay for a subscription plan. I need to keep my monthly budget in control, and every little subscription adds up. There are so many free solutions to cloud storage and access, it's absurd to charge for hosting.

    • One time I was frustrated that beta users, who contributed a lot of time towards improving a new release, were charged full price for the upgrade. One of your kind employees gave me a free license directly -- but really, shouldn't you have offered that to all active beta testers? If you DELIGHT your customers, surprise them with how great you are, you will develop a much more loyal base. Somehow your upgrade pricing has never felt generous. I suggest a little market research into how your customers perceive various of your offers and actions, and maybe experiment with different models. Don't be like Intuit! They absolutely suck at this, and finally I abandoned them when the new year's Turbotax cost the same but was missing major functionality.
  • pier25
    pier25
    Community Member

    In cases like this we're torn between the desire to help people use 1Password the way they want to and the risks associated with modifying browser settings

    @brenty there is no need for people to allow a browser to access local files from Javascript.

    Just integrate S3 in your clients. This is so easy and cheap to do, that I'm baffled as to why you haven't already done it to solve this massive 1PE fail.

    If you are afraid to cannibalise sales from your family and team products, guess what? If you don't solve this, your users will be migrating to LastPass. How is that for cannibalising sales?

  • @pier25,

    Thanks for the suggestion, but I'm not sure I agree that would solve the problem. There are a few reasons folks were using 1PasswordAnywhere, and most of them revolved around the fact that the device they wanted to access it from did not allow for them to install software. If they could, they could just install the 1Password application and sync via Dropbox or iCloud.

    Perhaps I'm missing your point, but I don't see how adding S3 support to 1Password would solve the problem of not being able to install software.

    Ben

  • s4nji
    s4nji
    Community Member
    edited May 2016

    Perhaps I'm missing your point, but I don't see how adding S3 support to 1Password would solve the problem of not being able to install software.

    Sync/host user vaults to an s3 server paid by AgileBits, then give the user web access to the vault that allows the use of 1PasswordAnywhere interface.

    This solves the problem of not being able to install native 1Password client to access the vault contents, as you only need a webbrowser to use 1PA.

    I believe this is what @pier25 meant.

  • pier25
    pier25
    Community Member

    I believe this is what @pier25 meant.

    Yes, exactly.

  • danco
    danco
    Volunteer Moderator

    @fdavis99

    Somehow your upgrade pricing has never felt generous.

    While I understand (and more or less agree with) most of your post, I don't understand this. There was a paid upgrade fro version 3 to 4, at half the full purchase price (which is common), and then 4 to 5 and 5 to 6 have been free. This strikes me as more generous than most upgrade policies.

  • tonydow
    tonydow
    Community Member

    @pier25 @s4nji Syncing to an S3 server would seem to be a logical move as I believe Amazon servers are also being used to host Teams/Families. However, would an S3 server not have similar issues to Dropbox. There must have been a configuration setting or something that changed at Dropbox which stopped 1PA working on their platform so would an S3 server not need to configured specifically for 1PA as well? I may be way off the mark but would be interested in your thoughts. Tony

  • tonydow
    tonydow
    Community Member

    Although I addressed the previous post to two users, I would welcome comment from support staff as well.

  • prime
    prime
    Community Member
    edited May 2016

    I'm reading this and I seriously don't get why people are complaining so much. 1Passwordanywhere was a perk, and you didn't pay for it. They said a few times that Dropbox changed stuff and it was beyond their control. They also said it was outdated, and personally I don't want to use outdated software. I actually switched to OPVault a little bit ago.

    My reasons for switching to OPVault:

    • Better security. My logins aren't out in the open in Dropbox.
    • It's more updated software
    • Keeps me from logging on a unfamiliar computer, one that can be taking my info

    "their software is no rocket science and easy to replace" then make one yourself and sell it

    "overpriced perpetual license" then why did your buy it, if you though this?

    For the people who said they used this as a back up in case their phones, laptop, or whatever broke. I'm sorry, you can download the computer version for free for 30 days on another computer and export your info. The file in Dropbox works across platforms also. If your computer breaks, phone breaks, and tablet breaks all at the same time, chances are you'll replace at least one of them. So download a free version of 1Password to get your password until you're 100% up and running.

    For those who are comparing Lastpass to 1Password on price. What's your point? If you don't like it what you have, more on. There are also free stuff out there.

    You also can't compare Amazon servers (something someone pays for) to Dropbox (free).

    I do not work for 1Password, and I am also not a fan of the 1Password for families. A selling point of of 1Password was I have control of how I sync my data. I can use Dropbox, wifi, iCloud, and others.

    Again, this was a perk, and you didn't pay for it.

    I apologize for my rant here.

This discussion has been closed.