Moving Beyond 1PasswordAnywhere discussion
Comments
-
"their software is no rocket science and easy to replace" then make one yourself and sell it
I'm not interested in writing that kind of software and I don't have to because other companies/organizations have already done so. I wrote a free 1Password client for Linux though. I'm not complaining about missing alternatives. I'm complaining about the attitude of a company.
"overpriced perpetual license" then why did your buy it, if you though this?
...good marketing tricks, good looks and too short research. Until now I had almost everything I needed - except for a Linux client. For the sake of comfort I was willing to pay too much. Now I'm angry because I payed too much for something that doesn't satisfy my needs any longer and have to read psychedelic, self-praising release notes how awesome everything and everyone is. This just does not fit together.
0 -
I am in the same camp as many other people here.
I have a "locked-down" laptop for business, and have used the 1PasswordAnywhere interface for the past 2+ years as the way to get access to my passwords when using on my laptop. I travel quite a bit, and it is just not feasible to use my iPhone and copy over all my passwords. I would access the html file on dropbox, launch web interface, and grab the password I needed. Wasn't a pretty interface, but it worked reliably as long as I have access to my dropbox account.
Now, I am totally stuck.
What do I do?
How can I access my dropbox 1password.html file and get the good old web interface?
I don't want to purchase a 1Password for Families account for $60 a year just for this...
I can honestly move to LASTPASS for a LOT LESS..
But I don't want to.. I've invested 2+ years and hundreds of passwords into 1Password.
Is there any way to get this functionality working for IE and Chrome for a locked-down laptop?Michael
0 -
Add me to the list of disappointed with 1PasswordAnywhere going away, the lack of communication, and reasonable options.
Like others, I use 1PasswordAnywhere at work where I cannot install software and cannot use a USB device. Yes, I can use my phone to look up and retype the passwords, but that is a pain. And, the suggestion from Megan that "wordlist passwords can be just as secure as the character-based ones" is concerning from a company that I trust to maintain my passwords. Using passwords from a predefined list is NOT as secure. (see https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html)
I've been a 1Password user since March of 2011 and have loved the software and upgrade multiple times from version 3 to 6 on the Mac, but will need to look elsewhere for a solution that meets my needs. The fact that you think "1PasswordAnywhere simply isn’t required here anymore." is just incorrect for many users.
0 -
And, the suggestion from Megan that "wordlist passwords can be just as secure as the character-based ones" is concerning from a company that I trust to maintain my passwords.
They absolutely can be. As Schneier himself says, "Trust the math."
The strength of a password creation system is not how many letters, digits, and symbols you end up with, but how many ways you could get a different result using the same system.
1Password does not actually use the Diceware word list, but rather our own word list which is over twice as long (18,435 words currently vs. 7,776 for Diceware). So a 5-word passphrase generated with 1Password has about 71 bits of entropy (log2(18435) * 5), rather than 65 for Diceware (log2(6777) * 5).
A randomly generated string of characters has greater entropy than a wordlist password of the same length. But wordlist passwords are really useful for passwords you need remember or type.
When calculating bits of entropy in a wordlist password we look at each word rather than each character. This is because we must assume that the attacker knows the system used to create any password.
estimate trusty palmate employ chancel
≈ 70.85 bits of entropy (14.17 bits * 5 "symbols" (words in this case))~h6'l@vm/a?WX*@&p<{d~M&Ag
≈ 163.875 bits of entropy (6.555 bits (94 possible printable ASCII characters) * 25 symbolsIf you don't need to remember the password (pretty much any password except your Master Password) then a string of printable ASCII is much better. However, if you need to remember or type the password, wordlist is much better. To get a password roughly equal in strength to that wordlist password, you could use an 11-character password composed of random printable ASCII characters (instead of the 25 characters used for comparison above).
6.555 bits of entropy * 11 symbols ≈ 72.105 bits of entropy
I don't know about you, but if both of these passwords provide about the same bits of entropy, I know which one I'm choosing to remember:
estimate trusty palmate employ chancel
vs.6pKZv;j]@i3
The point is that a wordlist password is much easier to remember and type. The comparison becomes even more clear if you are only using lowercase letters and numbers rather than all printable ASCII characters. In that case you would need to have a 14-character password (5.170 bits of entropy per character).
estimate trusty palmate employ chancel
vs.wl7th4ci9js8ezi
And remember that the words and characters need to be truly random. Human brains are not sufficiently random. :)
Of course, this is pretty far off topic in this thread. I'd be happy to continue it if you'd like to create a new thread.
0 -
Now if only khad put that much effort into a post explaining how we can still access 1Password passwords remotely without spending ANOTHER $60 after we spent so much purchasing 1Password for multiple platforms.
0 -
And how about when a password needs to be secure while also combining letters number and special characters? Pass phrase in this case wouldn't really be feasible..
0 -
Getting back to the topic of this thread, Dave Teare stated in his original announcement that there are now better alternatives to Anywhere which is undoubtably true and implied that Dropbox could no longer support it. Dropbox advise me that they have not made any changes that affect html files. In a statement on the Dropbox forum, Eva Schweber (Agilebits) says "....we have eliminated 1Password Anywhere.......". Yes, things have moved on but that does not mean that 1PA does not still have place. WHY was it 'eliminated' other than because there are now other options, some of them paid!
0 -
Dropbox advise me that they have not made any changes that affect html files.
@tonydow: Of course Dropbox doesn't prevent you from storing HTML files.
However, as you're aware, 1PasswordAnywhere isn't a mere HTML file. If it were, this would be a much shorter discussion, and using it would be trivial regardless of the browser or storage location. But you know that's not the case, otherwise having it no longer work in Dropbox would just mean you'd host it somewhere else — anywhere else. But it isn't that simple.
The way that 1PasswordAnywhere works — the reason we're having this discussion in 2016 instead of years ago — is that it loads other files (including keys and individual items) in order to decrypt and display the contents of the vault. Previously, browsers let this happen without restriction. Many (myself included) stored the AgileKeychain on a removable drive to take with us. But in the intervening years (since it was introduced in 2009), most major browsers no longer allow a webpage to access data stored locally on the computer.
That was the first major blow, and the reason we all moved to Dropbox for our 1PasswordAnywhere needs in the first place: Dropbox hosted the data for us, so it could be loaded from the server; loading it from the local filesystem was no longer allowed by the browser. That brings us to 2016, and you can probably guess the next part: the Dropbox website no longer permits external files to be loaded from their server, so when you request
1Password.html
, that's all you get (noencryptionkeys.js
or.1password
files). So at that point 1PasswordAnywhere becomes just a hypertext UI with no data to display.Yes, things have moved on but that does not mean that 1PA does not still have place.
It really, truly does, in any practical sense. Since Dropbox was the last (easily accessible) bastion of hope for using 1PasswordAnywhere (see above), it still exists, but is effectively dead — for everyone but those among us who are willing to host their own data, and that isn't really a reasonable solution for most people. Is it possible? Sure, but that's really splitting hairs. But you don't have to take my word for it. Just read some of the earlier comments regarding the possibility of self-hosting. It isn't a popular alternative.
I hope that helps clarify the history of 1PasswordAnywhere to put things in context. Let me know if you have any other questions!
Now if only khad put that much effort into a post explaining how we can still access 1Password passwords remotely without spending ANOTHER $60 after we spent so much purchasing 1Password for multiple platforms.
@babyjeans: Please see above. It's possible, and it's been discussed here already, but what _isn't _ possible any longer is using Dropbox to make it easy.
And how about when a password needs to be secure while also combining letters number and special characters? Pass phrase in this case wouldn't really be feasible..
@Nathan_infinity: Any website serious about security will be taking any input you give it, salting it, hashing it, and then storing the salted hash regardless of the length or composition of the original password, so imposing artificial restrictions doesn't improve security — it's just a nuisance for you trying to meet their requirements when you can have 1Password make a perfectly random password for you without blinking. But of course you also can have the Strong Password Generator include symbols and digits. The only reason not to include these is, sadly, if they are restricted by the website's password policies.
0 -
Like many others here, I'm terribly disappointed that 1passwordanywhere was dropped without any warning and without a reasonable alternative provided. I found out the hard way, on a shared workstation in a conference room where I needed to access several sites to present information to my team. I opened dropbox, clicked on my 1pwa html file and...nothing. I have the app on my phone but as others mentioned it's awkward and inconvenient to rekey long convoluted passwords. It also defeats the purpose of having 1password, no?
The reality is that I frequently use other machines whether at work, at a client site, or in my personal life where it is inconvenient at best, or impossible to adjust the browser settings, etc., as suggested here. So, after reading the first two pages of comments on this forum and still not seeing a reasonable solution, I think it's time to research the alternatives. It's a shame because 1password works pretty well most of the time.
0 -
For the people who said they used this as a back up in case their phones, laptop, or whatever broke. I'm sorry, you can download the computer version for free for 30 days on another computer and export your info. The file in Dropbox works across platforms also. If your computer breaks, phone breaks, and tablet breaks all at the same time, chances are you'll replace at least one of them. So download a free version of 1Password to get your password until you're 100% up and running.
@prime how are you going to access your dropbox files without your password that is stored in 1Password?
If I wanted to remember passwords with my brain I wouldn't be using a password manager.
0 -
However, as you're aware, 1PasswordAnywhere isn't a mere HTML file. If it were, this would be a much shorter discussion, and using it would be trivial regardless of the browser or storage location.
@brenty but it could be a simple HTML file if you wanted to.
You could put every bit of JS and data in a huge
<script>
tag. Even images with Base64 encoded strings.0 -
@pier25 you say
how are you going to access your dropbox files without your password that is stored in 1Password?
If I wanted to remember passwords with my brain I wouldn't be using a password manager.My response is that I actually use 2Password or 3Password, not 1Password. That is, my AppleID password (for iCloud) and my Dropbox password are diceware passwords that I can easily remember, just as my master password is something I can easily remember.
On the whole I think there are enough occasions when one of these may be needed without 1PW being open that it is worth the xtra effort. But I haven't yet found any reason to remember passwords beyond those.
0 -
My response is that I actually use 2Password or 3Password, not 1Password
@danco sure that works, but the whole idea of 1Password falls apart.
Hey AgileBits, we've got some great answers as to why 1PA doesn't work with Dropbox, or why wordlist passwords are secure. But this has been going on for months and we still don't know the most important thing. Are you going to solve this yes or no?
0 -
sure that works, but the whole idea of 1Password falls apart.
Not really, it's only one or two extra passwords. All financial records, social media, and everything else is kept in 1PW. It's only one or two that need to be kept available outside 1PW for safety. And diceware makes it very easy to remember those.
0 -
@pier25: I'm not sure what you're suggesting can be solved here. We can't make 1PasswordAnywhere work with Dropbox in modern web browsers. The only solution that involves 1PasswordAnywhere is using it locally in a browser that doesn't enforce these restrictions.
Not really, it's only one or two extra passwords. All financial records, social media, and everything else is kept in 1PW. It's only one or two that need to be kept available outside 1PW for safety. And diceware makes it very easy to remember those.
It's sort of like putting your safe in the basement. If there's a lock on the door, you'll need the key for that too. ;)
0 -
@prime how are you going to access your dropbox files without your password that is stored in 1Password?
How do YOU access you 1PasswordAnywhere in Dropbox if you don't know your password? If you don't know that password, how will you get into Dropbox then if device fails? you CAN'T get into dropbox at all then, right? 1PasswordAnywhere is useless to you at this point. You using 1PasswordAnywhere as a back up in case your devise fails, just failed because you don't know the password to Dropbox because it's on 1Password...
I have mine protected for this.
- I have 4 things with 1 password, the chances of all 3 things failing me at the exact same time are VERY slim.
- My wife also 4 things as well (2 are common with mine), and she has the password for Dropbox also
- I also have in my house hidden a piece of paper with the log in info and the recovery code for Dropbox. I do not have what it's for on the paper (we know what it's for). If someone breaks into my house and robs me, I HIGHLY doubt they are looking for that 1 piece of paper, and I have other issues if my house gets broken into.
As I said, you can download the free versions to get you data from Dropbox, and your 1 Password licenses are in there, you're set then. Now if you don't have you Dropbox password saved somewhere as a back up...
0 -
RE the password and Dropbox post:
As for me, I use Dropbox only for 1Password. Nothing there so I am able to remember this password. (Note: I am user Google Drive so need for me for Dropbox).
With thise solutione I am very flexible. I only need to know two password, Dropbox and my Masterpassword.But we get it, you do not support Dropbox anymore. We are now looking to your solutione you come up with.
Soltuione is already there: Web Access without using device key ( how should I access it on public PC???)Instead of device Key, try yubikon like some others.
Or make real 2FA without device key, in that case I could store 10-20 backup codes in a file on dropbox and use it to login to webpage.I even look at Dashlane, more expenive then LastPass but cheaper then 1Password (another competitor one which can make this offer).
When is there official word by 1Password about this issue beside closing announcement and moving this comments to new post. I think it is another mistake since we are discussing announcement. But maybe if not each day a new post is here, it does not show up on top of forum and maybe it get forgotton or not seen my visitors first.
Please 1Password, we need clear and official word what you are going to do with individual users that need web access. No need for forum support with same old story trying to make us look dumb.
I thaught I was only one with this issue but as you see, I am not only one, many people.
There is long long talking back and forth, 1Password justifing and not owning the issue of not coming up with affordable individual user solution, forum support trying who has no understanding for needs but to make customers look dumb - and the customers begging the company to come up with a solutione.
0 -
How do YOU access you 1PasswordAnywhere in Dropbox if you don't know your password?
@prime Because I obviously know my master password. That's the point of 1 Password, isn't it?
I have 4 things with 1 password
Congratulations. It seems you are unfamiliar with the concept of cloud computing where data should be available even in the case of hardware failure.
I'm not sure what you're suggesting can be solved here.
@brenty it's very simple and I have already described it in previous posts. There are many ways you could solve this if you wanted to, but here is one way:
1) S3 hosting of 1PA
Agile Bits host our 1PA keychains in S3 (since I know you are already in AWS). It would cost you cents per user in hosting costs. You can afford a few cents after selling licenses at $64.99. Even more when you consider a user will need to buy multiple licenses like I have (Windows, OSX, Android, iOS).2) Fix the HTML of 1PA
You can make 1PA much better by simply embedding all the data in a single HTML file so that users can simply download that HTML file and run it locally without the need for complicated and insecure browser configurations. This is trivial to make. And while you are at it, please update the HTML to be responsive for mobile devices. I have complained to your support about this since 2014.Both of these points would be trivial to implement and it would cost cents per user license in infrastructure and development.
1PA was one of the features that were in the software I paid for. 1PA doesn't work anymore because it was a quick and dirty solution that relied on an external provider to save you a few cents per user. Now it's your responsibility to solve this properly.
So I ask again. Are you going to solve this? Yes or No?
0 -
@pier25 you missed the whole point. How do you get into 1PasswordAnywhere IF you don't know the password to Dropbox? That's all you got out of that? 4 devices?
To get into 1PasswordAnywhwre you need to know the password to Dropbox. As I said, I have my login on a piece of paper hidden in my house for an emergency. I highly doubt if I got broken into, the would take that piece of paper. Apparently you missed that, and just saw "4 devices". Why anyone wouldn't have an emergency plan is beyond me.
If your an expert on pricing, how about you make your own password manager and charge what you want to people.
0 -
I am bummed and at the same time don't find above alternatives acceptable.
At the least, agilebits should have rolled existing users free to 1PasswordFamilies.
This is just not great leadership or business strategy, I don't think it would do any good to existing 1Password's client base.If I have to spend more money, I will better spend that coin with other company product, company whom I can count to stick with me for longer term.
Sorry AgileBits.
0 -
This was a perk that we didn't pay for. Kind of like a company I use to work for, a perk was I got to take my truck home for work. One day they stopped it. Was I unhappy? Yes, but I moved on.
0 -
This was a perk that we didn't pay for. Kind of like a company I use to work for, a perk was I got to take my truck home for work. One day they stopped it. Was I unhappy? Yes, but I moved on.
It was NO perk, it was feature which has been advertised. It was one of the reasons many of us bought. A perk is a free upgrade but not adverised feature.
Please read whole thread. You moved on because you do not have big need for it but others depend on it daily which is whole different story. If this does not have impact on you, please do not try to justify things - because it is not related to you.
We do not have any other option to move on, only:- pay more for no more features (and still keep logged out with there web access since we now need device key in addition)
- move to competition
- or stay logged out
0 -
At the least, agilebits should have rolled existing users free to 1PasswordFamilies. This is just not great leadership or business strategy, I don't think it would do any good to existing 1Password's client base.
@nishblue: That would be a terrible business strategy: to spend a lot of time and money building something new and give it away for free. We're not selling something else (like our customers' personal information) to make up the difference. Sure, it would make you and me both feel really good if 1Password were free...until the next time something needed doing and there was no AgileBits around for that. :unamused:
If I have to spend more money, I will better spend that coin with other company product, company whom I can count to stick with me for longer term. Sorry AgileBits.
You should absolutely choose whichever tool best meets your needs. No argument there. But I think you'll be hard pressed to find other software from 2009 that still works the same today as it did then — or many companies that have given away 2 out of 3 major upgrades in that same time period away for free.
0 -
It was NO perk, it was feature which has been advertised. It was one of the reasons many of us bought. A perk is a free upgrade but not adverised feature.
@nol: I'm sure we've advertised somewhere at some point, but I can't think of it off the top of my head. We generally don't advertise at all, and we definitely didn't take out an ad for 1PasswordAnywhere. That would just be crazy. It was a cool piece of technology, but not something that would even make sense to most people outside of this discussion — much less as part of some advertising campaign.
We do not have any other option to move on, only:
- pay more for no more features (and still keep logged out with there web access since we now need device key in addition)
- move to competition
- or stay logged out
That's right. Those are the options. And yes, we charge for our products, and we're proud of that. We believe in charging sustainable prices so that we can continue developing our software and supporting our customers. Otherwise there would be no one here to listen to what you have to say.
We also don't advertise free updates for life. I know many apps that did which are no longer being updated or supported because the developers needed to get paying jobs; and I know plenty of free apps which sustain themselves by selling customer information. We don't do that either....even though we give away a lot of them.
I appreciate that you want us to create something that doesn't have the same constraints as 1PasswordAnywhere to replace it, but this isn't the 24th½ century and we're not able to work for free:
"I do the job. And then I get paid." — Cpt. Malcolm Reynolds
I doubt that anyone expects you to do more work for them for free because they paid you once in the past. Yet we work every day to improve 1Password. However, a single purchase doesn't entitle someone to receive every new product we make in perpetuity. It can't. That just isn't sustainable, and I can't imagine you work for free either. 1Password Families/Teams is a new product and either it's
A
worth paying for because you appreciate the value you get out of it, orB
you don't feel it's useful enough to pay for and then it shouldn't matter to you.I'm sorry that 1PasswordAnywhere doesn't work the way it used to. That sucks. But let's not confuse matters. Being upset is understandable, but you're being unreasonable. There's a big difference between the two. And expecting us to work for free isn't reasonable, especially if you're not willing to yourself.
0 -
@brenty
Why Do you try to put me in a light which is no correct?
I never said you should work for free. I also did not said updates are free for life. Also you are making things way more up than they are. I did not said you made a big billboard ad. No. But when you list a feature to a product you sell, you advertise it right? If you display that product on your webpage to sell, you advertise it to your visitors to buy it correct? Please stop trying to put me low or whatever this is. You all try to tell me I'm living in the past, etc etc
And I am unreasonable? I said I would pay for it but a reasonable price. Expecting individuals to pay for 5 is not fair. Forcing people to choose new plan, unsecure solutions or move to competitor is reasonable? Sorry, if you could put yourself for one time in the shoes of your customers, you might understand it but it is not possible. Customer support should always be able to see both side but you do not see it. But that is ok.
Working for free? You are getting paid $60 for the stand alone version and $60 a year for families. Why do you expect individuals to pay for 5 people? Is this not unreasonable?Regards A:
I am individual, what benefits do I have?Regards B:
It does matter because I lost a feature do not you see this?Anyway, let me ask different way:
- Why is there no official word about individuals?
- What are your plans for individuals?
- Why can not your customers have a one seat plan for the fifth of your family plan?
- Why is there no ackknowleding of issue?
- Why is 1Password the most expensive solution on the market? (it was not until you force us to family plan as individual just to get back web access) Is there a comparison chart for your existing customers which you currently leave in the dark? We would love to see which more value you offer.
- So the final word is: No plan for individual and if we rely to Anywhere we have to use unsecure solution or upgrade to a plan which does not fit us, is this correct?
Once again, you see in this whole thread and related to the announcing topic views etc that this topic has more people interested in as you might think. It is not only about me, I might be only the loudest one here. I just can not understand why 1Password makes it so hard and does not see what customers need.
Please, if you are going to reply to me, please do not change my words and story again, I am not doing the same with you.0 -
To get into 1PasswordAnywhwre you need to know the password to Dropbox
@prime no you don't. You could put 1PA in your public folder which is the only folder you can access from a browser. And that is the whole point of 1PasswordAnywhere.
This was a perk that we didn't pay for
Maybe you didn't, but I (and many others) paid for that feature. Instead of developing a proper web based solution, AgileBits relied on Dropbox to make that work and save a few cents per user.
Since @brenty or the rest of the team have refused to comment on what I've said a few times I will assume that it's simply not in the interest of Agile Bits to solve this problem.
Have fun, I'm moving to LastPass.
I have wasted too much time and money on 1Password.
0 -
AgileBits team: Thank you for remaining engaged in this conversation. Although the discussion can be frustrating at times, it's important for your customers to know that you remain invested. I have just one question left...
When can we expect an update on the possibility of a 1Password Families equivalent product geared toward individuals?
On April 15, @dteare mentioned that "it is certainly something we are considering." Then on May 4, he stated, "We want to officially launch Teams and complete our Windows support before revisiting individual plans."
Can you give us an ETA on when you'll have some news for us? I'm trusting that we will get some sort of update from you, even if the news is, "Sorry folks, an individual plan just isn't in the cards." But of course we can't just wait around indefinitely...
Thanks,
Matt0 -
I felt the need to add my two cents to this conversation. I may have signed up to the forums today but I've been using 1password since December 2012 and have been very happy with the product till this point in time. I've bought 1Password 3 on Windows and Mac, then bought it again when 1Password 4 was released. I have also purchased the software on both iOS and Android. I have also advocated its use to people that I know. I can count the software I have recommended to people over the years on just 1 hand as I rarely go into bat for a program that costs me money. I figure I'm not being paid to advertise your product so why should I! And yet, 1Password is a rare exception to that rule because its so gosh darn useful in today's online world.
But assuming a suitable alternative is not offered in due time to 1passwordanywhere I will no longer be recommending the product to people I know and will be looking at alternatives for myself when you inevitably decide to charge for a new release of the software (or switch fully to a subscription based model as is my guess you will at some point down the line)
1passwordanywhere was a very useful bit of software that I don't use all that much but when I did need it, it was a lifesaver. On a foreign computer that I didn't want to install 1Password onto? No problem. Using Chrome OS or Ubuntu and needed my passwords? No problem; it had me covered. Now I'm not covered and hence this software has lost some usability for me. 1Password for Families is not a suitable replacement. Expecting existing customers who were happy with the status quo and don't require the added features that Families provides to pony up $60 a year to keep their software working as is is asking far too much money. When competition can offer the same kind of portability that Families provides for a 5th of the price its simply a dumb decision to continue to use it.
I can understand AgileBits looking at it and not wanting to support it anymore if it was a clunky bit of software to begin with and Families or Teams brings them in money while 1passwordanytime did not, but by going down this path you are not making 1password a good value proposition for the Individuals that use your products.
0