Why sign up for a 1Password membership?
Comments
-
@brenty - No offense to Samir, he was under relentless pressure from Peter. But it does feel good to be a gangster.
@prime - Now your just baiting me. You mean the same AWS that broke the intertubes twice? Let's hope it's not number 3 when you need your data.
@khad - This is the only part I'm confused about having not used it, is there not a locally cached blob?
0 -
There is. Even if we are abducted by aliens, 1Password users will still have their data. See @jpgoldberg's reply here for more details on data availability:
https://discussions.agilebits.com/discussion/comment/365497/#Comment_365497
0 -
@allanster what are you talking about? Yes it went down, and I still had my data. They only issue was sycnying. Big. Deal. iCloud also uses AWS, so my contacts, and others services were not syncing either. I still had my passwords, I still used 1Password without an issue, and I was fine.
0 -
:+1:
0 -
I'm still on the fence whether I am going to leave Agile as a customer. I went ahead at work and purchased a standalone for a C-level who had an immediate need for storing some sensitive static info only because I haven't taken the time to properly evaluate the alternatives.
Judging from the past threads doesn't bode well. I have this fear I'm going to wake up some day and need to push a wlan sync from my standalone to my IOS version and that option is going to no longer exist because Agile has decided for me that I don't want to do this and has removed the feature in the latest IOS update and I wasn't aware they had when I updated it.
This is a justifiable fear based off threads I've read of people wondering what happened to unrelated feature of sharing records between phones. I saw customers stating they were going to not ever update their IOS app and maintain a 2nd older version on their desktop so that they could retain this feature. How's that for improving security and convenience?
In the laudable goal of wanting to improve and enforce customer security you are actually doing the opposite. Users want options not another mommy. Now some users are taking risks by not updating (patching) so they can retain features that they decided were worth having and the convenience outweighed the risks in those methods of sharing. These types of decisions should be left to the user not your company. It's fine to educate and warn with dialogs but just exactly who do you think this data belongs to anyway?
What's next? I can no longer export plaintext to move to an alternative because that data may be intercepted. Or I can't print a record because it no longer meets your definition of an acceptable user behavior because you've deemed that too risky as well.
It's fine to include seat belts and air bags but if I want to drive recklessly and endanger myself and others that's really my decision, not yours. Whether I purchase or rent the vehicle, your liability/mothering should and needs to end when I drive off the lot.
I will say in defense of some complaints on the increased standalone pricing, it appears to have rolled all previously available options into this one purchase, it includes mac/windows, new and previous versions, and reads that you may install on as many as you like. So this appears to be dual platform family license and I think is a fair price for what it is.
For those looking for the standalone, licenses can be purchased here: https://agilebits.com/store
0 -
Actually, the only times we have removed features was because of security concerns. I think our track record speaks for itself, but I can also tell you unequivocally that we don't have any plans to remove WLAN Server. So saying that you could just "wake up some day" to find it missing is a bit silly. And indeed, you're entitled to behave insecurely if you want to, but you really don't need help from 1Password to do so. That's always been possible, and there isn't anything 1Password can do to stop it; it's just here to offer an alternative for those who want it.
0 -
Hi, @allanster,
I would like to follow up on @brenty's comment that we remove features for security reasons.
Individual item sharing
I was the one who is most responsible the (temporary) removal of individual item sharing a year ago. And it was removed for security reasons. It was, as implemented, something that did not live up to our security expectations. The question was whether we wait until we had an alternative in place or kill it earlier. We killed it earlier. We still don't have an alternative in place for sharing outside of a Team or Family, and even with what can be done in Teams or Families, we don't really have anything that works for individual items.
1PasswordAnywhere
1PasswordAnywhere's days were numbered as soon as browsers (for security reasons) did not allow loading arbitrary local files. This was a long time ago. This meant that (for the overwhelming majority of users) it was only useful when using via Dropbox. Just as browsers had stopped allowing loading of local files, Dropbox was doing the same (for the same reasons). For example, suppose someone shares an HTML page with you on Dropbox that reads some private data that you store on Dropbox. Dropbox correctly blocked that kind of thing, but made exceptions just for us so that 1PasswordAnywhere would continue to work. But they weren't going to keep that up forever.
We started to phase out 1PasswordAnywhere with the introduction of OPVault more than four years ago for other security reasons. First of all, someone who gains write access to your Dropbox data could create a malicious version of the 1Password.html file (or the JavaScript it loads). There were other potential attacks on it that were unique to 1PasswordAnywhere, and so we tried to reduce dependence on it over a period of years. And again, we did get rid of it it before we had a suitable replacement for most people. 1Password accounts for Individuals was still a ways away when 1PasswordAnywhere was done away with.
Bookmarklet
The 1Password Bookmarklet was also killed for security reasons. Once iOS 3 allowed copy/paste from third party apps, we were able to offer some alternative, but far from a complete one. But our alternative was much more secure than the 1Password Bookmarklet. We were only really able to get all of the functionality of the bookmarklet when iOS 8 allowed for Share Extensions in mobile Safari.
Responsible choices
All three of those cases are instances when we offered features through mechanisms that were less than ideal in terms of security because we knew that people needed them. And we knew that doing it "right" might take years. So those features could be seen of as temporary hacks in the worst sense of "temporary." They were to be replaced by more secure alternatives. In some cases, the timing of those replacements were under our control and in other cases they weren't. Likewise sometimes the timing of the killing off of the temporary measures was fully under our control and other times it wasn't.
In all of those cases we moved from something that was substantially less secure to something that was more secure. But anytime we kill off a feature this way, we are adversely affecting the work flows of some people who have come to rely on those things. Customers are understandably upset. But when X has known security problems that a partial alternative Y does not have, then discontinuing X and steering users to Y is the responsible thing to do for security, even if gets people angry at us.
0 -
@brenty - Thanks for reassurance on WLAN server, that does help in deciding on continuation of use.
@jpgoldberg - I appreciate the efforts taken in striving for perfection in an ever shifting landscape. I do realize it's never easy.
0 -
Absolutely. It would truly be a shame to remove it unless there's a really good reason. We put a lot of work into it, and some people really depend on it. So unless a fundamental (read: unfixable) security flaw is found, I don't see it going anywhere. It's definitely not easy to keep up with and ahead of things in the security world, but we really love what we do and enjoy the challenge. And after all, we're all safer for it. Cheers! :)
0 -
Thanks, @allanster. The hardest decisions we make are the ones that involve security/security trade-offs. Where you defend against one threat at the expense of increasing a risk somewhere else.
But as both threats and the tools available to us change, we are always in the process of reassessing those trade-offs. Thank you for understanding that.
0
