1Password 6 [Only available with 1Password.com memberships, no local vaults are supported]

dwk
dwk
Community Member
edited April 2023 in 1Password 7 for Windows

Hi,

I understand that AgileBits support team is tired of hearing when version 6.0 will support local vault for us license users. However, as a long time customer I can't help but to think that we are left behind.

The reason behind this is simple. After years of waiting for a brand new version for 1Password 4 for windows AgileBits provided us with the news that the new version was on the way. It took very long time before the first beta version came out and I still had I hopes since it was only the beginning of a brand new software. But then I was wrong again. Local vault users were left behind in favor of teams and account users. I can live with AgileBits decision to put teams and account users first. I can even understand the decision.

What I don't understand however, is the fact that AgileBits is keeping local vault users like myself in the dark with no information as to what is happening. I have always known that AgileBits was always for focused towards Mac&iOS (just by reading the blog, anyone can tell where the company keeps its priorities). But, I honestly NEVER thought that developing 6.0 would take THIS LONG.

I am not oblivious of the fact that coding a security program is anywhere 'easy'. It's bloody difficult. I get it. All I'm asking of AgileBits' windows developer team is to show us some courtesy to shed some light on what is actually going on. If it takes more time than anticipated, then just write up a blog post saying 'sorry dear local vault users, we are having a little bit of trouble wrapping things up so we decided to postpone the release for another few weeks etc'. Delaying the timeline in the world of coding happens all the time and I am more than okay with that as long as I know what you know.

I never meant to write this long but it turned out this way because I really like 1Password and I really care about it. Otherwise I would have just left for another password manager instead of writing all this.

I apologize first hand if any of the members of AgileBits were offended reading this and that it was never my intention to make anyone upset.

Thank you for reading all this.

From someone who really cares about 1Password :)


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

«1

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    I understand that AgileBits support team is tired of hearing when version 6.0 will support local vault for us license users. However, as a long time customer I can't help but to think that we are left behind.

    @dwk: First of all, thanks for taking the time to share your thoughts with us. We're not tired at all of hearing questions about local vault support in the new 1Password 6 Windows desktop app. But it certainly isn't fun for anyone that we don't have good news to share yet. :(

    The reason behind this is simple. After years of waiting for a brand new version for 1Password 4 for windows AgileBits provided us with the news that the new version was on the way. It took very long time before the first beta version came out and I still had I hopes since it was only the beginning of a brand new software. But then I was wrong again. Local vault users were left behind in favor of teams and account users. I can live with AgileBits decision to put teams and account users first. I can even understand the decision.

    While I agree that it could seem like a long time, 1Password 4 only recently celebrated its 2nd birthday. Local vault fans aren't being left behind. After all, you've got a mature app with a lot of features that those with 1Password Accounts wish they had! thoughThe grass is always greener on the other side, and we're regrettably not able to satisfy either group fully yet. :blush:

    What I don't understand however, is the fact that AgileBits is keeping local vault users like myself in the dark with no information as to what is happening. I have always known that AgileBits was always for focused towards Mac&iOS (just by reading the blog, anyone can tell where the company keeps its priorities). But, I honestly NEVER thought that developing 6.0 would take THIS LONG.

    It's only been a few months. And while that can seem in terminable while you wait, that's a relatively short amount of time, especially for a brand new app. :dizzy:

    But I definitely understand where you're coming from. At least twice a year, Apple gives us some new toys to play with, so we get to talk about the exciting things we're doing with 1Password on iOS and, most recently, macOS. It also helps that both apps are well-established and we can invest most of our resources into new features (rather than building from the ground up), and a lot of the code can benefit both. This is awesome for Apple fans, but you're right that it can leave folks like us on Windows (or Android) feeling a bit left out. Because of this dynamic, unless Apple really makes things more difficult for us in the future, we gain a lot from them which cannot benefit non-Apple platforms. But once the 1Password for Windows is feature-complete, we'll also be in a better position going forward since we're using Microsoft's latest tools. That's why we opted to build a brand new app: so we're in a better position to deliver not only a good baseline experience, but also to make it even better over time by adding new features. :sunglasses:

    I am not oblivious of the fact that coding a security program is anywhere 'easy'. It's bloody difficult. I get it. All I'm asking of AgileBits' windows developer team is to show us some courtesy to shed some light on what is actually going on. If it takes more time than anticipated, then just write up a blog post saying 'sorry dear local vault users, we are having a little bit of trouble wrapping things up so we decided to postpone the release for another few weeks etc'. Delaying the timeline in the world of coding happens all the time and I am more than okay with that as long as I know what you know.

    There are always challenges in development, but that's unavoidable. It just takes time. But that doesn't make for a very compelling (or informative) blog post or newsletter. It makes me think of a website like "Does1Password6WindowsSupportLocalVaultsYet.com", where it might say "No, not yet." and then have a status which might read: "Coding, testing, and coding some more." That sounds like a joke, but it's true: Our time is spent each day developing, designing, testing, and supporting 1Password for Windows. 100% of our energy is not spent on local vault support specifically, but nearly every improvement we make to the app will benefit local vault users in the long run, since ultimately we want everyone to use what we've been working so hard on! So there really isn't going to be much for us to say regarding local vaults until it's at least ready for beta. I know that's got to be a very frustrating answer, but I think it's safe to say that a lot of people — perhaps even you — would be equally frustrated if we spent a lot of time blogging about local vaults instead of working to get them out to you. :unamused:

    I never meant to write this long but it turned out this way because I really like 1Password and I really care about it. Otherwise I would have just left for another password manager instead of writing all this.
    I apologize first hand if any of the members of AgileBits were offended reading this and that it was never my intention to make anyone upset. Thank you for reading all this. From someone who really cares about 1Password :)

    There's really no need to apologize, or to thank us . Honestly, I know there are going to be a lot of other people out there who feel the same way, and I think you really did it justice. Your passion for 1Password really shines through. It's tough to hear when any of our awesome customers feel like they've been overlooked. We remember why we're doing this in the first place. It's a lot of work, but knowing how much you care about 1Password and that you're willing to stick with us even though we're in a difficult transition right now really inspires us to keep pushing toward the goal. And even once we get there, we won't stop. ;)

  • architect1337
    architect1337
    Community Member

    I had a similar issue but in the end - decided to switch to the Family Plan and keep my data online. I can totally see the advantages of having bought a license and wanting to continue to use it - but in reality - I'm happy to support Agilebits on an ongoing basis. Like you, i've been using 1Password for what seems like ages (on the Mac originally)

    There may also be technical advantages to having a local files (comfort of having the data with you / not relying on a third party to keep your data safe) but after much thought - I deduced to take the plunge. It's actually not as bad as i thought and I can now use the same data with my Mac, iPad, Windows 10 desktop and Windows 10 Mobile (I use the UWP app for these two which needs updating but at least I get local syncs on each one and for me, I don't mind the copy/paste nature of the UWP app).

  • AGAlumB
    AGAlumB
    1Password Alumni

    @architect1337: We definitely want to add full local vault support for everyone (I've still got some of those myself!), but I'm glad to hear that the subscription service is a good fit for you. And of course thanks for your continued support! :chuffed:

  • dwk
    dwk
    Community Member

    @brenty I will look forward to that day when I can finally erase version 4 for version 6 !

    @architect1337 We can never be too careful these days I guess. I was using both lastpass and 1Password at the same time but after some security concerns from lastpass, I kept using 1Password alone ever since.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed. I like 1Password 4 too, but it will definitely be much simpler for everyone concerned once 1Password 6 is an easy recommendation for all 1Password users on Windows. Cheers! :)

  • smith9
    smith9
    Community Member

    Hi,

    Are local vaults supported in 1Password 6 yet?
    I am feeling a lot of frustration with 1 Password 4 when

    • trying to move items between vaults
    • view items from all vaults

    I feel like you don't care about your non subscription users and just have to see if the frustrations pushes me to an alternative which would be sad

  • Greg
    Greg
    1Password Alumni

    Hello there @smith9,

    I wish I had more news for you, but I don't – local vaults are still in read-only mode in 1Password 6. Please check this reply from Mike in another thread, where he answers this question.

    If you are using several vaults, are there any particular reasons why you prefer local ones? Vaults functionality is so much better in 1Password accounts, so you have to at least try them out. :) You will get a free 30 days trial, so there is no risk here.

    I hope it helps. If there is anything else we can do for you, we are always here.

    Cheers,
    Greg

  • smith9
    smith9
    Community Member

    @greg Price is the reason I don't want 1Password accounts. I already have many subscriptions and like to limit them as much as possible.
    The current strong US dollar doesn't help.

  • Hi @smith9,

    We do understand and we are always re-evaluating our prices as the market changes all the time, it's why we have three separate plans to help out a bit. Local currency price is something that's in our minds as well and we'd like to get into that but it may take some time to figure that out.

    By the way, when we do add local vaults and licensing support to 1Password 6, there is no guarantee it will be a free upgrade, we haven't decided yet on that, so you may expect to pay an upgrade fee.

  • fuadar
    fuadar
    Community Member

    For while i've signed up for 1password family.
    i find it very frustrating to not have local vaults. my company disallows me to put any of their passwords in any cloud solution. and while i still want my family to share passwords etc . i need a local vault to keep track of work related passwords and right now i have a big issues in keeping 2 version 1password 4 and 1password6 to deal with this.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @fuadar: I agree that's definitely a difficult situation. I actually have a similar setup, and while it isn't ideal, maybe I can offer some suggestions based on my own use. I use 1Password 6 most of the time, with 1Password 4 only as needed to make changes to the local vaults. Especially if the company data isn't something you make changes to, that makes things a bit easier. You can manually sync any changes that are made to the vault under 1Password 6 Settings > Accounts & Vaults > (Dropbox vault) > Sync. I find this useful since I can still use 1Password 6 in the browser to fill logins from both by 1Password.com Account or local vaults. I hope this helps!

  • jimn
    jimn
    Community Member

    I'd just like to echo some of dwk's comments above. It's clear that efforts are currently focused on subscription account users, and that's fine and good. But as a long time local vault user, I do feel a little in the dark, and found myself digging for answers once I noticed you even started offering the subscription service. Simple stuff like, Why are we moving to subscriptions? Why should you as a local user transition to subscription, and here's how to do it seamlessly.

    I switched PC's at work today, went to download the production Windows app and noticed there was a new version, great! After trying and failing to get it to sync locally, I had to get this far into the forums before I realized v6 doesn't work with local vaults yet. It would be nice if something on the download page eluded to that limitation. As a local vault user, the production v6 is essentially in beta to us without the feature.

    That said, I'm a huge fan of the product and suggest it to my users all the time. I use the Mac, Windows, and iOS versions and look forward to an updated Windows client.

    Thanks.

  • MikeT
    edited February 2017

    Thanks for your feedback. What I can say is that we're going to share more information soon, we have a blog post coming to describe the state on this but it is postponed a bit as we're a bit busy due to recent events.

  • gkidd
    gkidd
    Community Member

    This unfortunately kills 1Password on windows for me. I don't want to store my information with agilebits, but I am not willing to continue using 4 because of the lack of feature parity with version 6 on the mac (which does support local vaults).

    I realize that this is a business decision, but this decision will prevent me from giving you more money. I look forward to you supporting local vaults in 6.x on windows.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @gkidd: I understand. Thanks for letting us know what you're looking for. Just keep in mind that regardless of which 1Password setup you choose, your data is encrypted locally on your device and the Master Password (and Secret Key, in the case of 1Password.com) is never transmitted, so only you ever have the means to decrypt your data.

  • gkidd
    gkidd
    Community Member

    I understand, I trust you guys enough to make the software that does all of the encryption. I do not also want to trust you with the actual encrypted data.

    Since I have no visibility into what your software does, additionally giving you my encrypted information seems like a very very weak security story to me. In the prior-to-6 world, if you messed up the encryption, well I still controlled the data. I am just not interested in this new story though, it feels like you are solving a business problem (driving recurring revenue) at the expense of my security. I don't feel like you have done this before to be fair, so I will wait around for a few more months and see how it plays out.

    I do want to stress, I am very grateful for what you have provided thus far, and I am huge fan of your otherwise fantastic software.

    Some other questions:

    In earlier betas of 6, I could still do read only of local vaults, can I still do that on the other side of the account paywall in the latest beta?

    When do you plan on discontinuing support for 4?

    Thanks for your help!

  • AGAlumB
    AGAlumB
    1Password Alumni

    @gkidd: Just to clarify, if you don't trust encryption, I'm not sure what to tell you. It's math, and if I didn't believe in its efficacy (in spite of the decades of research which demonstrates it), I wouldn't use a password manager or entrust any important data to devices that rely on encryption for security. Ultimately, since we're just using industry standard AES like pretty much everything else these days, if the encryption is flawed, we're all in trouble. The NSA would have a much easier time of things. Regardless, a local vault would be no more secure in that case either. We don't do anything "at the expense of security". We can't afford to. Our reputation — and our livelihood — depends on it. That's just as true today with 1Password.com as it was 10 years ago when 1Password was brand new. I apologize if this sounds a bit harsh, but this is something we take very seriously.

    In earlier betas of 6, I could still do read only of local vaults, can I still do that on the other side of the account paywall in the latest beta?

    I'm not sure exactly what you mean by "the other side of the account paywall", but 1Password 6 can open local vaults as folders for importing, in addition to 1PIF.

    When do you plan on discontinuing support for 4?

    We don't, and I doubt that we ever will. We actually haven't stopped helping customers using any of our products. While I don't think there's anyone still rocking 1Password for Mac version 1 or 2 on PowerPC Macs (we'd probably have heard from them at some point), I personally still help customers with 1Password 3 regularly. There aren't a lot of these folks out there, but we're always happy to help in any way we can.

    Thanks for your help!

    Likewise, thank you for the kind words, and supporting what we do. Even if we disagree on some details, I think we all want the same thing: we want 1Password to keep getting better at helping us secure our most important data. :blush:

  • gkidd
    gkidd
    Community Member

    I trust modern encryption, the issue is that how do I know what you are doing under the hood? Or that you haven't introduced something into your software that would compromise it's effectiveness (intentionally for instance due to an order from an intelligence agency)? Before I could mitigate this concern because you did not touch the data except locally. In the new world you have adopted it seems if I do not trust you to manage my data then there is no place for me in your ecosystem and that makes me sad.

    From my perspective, I trust you to encrypt my data OR store it. Demanding both offers more points of failure in my data security. So to me, this solution is LESS secure. I know we disagree, and I am not trying to change your mind or argue, I am just trying to express what my requirements are in case it matters.

    I would be happy to create an account and pay the yearly fee if in the process I was not forced to implicitly trust you to store my encrypted data. I want to continue paying you, but I am not willing to place the level of trust you now require to use version 6.x on windows.

    Anyway, thanks for all the help and feedback. You guys are great.

  • architect1337
    architect1337
    Community Member
    edited April 2017

    Slightly flawed argument. AgileBits could easily add code to the software to transmit your passwords to somewhere (at random times) BEFORE it's encrypted even if you store it locally. Once you allow software to run on your computer, you are at the mercy of the developers. Whether encryption works or not, the point is you need to trust the organisation not where you store your files. There are many ways to get around this if the developer wanted to (and of course, AgileBits would never do that! ;-)

    This is why it's vitally important to trust the developer of any password manager whatever encryption or storage methods they use. The only 'safe' option is to write the product yourself or at least, see and fully understand the source code and compile it yourself (but there still could be a risk of you missing something).

    Funny thing about encryption is that the whole purpose of encrypting a file is so that if it's intercepted, it would be difficult / impossible within current compute lifetime, to decrypt - in other words, encrypted files are designed and should be expected to be 'stolen' - in their encrypted form.

    Equally - we need to see how data is encrypted i.e. are all vaults encrypted into one file so if that one file is decrypted (unlikely) then all data is revealed, or are individual records encrypted separately, so the unlikely event of breaking into one file will only reveal a small amount of data (one record?) - making break attempts even more laborious as each file would need to be decrypted and examined.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @gkidd, @architect1337: Indeed. I thought it went without saying, but if you don't trust AgileBits, you shouldn't use 1Password. That goes for any vendor and their products — software or hardware. I think that there are good reasons to do so, as our track record speaks for itself, and frankly if 1Password did put user data at risk, whether by mistake or on purpose, we'd have no one's trust and be out of business overnight. This is why we put so much thought and work into our products before release (at least two years in the case of 1Password.com, depending on how you count), we're constantly working to improve, we participate in external audits, and offer bounties to independent researchers. The security of all 1Password users (including us) and our livelihood depends on us doing all of these things. Thanks for sharing your thoughts with us! :)

  • gkidd
    gkidd
    Community Member

    @brenty, @architect1337 None of what you have said changes the fact that in your new world I am forced to trust you with more information than I did before. All of the issues you mentioned could be mitigated prior to 6.

    We can just agree to disagree about this new scheme being less secure. I don't know of any argument you can make that will change the fact that now you have access to my (encrypted) data, and before you didn't.

    As I said this is not about encryption or your tech, you as a company decided to go for a scheme that allowed you to collect more recurring revenue easier, and make your product more easy for customers to use. Kudos for that, I think it will drive a lot more consistent revenue.

    But I think it's disingenuous to act like this decision does not have any impact on security of a customer's data, in your new scheme there is potential for many more people to touch my data without me having any visibility or knowledge.

  • MikeT
    edited April 2017

    Hi @gkidd,

    That is true, you have to trust us entirely to protect the encrypted data stored on our servers. If we go back two years ago, then majority of people had to trust Dropbox in addition to us and a few that didn't, used sneakernet or WLAN sync. For many, reducing it down to just us may be worth it. After all, a lot of people bank online and trust their banks to store the most powerful assets they have and there are just as many people who don't trust banks and only use cash in real life. There are credit unions that can meet some of these folks' requirement and there are some that can do both.

    We built 1Password.com knowingly that it is going to get attacked, breached and so on, we built multiple levels (three at the moment) in addition to the last line of defense, the encryption, of which we have zero keys to.

    We do understand that 1Password.com simply cannot meet the needs of everyone, we do understand there are legal and compliance reasons why many people can't store data elsewhere, and we are working hard to comply with all known compliance standards that people are asking for, and we do understand that some people simply cannot trust us with data storage such as yourselves.

    Right now, we're making decisions that produces the best possible 1Password experience across platforms for majority of the users that is happy to trust us entirely to store their encrypted data. That is not going to be everyone for sure and we're okay with that. We would rather you choose a product that fits your needs right now and that may not be us. We entered the market a decade ago because we believe everyone should be protected from the get-go and we're more than happy to leave the market if everyone was already protected because we've accomplished the main goal. One thing we can tell you for sure, the market we've entered a decade ago is not the same market we're in right now and we have to adjust with the market or go out of business.

    in your new scheme there is potential for many more people to touch my data without me having any visibility or knowledge.

    That is true but we have a small number of users that did not use a cloud sync solution such as Dropbox and iCloud where the potential is the same or worse.

    There is nothing that says we won't add local sync/vault support to 1Password 6 for Windows, we're just not working on it right now because we need to finish 1Password 6 first and having one less monster feature off our plates allows us to ship more feature-packed updates to 1Password 6 sooner.

    There is also nothing that says we can't ship a server version of 1Password.com, where you can host it in your own home network or use a third party service to host it. This might be enough for some folks who do not want to trust us with the hosting.

    Anything is possible and we're going to keep improving 1Password and 1Password.com service.

  • youngjm
    youngjm
    Community Member

    I am going to add my voice to being disappointed with 1password6 is missing local sync options. 1password4 does not support multiple vaults well. The mac and iOS versions allow you to use all vaults simultaneously while 1Password4 requires you to switch to the right vault. A real pain when at work especially when you have to figure out what vault is active and which vault has the password you need.

    I think you all do a great job but your attempts to make your current choices for 1Password6 the right ones fall flat. You need your base to keep promoting the product and you are failing us on Windows when we have no real choices but to use Windows at work and Mac and iOS elsewhere.

    Please rethink your current plans and get local syncing in 1Password6 ASAP.

  • MikeT
    edited April 2017

    Hi @youngjm,

    Thanks for sharing your thoughts. 1Password 6 already supports reading data from local folders, like 1Password 6 for macOS. The difference is that 1Password 6 for Windows does not have the capability to make changes. That's a huge undertaking of its own that we're not going to focus on yet, our main focus is to finish up the 1Password 6 app first, which only supports 1Password.com data structures.

  • wandy_applesood
    wandy_applesood
    Community Member
    edited April 2017

    Another voice expressing disappointment at the lack of local sync on 1Password 6. 1Password 4 is extremely buggy on my Windows box. Whenever I trigger the keyboard shortcut, there's mouse lag until 1password catches up. I even re-installed my OS thinking it was something in my old box that affected that. Nope.

    It got maybe a little better after 1Pass 6, but then I realised things weren't syncing. Ok? Googled, and got here.

    I don't know why there's so many people coming out of the woodwork to defend 1Password. Storing the means of encryption and the encrypted data in the same place is 100% a bad idea. Even if you have to trust AgileBits, not having to trust them lets you place it under a firewall. You can control which applications are allowed to do what. With this, you have to entrust all data with AgileBits.

    The difference in comparison to a bank is that a bank is held to Federal laws ensuring your money is returned if they mess up. What happens if AgileBits fumbles and loses your password? Absolutely nothing. There's no Federal government to guarantee that you get some form of compensation for that.

    I will be moving to something less seedy like Keepass due to the decision of AgileBits to chase profits in the subscription domain. Good luck, AB!

    EDIT: @MikeT @youngjm

    AgileBits has gone from "does not have the capability to make changes" to "we are retiring 3rd party sync options". Yay!

    Important: Due to upcoming external API changes, we are retiring 3rd party sync options (Dropbox & OneDrive), and simplifying the migration by reworking the import process to handle this step. If you have vaults opened via Dropbox or OneDrive, they will automatically be converted to local folders.

  • AGAlumB
    AGAlumB
    1Password Alumni

    AgileBits has gone from "does not have the capability to make changes" to "we are retiring 3rd party sync options". Yay!

    @wandy_applesood: Kind of a silly thing to say since sync isn't particularly useful without the ability to make changes to the data. And after all, I still have a vault in Dropbox I access with 1Password 6 via a local folder — which is how the desktop versions of 1Password have always worked with Dropbox. And since having Dropbox and OneDrive presented in the UI like that only ever served to confuse people, we've put read-only local vaults in with the import options instead:

    Another voice expressing disappointment at the lack of local sync on 1Password 6. 1Password 4 is extremely buggy on my Windows box. Whenever I trigger the keyboard shortcut, there's mouse lag until 1password catches up. I even re-installed my OS thinking it was something in my old box that affected that. Nope.

    We occasionally hear of issues like this, as sometimes 3rd party mouse drivers or other input software can interfere. I don't get the impression that you're actually interested in help, but if you are we'll be happy to work with you to troubleshoot the mouse issue you're experiencing. It's hard to do so without any real information, otherwise I'd at least be able to suggest something to start.

    It got maybe a little better after 1Pass 6, but then I realised things weren't syncing. Ok? Googled, and got here.

    Indeed, that sucks, and it's why we've made the changes you're complaining about here, to make it clearer that 1Password 6 does not currently have support for syncing and editing local vaults. And while I'm sorry that you've run into this issue, I'm glad at least that it didn't cost you anything to try 1Password 6.

    I don't know why there's so many people coming out of the woodwork to defend 1Password. Storing the means of encryption and the encrypted data in the same place is 100% a bad idea. Even if you have to trust AgileBits, not having to trust them lets you place it under a firewall. You can control which applications are allowed to do what. With this, you have to entrust all data with AgileBits.

    Actually, the whole design of 1Password is that the keys to decrypt the data are never stored with the data. After all, we really don't want to be in a position to compromise anyone's data — including our own. In fact, no matter how you use 1Password, AgileBits never has your Master Password (and Secret Key, in the case of 1Password.com). This is known only by you, used to encrypt your data locally, and never transmitted. All of this applies whether you're using 1Password.com, Dropbox, or keep your data on a stick.

    The difference in comparison to a bank is that a bank is held to Federal laws ensuring your money is returned if they mess up. What happens if AgileBits fumbles and loses your password? Absolutely nothing. There's no Federal government to guarantee that you get some form of compensation for that. I will be moving to something less seedy like Keepass due to the decision of AgileBits to chase profits in the subscription domain. Good luck, AB!

    Since we don't store people's passwords, that's kind of beside the point. And regardless, that logic would apply to any password management setup, not just 1Password. Having control of your data is an important thing, but the flip side of that is the responsibility you bear as the sole person with access to it. Good luck to you as well. Always have a backup.

  • [Deleted User]
    [Deleted User]
    Community Member
    edited April 2017

    A

  • wandy_applesood
    wandy_applesood
    Community Member

    @brenty

    @wandy_applesood: Kind of a silly thing to say since sync isn't particularly useful without the ability to make changes to the data. And after all, I still have a vault in Dropbox I access with 1Password 6 via a local folder — which is how the desktop versions of 1Password have always worked with Dropbox. And since having Dropbox and OneDrive presented in the UI like that only ever served to confuse people, we've put read-only local vaults in with the import options instead:

    It's not silly when that's how the old product worked, you got links to upgrade to the new one, and there's no indication in the application that that model has changed at all. I had to find out through forum posts that you need to open 1Password 4 in order to sync. I don't really understand how the jump from 4 to 6 required such a big codebase change that you had to throw out all the sync code and anything handling the old data structures.

    We occasionally hear of issues like this, as sometimes 3rd party mouse drivers or other input software can interfere. I don't get the impression that you're actually interested in help, but if you are we'll be happy to work with you to troubleshoot the mouse issue you're experiencing. It's hard to do so without any real information, otherwise I'd at least be able to suggest something to start.

    People would be much more prone to walking through troubleshooting if you don't preface your offers of help with that caveat of "I don't think you want to help but...".

    Yes, I would be glad to work through this. What's your suggestion?

    Indeed, that sucks, and it's why we've made the changes you're complaining about here, to make it clearer that 1Password 6 does not currently have support for syncing and editing local vaults. And while I'm sorry that you've run into this issue, I'm glad at least that it didn't cost you anything to try 1Password 6.

    I guess the root of the issue is that it isn't clear this is a separate new product I'm "trying". It feels like it's an upgrade of the older product especially given that the older one is dated both visually and in terms of functionality in comparison to the Mac version (which is constantly being updated).

    Actually, the whole design of 1Password is that the keys to decrypt the data are never stored with the data. After all, we really don't want to be in a position to compromise anyone's data — including our own. In fact, no matter how you use 1Password, AgileBits never has your Master Password (and Secret Key, in the case of 1Password.com). This is known only by you, used to encrypt your data locally, and never transmitted. All of this applies whether you're using 1Password.com, Dropbox, or keep your data on a stick.

    You'll notice that I specifically did not mention the keys, but the means of encrypting the data. The proprietary algorithms to decrypt and handle the data are all stored within AgileBits. Separation of these two important pieces is important because it means we don't need to trust that all sorts of things didn't happen accidentally. Giving the option of complete control to the consumer is an extremely important option to offer. Many people may like the tradeoffs of putting everything on your servers. Having communicated that extremely clearly to your past users would have stopped people from getting so frustrated with this. It's a big change in model and hasn't been communicated clearly through the regular avenues someone would see (prompts to download the new version, on boarding process of new version, flip flopping/ambiguity on the forums). I'm glad that there are at least changelings describing in some form what's going on.

    Since we don't store people's passwords, that's kind of beside the point. And regardless, that logic would apply to any password management setup, not just 1Password. Having control of your data is an important thing, but the flip side of that is the responsibility you bear as the sole person with access to it. Good luck to you as well. Always have a backup.

    You keep saying you don't store the passwords. For all purposes of this discussions, AgileBits is storing something that can be transformed into my passwords. Sure, I may be the sole owner of my data, but keeping a backup of that is easy. Yes, that logic of people not wanting to store passwords on any cloud platform is what I'm getting at. I am opposed 100% to putting my passwords on any password management setup that is built around me giving you my encrypted data. That's why I don't want to use things like LastPass, which had vulnerabilities of itself. Giving me that control reduces my surface vector.

    Hope to hear back on what I can do to help troubleshoot the Windows issue.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited February 2018

    It's not silly when that's how the old product worked, you got links to upgrade to the new one, and there's no indication in the application that that model has changed at all. I had to find out through forum posts that you need to open 1Password 4 in order to sync.

    @wandy_applesood: We've never offered 1Password 6 as an upgrade to 1Password 4, as it doesn't have the same featureset. Even when we do offer major releases as in-place updates to the apps, we take care in doing so as that can mean significant changes to people's workflow, potential migration issues, and a paid upgrade. It's not something we take lightly, which is why 1Password 4 licenses still contain a download of that version, and we don't prompt anyone to upgrade, even though many more people would move to a subscription as a result.

    I don't really understand how the jump from 4 to 6 required such a big codebase change that you had to throw out all the sync code and anything handling the old data structures.

    I am truly sorry about that. You shouldn't have to understand this. It's on us that it's this confusing. 1Password 6 is literally a brand new app we've been building from the ground up. We would have preferred to retrofit 1Password 4 with 1Password.com support, but this proved to be impossible. That would have been less work for us, and more confusing for you, but it was necessary to get a native app that supported 1Password.com since there was none. And since we already had a mature native app with support for local vaults, we created 1Password 6 to work with 1Password.com accounts from the beginning. While you were able to use 1Password 4 all along, folks who signed up for 1Password.com accounts didn't have an app to use on Windows at all until 1Password 6 was ready to release publicly. Definitely not idea, but building a new app was the only viable option.

    People would be much more prone to walking through troubleshooting if you don't preface your offers of help with that caveat of "I don't think you want to help but...". Yes, I would be glad to work through this. What's your suggestion?

    Good point. You mentioned "extremely buggy" in passing without any details about the problem or your setup, and then went on to say you were moving away from 1Password. I'm sorry if I misunderstood. I see that you've already been in contact with Greg via email, so we can work on getting this sorted out for you there.

    I guess the root of the issue is that it isn't clear this is a separate new product I'm "trying". It feels like it's an upgrade of the older product especially given that the older one is dated both visually and in terms of functionality in comparison to the Mac version (which is constantly being updated).

    That's fair. If it wasn't clear to you that 1Password 6 isn't covered by a 1Password 4 license, that's our fault. 1Password 4 had sizable updates last year, but given that it can't support accounts at all, it didn't receive the amount of updates 1Password for Mac needed to to support both local vaults/standalone licenses and 1Password.com subscriptions. It's really and Apples and oranges comparison. I can definitely understand the perception though, and can relate to being drawn to the new stuff. That's actually the reason I jumped on board with 1Password.com right away, in spite of not being excited at the prospect of a subscription myself.

    You'll notice that I specifically did not mention the keys, but the means of encrypting the data.

    I'm using "keys" as a word to refer to what is being used to encrypt the data, and therefore ultimately what will be needed to decrypt it.

    The proprietary algorithms to decrypt and handle the data are all stored within AgileBits.

    We don't use proprietary encryption algorithms. We use industry standards (page 14 of the white paper is a good place to start). For example, AES256 is used to encrypt the data.

    Separation of these two important pieces is important because it means we don't need to trust that all sorts of things didn't happen accidentally.

    We're in agreement 100%. That's why we use Secure Remote Password instead of transmitting login credentials and relying on SSL/TLS security. We never have these things, so the only way they wouldn't all be separate (the encrypted data on the server, the Master Password in your brain, and the Secret Key stored in a safe location of your choosing) is if you wrote everything down in a text file on your computer.

    Giving the option of complete control to the consumer is an extremely important option to offer.

    Unless you're using software and hardware you make yourself (which is frankly out of reach for anyone), you're not in complete control. The closest we as users can come is choosing which software and hardware others make to secure our data, and maintaining control over the "keys" to it — in the case of 1Password, the Master Password and Secret Key.

    Many people may like the tradeoffs of putting everything on your servers. Having communicated that extremely clearly to your past users would have stopped people from getting so frustrated with this.

    I'm not sure what form this would take. It isn't reasonable for us to send everyone who's purchased a license an email that in all likelihood isn't relevant to them.

    It's a big change in model and hasn't been communicated clearly through the regular avenues someone would see (prompts to download the new version, on boarding process of new version, flip flopping/ambiguity on the forums). I'm glad that there are at least changelings describing in some form what's going on.

    It really wouldn't make sense for us to do those things since we haven't changed the model for existing users. Anyone using 1Password prior to the introduction of 1Password.com can continue using their existing setup, or migrate if they wish. It's up to each of us. I'm weird in that I'm using both "models". Most go with one or the other. We sent out a newsletter announcing our new service to people who signed up to receive them, but that's opt-in.

    You keep saying you don't store the passwords. For all purposes of this discussions, AgileBits is storing something that can be transformed into my passwords. Sure, I may be the sole owner of my data, but keeping a backup of that is easy. Yes, that logic of people not wanting to store passwords on any cloud platform is what I'm getting at. I am opposed 100% to putting my passwords on any password management setup that is built around me giving you my encrypted data. That's why I don't want to use things like LastPass, which had vulnerabilities of itself. Giving me that control reduces my surface vector.

    That's totally your choice. But yeah, I said once that we don't store people's passwords because that's true. Many online services do, after all, so I think this is an important distinction for all of us who keep up with the news. What we do store is encrypted data that can only be "transformed" into users' passwords using "keys" that only they possess. I'm sorry to belabour the point, but this is really important. Otherwise we wouldn't sell 1Password or use it ourselves to protect our most important data. It's also important to note that 1Password also doesn't store your data in the browser (even in encrypted form), so that's another attack surface you don't have to worry about. The details really matter to us.

    Hope to hear back on what I can do to help troubleshoot the Windows issue.

    Absolutely. We'll get back to you shortly.

    ref: KNM-19865-438

  • badankan
    badankan
    Community Member
    edited April 2017

    Another voice expressing disappointment at the lack of local sync on 1Password 6. 1Password 4 is extremely buggy on my Windows box. Whenever I trigger the keyboard shortcut, there's mouse lag until 1password catches up. I even re-installed my OS thinking it was something in my old box that affected that. Nope.

    This! I have no idea what you did with 1Password4, but I have never seen an app lock the entire screen and mouse whenever it does any kinds of animations. I mentioned this in an earlier support email to Agilebits, but never got any response.

    Upgraded to 1Password6 hoping this would be resolved, but then things stopped working and I cannot update my data anymore.

    I also concur about storing all my logins, credit cards etc. at a third party. By using local folders, I could use any own sync method (work folders, dropbox, torrent file sync etc) I would like.

    I have always liked your app, and I wanted to upgrade my license to cover my Macbook as well, but haven't heard from your support in weeks..

    EDIT:
    Read up on the mouse issue.. Well, I've experienced it on 100% of my different Windows installs. Windows 7, Windows 8, Windows 10.. Mouses have been anything from touchpads on laptops to Microsoft mouse, Steelseries mouse, logitech mouse.. Think that covers almost every possible combination, only common thing except the above is Firefox, but doubt firefox messes with the installer for 1Password..

This discussion has been closed.