Dropbox/Local Database Options & the Future of 1Password
I'm concerned that 1Password will end support for hosting the database in Dropbox/self-managed cloud/local database, given the recent announcement that 1Password is now free in the app store (and thus there's no way to monetize app store $0 purchasers who don't have a subscription). There is no way in holy hell that I will be using AgileBits's "cloud", so if Dropbox/local support is going away as of the surely upcoming version 7, I need to know as soon as possible so that I can kiss g'bye the hundreds of dollars I've sunk into 1Password since the start and migrate my 800+ items into a password manager that allows me to manage my own "cloud".
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:dropbox
Comments
-
@1TicketTerm: To be clear, we don't support 3rd party sync services, as we don't control them. 1Password has options to store data using some of these, but there is unfortunately little we can do to resolve an issue with another company's service. That's actually one of the many reasons we built 1Password.com in the first place: we can make sure the sync experience is easy and efficient...and if it breaks, we can fix it. I can't speak to whether these options will change in version 7 though, as it doesn't exist. But we only remove features if there's a good reason — usually related to security — so I can't say that it's likely that we'd go to the trouble to strip 1Password of these options when the work has already been done to add them. And either way, 1Password 6 will continue to have the same functionality, if you decide that a new app doesn't have the features you want for this or any other reason. I know I've been content to not spend more money in cases like that, but it's up to us to continue to make our products compelling enough for people to pay us for our work. Otherwise we won't be around anymore. ;)
Regarding the new Mac App Store version in particular, this doesn't actually change anything for you (or other existing users). If you've purchased it already, you can continue to use it and install it on your devices, using only local vaults if you wish. The only difference is that it's now possible to download 1Password from the Mac App Store for free (just like you always could from our website) and subscribe to the 1Password.com service from within the app; users with local vaults can still unlock the full version if they wish. I hope that helps clarify things. Let me know if you have any questions! :)
0 -
Well, I'll be frank here: If there's ever a compromise if your cloud security and a weakness is discovered in the 1Password database format, then a concentration of many keychain databases upon which an attacker can "practice" an exploit is going to be an incredibly attractive target for the people who do this sort of thing. When I can manage my own keychain in my own "cloud", at least I have the benefit that anyone who breaks in will not be looking specifically to decrypt my keychain.
I don't know what kind of security you have in the AgileBits cloud, but you should have financial-institution-grade security, as I and many others have placed the keys to our savings and retirement accounts in 1Password. Is PWC auditing your infrastructure and publishing the results? Do you have at-least-PCI-grade standards to which you are accountable? There are few laws to which password-storage software companies must adhere, and I would almost prefer to transport my keychain on a USB thumbdrive than expose myself to known and demonstrated cloud risks.
0 -
Agreed. I just switched from mSecure for this very reason.
It's sad that the Apple App store model is creating this environment of in-app purchases for this kind of software. I would be happy to pay regular upgrade fees to be able to decide where my data goes.
I like this software and will continue to use it as long as there are options, like iCloud, Dropbox and Wifi synching.
0 -
Hi, @1TicketTerm and @vance_erwin.
You make a great point about the possibility of our servers being an attractive target for attackers, @1TicketTerm. As I'm typing this, my heart is starting to race, but probably not for the reason you think. I'm actually getting super excited because I get a chance to explain why we are not an attractive target for attackers. In fact, Dropbox is a much more attractive target for potential attackers.
Why?
If you don't have a 1Password.com account yet, you may have never come across this term. But this single thing singlehandedly and drastically reduces the attractiveness of our servers. It's a 128-bit completely random key that is stored on users' devices and never on our servers, and it is used in combination with the Master Password to encrypt users' private data. It's far too long to be memorized, and also far too long to be guessed by brute force cracking methods.
Now, we take great measures to ensure that no one is breaking into our servers, including a security bug bounty program where we challenge people to break our stuff and pay them for any issues they find. We've also been audited by CloudNative and nVisium. And we're continuing to consider other audits and assessments that will help assure users of our security infrastructure.
But, let's say, as you mentioned, someone manages to get through our safeguards and can download a raw copy of our full database. What they will get is an assortment of names and email addresses and other metadata and then a bunch of gibberish. For other password managers, they would be able to start guessing passwords to decrypt this gibberish. But for 1Password, they won't even be able to start guessing passwords without guessing Account Keys at the same time. And again, an Account Key is infeasible to guess. The only way someone will decrypt data stored on 1Password.com is if they've managed to obtain a user's Account Key and can guess or obtain their Master Password. An attacker might be able to grab an Account Key off his grandmother's computer, but he won't be able to obtain the hundreds of thousands of Account Keys that exist on user devices around the world.
He would be better off just launching a password guessing attack directly on his grandmother's computer than launching an attack on our servers to get a bunch of gibberish that he can't even start attempting to crack.
You can read more about this on our security page and in our white paper.
In contrast, if someone were to obtain similar access to Dropbox's servers, they could obtain thousands of 1Password vaults and launch password guessing attacks against them directly. Without an Account Key, vaults with a simpler Master Password will be easily cracked.
You're also right that obscurity offers some measure of security, but it really shouldn't be relied upon as a layer of security. I can guarantee you that 1Password.com with the new encryption protocols is more secure than using the old vault formats on Dropbox or a private server. If you're really into this security stuff, I highly recommend our white paper. It manages to be technical, enlightening, and entertaining all at the same time. :)
0 -
Rob, your response is both patronizing and insulting. I hope that this does not reflect AgileBits attitude toward their customers' adoption of their cloud in future versions of 1Password, because I will be forthwith leaving the platform if so.
It ultimately comes down to respect for the users' choices with regard to the security of some VERY valuable information. If you, qua AgileBits, don't respect the judgement of folks like me who've pumped hundreds of dollars into your products -- even if you think that judgement is wrong -- you'll remove the choice to self-manage that information.
I do see the writing on the wall now, though. Instead of reassuring me that I'll always have the choice to manage my data, you've decided to argue that my best judgement is in error. It's not a difficult conclusion to reach that the clock has now started to tick on the self-managed option.
0 -
@1TicketTerm: I really didn't get "patronizing and insulting" from Rob's reply at all. It was neither. He was simply addressing your concern for "a compromise if [our] cloud security and a weakness is discovered in the 1Password database format" and your assertion that you "don't know what kind of security [we] have in the AgileBits cloud" by providing the answers, including links to more details on the auditing and security model.
I'm sorry you felt insulted by this, but I can assure you that wasn't his intention. And I'm not certain how else he could be expected to reply to your followup, since it focused exclusively on our hosted service. So Rob was responding to what you said, and frankly I think it would have been rude if he hadn't.
Anyway, maybe I misunderstood in the first place. If so, I apologize. It sounded like you were asking if Dropbox support would be removed from 1Password. I told you it wouldn't. You also seemed to be saying that Dropbox support had been removed from the Mac App Store version of 1Password. It hasn't. I'm not sure how you've come to the conclusion you ultimately did, so if there's anything that needs clarification, please let me know. :blush:
0 -
"It sounded like you were asking if Dropbox support would be removed from 1Password. I told you it wouldn't."
"I can't speak to whether these options will change in version 7 though, as it doesn't exist."
That's slightly disingenuous: Both you and I are well aware that there is a product roadmap. It's not public, for many reasons, and I'm not asking that confidential information be exposed in this forum, but don't pretend that there is no version 7 branch in your version control repository. I'm not looking for specifics. I'm interested in seeing if AgileBits will offer a general commitment to the self-managed database option for the foreseeable future, because that looks to be highly in doubt at this point.
The "account key" mechanism described by Rob above appears to be a weak form of 2FA, a feature I have wanted to see in 1Password for many years. I have specific reasons to doubt the implementation you've adopted, given the context of this blog post: https://blog.agilebits.com/2011/09/23/two-factor-or-not-two-factor/, which though old, contains reasoning applicable to the current situation.
I don't want to get into those specifics at the present time, except to say that this weak 2FA is bait ostensibly designed to encourage cloud adoption. A fortiori, a useful form of 2FA could have been integrated into 1Password as a feature applicable to all users long ago. Again, this is a clear indication of the cloudwise direction in which AgileBits is headed.
I'm not anti-cloud. There are many cloud services I use and enjoy. However, I have no interest in being FORCED into the cloud for this particular application. A technical miscalculation on your part could have a tremendous impact in the case of a cloud security breach. I feel that in your roadmap are conditions that will remove my freedom in this respect, so unless you are prepared to assure me of self-destiny without attempting to wrest from me my legitimate concerns, I will have to find another password manager before version 6 ceases to run on my computer.
0 -
I have to agree with your concerns. I don't want to HAVE to put my data on Agiles site come the next version, or when the current version ceases to function for whatever reason.
And 'disengenuous' is being kind.
My own interactions with Agile have been similar to yours.
0 -
And 'disengenuous' is being kind.
@toasted: Not really at all. I guess it's easy to type things like that to someone you don't know on the internet, but if you knew me, you'd be ashamed.
Edited to correct misattribution of 1TicketTerm 's comments to toasted. Sorry, toasted! :(
"It sounded like you were asking if Dropbox support would be removed from 1Password. I told you it wouldn't."
"I can't speak to whether these options will change in version 7 though, as it doesn't exist."
That's slightly disingenuous:@1TicketTerm: Not even a little. We have ideas that we'd like to implement in future versions of 1Password, but that could mean 6.7 (which you'd get for free) as easily as 7.0. Were very much focused on 1Password.com right now, not building a brand new app (with the exception of Windows, though we're building that because we need a 1Password.com client there). We've got enough on our plate already.
Both you and I are well aware that there is a product roadmap.
Actually, no. You don't know that. That's not quite how we do things.
It's not public, for many reasons, and I'm not asking that confidential information be exposed in this forum, but don't pretend that there is no version 7 branch in your version control repository. I'm not looking for specifics. I'm interested in seeing if AgileBits will offer a general commitment to the self-managed database option for the foreseeable future, because that looks to be highly in doubt at this point.
I don't have to pretend. We have a commitment to our current products and existing customers. It's really as simple as that. And it just isn't productive to make decisions or announcement based on what we imagine might happen in the future. We're very much focused on making 1Password the best it can be today.
The "account key" mechanism described by Rob above appears to be a weak form of 2FA, a feature I have wanted to see in 1Password for many years. [...] A fortiori, a useful form of 2FA could have been integrated into 1Password as a feature applicable to all users long ago.
It just isn't possible to offer any form of authentication with the product you're using, because there's no server to authenticate with. And since the Account Key isn't 2FA, it therefore doesn't run the risk of being intercepted, as it is never transmitted.
I'm not anti-cloud. There are many cloud services I use and enjoy. However, I have no interest in being FORCED into the cloud for this particular application.
I hear you. We've each got to determine what we need on a case-by-case basis. No one is forcing you to do anything though, nor can they. If you already have a setup that works for you and meets all of your requirements, it makes good sense to stick with it.
A technical miscalculation on your part could have a tremendous impact in the case of a cloud security breach.
Nope. 1Password.com is designed with the assumption that everyone's data needs to remain secure even in the event of a compromise of our servers. All of the data in 1Password.com users' vaults is encrypted before it ever leaves their devices, with the Account Key and Master Password, and since neither of these is ever transmitted, no one — including AgileBits — has the means to decrypt the data. You can read more details on how all of this works in the white paper that Rob referenced earlier.
I feel that in your roadmap are conditions that will remove my freedom in this respect, so unless you are prepared to assure me of self-destiny without attempting to wrest from me my legitimate concerns, I will have to find another password manager before version 6 ceases to run on my computer.
Unfortunately, given that this roadmap is something you've just imagined yourself, we don't have the freedom to change it. Only you have that power. It sounds like you're satisfied with your 1Password setup, so I'd hate for you to give that up. But if you're not willing to take anything else we say at face value, there's nothing that can be said to reassure you.
0 -
Actually, no. You don't know that. That's not quite how we do things.
And it just isn't productive to make decisions or announcement based on what we imagine might happen in the future. We're very much focused on making 1Password the best it can be today.
Are you seriously expecting me to believe that you operate AgileBits in an entirely reactive manner with no thought as to the future? It's like you've just told me that you don't like to wear your coke-bottle prescription glasses when driving because they pinch your head: It's possible, but dangerously implausible.
The bottom line here is that you are not interested in committing to maintaining my freedom to manage my vault in the manner I see best. That's fine. It would be a form of application co-dependency for me to make further requests in that direction. I will make my decisions based upon the information presented here. Thank you for responding to my questions.
0