Windows standalone

It's (unfortunately) become necessary for me to maintain a PC in addition to my Mac.

I'd hoped to keep using 1Password, but it looks like, from what I read here, that the only way I can use 1Password on my Windows box is to buy into the subscription/account-based version of the tool. I'm 100% not interested in that, for lots of reasons -- not in the least being local control, but also for reasons of economics.

Do I misunderstand here? Is it not possible to get a license for 1Password4 for Windows anymore?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @chetman,

    Thanks for taking the time to write in. You are correct -- we are no longer selling 1Password 4 for Windows, primarily because we are not planning any future updates for it. We did not feel it was fair to continue selling a product that we are no longer actively maintaining. We will of course continue to provide technical support for customers already using 1Password 4 for Windows.

    Our focus right now is on our 1Password 6 for Windows product. With the size of our team it wasn't feasible to continue maintaining and advancing two completely separate Windows product codebases, and so we made the difficult decision to stop development on 1Password 4 for Windows.

    not in the least being local control, but also for reasons of economics.

    We'd certainly be interested in discussing these holdups in more detail with you if you'd like.

    Ben

  • chetman
    chetman
    Community Member

    Kinda sounds like there's not a lot to discuss, Ben.

    I'm not interested in paying you $36 a year in perpetuity to use 1Password. That seems like a bad deal to me. Perpetual licensing is a better value for me.

    I also consider local data control to be paramount; I have no interest in storing my vault at 1Password. Your site actually SAYS this is something you support ("1Password give you full control over where you store your data and how you keep it in sync. Keep your data offline, or sync with Dropbox..."), but apparently the Windows version doesn't actually have this ability. Am I incorrect?

    This is immensely frustrating, since apparently 1Password 4 worked along these lines -- which is to say, in a way that meets my requirements. And I'm willing to give you money for it, but you won't sell it to me even though your current product doesn't actually do one of the things I need (and even though the web site says it does).

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2017

    @chetman: You can do exactly what the website says, but it depends entirely the the version you use. That's a big reason why 1Password.com exists, because it shouldn't have to be this complicated. I'm sorry that we don't have exactly what you're asking for currently. It's important to keep in mind that it's not possible to offer everything that everyone wants, so we try to focus our efforts in the areas where we can do the most good for the greatest number of people. Right now that means 1Password.com, since it allows us to offer effortless sync, automatic offsite backup, and access to the latest version all of the apps without trying to figure out licensing terms for different app stores and things like paid upgrades. You may be comfortable managing your own sync setup and backup strategy, and figuring out if you need to purchase a new license when you get a new device, etc. I am too. But I hope you'll appreciate that you and I aren't "most people", and we believe that security shouldn't be accessible only to folks with the knowledge needed to navigate technical things or the time and inclination to learn all of it.

    You mentioned that you prefer "perpetual" licenses since you only have to pay once, but in reality software just doesn't work that way since eventually it stops working as technology moves on. The expectation of most people is that 1Password will be constantly improved over time, but the flip side of that is that there really isn't such thing as a perpetual license. Sure, the thing never expires, but the app can't function in perpetuity because we need to either release a new paid upgrade or simply go out of business. Subscriptions are unappealing at first blush. Heck, I felt the same way myself: "Another subscription?" But they enable a virtuous cycle wherein our customers pay us to keep working nonstop to make 1Password better — and frankly we're happy to oblige, given the resources to do so. And if either party doesn't live up to their end of the bargain, then the relationship ends, so both sides are invested in making it work: AgileBits, to keep 1Password great so we can keep making a living doing what we love; and our customers, supporting us so they get to always have the best that 1Password has to offer. And that's truly perpetual. The truth is, while I like being self-sufficient, there are a lot of things that are outside my expertise; so over time I've found that I use more and more services that save me money by saving me the time and trouble of figuring things out.

    Nevertheless, I'm sorry that this puts you in an uncomfortable position, not being able to use 1Password on your own terms. I don't think that's something we can really give everyone, but I'll shoot you an email in a moment to see if there's something else we can do to help.

    ref: TUF-11715-895

  • chetman
    chetman
    Community Member

    " You can do exactly what the website says, but it depends entirely the version you use. "

    Well, no, I can't. It's not possible to control where my vault is stored under Windows, is it? Your web site says otherwise, which is a problem.

    The thing that vexes me here, Brent, is that you're couching this as an evolution of the product using phrases like "it's not possible to offer everything that everyone wants." That makes it sound like I'm asking for new features, but we're discussing things that YOUR PRODUCT USED TO DO, and that you've chosen to remove.

    You've excised key aspects of the tool as you drive it in a direction that is fundamentally less secure than your previous versions while costing MORE.

    I'm sure YOU don't think of Agile controlling my password vault as a security risk, but I sure do, and candidly so should anyone. Having anyone other than ME control this is a risk, even if I trust that third party today, because I can't control what happens with that third party later. You might sell the company, or sell the product to another company, or discontinue the service, or even go out of business. Who knows?

    I don't NEED to trust you today, because I have control of my data -- nobody can turn off my access. With your new approach, that's no longer true, and that adds a substantial risk to the equation without bringing anything to the table in return.

    By removing the ability to manage this stuff locally, you've damaged the product.

  • I'm sorry we're not able to offer 1Password 4 for Windows anymore. We created 1Password.com memberships based on a huge amount of feedback from customers that syncing and sharing should be easier. The only way to accomplish that is by hosting the encrypted data ourselves. There is certainly still a market for folks who are comfortable handling their own manual sync setup, but at this point we simply can't devote development resources to 1Password 4 and 1Password 6.

    I hope you'll re-consider, but either way I hope you're able to find a password management solution that meets your needs.

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2017

    You've excised key aspects of the tool as you drive it in a direction that is fundamentally less secure than your previous versions while costing MORE. [...] By removing the ability to manage this stuff locally, you've damaged the product.

    @chetman: That's just not the case. Keep in mind that we haven't removed this feature from any of the apps; it just isn't something we've implemented in the new 1Password 6 Windows desktop app yet.

    I'm sure YOU don't think of Agile controlling my password vault as a security risk, but I sure do, and candidly so should anyone. Having anyone other than ME control this is a risk, even if I trust that third party today, because I can't control what happens with that third party later. You might sell the company, or sell the product to another company, or discontinue the service, or even go out of business. Who knows?

    And frankly, part of the reason that 1Password.com exists is to ensure that none of these doomsday scenarios come to pass. We're really proud of being an independent Canadian software company, and are passionate about protecting our customers' security and privacy by not selling out, selling user data, or selling ads. Having a sustainable business means we can continue to do so going forward.

    But you're right. No one knows the future. And that's why we've designed 1Password the way we have. There's a lot more detail in our security white paper (which is actually a really fun read, even if you're not into cryptography), but I can appreciate that there's a lot going on behind the scenes when it comes to 1Password securing our data that is not particularly accessible or interesting to many people. I think it's also important that 1Password doesn't shove this technical complexity in our faces. So I'd like to offer a few simple points that summarize how 1Password secures our data:

    1. Your 1Password data is encrypted on your device before it is transmitted.
    2. Only an encrypted blob is stored in the database.
    3. The keys needed to decrypt it are never transmitted.

    This is true whether you're using the standalone app or 1Password.com (though with 1Password.com you get the additional security of the Secret Key also encrypting your data). Suffice to say, even if someone gains access to our servers and dumps the full database (we've designed 1Password.com with this in mind), they simply don't have what they need to decrypt it, as each individual user alone has the keys to their data. So an attacker won't have that and can't get it from AgileBits, even if they get everything else. So while there's a lot more that goes into making all of this work smoothly, this is something that I think all of us (I am not mathematician) can understand and appreciate. Cheers! :)

  • chetman
    chetman
    Community Member

    If a feature you taut on your web site isn't actually in the Windows product you can download and use, but it USED to be, then yeah, it's been excised. That you say you plan to add it later isn't a get-out-of-jail-free card here. Either the tools support user choice for storage location, or they don't. Your web site says they do, with no qualifications, but that's not actually true. I appreciate what you've done for me in private email, but this part still sticks in my craw.

    Again, creating a syncing service for 1P may well be a good idea. My issue is that it's fundamentally less secure than local control, and instead of making it an OPTION you've made it MANDATORY. This creates a situation where "subscription" issues could deny a user access to their vault.

    I'm glad you're a sustainable business. I want you to remain so; you've been great for years. But there's no part of my password vault use case that should require your ongoing participation. It's another moving part where none needs to exist. No company thinks it'll go under, or get bought, or have fundamental management philosophy shifts, but these things literally happen all the time. With pre-subscription 1P, it doesn't matter what happens to AgileBits (thought obviously I hope you do well). When we tie my password vault access to your business practices, I suddenly have a dependency that doesn't actually help me.

    BTW, I think you're misunderstanding me when I say the new subscription, sync-with-1P.com approach is less secure. There's more to security than preventing bad actors from getting my bank passwords. Security here also means that nobody can keep me from using my vault. By relying on you for sync and access, and by submitting to a constantly expiring license, I place myself at your perpetual mercy. What if I have an ID theft that compromises the credit card on file? What if you have a billing system issue? What if, God forbid, I lose my job and go bankrupt and can't afford to pay?

    That is a systemic vulnerability that does not exist with standalone 1P. Access to my data is absolutely less secure and less certain in this scenario, because there's another factor (actually, a whole HOST of factors) that can go wrong. It's that simple.

    This is a tradeoff my 77-year-old mom will make all day long, so I don't blame you for creating the OPTION. Where we part ways is in that you've made it MANDATORY.

    Thanks for engaging, though.

  • AGAlumB
    AGAlumB
    1Password Alumni

    If a feature you taut on your web site isn't actually in the Windows product you can download and use, but it USED to be, then yeah, it's been excised.

    @chetman: You can get 1Password 4 from our downloads page, or from our update site.

    That you say you plan to add it later isn't a get-out-of-jail-free card here.

    I didn't say that. It's not something we're working on right now and we're being upfront about that. Our focus is on 1Password 6, as Ben mentioned.

    Either the tools support user choice for storage location, or they don't. Your web site says they do, with no qualifications, but that's not actually true. I appreciate what you've done for me in private email, but this part still sticks in my craw.

    I really don't understand this. The choice is yours. And no one else has to use 1Password.com (or any other sync option) if they don't want to either.

    Again, creating a syncing service for 1P may well be a good idea. My issue is that it's fundamentally less secure than local control, and instead of making it an OPTION you've made it MANDATORY. This creates a situation where "subscription" issues could deny a user access to their vault.

    It seems like what you really care about is control, but you're conflating a perceived lack of control with insecurity, and these aren't actually synonymous. However, given that only you ever control access to your data (with your Master Password), the addition of the 128-bit Secret Key makes 1Password.com more secure than a local vault, since an attacker would have to successfully guess both of these. It's tempting to make sweeping statements, but I encourage you to take the time to research our security model, which is publicly documented.

    I'm glad you're a sustainable business. I want you to remain so; you've been great for years. But there's no part of my password vault use case that should require your ongoing participation. It's another moving part where none needs to exist. No company thinks it'll go under, or get bought, or have fundamental management philosophy shifts, but these things literally happen all the time. With pre-subscription 1P, it doesn't matter what happens to AgileBits (thought obviously I hope you do well). When we tie my password vault access to your business practices, I suddenly have a dependency that doesn't actually help me.

    Again, even if that happens, it won't affect 1Password users' data. We also realize that a service such as this has the potential to be a huge target for attack, so we participate in external audits and offer bug bounties to independent researchers who find issues. But most importantly, even if they are able to breach the server, they still don't have the keys to any of the data, because we never had it in the first place.

    BTW, I think you're misunderstanding me when I say the new subscription, sync-with-1P.com approach is less secure. There's more to security than preventing bad actors from getting my bank passwords. Security here also means that nobody can keep me from using my vault. By relying on you for sync and access, and by submitting to a constantly expiring license, I place myself at your perpetual mercy. What if I have an ID theft that compromises the credit card on file? What if you have a billing system issue? What if, God forbid, I lose my job and go bankrupt and can't afford to pay?
    That is a systemic vulnerability that does not exist with standalone 1P. Access to my data is absolutely less secure and less certain in this scenario, because there's another factor (actually, a whole HOST of factors) that can go wrong. It's that simple.

    Nope. You'd still have access to your data. We don't lock anyone out of it, and it's even cached locally for you in the app if you can't connect. And we want happy customers, not trapped customers, so if you decide that 1Password isn't right for you, you can export your data and go elsewhere. This works whether you're using a standalone vault or a 1Password.com account, as this is a feature of the apps themselves. We'd rather you use a competitor's product than nothing at all.

    This is a tradeoff my 77-year-old mom will make all day long, so I don't blame you for creating the OPTION. Where we part ways is in that you've made it MANDATORY. Thanks for engaging, though.

    It isn't mandatory. If it was, our email exchange would have been very different. I'm sorry that this is lost on you. We've developed 1Password for the past ten years on the principle that it shouldn't be a tradeoff, and we're building 1Password.com in that same spirit. Only now with 1Password.com security is no longer out of reach for many of our loved ones. We still have a ways to go before 1Password is easy enough for anyone to use, but we're making progress and won't give up until everyone who wants to secure their digital lives can. Since we're not willing to sacrifice security to get there, it's certainly a greater challenge than it would be otherwise, but few worthwhile endeavors are easy.

  • chetman
    chetman
    Community Member

    First, it's a bit weird to point out the fact that you can download 1P4 for Windows when it's not possible to register it. That's a problem even if you treat everyone like you did me.

    Second, it looks like your new online approach is only optional in a narrow sense - i.e., for folks who don't need to sync to Windows and have full function there.

    Am I wrong that I cannot use local-only vaults with the current Windows client? Your own support folks are saying in these forums that the Windows client can't write to local vaults.
    **
    This means my use case **must
    depend on 1Password.com, which is a resource to which I'd lose access if AgileBits went away, or had a billing snafu, or whatever, right?

    You say the tool will let me export if the servers go away, or I stop paying you, but what if AgileBits changes their minds about this aspect of it? I'm sure YOU wouldn't, but as I said this whole thing puts me in the position of relying on you guys to never have a change of ownership or management philosophy or whatever.

    That's trust I don't have to rely on now, so requiring it going forward is a net negative. No offense.

    "It seems like what you really care about is control, but you're conflating a perceived lack of control with insecurity, and these aren't actually synonymous."

    Control is absolutely an aspect of security. There's way more to a secure solution than the crypto.

    This is more than a "perceived" lack of control. This is an actual lack of control, because now someone besides me controls key parts of the solution, and it's control I don't have to give up with legacy 1P.

    So, to summarize:

    First, we have this reliance on your servers for storage and sync. You keep saying this is optional, but it appears this is only true for situations that omit the Windows client.

    I find this unattractive from both security and control perspective -- plus, it's got implications for functionality. If you go away, the Win client stops syncing. That's bad, and it's not something I have to worry about pre-6.

    Second, you want me to pay you forever instead of selling me a regular license. I get why this is attractive for AgileBits, but this new deal nets out to paying more money for less control when I do the math. I'm not into that.

  • KyleK
    KyleK
    Community Member

    I'd like to chime in here real quick.

    I second the concerns made by chetman. I also prefer storing my vault locally, or using Dropbox/OneDrive/Whatever to sync my data.

    Now I'm in the "fortunate" position that I do have a license for 1Password (4), so I can still use the local-storage option.
    What irks me is that back when the 1Password.com account model was announced, Dave Teare assured us in his blog post that single-time licenses would still be available and the apps would receive regular updates (https://blog.agilebits.com/2016/08/03/new-1password-hosted-service/, see first comment).

    Back then, in the forums you could read that 1Password 6 for Windows does not support local vaults yet, but that it's "on the todo list".

    If you read the forums now, that has shifted to "we might revisit that feature at some point, but don't hold your breath".

    Feels sad to me that longtime customers are treated this way.

  • Leboyf
    Leboyf
    Community Member

    Before Christmas understood that 1P6 Windows Standalone was almost ready to be released but release date was never provided. It's been a while since I've been in this forum. I hope I don't understand that 1P6 Windows Standalone is not going to happen.

    When is the planned release date for 1P6 Windows Standalone?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2017

    First, it's a bit weird to point out the fact that you can download 1P4 for Windows when it's not possible to register it. That's a problem even if you treat everyone like you did me.

    @chetman: Since you had indicated that it wasn't available for download, I wanted to clarify. We have to have it on the site or no one — including those who have licenses for it — can download and use it.

    Am I wrong that I cannot use local-only vaults with the current Windows client? Your own support folks are saying in these forums that the Windows client can't write to local vaults.

    We currently have two native 1Password apps on Windows: version 4 supports only local vaults; version 6 supports only 1Password.com accounts (though local vaults and other formats can be read for importing).

    This means my use case **must depend on 1Password.com, which is a resource to which I'd lose access if AgileBits went away, or had a billing snafu, or whatever, right?

    Explicitly, even if your 1Password.com account is frozen due to nonpayment or an error on our part, you can still access (and export) the data.

    You say the tool will let me export if the servers go away, or I stop paying you, but what if AgileBits changes their minds about this aspect of it? I'm sure YOU wouldn't, but as I said this whole thing puts me in the position of relying on you guys to never have a change of ownership or management philosophy or whatever.

    It seems like if we wanted to lock you out of your data, we could do that with the standalone app too, not just 1Password.com, no different than ransomware.

    That's trust I don't have to rely on now, so requiring it going forward is a net negative. No offense.

    In the same vein as the above, if you don't trust us, you really shouldn't use 1Password. I think there are good reasons to trust AgileBits as we have a decade under our belt and a track record of being trustworthy. And of course if we were to do any of the things you're suggesting, we'd destroy our reputation overnight, and with it our livelihood.

    So, to summarize: First, we have this reliance on your servers for storage and sync. You keep saying this is optional, but it appears this is only true for situations that omit the Windows client.

    1Password for Windows version 4 works as a standalone app without ever syncing if desired; 1Password 6 uses 1Password.com.

    I find this unattractive from both security and control perspective -- plus, it's got implications for functionality. If you go away, the Win client stops syncing. That's bad, and it's not something I have to worry about pre-6.

    That's a great point. If AgileBits disappears and/or the server is no longer available, you'd have to find an alternative. That means we lose customers. And then we need to find other jobs. So you can probably imagine that we're highly motivated to not only keep the lights on and the development going, but also to minimize downtime. So while you're not wrong, keep in mind that this logic doesn't apply solely to 1Password.com the way you imply it does. When (not if) an OS update breaks things in the standalone app, if there's no one around to fix it, you're out of luck. That's not something anyone wants though, which is why we're committed to staying in business. After all, we rely on 1Password too.

    Second, you want me to pay you forever instead of selling me a regular license. I get why this is attractive for AgileBits, but this new deal nets out to paying more money for less control when I do the math. I'm not into that.

    I agree that paying for a license once is cheaper than subscribing for a lifetime, but the only times I've bought a single license for software is when it disappeared completely. And given that most people expect improvements and support forever, and consistently, a subscription is appropriate. If you have different expectations, then it makes sense that you'd be happy with a license.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I'd like to chime in here real quick. I second the concerns made by chetman. I also prefer storing my vault locally, or using Dropbox/OneDrive/Whatever to sync my data. Now I'm in the "fortunate" position that I do have a license for 1Password (4), so I can still use the local-storage option.

    @Leboyf: Indeed, and no one is going to take that away from you. If this setup works for you and it's what you prefer, I think it makes perfect sense to stick with it.

    What irks me is that back when the 1Password.com account model was announced, Dave Teare assured us in his blog post that single-time licenses would still be available and the apps would receive regular updates (https://blog.agilebits.com/2016/08/03/new-1password-hosted-service/, see first comment).

    I'm not seeing where Dave said quite what you're saying, but you're right that we said that standalone licenses were still available. They were for over a year since 1Password.com was introduced, and we also continued to work on 1Password 4 alongside 1Password 6. But no one ever promised that we'd offer them forever, or update the app forever either. Recently (last month now?) we deemphasized licenses in our marketing because having two very different ways to use 1Password was causing a lot of confusion, frustration, and (frankly) anger. And more recently, we realized that we need to focus all of our efforts on Windows on 1Password 6 or it will take far too long for it to become feature complete. As such, we're no longer selling licenses for 1Password 4, because it's planned to only receive security fixes going forward.

    Back then, in the forums you could read that 1Password 6 for Windows does not support local vaults yet, but that it's "on the todo list". If you read the forums now, that has shifted to "we might revisit that feature at some point, but don't hold your breath".

    Local vaults has always been on the 1Password 6 "todo list", but it's not something we're working on currently. While it's come a long way, we still have a lot of work to do to make it "complete" (to the extent that software can be), so right now we're focused on other things. So, creative license aside, local vault support is on hold and it's something we can revisit once we're finished with our current projects (primarily Edge and Native Messaging).

    Feels sad to me that longtime customers are treated this way.

    I understand that it can be sad to not get exactly what you want or expect, but nothing's been taken away from you. You can continue using 1Password as you always have, and it won't even cost you anything more. While we continue to believe strongly that 1Password.com offers the best experience (and customers have reinforced this for us), this doesn't change anything for you.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2017

    Before Christmas understood that 1P6 Windows Standalone was almost ready to be released but release date was never provided. It's been a while since I've been in this forum. I hope I don't understand that 1P6 Windows Standalone is not going to happen.

    @Leboyf: That's simply not the case. 1Password 6 has come a long way, but it's nowhere near "complete". And before Christmas it didn't even support Autosubmit in Chrome or multi-word search. Suffice to say this is why we haven't announced release dates or that it was "almost ready". We're working on incremental improvements over time. Granted, we have a lot less to do than we did last year, but there are still many other features and improvements that are needed. Local vaults aren't something we're working on right now, as we're focused on Edge and Native Messaging currently.

    When is the planned release date for 1P6 Windows Standalone?

    We don't discuss release dates for unreleased software, and even I were to guess I'd probably end up being wrong. And I'm not really much of a gambler. :tongue:

  • Leboyf
    Leboyf
    Community Member
    edited April 2017

    Will you work on local vaults for IP6?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Leboyf: Impossible to say at this point. We really would have liked to be able to support Edge already, but it's proven to be a much bigger undertaking for us, and for Microsoft as well, as they build out the frameworks for their newest browser. It's good to be able to work with them on this, but given that we don't even know when that will be complete, speculating even further into the future would be reckless.

  • Leboyf
    Leboyf
    Community Member

    Will there ever be a windows Standalone beyond IP4?

  • Hi @leboyf,

    As Brenty said, we don't know for the moment. We still plan to add local vaults/license support down the line but it is not something we're actively working on right now. We still have to finish up 1Password 6 and 1Password.com service, after that, who knows.

  • Leboyf
    Leboyf
    Community Member

    The subscription service is too expansive for me. I don't mind paying for a standalone version every 2 to 3 years.

    I need to clearly understand AgileBits position. Please answer the below question.

    Is IP4 the last Windows version available as standalone?

  • MikeT
    edited April 2017

    No, we've stopped selling new licenses for 1Password 4 a short while ago since we're not going to update it with new features anymore.

    As of right now, only the 1Password.com service with 1Password 6 for Windows is available for new Windows customers.

  • KyleK
    KyleK
    Community Member

    Here's what Dave wrote 6 months ago, when 1Password.com was launched:

    The first thing I wanted to touch on is licenses and how they are still available for purchase. As you’ve seen throughout this post, we’re super excited about our new subscription plans as they’ll make 1Password a better experience for most users.

    With that said, we know that some of you have regional or corporate restrictions that require you to use a cloud-free solution. Others prefer configuring their own sync service or are simply happy with their current setup.

    This is all great and you’re free to continue doing exactly what you’ve been doing. Our standalone license is still available for purchase and will continue to be supported, along with great updates to the apps.

    At the end of the day, as long as you’re using 1Password to stay secure, the world will be a better place. Regardless if you decide to subscribe or purchase you’ll be rocking. ?

    Quite the reversal after just 6 months, wouldn't you say?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2017

    @KyleK: Yep, though it's not quite the "reversal" you seem to think it is. Here's what's actually changed: 1Password for Windows is no longer being sold in the AgileBits Store. That doesn't change anything for our existing customers, since we continue to support everyone who's purchased our products over the last 11 years. Those are the people we have a responsibility to. If you need help with a product you've purchased, we're here for you.

    And of course 6 months is a long time, especially as we're getting emails every day from confused, frustrated, and downright angry people who purchased licenses and thought they'd be able to use 1Password seamlessly on all of their devices, and folks who were already 1Password.com subscribers who understandably want a native Windows app that's as full-featured as 1Password 4. The best way to do that is to devote as many resources as we can. And heck, I was running a different OS on all of my devices 6 months ago, and the PC I was using at that time has since died. 6 months is nothing to scoff at, especially with regard to technology.

    And keep in mind that 1Password.com was actually launched in November 2015 with the 1Password Teams beta, and we sold 1Password for Windows licenses until March 2017. We also marketed the "standalone" option right alongside subscriptions for over a year. But since this was causing a lot of pain for new customers without actually benefiting our existing customers, and because we really need to focus all of our energy on 1Password 6 (rather than on undoing the confusion we were perpetuating), we've de-emphasized licenses. And we've removed 1Password 4 from sale, as it is no longer being actively developed.

    Would you really want to purchase a license for a piece of software that will not be getting new features going forward? I know I wouldn't, and that's why we're not selling 1Password for Windows version 4 any longer.

  • nomad980
    nomad980
    Community Member

    @brenty been using 1P 4 for a while now and haven't had any problems with it. I understand why the business model was changed, and I do understand that you are aware of the concerns that everyone has. I would jump into the subscription bandwagon but after seeing how "secure" some of the other online password managers are I am downright scared, cause seriously storing sensitive information on the cloud no matter what is just not secure. Now my question is this, if I get the subscription and if 1P 6 ends up supporting local storage, will I be able to transfer the data from 1Password.com to my local storage and deleting the data from 1Password.com? Hell I don't even mind paying for a subscription for the software if you guys just allowed me to keep my data off the cloud. Anyways guys thank you for the time you guys have kept my accounts safe.

  • prime
    prime
    Community Member

    @nomad980 I felt the same way and I did a lot of research about 1Password for Families.

    An attacker would have to have both you secret key (40 characters long) and master password.

    I started at this article about the security and I asked a lot of questions about it. A lot I didn't know, so I either asked or looked up. They also have $100,000 bounty program for this. This made me feel better, because money talks. Another thing that made me feel better is the 3rd party audits, so again, other people are looking for issues.

    It took a lot for me to change over, and I actually wasn't 100% ready when I did. But I actually feel good and confident about this set up. The only truly 100% off cloud is the WLAN-Server, but I always had issues with more than 1 computer. I don't think it was made for multiple computers, and I have 3. I did use to use Dropbox, but I dropped them due to thier issues, and lost trust in them, and was one of the reasons why I switched to the subscription (it was when I started to look for other options).

    I know @brenty can add so much to this. He was a big help along with others on here when I was asking questions. I wanted to add a fellow customers point of view on this.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @nomad980: Indeed, these are the same concerns we have since, as you can imagine, we use 1Password ourselves. If 1Password were built on the hope that no one will ever get our data, that wouldn't be very secure. After all, most of us these days carry it around with us in our pockets! It's not as hard as you might think for someone to get your vault, even if it's only stored locally and you never sync it anywhere. But 1Password doesn't depend on that kind of marginal obscurity for its security. No matter which setup you use, your 1Password data is end-to-end encrypted.

    And as prime alluded, a 1Password.com account, we've taken it even a bit further, since three things are needed to do anything useful with your data:

    1. The encrypted data — without this, well...you're out of luck.
    2. The Secret Key
    3. The Master Password

    Without each of these, it's impossible to access anything you have stored in 1Password.com. With a local vault, only the Master Password and vault are needed. That's not to say it's insecure. But since we're now storing people's data on our servers, we recognize that we're an even more appealing target. But this way, even if the server is breached, it is impossible for someone to gain access to your data because we simply never have the keys to it — only you do.

    And more awesomely, with a 1Password.com account, it is also impossible for someone to perform a brute force attack on your Master Password to try to decrypt the data — because they'd also need to guess the randomly generated, 128-bit Secret Key.

    Finally, the Secret Key and Master Password are never transmitted: only you have them. The Account Key is generated locally on your device when you setup the account, and the Master Password is chosen by you.

    So while you're right that in some cases it may be possible to get a 1Password.com membership for the apps and still use local vaults, that just isn't necessary; it would mean making more for for yourself, and frankly to do that you'd be eschewing both the convenience of being able to seamlessly access your data anywhere, and also the added security of the Secret Key.

    I hope this helps give you a better idea of how all of this works, but be sure to let me know if you have any questions at all. Cheers! :)

  • nicolasbianchi
    nicolasbianchi
    Community Member

    Wow.

    This was really a very interesting discussion to follow...

    I’m in a similar situation as chetman. I’ve been a happy user of 1PW for mac for ages. I even got a free licence when I bought Parallel Desktops, which is now used by my girlfriend. (Therefore, there’s no need for a family subscription.)
    What happened is that I use now a separate (private) computer for work, Windows based. And It would have been handy to have all my data also on that one. I don’t really need it, but was ready to buy a 1PW4 licence out of sheer commodity.
    I’m quite disappointed myself to find no standalone version for Windows available for Purchase...

    As for today, I must say that I do think like chetman does: controlling my vault does give me more security. In order to get to my passwords and other confidential data, a potential thief would have to break into my house, steal the computer (desktop), decrypt the encrypted HD, crack the 1PW standalone security. (I knowingly rule out trojans/viruses as I’ve always been extremely cautious with everything that comes on my computer, and never had any security issue in my 20 years of daily computer use.)

    Let’s say 1PW Cloud security is totally garanteed today. But what about tomorrow. I mean: even though your servers are as secure as today’s technology allows it, they are still a lot more exposed to hacker attacks than my modest home. And this exposition equals risks, as one day some guys might be one toe length ahead of you.
    Not to mention the other aspects brought up by chetman, which are worth giving thoughts to. An honestly, at a general level, I’m not happy with nowadays subscription business models either.

    It’s been mentioned here that it’s still possible to access data after subscription ends. I did the subscription trial, but didn’t follow up on it. My account is now frozen. I don’t see any available export function (just for info, as I don’t really need it).
    What’s worse though is that it’s impossible, in a frozen account, to delete any entry (in someone wants to keep the account for a possible future), and even to delete the account (no corresponding option under “My Profile”…).
    Not adding or importing when the account is frozen seems logical… But deleting private data should be allowed.

    Anyway, I guess I’ll have to write you to delete my account. And to hope you’ll come with another standalone version. Although I wouldn’t bet on it.

    Thanks for the good work on your previous versions.
    Cheers.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2017

    @nicolasbianchi: You make some good points, especially with regard to not being able to purchase the license you want, or delete your 1Password.com account if you no longer want it.

    We're not comfortable selling licenses for software we're no longer actively developing, so I don't really have good news for you in that regard. But you should be able to delete your account by logging in here and scrolling down to the bottom to click "Permanently Delete Account":

    https://my.1password.com/profile

    But that only works for individual accounts. If you're referring to 1Password Families or Teams, that option will instead be under Family/Team Settings:

    https://start.1password.com/settings/account

    And be called "Delete Family Account" or "Delete Team Account".

    But regardless it's important to keep in mind that all data there is private, since only you ever have the "keys" to decrypt it (Master Password and Secret Key — both of which are never transmitted).

    I'll also shoot you an email momentarily with some additional details in case it helps. We may continue to develop "standalone" 1Password going forward, but it isn't something we're focused on right now as 1Password.com is still relatively new and requires more of our attention than the existing (for a decade) standalone model, which is already quite mature.

  • Hi folks,

    Sorry to bring up an old thread, but we've recently provided some news on 1Password 7 for Windows that I think you'll all enjoy:

    AgileBits Blog | 1Password 6.7 for Windows: a feature buffet

    With this release, we finally have enough visibility to chart a course for the future, so we’re happy to announce that standalone vaults will be an available entree on the menu in 1Password 7 for Windows. 1Password 7 will be free with your 1Password membership, but if memberships aren’t for you, paid licenses will also be available.

    :)

    Ben

This discussion has been closed.