To protect your privacy: email us with billing or account questions instead of posting here.

Diversion in standalone vs subscription = product complexity = security issues?

tokyo12
tokyo12
Community Member

Hello,

I have been noticing that iPassword is continuing to diverge between the standalone version and the subscription version, most recent example is the announcement on travel mode.

This is leading me to feel that 1Password is continuing to introduce more complexity in its software development processes with multiple code bases being maintained as a start - which will be the start to some gaps being introduced in the future which will led to security issues. Perhaps more 'leading edge' features (and protection!?!?) will soon start to appear in the subscription version (at least initially if nothing else?)

Thoughts? How can we be reassured that this will not happen? Can you provide us some transparency with your internal development processes and roadmaps?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Secret, Nice Try.
Referrer: forum-search:Diversion in standalone vs subscription = product complexity = security issues?

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @tokyo12: This is a really interesting topic. In fact, with the exception of the new 1Password 6 Windows desktop app (which we had to build from scratch), the same app is used on each platform whether you have a standalone license or a 1Password.com membership. And in the case of Windows, we're focused on the new app and no longer actively developing the old version. So there really aren't "multiple code bases being maintained".

    But frankly the most interesting thing is that travel mode isn't part of the apps at all. Since this is handled by the server (vault access and encryption keys are revoked and removed from devices) it both didn't require an update to any of the apps and also couldn't be accomplished with local vaults. So while I'm not sure exactly what you're expecting as we don't discuss "internal development processes and roadmaps" publicly, maybe that helps clarify things. I hope this helps. Be sure to let me know if you have any other questions! :)

  • tokyo12
    tokyo12
    Community Member

    Thanks for the reply. I guess I could replace my app complexity with server side complexity, both possibly leading to the same undesired effect of complexity being introduced by divergence between the standalone version and the subscription version?

    I can understand internal development processes and roadmaps perhaps not being public - but I would maintain that we should know what the future plans are for what will only be developed for subscription versions and how much they will diverge, in addition to my security concern from complexity.

    Complexity/Security concern I am sure is well thought of internally, so a technical paper on this might be very well received..

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the reply. I guess I could replace my app complexity with server side complexity, both possibly leading to the same undesired effect of complexity being introduced by divergence between the standalone version and the subscription version?

    @tokyo12: I guess I'm not sure what you're asking. 1Password.com already has a number of features that just aren't possible with a standalone app: travel mode, account recovery, web interface, automatic offsite backup with item history, and many permissions and sharing features, especially with 1Password Teams. If there's something specific you're curious about, just ask. I bet we can help. :chuffed:

    I can understand internal development processes and roadmaps perhaps not being public - but I would maintain that we should know what the future plans are for what will only be developed for subscription versions and how much they will diverge, in addition to my security concern from complexity. Complexity/Security concern I am sure is well thought of internally, so a technical paper on this might be very well received..

    While we're just not going to discuss unreleased features publicly (as they may be delayed or canceled as needed), you should definitely check out our security white paper. And with the help of external auditors and independent security researchers we'll continue to challenge and strengthen our security model. Cheers! :)

This discussion has been closed.