Doomsday question (software activation)

I read that 1Password 7 will support local vaults so I've got a question. I currently use 1Password (subscription) for 99% of my passwords. The 1% of my most sensitive passwords are stored offline in Password Safe.

When 1Password supports local vaults I'd like to migrate my 1% of sensitive into a local vault, i.e. 99% in my 1Password (subscription) account accessible anywhere and 1% as a local vault which never leaves my computer/offline backup media.

Doing this would leave me totally reliant on 1Password and your service. Your typical response would be along the lines of "all of your passwords are cached locally on every device you've got 1Password installed on". True. I'll go further and say that in an ideal world the software would already be activated and available to use on my computer.

If 1Password were to suddenly shutdown, or to suffer a catastrophic and prolonged outage, how would I activate your software?
Will there be an option to use the software in a read-only / export-only mode to mitigate this potential, although unlikely, contingency?

My question assumes that I have a copy of the 1Password offline installation executable but that I don't already have the software activated. Until I open 1Password I can't export the data to a readable format in order to import it into another piece of software.

By hard-coding it so that it's read-only / export-only (unless activated) would defeat any argument that it would encourage pirated use of your software. Knowing that I'd always be able to read my passwords until I'd migrated to another service (assuming you went out of business) would make me and many other users much more comfortable.

To any of the developers reading this, please build in a feature allowing users to do a full export of their 1Password user data which can then be transparently imported into a local vault (single 1Password file) for ease of encrypted backup. Then I wouldn't need to keep separately encrypting the current plaintext backup file which I'm currently forced to do in order to keep me safe from the potential contingency described in this post.

These enhancements would make your software even more attractive to everybody, not just power users.


1Password Version: 6.7.457
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: 1Password.com

Comments

  • Hi @darrenNZ,

    Thanks for writing in.

    There is no activation required for 1Password.com accounts in 1Password 6 for Windows once you signed in for the first time. You can copy your 1Password folder to any computer you want even in a bunker with no internet access and it will work fine, it simply won't sync. You can test this by copying %LOCALAPPDATA%\1Password directory. This contain both the app files (/app) and your 1Password database (/data). Put it on another computer in the same directory, don't connect the Internet and run it, it'll work.

    At the moment, it is too soon to confirm anything what 1Password 7 will do for licenses, we're working on 1Password 7 features but software license activation is not yet finalized. It is usually the last thing we work on before the stable release.

    In 1Password 4 for Windows, we validate the license with our server upon the registration and then saved the activated license file within your 1Password folder. This meant you could copy the license file to another computer and never have to activate again.

    If 1Password were to suddenly shutdown, or to suffer a catastrophic and prolonged outage, how would I activate your software?

    As long as you signed in first, nothing happens. You can still access your data offline except for Documents that you haven't downloaded yet.

    To any of the developers reading this, please build in a feature allowing users to do a full export of their 1Password user data which can then be transparently imported into a local vault (single 1Password file) for ease of encrypted backup

    We are working on export (with an option to download all Documents stored in your account) and backups for the future but for now, you can create a backup by simply copying the 1Password directory as mentioned above. Just be careful not to restore if you wish to resume syncing as they'll conflict.

    This is a top priority for us, it's just that we need to do it right as we treat the server data as the center truth and have to be careful not to overwrite data incorrectly when syncing. There is also the issue that each app update can have different database changes, so we have to make sure the export and encrypted backups are future-compatible as well.

    I hope this helps a bit for now.

  • darrenNZ
    darrenNZ
    Community Member
    edited November 2017

    Great answer @MikeT, thanks! :)

    "There is no activation required for 1Password.com accounts in 1Password 6 for Windows once you signed in for the first time".

    Could you clarify your comment because I can see there being two possible readings:

    1. You must have an already installed, and activated, copy of 1Password 6 for Windows in order to read the %LOCALAPPDATA%\1Password files.
    2. You don't need an already installed, and activated, copy of 1Password 6 for Windows providing you already have the %LOCALAPPDATA%\1Password files (from an activated computer).

    If number 2 is the correct reading of your comment then you've satisfied me that my data is retrievable. Essentially what I think / hope you're saying is that the unique 'activation' information is contained within the %LOCALAPPDATA%\1Password directory and thus all I'd need to do is: have a backup of all those files (e.g. on a USB drive) and I could install 1Password on a new computer (never been online) and I'd still be able to access the data after copying over the %LOCALAPPDATA%\1Password directory.

    Is this the correct reading? If so that's fantastic because it means I can backup that whole directory into an encrypted 7-Zip file (belt & braces security) and keep it safely backed up. It'd simplify my current backup regime although a dedicated option, when it arrives, would be even better. ;)

    One last question. I assume I can safely add 1Password10.sqlite to my automated backup software? I realise the other files are essential too but in terms of my passwords I'm guessing they're solely contained within there and/or 1Password10.cache.sqlite? I guess that the user.json file are just program preferences?

    I've taken heed of your warning "not to restore if you wish to resume syncing as they'll conflict".

  • @darrenNZ:

    This one is the correct read for 1Password 6 today:

    You don't need an already installed, and activated, copy of 1Password 6 for Windows providing you already have the %LOCALAPPDATA%\1Password files (from an activated computer).

    Activation is a bit of an awkward term when talking about 1Password.com accounts because actual activation really only happens server-side. You pay (or start up your trial) and the server activates your account and lets the apps know as needed. Once the apps are in the loop, 1Password will function without checking that every time so this process of "activation" (so to speak) isn't needed when you already have a local database on your machine and the info that you're "activated" is in that database.

    Consider this: when you're setting up your 1Password app from scratch, that computer hasn't seen your data before and knows nothing about your account. When you sign in for the first time, your app "activates" in the sense that the server shares that data with the app and it now knows that you have, say, a Family account with access to X, Y and Z vaults, for which you have a, b, and c permissions, and which contain all of your copious encrypted data. This information is all stored in that /data folder so once that folder is populated, 1Password only really needs the server to sync. 1Password doesn't give a hoot where this /data folder came from (shared by the server or shared by you from another PC via USB). It only cares that it can find data and you enter the proper credentials to unlock your data. 1Password has everything it needs to function right there in your /data folder, so it will continue on its merry way doing exactly what you expect, even if it can't talk to the server. It will handle stuff like syncing any changes you make while offline once it's able to connect to the server again.

    Also, to emphasize some of Mike's sage advice beyond restoration, it's worth repeating that Documents are not cached locally and are instead downloaded on-demand, so if you're wanting to ensure you have a complete backup that can be used on a computer that has never seen your account before, you'll still want to save documents separately. This is one of those shortcomings Mike was talking about wanting to overcome with export improvements.

    And as a very final note, while it's highly likely 1Password 7 will work similarly to this as it applies to accounts since it's being built on the foundation of 1Password 6, it's still a work-in-progress and things like local vaults will change the landscape some, so it's good to just keep that in mind and make sure you're still good to go once 1Password 7 arrives. :+1:

  • darrenNZ
    darrenNZ
    Community Member

    Thanks, this allays my concerns.

    I'll schedule automatic daily backups of /data and backup /app manually whenever 1Password updates itself.

    I will of course check back once 1Password 7 is released in case anything changes.

    My questions have all been answered now. Thank you.

  • On behalf of the team, you're welcome!

    If there's anything else we can help with, don't hesitate to let us know.

This discussion has been closed.