What are BENEFITS of Account vrs Licence ?

patrise

I am a license holder since 2014, when I downloaded the free desktop app and paid $29 for the IOS version. After some initial confusion, I'm set up and running fine across multiple devices.

Now I see you offer a subscription version, and although I have read everything I can find, I am still unclear on the benefits of subscription verses license.

How will I be better off with a subscription? or, how am I missing the boat by hanging onto my license?
Is my licensed software aging and creating security risks?
When are paid major upgrades needed, how frequent, how will I know, and what is the cost?
Is there any bonus for license-holders verses the new customer when we sign up for subscription?

---

1Password Version: 4
Extension Version: 4.3
OS Version: OS 10.9.5
Sync Type: Dropbox
Referrer: forum-search:licence verses account

darrenNZ

@patrise

With a perpetual licence you have to:

• pay for each major upgrade, e.g. version 4 to 5, version 5 to 6 etc.
• pay for each platform (Mac, Windows)
• sync it to a third-party cloud service (e.g. Dropbox)

With a subscription you:

• get all the updates included at no extra cost
• can use 1Password on multiple platforms at no extra cost
• get the latest apps (e.g. 1Password X for Chromebooks or 1Password CLI)
• backup directly to AgileBits - this is more secure because of the 'secret key'
• don't need to worry about sync conflicts with Dropbox
• can hide your data when you travel across borders
• get 1GB encrypted storage
• have automatic item history

It's entirely up to you whether you want to stick with version 4 or upgrade to version 6. However version 4 will one day stop working when Apple or Microsoft make major changes to the OS.

Some people prefer the one-off perpetual licensing model but they're the people who normally moan when a new version comes out and they want the latest features (but don't want to pay).

For some people the perpetual licence is best, e.g. those who want their data entirely offline and/or people with only one device.

Version 4 is obsolescent and won't receive any new updates unless AgileBits make an exception.

The cost for an individual subscriber is $2.99 per month ($35.88) per year. Any offers are few and far between.

bkh

Some people prefer the one-off perpetual licensing model but they're the people who normally moan when a new version comes out and they want the latest features (but don't want to pay).

That reads like a gratuitous insult sprayed at people who prefer the perpetual license. I question the appropriateness of that comment in this forum.

AGAlumB

@darrenNZ, @bkh: Well, I think that's unfortunately the reality in some cases, certainly not all; I agree that we can do without moaning and spraying here. Let's keep it friendly. :tongue:

AGAlumB

I am a license holder since 2014, when I downloaded the free desktop app and paid $29 for the IOS version. After some initial confusion, I'm set up and running fine across multiple devices. Now I see you offer a subscription version, and although I have read everything I can find, I am still unclear on the benefits of subscription verses license.

@patrise: I hear you. Ultimately it will vary from person to person, as not all of us have the same needs or use 1Password the same way. We've tried to make sure that 1Password.com memberships have something to offer everyone...but the most important thing is that if you're happy with the version you've already purchased, you don't have to do anything now: you can continue using it for as long as you wish, weather that means forgoing a subscription or even a paid license upgrade. And if and when you do decide that there's a feature or benefit you want which you don't already have, just shoot us an email at support@1password.com and we'll be happy to help you make the transition to a membership or new version. :chuffed:

How will I be better off with a subscription? or, how am I missing the boat by hanging onto my license?

You're probably not missing the boat at all, unless you're using an old version of 1Password. The fact is that whether you're using the standalone app or a 1Password.com membership, you're probably using the same app just in a few different ways. The main benefit of 1Password.com memberships is that it makes 1Password more seamless across all of your devices, and includes features that aren't possible with a standalone app, like the 1Password.com web interface, Travel Mode, automatic offsite backup and item history, and not having to deal with license management or sync configuration — you simply sign into your account to access your data on all your devices.

Is my licensed software aging and creating security risks?

Well, 1Password isn't, but in this case the OS you're using is, since it not only hasn't been getting security updates of its own, but also limits the updates you can get for your web browsers. 1Password 4 has some functional limitations because of this:

1Password 4 legacy support information

But of course using 1Password in an environment which is not secure poses risks of its own. So the best thing you can do is get up to date, since that will give you the latest security fixes in addition to compatibility.

When are paid major upgrades needed, how frequent, how will I know, and what is the cost?

Is there any bonus for license-holders verses the new customer when we sign up for subscription?

Paid upgrades depend on when we have a new major version ready, and what we decide to charge for it. I suspect we'll continue to offer upgrade discounts to existing customers, but I can't give you pricing or availability for something that we haven't made yet.

We've offered a number of promotions for 1Password.com memberships since they were introduced, and we'll probably have others in the future. The best thing would be to shoot us an email at support@1password.com so we can help.

That said, if you're not able to use a recent version of macOS, you will not be able to use a 1Password.com account there, as 1Password 4 is the newest version for Mavericks, and it was created years before 1Password.com memberships existed.

Anyway, I hope this helps answer your questions. Be sure to let me know if you have any others! :)

bkh

Is my licensed software aging and creating security risks?

Well, 1Password isn't,

But a 1Password vault created years ago may be a bit less resistant to brute-force attacks (fewer iterations in the PBKDF2 hash) and may leak some metadata if it uses the old agilebits format rather than the new opvault mechanism.

If I remember right (someone correct me if I got it wrong) changing the master password of your vault will update the number of PBKDF2 iterations to a good number, but to change format to opvault you need to create a new vault and copy the items from the old vault into the new one (with a sufficiently new version of 1Password.)

rickfillion

But a 1Password vault created years ago may be a bit less resistant to brute-force attacks (fewer iterations in the PBKDF2 hash) and may leak some metadata if it uses the old agilebits format rather than the new opvault mechanism.

You're right. Though even older formats like AgileKeychain still use a sufficient number of PBKDF2 iterations to make it extremely difficult to brute force (if I remember correctly the minimum is 10,000). Odds are that AgileKeychain will be retired due to its inflexibility to new features rather than for security reasons at this rate.

If I remember right (someone correct me if I got it wrong) changing the master password of your vault will update the number of PBKDF2 iterations to a good number, but to change format to opvault you need to create a new vault and copy the items from the old vault into the new one (with a sufficiently new version of 1Password.)

Creating a new vault is when the PBKDF2 calibration happens. It's not as much work as you make it seem, as 1Password uses AgileKeychain/OPVault only for syncing purposes, so it's usually just a matter of:

• Disconnect sync
• Erase old sync vault
• Setup new sync vault (with new format)
• Done

There are security benefits to the new 1Password.com accounts, such as the fact that all traffic during the sync process is encrypted beyond the normal TLS, and that there's mutual authentication between the application and the server. These are great things, but we still stand behind OPVault and AgileKeychain.

Rick

bkh

Creating a new vault is when the PBKDF2 calibration happens. It's not as much work as you make it seem, as 1Password uses AgileKeychain/OPVault only for syncing purposes,

The OP (patrise) is using an old local vault solution, not 1password.com, so I think switching vault format may be a bit more involved, requiring either item copying or a full vault export to plaintext pif, import of pif to the new vault, and thorough wiping of the pif. The local vault context is also where I thought changing master password updates PBKDF2 iterations, but I may well be misremembering that part.

rickfillion

@bkh : my instructions were for anyone using local vaults and 1Password for Mac. AgileKeychain is simply a sync format (as of version 4), so it's just a matter of switching that. The app itself uses a sqlite file that has its own format that's very similar to OPVault (but in database form).

Rick

bkh

My blunder. Thanks for the correction.

rickfillion

No problem. Happy to help.

Rick