To protect your privacy: email us with billing or account questions instead of posting here.

How do I convert from Membership Trial back to standalone?

charlie_g
charlie_g
Community Member

I just got the new V7 and am excited to try it out. However, I would like to keep my own private vault synced by icloud and not use a third-party cloud (It's why I liked 1Pass). How can I revert back? I have tried looking at advanced settings and I see "local" cloud but not icloud.

I'm actually fine paying the membership rate if it includes constant updates - I just do not like having millions of people's passwords in one central location - even if they are encrypted. It is too much of a honeypot.

Thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:convert to standalone from membership

Comments

  • Corey_C
    Corey_C
    Community Member

    Hi there @charlie_g

    We are aware of how much of a juicy target our service would become when we made it. That fact was one of the guiding principles to how we designed the software. The thing here is that not only is everyone's data on our service encrypted, but it is encrypted individually.

    See, your data is encrypted with a key made up of two things. Your Master Password and your Secret Key, a 34-character string of randomness that is given when creating your account. Both of those secrets are unique to you and both of them are only known by you. The Secret Key has at least 128 bits of entropy meaning that your final encryption key has at least that and likely much more if you have a secure Master Password. What this means is that it is infeasible to crack the encryption on your data. The math states that it would take longer than any of us have left in this world in order to do it no matter how much money or computing power you may have. And remember, that is only for one person. Everyone has a unique Master Password and a unique Secret Key, all of them only know by that specific user, creating a 128+ bit entropy encryption that takes longer than any of our remaining lives to break. You have to go through that process for each and every person's data you would want to break. As tempting of a target we may be, with the way our security is designed, there are far more, shall we say, "efficient" targets out there.

    Also, I struggle to understand how storing things on iCloud is any different. If you ask me, iCloud is a rather tempting target as well. The amount of information that Apple stores on their service is immense and it's far more varied than just 1Password data as iCloud is a general sync service. If you are comfortable storing it on iCloud, I struggle to see why you have issues with our service, particularly given what I have explained above. If you have specific concerns, though, I would be happy to try to address them or find someone who can. :)

  • charlie_g
    charlie_g
    Community Member

    Hi, Corey. Thanks for the response. A few responses to that:
    1) A few big differences between iCloud and 1password. 1) 1password is all about storing your most secure and sensitive information. Bad guys know that people are putting their most sensitive information (passwords, secret info) into their 1password account. while iCloud does contain a ton of information, a lot of people think of it as things like photos, and other storage items vs all sensitive information.
    2) iCloud is backed by Apple, which is a bit of a larger company. Even though 1Password has a fantastic security background and a focus on security, Apple is probably spending 10x to 100x on development and operations to keep their icloud secure.
    3) you mention that all data is extra-encrypted. That's awesome! And it is awesome that it would currently take that long to uncover your key by decryption techniques today. However, I am also worried about decryption techniques in the future. If someone were to grab the encrypted data now in a breach, they may hold onto it and then in 5 or 10 years have the tech (say if quantum computing keeps progressing) to decrypt everything. Or alternatively, we discover 3 years from now the encryption technique used in 2018 had an algorithmic flaw. (See previous exploits of openssl etc...). I know this is more of a longshot, but once someone has your encrypted data, you can never correct any flaws or change it. You are stuck.

    A number of security experts tend to agree that having a centralized location for passwords is bad. https://motherboard.vice.com/en_us/article/evdbdz/why-security-experts-are-pissed-that-1password-is-pushing-users-to-the-cloud

    I still really like the 1password product. I also like the sense of security of knowing my encrypted data is not stored in a centralized location. It may be totally irrational but that's how I feel. Hope that makes sense!

  • Corey_C
    Corey_C
    Community Member

    Hi @charlie_g

    Well, we have largely gone beyond my capacity to answer, but I will see if I can find someone to address those points. In the mean time, you can do what you propose if you wish. That setting in the Advanced tab is the one you are looking for.

  • charlie_g
    charlie_g
    Community Member

    Thanks, Corey. Would love to hear feedback if I made some major false assumptions. As for the setting - when I change it to "local" is that stored on my hard drive or icloud?

    Thanks!

  • Corey_C
    Corey_C
    Community Member

    @charlie_g

    I've asked some of the more security-minded of my colleagues. I'm sure they will jump in if they have something to add. As for switching from hard drive to iCloud storage, that's in the Sync tab of Preferences.

  • Hi @charlie_g,

    Let's see if I can shed a little more light on this.

    1) A few big differences between iCloud and 1password...

    You make a lot of good points here. I think we can all agree that the data stored in 1Password in general is going to be more important than what's stored in iCloud generally. But just because iCloud holds a lot of mundane data doesn't mean that it's any harder for an attacker to get at what they'd want on there. It's not like if someone has to sift through stuff manually to find the good stuff.

    2) iCloud is backed by Apple, which is a bit of a larger company. Even though 1Password has a fantastic security background and a focus on security, Apple is probably spending 10x to 100x on development and operations to keep their icloud secure.

    Absolutely, Apple has a larger budget than us. Your 100x figure is probably still very low. Let's be honest here, we're a tiny company compared to them. Fortunately money doesn't buy you everything, and both Apple and 1Password use industry standards to base their systems off of. Not that long ago, one of Apple's security architects did a great presentation at the Blackhat conference where he did a deep dive into how iCloud Keychain worked. It was an amazing talk, and I'd recommend that anyone looking to learn about that stuff look it up. Apple has a few additional tricks available to it since they control the operating system, but everything they're doing is using off-the-shelf things and making it all work at a very large scale. One of the biggest parts of what makes their iCloud Keychain system secure is its use of SRP, which we also make use of.

    ...However, I am also worried about decryption techniques in the future...

    It's difficult to know what the future holds. It's pretty normal for companies (even security companies) to use 10,000 rounds of PBKDF2 to secure a password these days. It's easy for us to crank that up so we're up to 100,000 now which makes cracking anything 10x as slow. We do that because we assume that in the future a computer will be able to perform PBKDF2 significantly faster. And the minute that that seems to be the case we can easily push out an update that cranks that up even higher with 1Password.com accounts. We can do it for OPVault/iCloud based vaults too but it'll be a bit more work. The point is that we're preparing for that future.

    Using a slow hashing function with a ton of iterations is a great way to slow things down and future proof it... but we don't think that's enough. The reality is that with today's compute power you can take a top 100k most common passwords and generate the PBKDF2 values for them, even with high iteration counts. With tomorrow's compute power we'll be into the millions. If the only barrier is the hashing function then it's going to be difficult to fight against the future when you're talking decades out. Though maybe not.. AgileKeychain files from way back when are still secure with a good Master Password. The key is to fall outside of that list of values that they'll calculate. You can do that with a good Master Password. Or you can do that by throwing an additional piece with a serious amount of entropy. The Secret Key guarantees that the value that needs to be put through the slow hash function isn't in a pre-generated list by being fully random, and there's nothing an attacker hates more than actual randomness. Just like with the PBKDF2 iteration count we chose, the 128bits of entropy in the Secret Key was chosen to be a "sort of ludicrous value".

    Fast forward 10 years and could quantum computing have made all of this moot? Maybe. There are going to be a lot of problems if that's the case though. The encryption technology that 1Password relies on is the same kind of stuff that's used all over the place... including in Apple products. So if it's broken for us, it'll be broken for everyone.

    A number of security experts tend to agree that having a centralized location for passwords is bad.

    There are a number of great points in the article you linked to. The points that those experts make tend to get misunderstood though. The concern is rarely about storing a central repository of encrypted data, but instead is around the trust model between a server and apps. In a system like ours, the server needs to distrust clients because they could be malicious. But that's not enough... the clients need to also distrust the server. We need to build a relationship where both the clients and the server coordinate together to make magic happen, but at the same time don't trust each other. We've got mechanisms in place that make trust easier and rule out huge swaths of attack vectors. For example we can go back to our use of SRP. SRP proves to the server that the user is who they claim to be, but also proves that the server is who it claims to be. This means that man-in-the-middle attacks are a non-issue. That's huge. There's more that we could do here though, and we're working through this. There's a lot of fun ideas around this for how to build provable trust systems.

    Security is never "done." It's always an evolving process and we're constantly looking at what we have to see if it can be better. The answer is always yes, if it was ever no we wouldn't be doing our jobs.

    I still really like the 1password product. I also like the sense of security of knowing my encrypted data is not stored in a centralized location. It may be totally irrational but that's how I feel.

    You should use what you're comfortable with. What matters is that you're using something to keep yourself secure online. Even if that's not 1Password and instead something like iCloud Keychain.

    Thank you for asking the tough questions. We absolutely adore when users push us like this. Keep being awesome. :)

    Rick

  • charlie_g
    charlie_g
    Community Member

    Rick - Thanks for the great response. I really appreciate it.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited June 2018

    On behalf of Rick, you are most welcome! Indeed, there's a lot to consider with regard to security, especially when we're talking about the sensitive data we store in 1Password. Thanks for asking the important questions, and we'll keep working to make 1Password even more secure and convenient. Cheers! :)

This discussion has been closed.