Is there a way to NOT store passwords online?

yoner
yoner
Community Member
in Mac

Hello. I'm a long-time 1Password 6 user and I'm currently using the trial of 1Password 7. I was required to create a new online account in order to use 1Password 7 and I was shocked to see that my vault was uploaded to Agile Bits's servers without my express permission. I'm a software engineer and I see this as an serious vulnerability. I do NOT want ANY of my passwords or vaults stored online; instead, I want my vault to be decentralized and synced only when my devices are on the same wifi network. Basically, I want 1Password 7 to function the same exact way as 1Password 6. Is this possible? If not, I wont be upgrading and I'll strongly discourage others from doing so due to security reasons. Thanks in advance for your prompt reply.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni
    edited July 2018

    @yoner - I'm sorry for the trouble you're experiencing just now in getting upgraded to 1Password 7 for Mac.

    I'm a long-time 1Password 6 user

    First off, thank you -- we really appreciate our longer-term users and that's why I want to make sure we get you taken care of, whatever that ends up looking like.

    I was required to create a new online account in order to use 1Password 7 and I was shocked to see that my vault was uploaded to Agile Bits's servers without my express permission.

    You shouldn't have been required to create a 1password.com membership, unless you downloaded 1Password 7 for Mac from the Mac App Store. We did indeed discontinue the purchase of standalone licenses in the Mac App Store version, for various reasons (you can find the options for 1Password memberships available in the release notes, or in the in-app purchases). Our CEO Jeff Shiner also devoted an entire blog post to explaining why we went with membership-only payment options via the Mac App Store. That would be the reason your data was transferred into your newly-created 1password.com account's vault -- because anyone wishing to use the Mac App Store has only the 1password.com membership option available to them; anyone wishing to continue using a standalone license would need to download from us directly and purchase via our FastSpring store.

    That's actually one of the two options in front of you right now, to continue using 1Password 7 for Mac: you can either delete your 1password.com account and remove the Mac App Store version of 1Password 7 for Mac, then visit our downloads page and install from us (and I can give you details for that), or you can stick with all the benefits of your newly-created 1password.com account. It's that latter possibility I'd like to explore briefly with you. You said a couple of things like "serious vulnerability" and "due to security reasons." I'm wondering whether you've had a chance to read through the design of 2SKD in your Secret Key? I completely understand the notion of not wanting sensitive data to be available online -- but the good news (which you can read in brief at that link -- is that the way we do it, it isn't.

    And if you're a security-minded engineer, you might actually enjoy reading our full security white paper for 1password.com accounts. I'd be happy to answer any questions you might have, but in the interests of keeping this post as brief as possible, I'll just say this: if we believed your data was at risk by creating or suggesting you use the 1password.com service, we wouldn't have created it. Give either or both of those a read, and let me know if you have any questions.

    ref: DZH-92319-514

This discussion has been closed.