Can I still buy standalone license for the 1password? [no longer being marketed]



  • AGAlumBAGAlumB 1Password Alumni

    well it might have been more helpful in my opinion to first build the new version with the support for the stuff that already works and THEN doing the online database stuff in my opinion.

    @My1: Oh sure, but there are only so many hours in the day. We had to start somewhere, and since we already had a Windows app with full local vault support which we couldn't add support to, it was more important that we build a native app for that first.

    In a perfect world, we wouldn't have had all the features on day one. 1Password 6 didn't have browser integration when it was first released publicly. I think that's important to keep in perspective. It's come a long way since then, but there is still much to be done.

    you cant do everything true but at least dont kill off features when you make new versions, especially when talking about the user's control of their own data. when they want a database local or synced with a nextcloud, why not?

    We didn't kill anything. We started from scratch. No features exist in 1Password 6 which we didn't build from the ground up in the last year.

    also you dont even need a compromised machine to get the keyboard typings, there are weird as hell methods like recording the typing sound, or tapping a badly secured wireless connection, and both are really hard to notice

    Absolutely. So I'm not sure how that relates specifically to 1Password.

    "A password is something that you're expected to remember." -> why do we have things like password managers?

    Because we don't have to: There's an app for that. ;)

    for the factor thing I think a little bit different, while it isnt supposed to be remembered, a static key like this can be written down, copied, keyboard-grabbed and so on, while a true something you have, for example a smartcard, a U2F stick or these nice little air-gapped code generators are things you especially cannot easily copy without leaving traces, if at all. if you accidentially leave your key lying around, someone can take a picture, write it somewhere (or if you are really good, remember it somehow) and no one will notice. when I have my smartcard lying around, an attacker must take THIS ECACT THING with him, meaning you leave traces, you cant just make a code from the generator to lose it later because a) these are one-use and b) these usually only have a tiny timeslot they work in (and then we have explicit challenge-response things like U2F or smartcards which makes the whole "something you have" even safer)

    The point is that it isn't useful to talk about "two-factor authentication" in general. Most two-factor authentication is not U2F, it's TOTP or (ugh) SMS. But the one thing all of this has in common is that they can be lost or stolen. Regardless of which one we choose to focus on, whether it's one of those or the Secret Key, the same risk applies.

    the problem is that while the key isnt made for memorizing, it has the same weaknesses as an ordinary password written on a piece of paper, this is the point I am making.

    Right. Don't write it on a piece of paper and leave it lying around. Would you leave your U2F on the table in a coffee shop while you go to the restroom?

    "except that generally the same people will have access to all of these accounts to post on social media." -> well then we are talking about internal attacks we REALLY have a problem.

    Uh, I think we have to consider everything. Should our threat model not include internal attacks, so that we compartmentalize and reduce the attack surface? Caring about these things isn't the problem; it's part of the solution.

    " offers things that aren't possible with other sync methods, which many people have asked for" well there are some things like recovery, which is only available to teams to do mutual recovery of mutually shared data (at least I REALLY hope so, for OBVIOUS REASONS),

    Nope. You should really read the security white paper, but you can learn more about recovery specifically at our support site. Similar to public key cryptography, public key equivalents are exchanged between members so they can recover each others' accounts, including non-shared vaults.

    or that you dont need to setup a cloud account (but then again, you set up a 1pw account, so so much for that), then you have Team Sharing (which is a use case, but none I care about), then we have data restore (something enough major clouds like dropbox have), Travel mode (more convenience for something you could probably also do anyway, same with the secret key basically)

    That's fine if you don't have a use for this stuff, but a lot of people are quite happy to finally have secure sharing, sync, and recovery that are also easy to use. And as far as Travel Mode...if you've ever tried to accomplish the same thing before this feature you'd know two things: 1) that it is possible without Travel Mode, but 2) it's an incredible time-sink and pain-in-the-posterior. Suffice to say, many are happy to have this as well. :lol:

    The only really big benefits that I see is that you have one subscription license for all platform (especially when seeing that the normal license costs 65$, which is a hell of a lot of money compared to others) and the thing with the holdback for features, BUT both of those are benefits of the subscription, not of manufacturer's cloud

    Well, we have to a centralized server to handle this sort of account-based licensing anyway. And since it needs to be secure and people were asking for these features that require hosting anyway, they seemed like an actual fit. Now, that may not be the case for the software you make, so I'm not saying it's appropriate for everyone; but in the case of they're all parts of a whole.

    (especially when it's actually not the canadian AgileBits Cloud, but the US-based Amazon storage, which by the way also renders travel mode useless for anyone traveling to the US because they can get the database from amazon and try to get the password from the user)

    I think you're making a lot of assumptions and glossing over some important stuff here. There is a high bar that must be met before we will turn anything over to authorities, in accordance with Canadian Law:

    Information for Law Enforcement

    And as you yourself pointed out, they'd need to get the keys to decrypt it from the user. So again, that's not a 1Password security issue. That's true of anything you use to secure your data: a government can ask you to give it up. That's not something 1Password or any other security tool can prevent you from doing. That's the responsibility that the power of being in control of your own data entails.

    in general all the account is about is convenience for noobs, sorry to say that but anyone who knows what they are doing shouldnt have problems with a normal password manager

    Well, there it is. If that's how you view people with different technological backgrounds or priories than yourself you're on your own. Everyone deserves security and privacy, not just those that meet a certain standard you've unilaterally decided upon. :unamused:

    And a lot of very technical people just appreciate having to spend less of their free time managing sync for individual vaults across multiple devices. I'm glad to be down to a single vault in Dropbox. The more I got, the more I felt like I was being punished for being a power user every time I setup a new device. :tongue:

    (also regarding the deletion of the password database, it may be helpful to use meaningful file and foldernames, put temp files in the temp folders and clearly mark the password database as that so we dont have accidential removals. I dont have a big eye on the structure at your folders and so on, but it's quite common for proprietary software to obfuscate anything as much as possible, therefore making it not easy to distinguish)

    It's all contained in a folder named 1Password, so definitely don't delete that unless you have a backup of your data.

    wenn nice that you guys updated the mobile apps for dropbox, but mobile is just a part of the ecosystem. stop excluding windows all the time and give out some feature parity.

    The desktop apps have never had Dropbox integration; rather, the Dropbox client on the computer syncs the data. So there's nothing involved there on our end there, and only necessary on mobile platforms. And I'm still using a vault sync'd with Dropbox across all platforms myself, so you're going to have a hard time convincing me that this doesn't work. ;)

    regarding the last part, the answer pretty much solves it. long story short, if for whatever reason this thing thinks you have no license subscription or whatever, you can still get your data out.

    Absolutely. And, equally important, we're here to help anyone who needs it.

  • well not every 2FA is the purely awesome U2F, true and there are services out there who do the costly (for them) SMS auth istead of using secure and free methods, and while TOTP is not safe from phishing it is at least not something you take a picture of and have it compromised until the victom will somehow notice that somebody stole all the passwords. and while they can be lost or stolen, unlike with something that can be copied with ease, you notice that it's been lost or stolen, which is the whole point. when I lose one of my U2F sticks, I just use either a PC I am already logged in, or use another stick I have at home to remove the lost one and the stolen one gets uselss, lost your phone or sim card, ask the provider to lock it.

    regarding the giving out of data, I dont suspect YOU of giving out data, but the problem starts when you guys arent operating the servers. with amazon, which you use to throw out your content, the US can get amazon to throw the stuff out instead. and on the same hand they either get amazon to host the web interface with password stealing functions, or do other tactics to get the password out, but if the safe is stored somewhere the annoying people from the annoying government (in this case US) cannot get to, one less burden.

    "Well, there it is. If that's how you view people with different technological backgrounds or priories than yourself you're on your own. Everyone deserves security and privacy, not just those that meet a certain standard you've unilaterally decided upon"

    I dont mean it in a bad way, there are people with more technical knowledge and people with less, and as I said nothing against having the ability or even the default of clouding, but there should be at least some ways for the user to do without the 1pw cloud IF THEY WANT TO.
    and not being able to create a local database is a pretty serious missing feature imo.

  • AGAlumBAGAlumB 1Password Alumni

    Yep. And that's why the "standalone" 1Password apps exist in the first place, and why we now offer memberships that can serve folks with different needs...and also why we never have the keys to anyone's data in either case: in the event that someone steals your encrypted data, either from somewhere on the internet or from one of your devices, they still don't have what they need to decrypt it without your help. That applies to all "flavours" of 1Password, and remains as true today as ever. Cheers! :)

  • well would be awesome if the windows version and stull will support standalone and offline and/or self-sync wallets in the future as well, rather than just being a relic of the past.

  • AGAlumBAGAlumB 1Password Alumni

    I agree. :)

  • Hi Brenty. I had purchased 1password ios and Android apps earlier and wanted to now purchase a standalone license for windows 10. I am not interested in subscription model and am totally comfortable using the Dropbox vault Moreover, I always prefer paying a one time fee rather than being stuck in a subscription loop. Could you pls send me a standalone purchase link. Would really appreciate it. Thanks.

  • @rohitrs7 just take note that windows only has 1password 4 (the super-old version) as standalone instead of the newer 6 version which doesnt get around with anything escept accounts yet.

  • Damn! I steered clear of Lastpass all these days though it was cheaper only due to the subscription hassle. Now it's going to be a tough choice since it's just $1 a month.Time to check on reddit what I will be missing out if I make the switch. Love the 1password ios and Android apps. Wish there was newer standalone app for windows 10. Anyways, thanks for the quick response, My1.

  • @rohitrs7 if you have questions, ask an Agilebits employee. @brenty, @Ben, and @Frank are all very helpful and I bet the can help you out.

    Me, I love the subscription and I also lost my trust with Dropbox, so I no longer have to use them. Weight your options. Even with standalone, you never pay once either. Upgrades cost money also.

    But either way, talk to an employee 1st :)

  • well a password manager with a good level of sync option can do more than just dropbox. one thing that should in my opinion really supported should be the use of Webdav for self-made own/nextcloud servers.

  • AGAlumBAGAlumB 1Password Alumni

    @My1: We don't often promise not to do things, but WebDAV isn't happening.

  • okay, but well at least some other clouds than just dropbox (and 1pw itself),

    btw do own/nextcloud have other APIs than Webdav that can be used?

  • AGAlumBAGAlumB 1Password Alumni

    @rohitrs7: As My1 commented, 1Password 4 is the Windows app that supports local vaults. It is no longer for sale, however, as it isn't being actively developed. 1Password 6 comes with a membership and is currently the only option on Windows.

  • AGAlumBAGAlumB 1Password Alumni

    @My1: We're focused on right now, so we don't have any plans at this time to add additional 3rd party sync options. Most customer who've tried find it to be less fussy and more reliable, so that's where we're putting our energy currently, as opposed to 3rd party software and services that we have no insight into and cannot fix when there's a sync issue.

  • @My1 Thanks for the help.
    @brenty Noted. Thanks. The subscription pricing of Lastpass is tempting. However, I have always liked the convenience of 1password, so will most likely stick to it after a quick comparison between the two services on reddit.

  • AGAlumBAGAlumB 1Password Alumni

    @rohitrs7: You're welcome! I'd encourage you to actually try both. Not that I want you to use a competitor's product, but ultimately I think that daily use is a much better guide than charts and checklists. I'd say the same is true for most things, not just software, but not everything can be tried for free without having to give out a credit card. I wish it were so! ;)

  • I really love the standalone version of 1Password for Mac and would probably NOT buy a subscription-based password manager (I'm guessing I'll switch to KeePass if the standalone version for Mac is ever completely phased out, but I don't know for certain).

    With that said, I realize it is not technically intuitive for non-computer savvy people to set everything up and the cloud version probably "just works" for them. It probably also costs money for AgileBits to provide support to these non-tech-savvy persons.

    Thus, here is my proposal - what about having an easy-to-purchase standalone license with NO support (except community support)? I would gladly buy such a license if it was available for a future new version of 1Password.


  • BenBen AWS Team

    Team Member

    We do appreciate the suggestion, @mac_chrome_user, but one of the things we feel sets 1Password apart from our competition is the customer service and technical support that we provide. Offering 1Password without that would feel like a disservice to the offering. I know there are some successful businesses out there that sell support separate from their products, but support is such an ingrained part of our culture... I just don't see us going down that route.

    Additionally we'd have to take the extra step every time someone emailed us to check and see if they were in fact entitled to support -- which may seem like an easy task until you consider all the various ways people can currently purchase 1Password, some of which we have no easy way to verify (e.x. the App Store).


  • @Ben, thank you so much for clarifying that selling the 1Password standalone product without support would (i) go against the corporate culture/tradition/consumer approach of AgileBits and that (ii) it would be difficult to verify whether support was included for a particular user due to purchases through, e.g., the Mac App Store.

  • AGAlumBAGAlumB 1Password Alumni

    Totally. It's definitely something we're very passionate about. If I ever had to do a verification to see if I was allowed to help someone with 1Password, that's just feels bad and is ultimately taking time away from helping everyone. I think it's much better for everyone — and easier — to give help to those who need it. Cheers! :chuffed:

  • not wrong, but honestly saying that the standalone version is too hard to use is in my opinion not really nice towards those who used it (or other standalone password managers) for many years.

    btw, I dont know who excactly said it, I just know it was a staff member iirc , and I certainly dont want to look for it, I just wanted to say that.

  • AGAlumBAGAlumB 1Password Alumni

    not wrong, but honestly saying that the standalone version is too hard to use is in my opinion not really nice towards those who used it (or other standalone password managers) for many years. btw, I dont know who excactly said it, I just know it was a staff member iirc , and I certainly dont want to look for it, I just wanted to say that.

    @My1: I think I know what you're referring to, and it was me — albeit you're misquoting me and taking it out of context a bit. ;)

    The standalone version of 1Password is harder to use, for a number of reasons: sync, backup, sharing, recovery, etc. — all of these things (and others) are either only now possible or are easier with I don't see how it is mean to say this, it's simply the reality. The standalone version isn't impossible to use. I've used 1Password that way for nearly a decade and still do in some cases. Regardless of whether or not I and others are capable of using 1Password this way, still removes a lot of friction points. That's not a matter of nice or mean; it's progress. Is it not nice when a new OS is released that improves things? I can totally do my own "Travel Mode" with Dropbox and local vaults and have for years, but I'm more than happy to have a quick, painless alternative with now. Cheers! :)

This discussion has been closed.