Several questions about upgrading from 1Password 6 to 1Password.com

Hi @Jim A Syler

I'd be happy to help with those questions.

I was unclear about whether to enter to enter my existing Master Password into the 1Password.com dialog, but a blog post seems to indicate that I should. Correct?

The choice is yours. We typically recommend using the existing password unless it is less than 10 characters or you believe it may have been compromised. Keeping it the same makes the migration process a little smoother.

Am I also correct in understanding that, even though I'm typing my Master Password into a webpage, it is not in fact being transmitted anywhere?

Correct. 1Password.com is a web app that runs in your browser. All of the encryption / decryption is done in your browser, not by the server. As such the server has no need for your Master Password. So we don't send it there. :+1:

I saw somewhere that registered 1Password 6 users got 6 months(?) free when signing up for a 1Password account. I seem to have lost that link (I've already started signing up using that link, so it probably doesn't matter, but it's frustrating that I can't find it again).

We've run a few different promotions over time, most of them being time-limited (i.e. the offers expire). I'm not sure what might be available at the moment but please feel free to reach out to our team at support@1password.com and we can take a look.

I also saw somewhere that if you've purchased a 1Password 7 standalone license, you can get credit for a 1Password.com membership. Does that mean that if I purchase a standalone copy, I will end up with both a standalone license and $63 (or whatever; finding out the pricing is difficult) credit toward my Family Account?

No. I suspect what you're seeing is folks exercising our 30-day money back guarantee on licenses. For folks who buy a license but then decide to move to a membership within 30 days we'll offer a credit for the amount paid for the license on their membership rather than refund and re-pay. It just saves some steps on both sides. The license is invalidated by doing so.

If that's the case, can I do it again, and end up with a second 1Password 7 standalone license, essentially for free?

You don't get to keep the license. ;)

And can I do this after my free trial period?

Generally not. 30 days is the refund window on licenses, and is also typically the trial window on memberships.

If it's not clear yet, I'm interested in making sure that I'm not dependent on a subscription. I might go broke, or decide I'm too paranoid to trust anyone else with my data. How easy is it to go back to using 1Password 7 standalone?

If you go broke and your subscription lapses your membership would become frozen. You'd still be able to view and export your data, but would not be able to use the extension, add new data, or modify existing data:

If your 1Password account is frozen

You can export your data when your membership is in this state. We do also have a guide on moving to standalone from membership available here:

How to move your data to a standalone vault to use 1Password without an account

P.S. The "How to find extension version" in "Additional Information" at the bottom of new posts redirects to How to keep 1Password up to date in your browser, which does not discuss how to find the version number.

I saw your other thread. Thanks. :)

Currently, if all of my devices are stolen or burned in a fire, I can retrieve my 1Password data by downloading 1Password on a new device, logging into Dropbox with a password I've memorized, opening my 1Password file and typing in my Master Password. In other words, I can get everything back by knowing two memorizable passwords. However, it's my understanding that when using 1Password online, to do this I must have both my Master Password and my Secret Key, which is not memorizable. Is that correct?

I suppose whether it can be memorized or not is up to you. ;) But no, it isn't designed with the intention of being memorized. To avoid being unable to access your account in such a situation I'd recommend having a copy of your Emergency Kit, or at least the Secret Key, handy:

Get to know your Emergency Kit

Can I combine types of Vaults in 1Password 7? That is, can I have one Vault that is stored on 1Password.com, and another that is stored on Dropbox?

If you can fit a square peg into a round hole then yes: you can. It isn't something we'd recommend doing. Doing so results in a setup that may have unintended consequences and so we don't provide instructions on how to do this, or recommend that people do so.

Sorry for all the questions—they just keep coming.

No worries, but I hope you understand if I try to keep my answer to each question fairly brief. If you'd like for me to elaborate on a point please let me know and I'll do my best. We are a bit backed up right now largely due to the Safari 13 release, so we're trying to get answers out to everyone as quickly as we can.

Related to #8, I was thinking that 1Password X was a replacement for the old, loved Dropbox method of accessing your passwords—you could log into Dropbox, click on an item in the 1Password folder, and be able to type in your Master Password and see all your passwords if you happened to find yourself at a 'foreign' computer without any of your devices (this was useful when I worked at Geek Squad and wasn't allowed to take my iPhone into the service area). But I'm not sure that it is. How much access do I need to have on the 'foreign' computer in order to install 1Password X? Do I need administrator privileges? And, again, I'll need my Secret Key, which (unless I keep it on a piece of paper in my wallet) I won't have with me, right?

I believe in most environments you can install browser extensions without the need for administrative privileges. That said we'd urge extreme reluctance to accessing your accounts (1Password or otherwise) on a device you don't control. Based on our conversations it seems you're very heavily weighted on having the highest level of security available to you. By accessing your information on a computer you don't control, you're essentially throwing all of that security out the window. That said, yes, the my.1password.com web app as well as 1Password X could potentially be used in a situation where you cannot or do not want to install software.

Even a computer owned by an employer may be a risk. I posted about this in response to a similar question, but specifically about accessing personal 1Password data from an employer's computer:

That said I'd recommend using extreme caution in accessing any personal accounts on a device you don't own. It is not out of the realm of possibility that your employer is recording your screen and keystrokes. This is true for any device that you don't own, such as public computers. There is really no telling what 'malware' is on such a device, intentionally or unintentionally. The best policy would be to not access personal accounts other than from your own devices.

To authorize sign-in from a device you haven't signed in from before (or where prior authorization has been cleared) you will need your Secret Key.

Does that help? If you have any further questions or would like clarification on any points please let me know and I'll get back to you as soon as I can. :)

Ben

That's not a given, so we're not going to assume that. Not everyone has iCloud Keychain enabled, or uses the same Apple ID everywhere. It's best to take responsibility for your own account credentials. Better safe than sorry. :+1: