What is the future of local/standalone vaults?

SystemSystem

Team Member
edited June 19 in Early Access
«13456

Comments

  • The change to a subscription model doesn't bother me that much. I have always had standalone licences, but I use 1P every day, so I am happy to pay a subscription for it.
    What I will definitely not accept, however, is the elimination of local vaults. Yes, I know, all secure, encrypted etc. But it's like the difference between owning your own house and renting a flat. You can live in both, but it's not the same. If 1P 8 no longer supports local vaults, I'm afraid I'll have to use another app. KeePassXC may not be as nice as 1P, but in this case function goes before design.
    Nevertheless, thanks for all the years I was allowed to use 1P. I always liked the app a lot. Good luck!

  • Please clarify if 1P 8 will support local vaults.

    I use both online and local vaults and have no problem paying a subscription for actively maintained, critical security software.
    I will not do so if local vaults will not be supported or maintained.

    One of the main differentiators between 1P and other pw mangers is this support for local vaults alongside online ones.

  • As someone who has never once used a local vault, I'm genuinely curious as to the perceived benefits you see by a local vault?

    Every time I think about it, it feels like overall you're at slightly less security given the lack of secret key.

  • It’s simply that there’s a much greater attack surface on a database that’s stored on a remote server and synchronized to multiple devices versus one that never leaves your network.

  • But you're also not a company that pays multiple staff members to secure their systems.

  • When you use 1P apps there is a local cache stored on your device. So you are not gaining any additional security by also storing data on their servers.

    1P definitely goes the extra mile by securing your data on their servers by using secret key and SRP.
    However again it’s a much larger attack surface than your local device.

    Also, if you’re concerned about the security of your device you should not be performing any sensitive operations on it.

  • dtearedteare Agile Founder

    Team Member
    edited June 19

    Hello @uculc and @1pwuser31547, 👋

    I split your comment off from the subscription-only service thread into its own here so we can dive deep on the local vault part of your question.

    Before jumping in I want to say thank you for your kind words, well wishes, and your willingness to pay for a subscription. That means a lot and I appreciate you taking the time to share your kindness. 🤗

    Regarding local/standalone vaults, the TL;DR is:

    • The next generation of 1Password apps sync exclusively with 1Password.com (including .ca🇨🇦 and .eu🇪🇺)
    • You can easily migrate your existing data over to a 1Password Membership and trade in your license for a hefty discount
    • 1Password 7 will not be changing and can continue to be used with all currently available sync methods

    That’s the short version of the story. The longer version of the story is much more interesting, explains how we came to this conclusion, and provides a potential alternative for local vaults that might suit your needs. Please read on as I think you’ll enjoy it.

    As I mentioned in the other thread, I’m not known for my brevity and I’m a sucker for nostalgia so please forgive me for not being able to edit this down. 🙂

    Let’s start at the beginning…

    The history of standalone vaults

    Before hosting our own service we had what we called standalone vaults. The first of these were introduced in 2008 using the Agile Keychain format. These allowed you to sync your data however you wanted, with the vast majority chose to use Dropbox at the time.

    We also had the ability to sync to iPhone using WLAN Sync and later in 2012 the OPVault format was introduced along with support for iCloud.

    Users could choose the sync method for each of their vaults in preferences:

    1Password preferences window showing the sync options available for Standalone Vaults

    This worked quite well for individual technical users living in a desktop-centric world, but as iPhones and Android devices started to become ubiquitous and people expected to be able to share information securely with their teams, businesses, and families, it became clear that we needed to create our own service so we could provide a better experience.

    So we did. 1Password.com was launched to the world in 2015 and it provided so much more than just another way to sync your data. Here are just the highlights on what our new service made possible:

    • 🔐 More secure encryption data format and authentication process
    • 📱 Two-factor authentication (2FA)
    • 👨‍👨‍👧‍👦 Teams and families and businesses
    • 🤗 Securely share items
    • 🕓 Item history
    • 🧯 Automated data backups
    • 💫 Account recovery

    Along with all these features 1Password.com also enabled a more intuitive setup across all your devices. None of this was possible with standalone vaults and generic file sync services. We had pushed standalone vaults to their limit and weren’t able to innovate any further without connecting to a server to perform the heavy lifting.

    The overwhelming popularity of 1Password.com

    When we released 1Password.com five years ago we knew it was the better solution but we wanted to give our customers time to learn this for themselves. So when we released 1Password 7 in 2018 we provided the ability to subscribe to 1Password.com as well as the option to purchase a license to continue using Standalone Vaults.

    1Password 7 upgrade screen presenting 1Password Memberships alongside standalone licenses

    The overwhelming majority of people choose to subscribe to our new service (97% in fact) and many of those who initially purchased a license later changed their mind and traded it in for a membership.

    Given the overwhelming popularity of 1Password memberships and how much more capable 1Password.com is than everything else, we decided to design our next generation of 1Password apps to focus exclusively on our new service.

    We’re incredibly excited about our next generation of 1Password apps that we’re working on. They’re faster, look great, are equally powerful across every platform and will be released later this year. 😍

    To make this possible we completely rewrote all the underpinnings of 1Password in Rust, a systems language known for safety and performance. While we’re all thrilled about the memory-safety, thread-safety, and incredible performance that Rust provides, the part I love the most is we’re now able to provide an equally great experience everywhere.

    As you can imagine, rewriting over a decade’s worth of features across 6 operating systems takes a monumental effort. It forced us to make tough decisions about which features we should carry forward and which features to leave behind to make room for new ones.

    Standalone vaults is one of the features that needed to be left behind. As such 1Password 7 will be the last version of 1Password to support standalone vaults.

    A hosted 1Password.com service is the best option for almost everybody…

    For all future versions of our client apps, standalone vaults as they existed are gone and won’t be coming back. Our new apps were designed to have a tight integration with our service and this aspect of the design is not going to change.

    From our experience over the last 15 years we know that using a 1Password.com account is the best approach for almost every situation. Our service greatly simplifies things across the board, from user experience to customer support to upgrades.

    With that said, we know some of our super technical users like yourself prefer doing things themselves and perhaps there are more use cases for standalone vaults than we realize.

    It would be great if we all could have our cake and eat it, too. To this end we have been toying with the idea of allowing you to host your own instance of our cloud service. It would be your own personal 1Password service that runs entirely on your machine or within your own cloud that you control.

    The big question is how many of our friends need this feature and would they host this themselves if we made the option available?

    The reality is we simply have no idea how many of you want this ability. To protect your privacy we have no in-app analytics so we simply don’t know how many people have configured things to keep their data locally within their network.

    So we thought we’d ask. 😘

    A question for you: would you like a self-hosted 1Password service?

    If we made self-hosting of 1Password.com available, would you use it? And how would you prefer to do so? Before we invest in making a standalone 1Password service a reality we want to gauge demand for this feature. If this is something you need please take this survey to help use better understand your use case.

    ✍️ Take the 1Password Self-hosted Service Survey

    All information you provide will be uploaded to an internal 1Password vault using our new Secrets Automation workflow. This vault will only be shared with a select set of 1Password employees for the sake of this research and will not be shared with any 3rd parties aside from sending email updates to those who opt-in for them.

    We will be basing interest in this feature by how many people complete this survey. We’ll also use the survey results to determine what type of solution we should build, if any. Consider it a kickstarter. 🙂

    If we hear enough demand to create this feature then we will look into how to fit this into our product road map. It would be longer-term plan this year’s schedule was full before the year even started, and we have some amazing plans already forming for 2022.

    In the meantime, for those who need this feature, 1Password 7 was the best version of 1Password we ever had (it’s only second place to our amazing next generation of apps!) and it will continue to support all currently available sync methods. I ask for your patience during this time and I invite you to add your voice to the conversation in the comments below and by taking our survey.

    Thank you for your time and thank you for supporting us all these years. Your constant support and encouragement means the world to us. ❤️🤗

    Take care and enjoy the rest of your weekend,
    ++dave;

  • dtearedteare Agile Founder

    Team Member

    I needed to move this part to a separate comment as apparently I was too wordy to get it all into a single post. 😂

    For those who want to move over to our hosted solution, you can migrate your data to a 1Password account.

    License holders like you have been supporting us for a long time, many of you since the very beginning. We’ve been here for 15 years now and there’s no way we could have made it this far at our dream job without you. 🥰

    We’d like to thank you for supporting us all these years and provide a special trade-in discount for your license. Simply email us your license and enjoy 50% off your first 3 years.

    That’s a great deal for those who prefer to pay-as-they-go but we recognize that some people don’t want to pay every month and would prefer to only pay when they explicitly authorize it.

    If this sounds like you we set up a special deal where you can purchase a $99 gift card and get $150 of credit, allowing you to use 1Password for over 3 years. Once those 3+ years are up you can choose whether or not to pay again. No recurring or automatic payments will be taken.

    To take advantage of either discount, simply email us your license and we’ll let you know how to proceed to start enjoying your new 1Password membership.

  • XIIIXIII
    edited June 20

    There's a small error in the survey: the placeholder text for the Other option is the same for the Why and the How questions.

    I think you should change the placeholder text for the Other option of the How question?

  • dtearedteare Agile Founder

    Team Member

    Thanks for sharing! 🤗

    I'm not seeing what you're seeing @XIII for some reason. For the "interest" section the placeholder text says "interest", and for the "how" I'm seeing "how". Here's what I'm seeing:

    Maybe I misunderstood your question, or am looking in the wrong place? Or perhaps someone on our team fixed this for me and deployed the fix already. 🙂

    ++dave;

  • I am not really interested in self-hosting but really liked (and used) the ability to have a separate vault to keep items specific to a machine or location.

    I see two issues/questions here:

    • How do I get my local vault into v8? Cannot seem to find a setting to import it and it does not show up in the UI - that's not nice :-)

    • How hard is it really to allow to open a local vault development wise, especially after you wrote the code for importing it?

  • Maybe I misunderstood your question, or am looking in the wrong place? Or perhaps someone on our team fixed this for me and deployed the fix already. 🙂

    Looks fine now, so I guess someone from your team fixed it for you...

  • Hello, I tried to follow the guide to import from vault but it doesn't appear the task to select local file/folder.

  • dtearedteare Agile Founder

    Team Member

    @matthiashansen: Having separate vaults is my favourite way to organize my items. You can create as many vaults as you want in your 1Password account. The great thing there is they all sync automatically as soon as you add your account. I remember when I used to do this with local vaults most of the time I wouldn’t bother adding each vault to every device as it as a pain to setup. This would leave me without my data when I needed it and cause me to create less vaults than I otherwise would. With a 1Password membership, however, I don’t need to worry about any of this any more. 😍

    To migrate your local vaults into the new release, you need to create an account and add it to 1Password 7. When you do this 1Password will automatically transfer your data over. See this doc for details. From there you can install the new release, sign in to your account, and 1Password will take care of the rest. As for how hard it would be to add support for local vaults, the effort is quite significant. The challenge goes well beyond the code itself as we built the next generation of apps in such a way that they can assume the server is available to do a lot of the heavy lifting. 💪 A local vault, on the other hand, is simply a folder of files and cannot provide the level of service we were looking for to build the features we wanted. Basically we had pushed the technology behind local vaults as far as we could and now that we have something better we want to use it and enjoy the benefits memberships provide.

    @Cehpunkt: You’re right that supporting memberships and memberships only will greatly reduce maintenance and support as it simplify things tremendously. It’s also not very much fun for anyone to support a feature none of us use. One of the key reasons 1Password is the best is because we made something we need and we use it every day. It’s incredibly hard to get motivated about a feature you don’t use yourself and even harder to support. We’re super happy with how our new client apps are turning out and we’re going to continue investing our time and energy into them as they have tremendous value (above and beyond just an extension) and as a lovely bonus we also need them to get our work done. 🙂

    @XIII: I’m glad it’s all fixed. Thanks again for taking the time to report it. 🤗

    @smere79: Thank you for reaching out and giving us a chance to help. Just to make sure we’re on the same page, is this the guide you were following?

    Migrate your existing 1Password data from standalone vaults to a 1Password account

    If you click on the Windows tab there is a video there along with instructions specific to Windows. The main trick is you need to be using 1Password 7 to transfer your data to your new account. Please give that a go and if any of the instructions don’t match what you’re expecting or you get stuck, please let us know and we’ll dig deeper to help. 🍀

    Thanks!

    ++dave;

  • @dteare - thanks for the detailed answer. I reinstalled 7 on a VM and then imported the vault. So far so good.

    What is not clear to me in the new UI is how I can restrict my search not to search in all vaults. For my use cases ideally I would like to be able to give vaults secondary passwords or at least lock / unlock them even if they do not have additional passwords. What I do not like is all the passwords from that vault appearing in my normal searches.

    Thanks,

    Matthias

  • What is not clear to me in the new UI is how I can restrict my search not to search in all vaults.

    Actually, that seems to be not possible.

  • Dayton_agDayton_ag

    Team Member

    @matthiashansen

    What is not clear to me in the new UI is how I can restrict my search not to search in all vaults. For my use cases ideally I would like to be able to give vaults secondary passwords or at least lock / unlock them even if they do not have additional passwords. What I do not like is all the passwords from that vault appearing in my normal searches.

    Currently it is not possible to restrict search to just one vault, however this option is being looked into by the Development team. In the meantime, one option is to create a new Collection and include only the vaults with the secondary passwords, and search within that Collection.

  • Thanks for the quick answer - is collections a specific feature in some editions, cannot seem to find it in the family subscription...

  • ag_tommyag_tommy

    Team Member
    edited June 24

    @matthiashansen

    It would be part of the early access release to my understanding. Are you partaking in the early access version?

  • Yes - I now found the Window commands to switch between collections but have not yet found where you create them... It's either not there yet or I am getting old :blush:

  • Yes - I now found the Window commands to switch between collections but have not yet found where you create them... It's either not there yet or I am getting old :blush:

  • ag_tommyag_tommy

    Team Member

    @matthiashansen

    Well I am getting older for sure. :lol: I'll let one of my Windows colleagues jump in I am not that familiar with the Windows side of the world. Hang in there.

  • BenBen AWS Team

    Team Member

    Creating new collections isn't a thing quite yet. :)

    Ben

  • Thank you for the eloquent explanation of your points of view.

    I have filled out the survey, and I can see that it isnt going to change anything given the clarity of your current roadmap, so I will make only a few core points here:

    • Please dont mistake a forced product roadmap transition for 'popularity'. I am a 1password subscriber, because the product is increasingly untenable to use without a subscription. Features like support for cross-platform file sync are becoming deprecated; if you did icloud files as you did dropbox I'd be all in.

    • 1password is a foundational service. Without it I cant get into my banks, my computers, my email, my anything . It needs to be simple. Building a cloud service introduces a new thing to fail for me; either through malicious compromise or human error. I already have to eat iCloud. Also forced. I'd rather not introduce more failure points to my life.

    I love 1password. I have used every version from 3 to 7, on windows, mac, android and ios. I have bought my family licenses. I have agilebits and appstore versions. I just cant see this as anything but a regression. Lets try it another way - for all the frailty that another cloud service buys me, what is the benefit? Is there a security or reliability win I'm not seeing? I already have to eat other services because the OS vendor baked them in. I'd rather piggyback those and reduce the sprawl of fragile cloud infrastructure.

    If I seem slightly hyperbolic, I apologise - So much software these days seems to be becoming about iterative development for the sake of doing development itself, cloud services for the sake of subscriptions & generating salable telemetry on users. Its killing great services. Dropbox is bloatware now, Windows, while a fine core OS, is malvertising for the cloud. Sometimes software is feature complete and its time for the next product, not growing the current one until it collapses ;(

  • "Given the overwhelming popularity of 1Password memberships and how much more capable 1Password.com is than everything else, we decided to design our next generation of 1Password apps to focus exclusively on our new service."

    – There is zero support to take that as somehow indicating that people actually started to use the account based vaults or liked them better – it was simply a matter of cost that "forced" people into the subscription model (not unlike Adobe, where I bet there are still more users still using there old CS6-programs than the new ones).

    It takes time to change from standalone vaults with many shared vaults across many companies. You have never clearly communicated where you are going with this and still do not – no mention anywhere on why there are two different browser plugins for example (and if one could maybe use both).

    Moreover no one in your support team seems to have ever heard about standalone vaults – maybe because of yours lack of communication skills. As far as I can read they are still supported in the current version of 1Password, but no one in your support team would believe that for a second (supposing they knew what I was talking about).

    Guess I have to move on to your hosted vaults, but cannot see much benefit there. Maybe you could could finally make the app a little more user friendly and start adding obviously lacking features, like drag & drop; excluding confusing symbols in password generation (inlcuding * that will be hidden by default in fields and instead style text); making note writing easier; not complaining about using the same password when storing copies in other vaults; making the generated password in the Safari extension not change when applied to another password; making it possible to autofill from the 1Password extension automatically created login for this discussion site, which also does not work ... etc.

  • @ag_ana

    I am in a similar situation as @nisgk and @mattman . My personal vault has always been in Dropbox. My work vault is in a 1password business account. I can't transfer my personal logins to the 1password business account because then I have no control over my vault - my employer could turn off my account at any time.

    Ironically, I was the person who convinced my employer to sign up for a business plan, but now my own personal use case is being deprecated.

    I'm happy to pay for a subscription service, but I want the option to keep my vault local. If I am forced to store everything in 1password's cloud I don't really see the difference between 1password and Lastpass or any of your other competitors.

  • ag_anaag_ana

    Team Member

    @mstan:

    Thank you for the feedback! I have merged your comment with this discussion about local vaults because I wanted to make sure you saw the post from Dave up here, as it has a lot of information about this :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file