Standalone vaults in 1Password 8

Rayven01
Rayven01
Community Member

Are standalone vaults supported in 1Password 8?
Can you import standalone vaults from 1Password 7 without signing up for the online service?
Can you create new standalone vaults in 1Password 8?


1Password Version: 8
Extension Version: Not Provided
OS Version: Windows 11 x64

Comments

  • soshiito
    soshiito
    Community Member

    Are standalone vaults supported in 1Password 8?

    No.

    Can you import standalone vaults from 1Password 7 without signing up for the online service?

    No.

    Can you create new standalone vaults in 1Password 8?

    No.

    Standalone vaults and usage without a 1Password membership are not supported. This is AB's official answer.

  • Hi @Rayven01

    1Password 8 is built to work with our 1Password membership service. It cannot work with standalone vaults. If you haven't upgraded to membership yet I'd highly encourage you to reach out to our migration specialists at support+tradein@1password.com. They can help, and they're even offering a pretty special deal at the moment. 🙏🏻

    Ben

  • Rayven01
    Rayven01
    Community Member

    I don't trust any online service as a repository for my passwords, which are literally the keys to my online castle, and thus invaluable. If it's online, it has a good chance of eventually being hacked (see LastPass). 1Password was initially developed and hyped specifically as a harbour against this problem with offline vaults. I'm very disappointed that you've decided to abandon your original backers this way. I realize and support your option to seek subscriptions for revenue and ease of updating, and would even happily pay for a subscription if necessary to keep up to date as long as offline vaults were still supported.

  • soshiito
    soshiito
    Community Member

    Have you read their white paper? It is quite good. All of my secrets and the secrets of my company are in 1Password, and I sleep fine at night having read it.

  • PeterG_1P
    edited November 2021

    Hi @Rayven01, thanks for your comments here. We understand that this is a reasonable concern, and have gone to great lengths to address it. I should note as well that much of the security architecture we use to keep information safe has been in place well before 1Password 8 - and that the majority of users are already using this subscription service.

    While members of our security team can speak in detail to some of the more technical aspects of this, here are a few of the safeguards we use for subscription accounts, which provide a greater level of security than you can find just about anywhere:

    1. The Secret Key - This is explained more fully in our security white paper, as @soshiito mentioned here, but the short explanation is that if someone were to guess or bruteforce your account password, that still wouldn't be enough to get your data. The Secret Key provides a serious safeguard against this, and the mathematical complexity that it puts in an attacker's path is essentially insurmountable with current attack methods and hardware.

    2. Strong privacy and secrecy policies - We don't have access to much information about 1Password users, because we don't want to. This is because we're a privacy-conscious bunch around here, but it also means that, in the event of a hack (and we haven't had one yet!) any information we don't have access to is also information an attacker can't turn against you. And, as has always been the case, your data is encrypted and decrypted locally, on your device. Without the password and secret key that only you have - even we don't have those - it is incredibly difficult for a hacker to do anything with your encrypted data.

    3. Following that, we also threat-model against internal attacks, including even the possibility of a malicious database administrator. You can find more about this in the security paper as well.

    4. We put our trust in encryption rather than authentication. This is because, in short, "Encryption means that 1Password does not face the kinds of threats a largely authentication-based system would face, and we have used an authentication mechanism that defends against many of the threats faced by many other systems." You can read more about this, if you're interested, in our short guide here: https://support.1password.com/authentication-encryption/

    5. We also undergo security audits and pen tests, which you can find here: https://support.1password.com/security-assessments/

    In short, we have made 1Password as secure as possible, keep the ability to unlock your data out of our own hands, collect nothing besides what's needed to run the service, and continually test our own security for weaknesses.

    While of course you are ultimately the final judge of what's best for your situation, I hope this provides some helpful context for how we do things.

  • Ragnar_Kon
    Ragnar_Kon
    Community Member
    edited November 2021

    Oooooo ouch.

    I was wondering why my 1Password app was prompting me for a 50% upgrade offer, so came here to figure it out, and now I know why.

    No local vaults is a huge bummer. Not sure what to make of it yet... still kind of shell shocked.

    EDIT:

    Eh... I just read the post by @dteare and also went back and read a bunch of blog posts about the 1Password app rewrite.

    Honestly, from a business perspective, it makes perfect sense for Agile Bits to focus entirely on the online subscription service. If 97% of your customers are using the online service it really doesn't make sense to put development effort into the local vault feature. So I can respect the decision, even though it means I likely will have to move on.

    Oh well, it's been a good run. For now, I'll continue to use 1Password 7 as long as it continues to function. I've used 1Password since 2007-ish and overall it has been the best password manager on the market—so I see no need to switch as long as v7 continues to function. Dreading the day when it will not, but will cross that bridge when I get there.

  • Rayven01
    Rayven01
    Community Member

    Thanks for the information, it was helpful in making my decision. Considering the lack of quality alternatives that support private vaults or have demonstrably better online security, it seems I have no acceptable choice but to trust your security implementation.

    I've signed up and converted my account. I see there is a second "personal" vault which contains the secret key. I assume this is a standalone vault only present on the initial PC I signed up on and not synced anywhere else?

  • Hi @Rayven01, I'm glad this was helpful! We will of course continue to do everything we can to both make 1Password extremely secure, as well as be deserving of your trust. We certainly don't take the responsibility lightly.

    Congrats on your new account - this personal vault you mentioned is the default vault that's created with every new subscription account. We name it personal to distinguish it from other vaults you might create later. Usually when people create additional vaults, it's for some more specific purpose, or to share items with others. We thought it was important to have one place marked personal that is clearly your own, visibly denoting that all the items contained there are for you.

    This vault is not a standalone - it's contained within the same encrypted database as your other vaults,* and syncs between your devices via our 1Password.com service.

    (That database is locked and unlocked locally, on your device, and it lives in the %localappdata%\1Password\data directory, if you're curious.)

    Here's an example of the practical implications of this. 👍 Let's say that you have just set up your new 1Password account on a desktop computer. Great! Now, if you want to access that same 1Password data on a mobile phone as well, all you have to do is install the app on your mobile phone, and sign in with your Account Password and Secret Key.

    When you sign into the app on a new device for the first time, it generates a local copy of your database on that device, and all the items you're used to seeing will be present there. You don't have to choose to sync a specific file in a specific directory - just signing into the app is enough. The service takes care of the rest.

    Whew. That went longer than expected. I hope this is helpful, and am looking forward to hearing about your experiences with the app from here!

  • [Deleted User]
    [Deleted User]
    Community Member

    I’m disappointed the standalone vault option has been removed , but I do trust 1Password to hold my scrambled encrypted jibberish on their servers . Over 100,000 businesses use 1Password .

    Since it’s Zero knowledge encryption and many security protections are in place I’ll continue to use 1pw

  • Thanks for this, @solcutter. We will guard your scrambled encrypted jibberish with every bit at our disposal. ♥

  • viking1978
    viking1978
    Community Member

    I switched to 1password because of the standalone vault feature which I have to follow company policy and it is working so well and I am really disappointed about this change.

    Could anyone please confirm that standalone vault feature is gone forever, I might have to switch passowrd manager again.

  • PeterG_1P
    edited February 2022

    Hi @viking1978, thanks for this reply.

    We've tried to be clear (but understanding) about the fact that 1Password 8 does not support standalone vaults, and we understand that this won't work for everyone.

    To be clear, if you have a 1Password membership, you still have "local" vaults (which is to say, when you unlock your app, you are unlocking an encrypted database that exists on your device). But this different from standalone vaults, in the sense that this device is synced to your other devices via our servers. In both cases, the encryption and decryption happen exclusively on your device.

    Another way of saying this is that, while we may pass the encrypted data between devices using our 1Password.com service, we have no ability to decrypt this data on our end, and we never have access to the account password and Secret Key you use to decrypt your data. There is no backdoor, no "other way" to get in, nothing. It's just encryption all the way down.

    We made the change from standalone vaults to 1Password.com for a variety of reasons, including that there were hard limits on what was possible with standalones (in terms of features), these vaults were not always exclusively local to the device anyway (but were being synced via Dropbox, iCloud, and so on, which are not designed for this specific use case in the way that our own architecture is), and that they are frankly extremely difficult to assist customers with when something goes wrong.

    We do have an open survey about self-hosting options, which we'd be happy to have your feedback on.

    But the standalone vault as it previously existed is not going to be part of 1Password 8. If that doesn't work for you, we completely understand, and wish you the best and will be here for you if your needs change at any point.

  • viking1978
    viking1978
    Community Member

    @PeterG_1P Thanks for the clarification. I do understand your point while rule is rule. I do hope that IT of company would re-evaluate about this. It might change in the future or they might elimiate the password authentication.

    I am still in 7.9.2 on my new mac while I could not see the option of standalone vault. I appreciate if it is still possible to migrate my standalone vault from my old mac to my new mac.

  • viking1978
    viking1978
    Community Member
    edited February 2022

    It is so strange that even i downgraded my version to 7.7 and i am still not able to see the standalone vault menu on my new mac.
    I also tried to sync all the data in the ~/Library folder to new mac while standalone vault is still not there.

    I eventually gave up and now i am using keepassXC to store the work-related password to meet the compliance of company.

    It is so strange that 1password is still on my company's whilte-listed password mamanager software since it clearly asks vault should not be hosted in cloud.

    It is really waste of time for vault migration and I feel really disappointed about this GREAT feature removal.

    For those who are suffering the same, bitwarden might achieve the same but the vault set up seems not as straightforward as 1password. and 1password was also taking care of the backup of the standalone vault automatically. Bitwarden also support custom fields and somehow, many password manager softwares are lacking of this great feature. (finger crossed 1password will not remove it some day since 90% people are not using it)
    Joke aside, I reckon bitwarden is the closest password manager for time being. and I will try to self-hosting on my nas to eveluate it further.

  • Hi @viking1978 I'm very sorry to hear about this.

    It is so strange that even i downgraded my version to 7.7 and i am still not able to see the standalone vault menu on my new mac.

    That's a bit unexpected, and I'm not sure why that would happen. I understand that you're currently using KeePassXC, but if you are interested for us to follow up on this I'd be happy to connect you with our specialist Mac team who can investigate further.

    While we of course respect your specific needs and your choice about how your data is stored, I'd hate for you to miss out on 1Password (if you want to use it) due to a technical issue. We'd be happy to discuss further and look into this on your behalf!

  • maesitos
    maesitos
    Community Member
    edited March 2022

    Without a standalone license and access to local vaults you are a step away from being potentially cancelled from your own passwords. 1password might be great and have perfect servers but nothing stops them from blocking the access to their app and/or your data.

    Imagine being blocked from accessing your own info for being Russian, for expressing a controversial opinion or who knows what. We have seen recent examples of this type of unprecedented BS.

    It is good for the company, as they protect their intellectually property better and keep you dependent… but that is precisely what you don't want. I think 1password users are especially paranoid so you can’t mess with that.

    I stay in version number 6.8 and will move to a different solution once it becomes unusable.

    I will die free.

  • @maesitos,

    The 1Password apps cache your data locally, so even if you were somehow prevented from accessing the 1Password service, that would not result in you losing your data.

    Ben

  • maesitos
    maesitos
    Community Member
    edited March 2022

    @Ben

    That volatile cache will not cut it for someone that has for example a couple million USD worth of cryptocurrency.

    Many people want to be sovereign.

  • @Maesitos I'm not sure I understand where you're coming from on this one.

    Without a standalone license and access to local vaults you are a step away from being potentially cancelled from your own passwords. 1password might be great and have perfect servers but nothing stops them from blocking the access to their app and/or your data.

    This isn't true. Even if we were to cancel your subscription (which would stop updates to your data from syncing between devices), your data is cached locally on your device. To be more specific, your data is cached on every individual device where you have installed the 1Password app and logged in.

    The unlock (decryption) process also happens entirely locally, which means that we have no ability to stop you from accessing your cached data. All the decryption happens on your devices, which is by design, for your privacy and security. It is entirely in your hands.

    That volatile cache will not cut it for someone that has for example a couple million USD worth of cryptocurrency.

    Again, I'm not sure I understand the argument here. If someone is using a standalone vault, that is also a "volatile" cache that can be lost if something happens to the device (and, judging by the stories I've heard from folks in the cryptocurrency world, this happens ... kind of a lot).

    If they do keep backups of the "volatile cache", that's sensible. But 1Password already provides the ability to do this automatically by syncing your data between devices and instantiating an individual local database on every device where you're using 1Password.

    So to recap:

    • Even in situations where someone's account is cancelled, the data remains in the user's hands and we have no way to block access to it
    • Decryption happens entirely locally
    • We don't hold and don't want to hold the keys that are necessary to decrypt your data
    • The 1Password.com service provides automatic syncing between devices, which is a form of data resilience

    But feel free to let me know if I'm misinterpreting your objection, or there's something we haven't covered. We take your privacy and security very seriously, and have no interest in making you "dependent" - only secure and in control of your data.

  • wgp1pass
    wgp1pass
    Community Member

    I moved to 1Password from Keepass on the recommendation of a friend. I had been using KeePass because I could keep my data on my own computer. My friend said I could do that with 1Password AND the user interface was really nice. He was right.

    You had reasons for including private vaults when you started 1Password. You even put them on your website. Those reason are still valid. There are passwords in my private vault that will never be stored in a cloud. Never. Never. Never.

    I happily paid the monthly fee for your software. I keep most passwords in your cloud and you have to operate it. Operating systems are constantly changing and app changes are needed. Technology moves forward and good software does too.

    But removing the single most important feature of your software has destroyed my trust in you. I now see you as a company that can and will arbitrarily do whatever it wants. Companies that lose the trust of their customers eventually disappear.

  • sj0123
    sj0123
    Community Member

    Hello
    The standalone vault feature that everyone here want is actually still in IOS version of 1password, if I'm correct.
    I wonder why it is not supported on other devices.
    I'm very happy with 1password.com subscription service, but I think it would be good if you could give users an option to create and manage there own standalone vaults which doesn't automatically sync with 1password server and can be exported in an encrypted form, from the device that has access to that standalone vault, so users can carry it like a file.
    Personally I think it is possible since we have standalone vault feature on IPhone, but the situation might be different.
    Please let me know if that is the case.
    Thanks.
    P.S I'm using 1password for IPhone version 7.9.5, which seems to be the latest version.

  • @sj0123

    1Password 8 for iOS will not support standalone vaults. More on this can be found in a post from one of our founders, available here:

    What is the future of local/standalone vaults?

    Ben

  • sj0123
    sj0123
    Community Member

    Thank you for clarifying that.

  • ericsh
    ericsh
    Community Member

    I'm also a long-time 1Password user who is extremely disappointed with this decision. I do have a 1Password membership (which I'm happy with) but I also use, and absolutely rely on, standalone vaults.

    All the arguments about the safety and security of the online vaults are meaningless to me for one very simple reason: my company FORBIDS the use of any third party online storage for their sensitive data. So 1Password 8 is an absolute non-starter for me. Sad.

  • ericsh
    ericsh
    Community Member

    So I just read the "What is the future of local/standalone vaults?" post and immediately responded to the poll there, stating I would be most interested in a self-hosting option. I hope it happens!

  • Hi @ericsh:

    Glad to hear you were able to find the survey link. As for your company policy, you (or an appropriate decision maker) can send us an email at business@1password.com, and we'd be happy to dig into it further with you (or the aforementioned decision maker). Thanks for sharing your thoughts!

    Jack

  • g4r37h
    g4r37h
    Community Member

    I've been a 1Password user since version 4, purchasing new licences as and when required.

    But this is where we part ways because I won't be migrating to any online subscription model. I will instead be migrating to alternative software.

    See ya.

  • Trebuin
    Trebuin
    Community Member

    After the compromise of another cloud based password vault service & the compromise of Authy...I wouldn't recommend cloud based vaults. Furthermore, we would have to rely on the trust of the company to hope it doesn't have a backdoor...which is a serious privacy issue when the vault is located on their cloud servers & not on a home computer. This shouldn't be an issue provided the company is too small to attract the attention of influential government, or large & dedicated to privacy that they would play the cat & mouse game with government hired hackers. Personally, I'd rather keep it on my own system where I can have multiple layers of encryption to protect what I encrypt. This will unfortunately keep me on 1password 7 until the foreseeable future.

This discussion has been closed.