Keep standalone vaults with v8?
Hi, I'm sure this has been asked but I couldn't find it. The warning when installing v8 seems to imply I can't keep standalone vaults anymore. Is this correct? It would be a deal breaker for me - I don't want to put everything on 1Passwords boxes.
1Password Version: 8
Extension Version: Not Provided
OS Version: Mac OS
Browser:_ Not Provided
Comments
-
Standalone vaults are no longer a part of 1Password. On of our founders, Dave, wrote about the long journey we've had with them and why they cannot continue into the future, here:
The future of local/standalone vaults
I'm sorry I don't have the answer you were hoping for, but I hope that helps explain our position.
Ben
0 -
Reading between the lines - I get it - software as a subscription is much more lucrative and hosting the data yourself lets you lock-in your customers. TBH - that's actually not my complaint. My problem is - having your vault hosted externally puts pressure on you to have a really good PWD. And PWD's suck. With 7, you can have a LOCAL vault which has little to nothing of importance - it can have a very weakpassword and you can unlock everything on your LOCAL machine that way. But your hosted vault, which is synched across all your devices etc. can continue to have a strong pwd and you can rest easy about data on your iPhone, laptop etc.
0 -
If you don't mind - what are the timelines for EOLing v7? Cuz I think this is the end of the line for me and I'm a bit of a planner.
0 -
Reading between the lines - I get it - software as a subscription is much more lucrative and hosting the data yourself lets you lock-in your customers. TBH - that's actually not my complaint. My problem is - having your vault hosted externally puts pressure on you to have a really good PWD. And PWD's suck. With 7, you can have a LOCAL vault which has little to nothing of importance - it can have a very weakpassword and you can unlock everything on your LOCAL machine that way. But your hosted vault, which is synched across all your devices etc. can continue to have a strong pwd and you can rest easy about data on your iPhone, laptop etc.
0 -
With the launch of 1Password 8, 1Password 7 is no longer supported and will only receive important security updates. Is there anything we could talk through that might help ease your mind about upgrading to 1Password 8?
Ben
0 -
Reading between the lines - I get it - software as a subscription is much more lucrative and hosting the data yourself lets you lock-in your customers.
We offer full unencrypted exports of your data through our desktop apps to help prevent lock-in:
About the 1Password Unencrypted Export format
My problem is - having your vault hosted externally puts pressure on you to have a really good PWD.
I would agree, were it not for the Secret Key. While obviously a good account password is still better than a weak one, the Secret Key ensures you're protected from a remote attacker to a significant degree even with a relatively weak one.
About your Secret Key
If you choose a weak password you won't be well protected against local attackers, but the same was true with standalone vaults. If you're interested in more of the nitty gritty of how we protect the encrypted data that we store, I'd encourage you to check out our security guide, particularly our Security Design white paper:
About the 1Password security model
I hope that helps!
Ben
0 -
I'm also going to be jumping off at version 7 after 10 years as a customer as I refuse to take out yet another subscription. I don't want a password manager service. I want password management software. Trouble with subscriptions is it puts the needs of the business before the customers. It makes me feel like you don't care about your customers unless they are giving you money each month.
Where will it end? Imagine if every piece of software you used had a subscription? That's not a world I want to live in.
I wouldn't mind if 1Password actually was a product that is designed around being a service but that's not strictly true as it worked fine as a standalone piece of software for years.
0 -
@longtimecustomer I would like to add, you have to remember since 1PW is a security product, the environment is always changing and it takes money for the service to be maintained. Could you add some points of why you don't want to move to 1PW 8? I've been using it since the first ever release of it and it's the best 1PW version yet.
0 -
My problem is not the subscription - I have one. But if for whatever circumstances 1Password service loses ALL of my data (including backups and syncing this "nothing" to all my devices) I am done for. Up to version 7 I can create a local vault and copy all my online vault entries there. With that, I have an additional local copy.....
And no, an unencrypted export is not an option.0 -
@mks0815 so 1PW already makes backups for you and makes copy of your vault for you on any devices you're signed into, so you can for example make edits offline, if you lost wifi. Here is a great article by support that will explain all of this. https://support.1password.com/backups/
0 -
My thinking is rather along the following attack scenario:
There is a bug in 1Passwords backup strategy (either just by mistake or introduced by hackers) which ensures that backups cannot be restrored. Some time/months later hackers find a way to make the 1pw servers throw away all entries stored in the vaults and synch that to the clients. So no way how many backups 1password made in the cloud most data is gone (cload and local clients). In pw7 I now would have my backup vaults....Do not hear me say that the 1password backup does not currently work.... this is just a possible scenario...
0 -
@mks0815 You'll always have a local cache of your vault on every device you're signed into, I would imagine, this is also to eliminate the example above, 1PW makes multiple backups of your data for you.
0 -
My understanding of this local cache was always "one copy to allow access even if there is no access to the server (offline, server down)".
In my scenario the server would be up and telling my client "your vault has no data" and the client would delete all the local (cached) data...0 -
The only way this would happen would be if 1Password on your device successfully phoned home to the 1Password.com service, authenticated, checked for the contents of the vaults and found that the items it had already had been deleted or archived. It would then mirror those changes. When 1Password syncs, it checks the status of the items it already has and looks for any new ones – it doesn't just sync "number of items". Hope that clarifies things, but let me know if you have any follow-up questions. :)
0 -
@GreyM1P thanks for the clarification. I think I understood that the 1Password on my device would only delete items locally in case it gets the info from the server that these items got deleted on the server (and not if they just do not exist on the server). And an item can only get deleted on the server by the authenticated user.
Provided that there will never be a bug in the server code and no attacker will ever be able to inject/provision malicious code on the server.
I do not debate that in most cases your backup of data is far more reliable than the backup strategies most user (including myself) have in place. However, not having a safe (no unencrypted version of the vault ever on disk) strategy to copy this data to an offline storage makes me cringe - it is the most valuable data I have and losing it would have a huge impact.0
