The future of local/standalone vaults

124

Comments

  • labguy88
    labguy88
    Community Member

    @Lars -- thanks! That resolves my concern. I'm a longtime Lastpass user (AKA "victim") looking to make the switch, so I'm just learning about 1Password. Hence my fairly ignorant question. With your explanation about the cache, I'm not troubled by version 8's central cloud storage. That's just my personal take on this, not a criticism of others in this thread who think differently.

  • JAC3467
    JAC3467
    Community Member

    @Lars - thanks for your reply and taking the time. You of course are correct, anytime we do anything, there are multiple parties involved with varying levels of trust. Agreed fully. That said, there are varying levels of trust. Apple for example has a huge and highly-profitable business for lots of reason, one of which is its customer base trusts the company pretty well. I'm sure in no time at all we could name some tech companies we don't trust much.

    I think my trust for 1PW is pretty high - it would have to be given the data I'm entrusting. These last few months digging through documents, forum posts, blog posts, etc., I've become more assured that you've architected and built a cloud-based password manager that's as secure as it can be. That said, if I were on 1PW8 and there was a LastPass-type breach - would I change a bunch of passwords? Probably, important ones at the very least. If you deprecate 7 and I upgrade to 8, as a hedging step, are there some credentials I would no longer store in 8, or would I store some login components elsewhere? Probably.

    The LastPass breach has sorta brought to a head this whole lengthy discussion. Which is really a good thing. Normally when a competitor has a bad day, there's at least some ancillary benefit 1PW would derive, most notably by afflicted customers moving to your platform. In this case however, LastPass's stink is getting on you too. Why? For no reason other than you too are a cloud-only solution, so you're the same. Yes, I know there are key differences and the devil is in the details, but for many customers, they will never dig that deep. Think about the NYTs article - it recommended KeePass. Why? No reason other than local storage. I've not looked at KeePass, but I seriously doubt it's as feature-rich as 1PW.

    I'm really unclear as to why you chose to eliminate local storage from 8? It must have been quite a discussion, and you must have anticipated the grumbling. I am curious about that, if it was a tech consideration, or marketing, or both, or something else all together.

    So where are we? Right now you are supporting two versions that are really quite different: 1PW7 and 1PW8. I'm sure that's expensive and you'd like to get rid of 7, and one day you will. Some existing V7 customers will leave. They simply will not put their data in the cloud. And some existing customers will leave as their employer will not permit a cloud-based login credential storage solution.

    And now the LastPass breach has put a spotlight on your cloud-based architecture. Right now, there are LastPass customers looking to switch. They will look at 1PW8 and see it's cloud-based and say: "nope, already been to that rodeo". Simply look at the last post by labguy88. I doubt his reasoning is unique to him. And there are new customers who will do some digging on password managers, read about it all and find the NYTs article, among others, and also say no thank you and look for a local-storage option.

    So how many existing and new customers does that all add up to?

    Imagine for a moment, if for all those customers, you could say, we have a cloud-based solution and it's solid as a rock, and here's why. And if you're still not quite satisfied with that, here is a local-storage option where you can save your data and it will never see the light of day beyond your local device.

    Sign me up, and I would add, that's what 1PW7 has.

  • Lars
    Lars
    1Password Alumni

    @labguy88 - not at all: I'm glad you asked! 😃 "Putting all your eggs in one basket" via a password manager is a big leap under any circumstances. Having to do so precipitously like you are having to switch now makes it even more nerve-wracking. We're here to help. Drop by anytime!

  • Lars
    Lars
    1Password Alumni
    edited January 2023

    @JAC3467

    In this case however, LastPass's stink is getting on you too. Why? For no reason other than you too are a cloud-only solution, so you're the same.

    I would argue that any such tendency to associate thusly is more the result of articles such as the one you referred to. This NYT article says in the first sentence of the third paragraph - easily visible in anyone's browser, no matter how small the window:

    When you use a password manager like LastPass or 1Password...

    The NYT is America's paper of record, regardless of what one might feel about them, so what they say in their pages carries a lot more weight than other daily publications. And lumping us together with another competitor when only one of us was breached just because we are similar in that we are both password managers is, frankly, absurd. You can get a sense of it by imagining someone saying:

    When you read a newspaper like the National Enquirer or the New York Times...

    ...to see how problematic and simply inaccurate it is. I am not drawing any comparisons here, and in fact am exaggerating for effect. But the journalism is frankly sloppy, which is what I tried to subtly allude to in my previous response. Sure, publicly-addressable servers are potentially breachable. But in regard to the encrypted payload the attackers came for in the first place, it is the difference between what would occur if we were to suffer a similar server breach despite both our and AWS' efforts and what has already happened to LastPass customers' data as a result of their breach, that matters. And the answer to that is a function of the Secret Key, and how it protects you if we did suffer a similar breach.

    As you say, the devil is in the details, and many people won't dig deep enough. Which is one of the reasons this article's inclusion of us in the same breath as a breached competitor with different security properties than we have grinds my gears just a bit. Vaults pilfered from a successful breach of our servers are in fact orders of magnitude more secure than vaults secured with only a password. They're also more secure than if someone steals a copy of your data by successfully compromising a device of yours (because the Secret Key does live on your device and any competent attacker knows that. On your own device, it is your chosen password which protects you. And there, if you've chosen an easy(er)-to-guess password, you'd be at similar risk to what the attackers got in bulk from LastPass' servers. Vaults pilfered from our servers? Not so much.

    You're not wrong to wonder about the customer confusion/choice issue, but we had a similar thing with 1Password 7: the ability to create both local and 1Password account vaults caused no end of confusion for some customers. It caused duplicated data, and in some much more rare cases even data loss (people would delete a vault without realizing it was their only one, etc). Many more users were simply confused and ultimately put off by that confusion.

    Long story short (well, OK, short-ISH 😂): I'd refer you back to the OP in this thread, from our founder dteare, about the history and reasoning. And I'd hope most people willing to dig in and do research would learn enough from our support pages to understand that the current offering, in terms of the 1Password data on your local device, is no less secure than previous standalone/local storage options, and on our server, it is vastly more secure.

  • Scotty0844
    Scotty0844
    Community Member

    I just simply cannot wrap my head around why you would essentially remove yourself from a big chunk of the commercial sector. I don't care how "vastly more secure" it is, it still does not trump my and many other companies Information Security Policies, which prohibit cloud storage of any credentials. I find your inability to even consider bringing back local vaults in the wake of the LastPass breach frankly appalling. Is it a money grab? Do you want to harvest and sell the unencrypted data? Seriously, what's your deal?

  • Welcome to the forums, @Scotty0844.

    I started this thread with a detailed and very long winded explanation of the "why" behind our decision to go all-in on 1Password Memberships. Please give it a read and let me know any specific questions that remain unanswered.

    Sorry for my verbosity but I had a lot to cover. 🙂

    Take care,

    ++dave;
    1Password Founder

  • Hello everyone and Happy New Year! 🎉

    I thought it would be great to kick off the new year with an update on self-hosting, how much interest we’ve been seeing in this feature, and what’s in our heads for the coming year and thereafter.

    First and foremost let me thank everyone for their passion on this subject. We wouldn’t be here without passionate customers who cared about 1Password and our future, so thank you so much for continuing to share your thoughts with us. It really means a lot to me and the team. ❤️

    Let’s start with some raw numbers. Since launching the survey we’ve had 5,277 people complete the form. We started the survey when 1Password 8 for Windows entered early access on June 15th, 2021, just over a year and a half ago.

    Each response is stored in a 1Password vault using Secrets Automation so I get to see new responses throughout my workday. Here’s @Ben’s response when testing the survey, as well as letting us know he also wants this feature.

    The responses covered a wide range of passions, from individuals who want their data to never leave their devices, regional restrictions, companies that require their data hosted on-prem, hobbyists who just want to have fun and play, all the way to those who believe subscriptions are the devil incarnate. As diverse as these are, one thing was constant throughout: passion. The passion for this feature is unbelievable.

    As passionate as people are, I’ll be honest and say I was hoping for more responses. Having more would make it much easier to pitch this during our roadmap planning sessions. With that said, over 5,000 people is still a lot of people. Especially if you consider that most people don’t take the time to contact customer support, let alone take a survey. @roustem and I always assumed a 10x factor in situations like these so that starts getting into some big numbers. Still, if you haven’t had a chance to fill out the self-hosting survey yet, please do. It helps us gauge how much interest there is in this feature and I read every response and share the highlights with the team.

    Ultimately we have too many competing priorities on our radar at the moment, and we didn’t see enough interest in this topic to get self-hosting onto the roadmap in the immediate future. That’s unfortunate and I’m sorry to have to break that news to you.

    With that said, I was tremendously invigorated when discussing this feature with our product director and our chief product officer. Mitch got me really excited about the possibilities of a 1Password Community Edition, wherein the ability to host your own server was just one piece of many. And Steve was super excited about how a community edition could fit within our renewed focus on developers and the surrounding ecosystem.

    While there’s a lot of excitement around this feature internally, it’s a big lift. One we haven’t been able to fit into our near-term roadmap, yet I remain optimistic that we’ll be able to find a place for it in the schedule in the future.

    Please continue to share your thoughts in this thread. I’m notified of every response and while I don’t have a chance to always reply, I do read each and every post here.

    Take care and have a wonderful 2023! 🤗

    ++dave;
    1Password Founder

  • icywolfy
    icywolfy
    Community Member

    Our company had to drop 1password support with this; and thus about 5,000 users needed to switch applications.
    It was a pain.

    If there was a local cloud sync process, that would work for the business -- but having already migrated away, it's likely not going to happen. As a private user, while I could run a cloud instance, i'd rather not and rely on local NAS for file storage and backups.

    The argument have been made. The majority of end users are not concerned about security, they want convenience. Which is a shame.

  • YellowVista
    YellowVista
    Community Member

    @dteare Thanks for the update and the transparency.

    One of the main reasons I am interested in self-hosting is for greater control over my data from the standpoint of data versioning and protection against data loss, not a lack of trust in the security of 1Password. I'm familiar with 1Password's Item History (https://support.1password.com/item-history/) and Backups (https://support.1password.com/backups/). But there are limitations, including no protection for deletion of vaults. (What if the IT guy goes rogue and just deletes a vault? What if I accidentally delete a vault--or delete the wrong vault?) Why can't vaults be recovered?? With self-hosting, I could ensure that I have unlimited, complete versions/backups of all of our 1Password data for as long as I desire and that no matter what catastrophe might happen on 1Password's end or what mistakes (or malicious actions) someone on our end might make (like deleting a vault, etc.), I could still access my data through my self-hosted environment.

    Also, 1Password's export options (https://support.1password.com/export/) are too limited. I would feel a lot better if 1Password included an option for some form of automated, encrypted exports/backups (which is something some other password managers I use do).

  • Better support for offline backups is something I'm advocating for. Thank you for sharing your use case on that. I've added those thoughts to our internal system our product team uses to help prioritize our efforts.

    Ben

    ref: PB30829569

  • dtwagner
    dtwagner
    Community Member

    After the announcement of no more local Vaults, I have already switched to another product (my main vault with over 3k records. Family subscription). But 1P is still the best App 🤷

    Is there any word on how long version 7 will be supported?
    Wouldn't it be a way to be able to use the local cache file as a vault?

  • lumarel
    lumarel
    Community Member

    Thank you Dave (and everyone else involved over the time) for this very open internal sight for how it stands about having self-hosted vault server instances!

    It really has been some long time since the discussion about what is the most feasible way to have the vault data in your own hands, after the Linux client never got the local vault support and also the other versions sometime soon following suit to not support local vaults anymore.
    Especially because of the fact that if something happens I'm the fool myself who is responsible for either loosing data, getting breached or just having more control over from where my vault is possible to be accessed from. (of course with maybe having to live that I can't access the vault outside from the apps or the browser extension, or any other drawbacks which might not be part of the vault server component)

    After I noticed the initial thread was closed I thought it is finally time again to show that I'm still here... waiting.
    It's still a feature that's very high on my list...
    and unfortunately my account balance starts to deplete (after a very long time), which also makes me look around how it's with other solutions.
    The combination of 1P7/1P8 on Windows (value drag-and-drop into RDP or other remote connection windows still works a lot better in 1P7) and 1P8 on Linux (and 1P8 on macOS) still looks like the best solution, especially since the ssh-agent got implemented, but a very high demanded snow flake feature might still change everything. (it's very unfortunate I have think that far after all this time)

    Anyways, looking forward to seeing self-hosted vault servers being a thing! (sometime)

    Cheers, lumarel

  • astrostl
    astrostl
    Community Member

    I've been using 1Password since 2008 (!!). I'm willing to self-host, but I'd rather simply continue using a local vault. I will do that for as long as I can with 1P7, and then switch to a competitor if/when that is no longer possible.

  • KlausWurstbrot
    KlausWurstbrot
    Community Member
    edited March 2023

    The same here. I will use 1P7 for the local vault as long as possible and than move on. I was using 1Password happily for 10 years, but it really makes me sick if a company thinks it knows better what is best for me!

  • bryanc
    bryanc
    Community Member

    Occassionally checking this thread in hopes of a standalone (with unlockable upgrades and maintainence). I guess 2023 still isn't the year.

    Thanks for the update @dteare.

  • JRomer79
    JRomer79
    Community Member

    @dteare

    I have waited almost a year hoping you will add back local storage. You have not flinched. I am part of a network of consultants including PCI DSS and financial data security consultants. We work together but alone. None of us can migrate to 1Password 8. Local storage is an absolute must. It is simply not an option. Period. Others have said that too. The general position is tell them to support local hosting. Local hosting is also simply not an option. We call keep using 1Password 7, but someday that will run out, you will not maintain it and an operating system update is going to kill it off. You will offer us the option of never upgrading our operating system again, but you know that is not an option. Many of us are forced to migrate to the new operating system once security updates are dropped on the older operating system.

    You can explain all you want. You can be passionate all you want. You cannot force the change. No amount of fancy AES-256 and explanations of quantum computing, passionate explanations of how much effort it took to redevelop in Rust will change the situation for many of us. We don't really care about the details, we care about the result.

    Charge me $10 to give the feature back, cover some development cost. Turn the feature on after requiring us to acknowledge that Dave Teare is washing his hands of any risk of maintaining local data. But reconsider the decision. You are not the only developer and company CEO that has made a decision, doubled down on it, and then had to reverse course due to overwhelming complaints. Sure, not everyone is complaining, many don't have an issue or even understand what changed. Sure many people switched to subscriptions. Realize that many of them switched to subscriptions because you made it overwhelmingly hard to buy stand-alone apps. We did not switch because we wanted someone hosting our data.

    My vision is there you are in a middle of a huge battlefield filled with flame, fury, smoke, debris flying all around, countless shell holes filling with water, your face filled with the grime of battle and your look one of furious determination. You are going to win this war on local data or fall onto the ground. There does not need to be a battlefield. There needs to be a reckoning with the countless customers that were once loyal and now have been left behind.

  • soshiito
    soshiito
    Community Member

    That is quite the vision you have concocted @JRomer79. Based on their client list they are doing quite well with their current path. I doubt your offer to pay them $10 has much weight against priorities such as keeping IBM happy.

    It has been years since AB dropped standalone vaults. I cannot envision a world where they bring them back. The vast majority of the world has moved on from such concepts. Perhaps it is time to re-evaluate your position? Your comments remind me of Charlton Heston's famous (infamous?) "from my cold dead hands" rhetoric.

    It seems pretty clear that if there is to be any form of "local" 1Password again it will be in the form of self-hosting the 1Password.com server. While I hope they pursue that option the fact that they started surveying about it two years ago and have not even released a beta does not give much cause for that hope.

    If standalone is a "cold dead hands" issue for you, then I would respectfully propose that 1Password is not a viable solution, and you should start looking for an alternative. Just my thoughts as a fellow 1Password user who used to use standalone.

    Cheers.

  • JRomer79
    JRomer79
    Community Member

    It's not my war, it is the issue IT Risk teams have with allowing data access like this application outside their organization. It's 3,500 of us, not 1 of us. LastPass certainly boosted their success. It's been a beloved application, but when you cannot use it, you cannot use it.

    Certainly I paint a vision, but I'm making a point this was not a necessary change, it was a preference and a desire.

    I respect that you respectfully tell me 1Password is not my solution, but it was my solution for 13 years and for over 3,500 of us for more than 5 years. Who changed? Did 3,500 of us get unreasonable? Another posting in this thread about 5,000 lost users over the issue. My $10 does mean nothing, that was not the actual point, was it?

    IBM does have employees use 1Password. I'm surprised this change would have been made for their satisfaction. A provisioning feature would have allowed a setup or lockout of features IBM did not want implemented.

  • JAC3467
    JAC3467
    Community Member

    I've been following and have commented on this issue for a while now. I too am one who has long held the position that one of the simplest things to do to secure password data is to NOT put it out in the cloud, and have long used a manual-sync option to keep my devices current. When I looked into the previous cloud-sync options I immediately dismissed DropBox since it was (is?) a young-ish company whose security and longevity I didn't feel I could trust. The only option I really considered was iCloud as Apple is solid with security better than most, but I could never bring myself to pull the trigger and move my vault.

    Now we have 1Password 8 with its cloud vault hosting the only option. After trading messages with @Ben, @Lars, read @dteare's numerous posts, read white papers, etc, etc, I've learned more about secret keys, PBKDF2 iterations, password entropy and all the rest of it than I ever thought I would. Not to mention all that was uncovered and learned from the LastPass breach.

    With that said, with a quality master password coupled with the secret key, I've slowly come to believe the risk associated with putting my data in the 1Password cloud is minimal. Yes, there's some small probability it could be compromised if my vault got into the hands of some nefarious individuals, but I really doubt they'd waste all that time, energy and resources trying to crack my data. There are simply too many far easier targets. If some governmental agency is after me - ?? - well then all bets are off.

    The only other password manager I would consider is BitWarden - which does have a self-hosting option where you can implement an instance of its server/database. Presumably if 1Password ever offered a local or self-hosting option, it would be similar. It's worth saying this is more complicated than simply having a local vault, and anyone that sets this up needs to make sure they get it right and administer it properly.

    As far as paying a 1Password subscription, I've never had a problem with that - this software and service is fully worth it.

    As far as Electron, Rust and all of that, yes, some features of the 8 interface may feel un-Mac-like, but so long as the functionally is there, I'm fine with it.

    So that's my current thinking, always subject to change, and thought I'd take a few minutes to put it out there.

  • Iwantlocal
    Iwantlocal
    Community Member

    I been using 1Password since Nov 19, 2016 when I brought it on the Mac Store.
    If you guys are going with sub only + no local vault I am just going to ride 7 out for as long as I can and then move to BitWarden.
    1. The LastPass leak
    2. iCloud actually supports end to end encryption now

    So why would I really trust my password to 1Password.com instead of having it end to end encrypted on iCloud as it stands right now?
    If you can recover my account on your end there's a security vulnerability I won't have if I put it on iCloud/self-host.
    I don't want to connect to your server every time I start 1Password. I don't want to link my password to my email.
    I don't want the government to potentially have some backdoor into my password. (You are not going to fight a court order/any future privacy invading law for the users.)

    I get you guys want more money and revenue, just charge more for the lifetime buyout/standalone vault, I'd be happy to pay 100-200 USD once than be committed to paying 3 a month for years. I know the SaaS game you guys are playing and I will PAY EXTRA to avoid getting trapped into that. I want my privacy and I want my security. I will pay for them if you give the option.

    If you don't I will just move on to other options. Remember Apple actually have built in end to end encrypted password manager now.

  • Lars
    Lars
    1Password Alumni

    Welcome to the 1Password Support Community, @Iwantlocal! Thanks for joining.

    We're big fans of Apple's new(ish) Advanced Data Protection as well. However, it's not the same thing as a 1password.com account, due to the presence of the Secret Key for all 1password.com accounts. And remember: iCloud remains cloud-based also, unless you intentionally disable all iCloud syncing.

    If you can recover my account on your end there's a security vulnerability I won't have if I put it on iCloud/self-host.

    We can't. In multi-user accounts (1Password Families, 1Password Teams and 1Password Business), an Owner or Administrator (or Family Organizer in a Families account) can help you recover your account, but no one at AgileBits can.

    I don't want to link my password to my email.

    Not sure I understand this? Which password do you think you're linking to your email?

    I don't want the government to potentially have some backdoor into my password. (You are not going to fight a court order/any future privacy invading law for the users.)

    Fortunately, they don't. You can read about our [Security Model], but the most important thing to keep in mind here is a phrase you mentioned earler: end-to-end encryption. Your 1Password database that is stored on 1Password servers is encrypted at all times; all encryption and decryption is done only locally on your device(s) using encryption keys we do not possess and cannot derive. We even publish a guide for law enforcement which we make publicly available. tl;dr - we will indeed honor lawful court orders to provide information, but because we cannot decrypt your data, law enforcement would receive only the ciphertext itself.

  • Aguirre
    Aguirre
    Community Member

    I was with 1Password Mac from DAY ONE.

    I am irritated by the pie in the face of the subscription model but Version 8's constant cloud connection and off-site storage under 1Password's control is simply appalling. This is second rate security at best.

    I hope you all enjoy all the sub money. I guess 1964 and 1984 Cadillacs were different, too. Times change. Profits over quality puts 1Password in the majority. Hooray.

  • astrostl
    astrostl
    Community Member

    I've been using 1Password since 2008 (!!). Planned to hold on until 1P7 was dead or 1P8 brought back local vault support and/or self-hosting. Looks like the former has won and I have a couple of months to migrate to a competitor that supports the latter.

  • wormburnersizzlchest
    wormburnersizzlchest
    Community Member

    Since the classic / 1Password 7 Chrome extension will become unusable later this year (https://support.1password.com/kb/202303/) I will be searching for an alternative for both work and personal use. I'm happy to pay for software and services but I refuse to allow my data to be held hostage by corporate greed in the form of mandatory subscriptions.

  • JayBarcelo
    JayBarcelo
    Community Member

    I'm happy to pay for software and services but I refuse to allow my data to be held hostage by corporate greed in the form of mandatory subscriptions.

    Your data is NOT being held hostage, you can still access, use as normal and even export everything in your freeze account.