Hi, thanks for updating the interface of 1password for windows, i have immediately subscribed after checking, great job. But unfortunately, it is impossible to open a local vault that we had on 1password 7. There are some passwords which we are not allowed to sync to cloud (for work), hence they must stay local, and personal passwords that I want to sync to cloud. It would be very nice if opening a local vault on 1password 8. Is it planned or will not be possible ever? Thanks. 1Password Version: 8 Extension Version: Not Provided OS Version: windows 10

Hi @benwade Thank you for your interest in 1Password 8. I understand the concern regarding the lack of standalone vaults in this version. In case it is helpful, I wanted to outline some of the important aspects of how we handle your data. 1Password always works from a local copy of your data. Data you enter is encrypted before it is saved into this local database. The database is stored on your computer, and syncs when you are online. This means you can access your data while you're offline (or in the event that we are offline). The Secret Key - This is explained more fully in our security white paper, but the short explanation is that if someone were to guess or bruteforce your account password, that still wouldn't be enough to get your data. The Secret Key provides a serious safeguard against this, and the mathematical complexity that it puts in an attacker's path is essentially insurmountable with current attack methods and hardware. It makes it such that even if someone could steal everything from our servers, they wouldn't be able to access any secrets you've stored in 1Password. This key is not available to us, either, so even in the case of a malicious employee with the highest levels of access, your data is protected. We put our trust in encryption rather than authentication. This is because, in short, "Encryption means that 1Password does not face the kinds of threats a largely authentication-based system would face, and we have used an authentication mechanism that defends against many of the threats faced by many other systems." You can read more about this, if you're interested, in our short guide here: https://support.1password.com/authentication-encryption/ We undergo security audits and pen tests, which you can find here: https://support.1password.com/security-assessments/ In short, we have made 1Password as secure as possible, keep the ability to unlock your data out of our own hands, collect nothing besides what's needed to run the service, and continually have our security tested for weaknesses. One of our founders, Dave, wrote about why we're moving away from standalone vaults and to membership exclusively, here. While of course you are ultimately the final judge of what's best (or perhaps even necessary based on policies etc) for your situation, I hope this provides some helpful context for how we're doing things now and going forward. Ben

I have the same issue as Ben - my employer has strict requirements for where their secrets may be stored, with strong regulatory and industry specific attestations required - beyond the SOC2 that you attest to. If you had a docker container / local server option - even if that server required a phone-home for licensing purposes- that would enable my continued usage of Version 8.

There's a survey in progress here concerning self-hosting : https://survey.1password.com/self-host/

Yep; indeed. Thanks for calling that out, @"J.M"! @"Joshua Samuel" I'd encourage you to participate in the survey. This will help us gauge the level of interest in such a solution, and help us determine feasibility. Ben

1P_Ben Will the 1Password iOS app be updated to version 8, or will a separate version be added to the App Store? I wish to stay on stand-alone, Wi-Fi synced, vaults for now in version 7. I’m concerned having app auto-update on will leave me stuck on the new version!

Local Vault | 1Password Community

1P_Ben
1Password Team
4 years ago
Hi @benwade

Thank you for your interest in 1Password 8. I understand the concern regarding the lack of standalone vaults in this version. In case it is helpful, I wanted to outline some of the important aspects of how we handle your data.

1Password always works from a local copy of your data. Data you enter is encrypted before it is saved into this local database. The database is stored on your computer, and syncs when you are online. This means you can access your data while you're offline (or in the event that we are offline).

The Secret Key - This is explained more fully in our security white paper, but the short explanation is that if someone were to guess or bruteforce your account password, that still wouldn't be enough to get your data. The Secret Key provides a serious safeguard against this, and the mathematical complexity that it puts in an attacker's path is essentially insurmountable with current attack methods and hardware. It makes it such that even if someone could steal everything from our servers, they wouldn't be able to access any secrets you've stored in 1Password. This key is not available to us, either, so even in the case of a malicious employee with the highest levels of access, your data is protected.

We put our trust in encryption rather than authentication. This is because, in short, "Encryption means that 1Password does not face the kinds of threats a largely authentication-based system would face, and we have used an authentication mechanism that defends against many of the threats faced by many other systems." You can read more about this, if you're interested, in our short guide here: https://support.1password.com/authentication-encryption/

We undergo security audits and pen tests, which you can find here: https://support.1password.com/security-assessments/

In short, we have made 1Password as secure as possible, keep the ability to unlock your data out of our own hands, collect nothing besides what's needed to run the service, and continually have our security tested for weaknesses.

One of our founders, Dave, wrote about why we're moving away from standalone vaults and to membership exclusively, here. While of course you are ultimately the final judge of what's best (or perhaps even necessary based on policies etc) for your situation, I hope this provides some helpful context for how we're doing things now and going forward.

Ben
Former Member
4 years ago
I have the same issue as Ben - my employer has strict requirements for where their secrets may be stored, with strong regulatory and industry specific attestations required - beyond the SOC2 that you attest to.

If you had a docker container / local server option - even if that server required a phone-home for licensing purposes- that would enable my continued usage of Version 8.
Former Member
4 years ago
There's a survey in progress here concerning self-hosting : https://survey.1password.com/self-host/
1P_Ben
1Password Team
4 years ago
Yep; indeed. Thanks for calling that out, @"J.M"! @"Joshua Samuel" I'd encourage you to participate in the survey. This will help us gauge the level of interest in such a solution, and help us determine feasibility.

Ben
Former Member
4 years ago
1P_Ben Will the 1Password iOS app be updated to version 8, or will a separate version be added to the App Store? I wish to stay on stand-alone, Wi-Fi synced, vaults for now in version 7. I’m concerned having app auto-update on will leave me stuck on the new version!
Former Member
4 years ago
@t0hvanah:

Will the 1Password iOS app be updated to version 8, or will a separate version be added to the App Store?

It will be a separate app in the App Store :+1:
Former Member
4 years ago
1P_Ben

Thank you for your summary.. however I should note that they are companies that are so stringent on their security policies that storage of company credentials or information anywhere that is not local computer storage or within their environment is a firing offense. That includes mine. And they have actually clearly stated that 1Password does not get an exception for this. That means that - as password and credential solution - no matter how secure 1Password is - with the change to a subscription only model we simply cannot use it at my company - and that's a total of about 60k engineers worldwide (last I checked).

Please do consider providing a mechanism that allows for storage on local file volumes - even if that means requiring that the macOS app be installed.
PeterG_1P
1Password Team
4 years ago
@davido1138 thanks for this thoughtful feedback and the specifics of your use case. I have passed it along to our developers.
PeterG_1P
1Password Team
4 years ago
@davido1138 , I'd love to connect you with our specialist team to discuss this issue. Could you (or an appropriate decision-maker) email us at business@1Password.com with a link to this discussion? Our team members will be happy to connect with you!
ljohnston
New Contributor
4 years ago
Just learned of this decision to drop local vaults from 1password 8 and am so disappointed! I am in the same situation as many others here... my employer forbids storage of any passwords in the cloud. That made 1password a no brainer as I could use a local vault at work and still use the cloud for my personal stuff. Because of that support for local vaults, 1password was on the "approved" list of password managers at work. That approval will definitely go away - storage of passwords in the cloud is a non-starter. And we're talking about a company with well over 100,000 employees worldwide.

Forum Discussion

Local Vault

Recent Discussions

URL private link opening

Feature request: Warn before archiving an item

Can't log into 1Password app on my pcs after recent update.

Standalone Safari Extension Without App Store

Nonsensical choice: Connect with 1Password in the browser