1Password 4 does not support Chrome 72 or later [1Password 7 is available]

124

Comments

  • LarsLars Junior Member

    Team Member
    edited February 19

    Welcome to the forum, @ebullister! Glad to have you here. :)

    Please tell me I understand this correctly: v4 no longer works with browsers.

    No. At least, not completely. What's occurred is that Google have changed the browser code signature (for reasons of their own) in the current stable release of Chrome, and this means that older versions of 1Password such as 1Password 4 for Windows which are no longer receiving development attention (changes, updates, etc) don't have this new code signature, so the correct version's code signature doesn't match what that older version of 1Password expects to see -- so it fails verification. However, this only affects Google Chrome, not Firefox or any other browser supported by 1Password. So "no longer works with browsers" isn't quite the case.

    Going forward, the only way to continue to use 1password with browsers is to switch to v7

    Again, not quite -- that's only true for Chrome. If you use Chrome and are unwilling to switch to any other browser, then yes, you'll need to upgrade to 1Password 7 for Windows.

    ...which means uploading all of my password data to 1password's cloud.

    Again, not quite. Happily for you, standalone licenses for 1Password 7 for Windows are available :) -- just click the "Need a license? We have those too" link on the purchase options screen on the first-run of 1Password 7 for Windows:

    I am OK with paying for a subscription service, but I am not sure I want to give all of my password data to 1password or to have it stored anywhere but on my computer.

    These two things go hand-in-hand: a 1password.com membership means a 1password.com account (in which you store and sync your data in/from the 1Password.com servers). If you're not sure about the security involved in such a move, I'd strongly recommend a read through our 1password.com security white paper -- and feel free to ask any questions you might have if there are parts you aren't convinced about or are unclear on after reading.

    So, is it true that I need to put all my password data on the cloud to continue to use 1password?

    No. :) And if you decide, after everything, that you just don't want to do that, well, there are still standalone licenses available.

  • LarsLars Junior Member

    Team Member

    Welcome to the forum, @chadiaboughayda! Thanks for the question. Yes, 1Password 7 for Windows is a completely new version, and as such requires either a 1password.com membership (which includes all our apps (for Windows, Mac, iOS and Android) at no extra charge), or the purchase of a new standalone license.

  • LarsLars Junior Member

    Team Member

    @mzman -

    If I have a families subscription, that entitles me to 1Password 7, right?

    Yep! And not just 1Password 7 for Windows, but also 1Password 7 for Mac, 1Password 7 for iOS and 1Password 7 for Android -- if you or anyone else in your 1Password Families account uses those platforms. It's designed so every family member has access to the latest version of our apps across four platforms, all for the one charge of $4.99/mo (paid annually; $59.88/yr). When you compare that to the cost of per-person AND per-platform licenses for an entire family, a 1Password Families membership is quite cost-effective (as well as being the best way to use 1Password for the vast majority of people).

  • Lars,
    I appreciate your concern.
    I have two questions.
    1. What, specifically, is the risk in turning off this option?
    2. You state that agilebits “moved to supporting the major browsers”.
    Why then would to continue to have ver 4 work (without turning the option off) in other browsers but not in Chrome, maybe the most widely used web browser?

    I look forward to your response.

  • @Lars

    These two things go hand-in-hand: a 1password.com membership means a 1password.com account (in which you store and sync your data in/from the 1Password.com servers).

    This is not true per other 1Password employees, your documentation, and my personal experience. I just installed 1Password 7 after subscribing, and run everything through a Standalone, offline vault.

  • LarsLars Junior Member

    Team Member
    edited February 19

    @mzman - apologies for the confusion. I can't tell if you misunderstood me or if I wasn't clear enough, so let me try to clarify now: you certainly can do all of the following:

    1. Subscribe to a 1password.com membership,
    2. Add your account to 1Password 7 for Windows (or 1Password 7 for Mac) to take it out of Read Only mode (authorize it),
    3. Never use it,
    4. Create standalone vaults and use only those instead

    ...but it's not a recommended setup, for various reasons which should be obvious. 1Password 7 for Windows or 1Password 7 for Mac requires either a standalone license OR a 1password.com membership. If what you want are standalone vaults, I'm not sure why you wouldn't purchase a standalone license? If you choose to go with the membership, you must add your account into 1Password in order to take it out of Read Only mode. But when you do that, you will see your 1password.com account's vaults (empty, I assume?) in 1Password...and nothing else. If you then choose to create standalone vaults, this will work - but you'll have the 1password.com account's vault(s) visible in 1Password, and you'll need to make sure none of your data is saved in that online vault (presuming you don't want to use the 1password.com servers for your sync/data storage). It's a more-intricate and fragile setup, and not recommended.

  • @Lars
    OK, I certainly hope it's not fragile, if I set the standalone local vault to be the default for new items.

    As to why I would want a subscription... to stay up to date on the latest versions of the software, of course! And... to enable the ability to share some passwords if I desire, if not many.

    For anyone else reading this, I found that things work better if you first set up with the local vault on installation, then add the 1Password membership afterwards. This allows me to use my local vault's master password to unlock the app.

    For what it's worth, I'll echo the theme of what others here have said: you shouldn't make this intricate. It should be easier. I understand why you want paid subscribers (that's a business decision), but you should make it easy for them to work with their data offline (that's a trust / security decision). One of the things that made me select 1Password over its competitors, was the ability to create local vaults. To the extent that you push people away from this, make it intricate or confusing, you'll be losing the trust and business of a good number of your users.

  • @Lars
    I will also add that you were support group also initially told me that what I was trying to do was impossible. As I mentioned, 1password is making this too difficult for those who want to use offline vaults.

  • bundtkatebundtkate

    Team Member

    Fragile is a matter of opinion, @mzman, but managing the settings to ensure items are saved to a standalone vault may make things fragile for folks less comfortable with such things. It sounds like you're comfortable in managing settings to ensure things are saved where you want, so it may well be the case this isn't terribly intricate or fragile for you, but this is a public forum and we have to be careful that we don't give the impression that this will be easy or a good option for everyone. It very much depends on your comfort level and we have customers who range from the types that could rebuild 1Password if they want to my grandpa who calls me every time his PC makes a funny noise, so we always have to have that in mind.

    To an extent, I agree with you about ease. I'd love if everything could be easy, but the reality is that we designed 1Password memberships to assume you're using a 1Password account because that makes things easiest for the most folks. Ultimately, it so happened this also meant you could use standalone vaults with a 1Password account added to your app. There are folks who like that, so we didn't want to take it away, but we also don't want to further complicate things. What's more complicated – adjusting these settings to work for your desired setup or adding a third setup flow for subscription + standalone vaults in addition to choosing a license or membership? I'm inclined to believe the former is a bit easier. Yes, it does mean some extra steps for folks like yourself, but having even just the two options – standalone or membership – is confusing for many of our less technically inclined customers who most need that simplicity. It's a tough balancing act to be sure, and I'll be the first to admit there are always improvements we can make. It's something we come back to time and again in hopes of making setup easier, and I don't see that ending any time soon.

  • @bundtkate
    Glad to hear your reply. I understand that it's easier for most people to set 1Password up for all-cloud now, but that's actually my point. It doesn't need to be.

    You could simply have subscriptions (for continuous software updates, and included sync to the cloud) as one option, or a one-time purchase. Easy to understand for all users. That's one independent decision.

    Now, for those who choose the subscription, you don't need to assume that they want everything in the cloud. You can ask on install whether they want to sync to the cloud, keep everything local, or a hybrid mixture. Again, those who don't want the complexity don't have to choose it. Those users who do, can read a caveat that the hybrid approach does indeed allow for potential confusion if they unintentionally upload to the cloud under the hybrid approach! You could even suggest that cloud-only is likely the simplest choice, syncing the local model is hard, etc. As of now however, it's a bit convoluted to get to my very simply goal: to use a subscription for the benefit of multiple users, device platforms, and continuous updates, while maintaining data locally as I had under 1Password 4.

    I'm thrilled you offer the choice to keep vaults local for subscribers, even if it's a bit convoluted to set up. Right now, your software design and support staff are cloud-biased. Multiple 1Password employees stated to me that a subscription and standalone vaults are incompatible, only to be corrected later by me or another employee. I don't see any reason for this cloud-bias, and I worry that this attitude may lead to a shutdown of that capability in the future. Or, it can lead to a truly fragile outcome, where a software engineer introduces a bug and a user gets things uploaded to a cloud vault, when they didn't want cloud vaults in the first place. This isn't far-fetched. Something similar already happened:
    https://discussions.agilebits.com/discussion/93236/default-vault-for-saving-new-logins-keeps-reverting-to-unselected

    All in all, you have a wonderful product with a lot of well-considered design. That's not just from a technical perspective, but with the UI as well. I'm just suggesting that a business preference for subscription payments doesn't need to dictate or influence how vaults are synced or where they are stored. If that's not the intent, then I suggest you revisit this issue with your support staff, and revamp the UI a little to make the choice easier to implement.

  • brentybrenty

    Team Member

    Glad to hear your reply. I understand that it's easier for most people to set 1Password up for all-cloud now, but that's actually my point. It doesn't need to be.

    @mzman: Strictly speaking, no, of course not. However, in order for it to work the way that most people expect it to, it does need to be an ongoing hosted service, which has ongoing costs associated with it. We wouldn't have gone to the trouble of building it otherwise. :)

    You could simply have subscriptions (for continuous software updates, and included sync to the cloud) as one option, or a one-time purchase. Easy to understand for all users. That's one independent decision.

    Yep. That's the choice you have today!

    Now, for those who choose the subscription, you don't need to assume that they want everything in the cloud.

    We don't make assumptions; this is all based on over a decade of feedback: direct requests and indirectly from interacting with customers. I don't personally see the benefit of paying for the hosted service without using the hosted service, since most of the features that people wanted which prompted us to build this require that (web access, seamless sync, sharing, etc.), but I can't tell you what to do. ;)

    You can ask on install whether they want to sync to the cloud, keep everything local, or a hybrid mixture.

    We do: membership subscription or standalone license.

    Again, those who don't want the complexity don't have to choose it. Those users who do, can read a caveat that the hybrid approach does indeed allow for potential confusion if they unintentionally upload to the cloud under the hybrid approach! You could even suggest that cloud-only is likely the simplest choice, syncing the local model is hard, etc. As of now however, it's a bit convoluted to get to my very simply goal: to use a subscription for the benefit of multiple users, device platforms, and continuous updates, while maintaining data locally as I had under 1Password 4.

    I agree that seems convoluted. That's why we don't design around that use case: it's not what most people want or expect. We know because we spend a lot of time helping people undo what you seem to be trying to do. "Why don't my passwords sync to all my devices?" Some people mistakenly setup (or maintain) local vaults even when they are trying to use the hosted service to not have to deal with all of that. So our efforts are decidedly to help people avoid getting into that situation.

    I'm thrilled you offer the choice to keep vaults local for subscribers, even if it's a bit convoluted to set up. Right now, your software design and support staff are cloud-biased. Multiple 1Password employees stated to me that a subscription and standalone vaults are incompatible, only to be corrected later by me or another employee.

    Local vaults do not sync with 1Password membership accounts because they are completely separate. I'm sorry for the confusion, but they are very much "incompatible" in that sense -- the only sense which matters to almost everyone using 1Password, with or without a membership.

    I don't see any reason for this cloud-bias, and I worry that this attitude may lead to a shutdown of that capability in the future. Or, it can lead to a truly fragile outcome, where a software engineer introduces a bug and a user gets things uploaded to a cloud vault, when they didn't want cloud vaults in the first place. This isn't far-fetched. Something similar already happened: https://discussions.agilebits.com/discussion/93236/default-vault-for-saving-new-logins-keeps-reverting-to-unselected

    Nope. Either you didn't actually read that discussion, or you misunderstood. That bug was simply with the default vault for saving. No one has any "cloud vaults" without signing up for an account and signing into it. We are very opinionated about 1Password memberships though, based on being asked for the benefits they offer for years and years, and the feedback from all those who are happily using them now. If you don't want one, don't get one. But they're the best option for most people and we're not going to pretend otherwise. :tongue:

    All in all, you have a wonderful product with a lot of well-considered design. That's not just from a technical perspective, but with the UI as well. I'm just suggesting that a business preference for subscription payments doesn't need to dictate or influence how vaults are synced or where they are stored. If that's not the intent, then I suggest you revisit this issue with your support staff, and revamp the UI a little to make the choice easier to implement.

    I think we still have plenty of room to improve, across the board, but I'm glad that you're enjoying 1Password and are so passionate about it. Just please understand that just because you happen to want it to work a certain way doesn't mean we can reasonably steer everyone that way when there is often a better fit. Cheers! :)

  • Switching to KeePass. Thanks for the good times 1password.

  • LarsLars Junior Member

    Team Member
    edited February 19

    @mzman - to start, thanks for the kind words about 1Password being a "wonderful product with a lot of well-considered design." I'm glad you like it, and we're happy to have you as user.

    Let's try to clear up a couple of things. :) You've said three things here in separate posts that I want to pull together:

    As to why I would want a subscription... to stay up to date on the latest versions of the software, of course!

    ...and:

    One of the things that made me select 1Password over its competitors, was the ability to create local vaults.

    ...and:

    I'm thrilled you offer the choice to keep vaults local for subscribers, even if it's a bit convoluted to set up.

    We don't offer this as any kind of recommended solution for most users. For the record ( ;) ), our supported options are 1password.com membership, or local data with standalone licenses, and of those two, the recommended method for most users is a 1password.com membership. So, if the question we're asked is: what are the options for paying for and using 1Password 7, those are the answers you'll see us give (like the answer I gave to @ebullister). The reason this possibility you've called "hybrid" even exists is because both standalone license users and 1password.com users use the same 1Password app(s), so the apps have to be capable of standalone and 1password.com accounts -- not because we're recommending using both as a solution to users.

    What you're trying to achieve with this "hybrid" setup is a combination of one of the advantages of a 1password.com membership (the undeniable financial advantage of access to all apps, including updates, at no extra charge, for as long as you maintain the membership) and a what you perceive as the advantage of completely standalone setup with none of your data on 1password.com servers. You've figured out that it's possible to achieve this - and it is. And if the question one of us gets asked is whether it's possible to do that, or to have both standalone vaults and one or more 1password.com accounts, then we will indeed give the answer I think you were hoping for.

    While it's possible to set 1Password up in the "hybrid" manner you're envisioning, do you really not see why we don't have a static support page suggesting people consider doing this as just another option, and trying to give a set of how-to steps that would be comprehensible to users like bundtkate's grandfather? While you may be more than capable of creating and maintaining such a 'hybrid" setup without mistakes (you sound as if you are, in fact, and more power to you!) many of our newer and/or less-sophisticated users would not even be able to tell you the significant differences between standalone data and a 1password.com membership, nor would many of them have a preference. They just want a good, secure password manager, that isn't difficult to use, and they've heard we can provide it (and we can! :) ). Of the rest of our users that both understand the standalone/account differences and do have a preference, some prefer local vaults/data and want standalone licenses and others prefer 1password.com and its advantages. But there are very few we've come across who want what you're trying to achieve.

    I will also add that you were support group also initially told me that what I was trying to do was impossible.

    I suspect either autocorrect got the best of you or you maybe were editing and forgot to tidy things up, because it's not entirely clear what you were intending to say here. So forgive me if I'm misreading your intended meaning, but I don't think anyone has told you it's impossible to set things up the way you're going about it, we just haven't gone out of our way to proactively mention that is possible, because (as I said) of its intricacy; it's not one of our supported options. No one here is trying to deceive you or tell you (or anyone else) things that aren't true.

    To recap, other than the fact that there's relatively little interest in this "hybrid" possibility, the other reason we don't include it in our responses to users who merely ask if they're required to set up an account to use 1Password 7 is the same reason that when we get asked about our standalone sync methods, we don't take the time and energy each time to point out that it's possible to use Folder Sync to keep one's data synced across multiple local devices using rsync or ChronoSync (Mac): because it's not a recommended or supported option, due to the complication and potential confusion it adds and the (relatively) high likelihood of causing problems for less-sophisticated users who might think we're recommending this option.

    But if you're confident in your ability to set this "hybrid" up yourself and avoid the pitfalls, then much like those intrepid stunt syncers of past years who set up their own unsupported DIY sync setups involving everything from GDrive and Synology stations to ChronoSync or rsync: have at it, and enjoy the combination of savings and your preferred sync method! :)

  • LarsLars Junior Member

    Team Member

    @Drewski

    I wonder why you have de-emphasized personal licenses and what that implies if I purchase another one.

    We've de-emphasized standalone licenses because a 1password.com membership is the best way to use 1Password for the vast majority of new users, and even for most existing users who are wondering which is the best way forward. 1password.com memberships are more flexible, more powerful, more secure and easier to set up and use.

    The Forums are rife with customers who have wasted a lot of time trying to find the details of converting a 1Password 4 license to a 1Password 7 license and can’t find it unless they download version 7.

    If you've scoured the forums enough to form that opinion, then you'll have also noticed that the forums are also rife with us repeatedly answering anyone who asks whether standalone licenses are available and at what cost. That's why this forum exists, in fact: so people can ask questions before they take any particular steps, if they're not certain about anything. You don't have to install 1Password 7 in order to learn what it costs or how to do it.

    Only an “idiot” would invest the required resources, to attempt to defeat what is a robust defense, on the chance they could collect the difference between their investment and the modest sum of $100,000 (pretax).

    While I definitely appreciate your assessment that 1Password offers a "robust defense," I'm not sure where you got the idea that $100,000 (the highest bug bounty ever offered on Bugcrowd) is too low for anyone to bother with, especially given the fact that this is the same amount Microsoft - a much bigger target than us - has been offering (and in some cases, even paying) for security bugs for several years -- and getting plenty of takers. But 1Password has existed in one form or another since mid-2006, and in all the time since then up to the deployment of 1password.com accounts, there has never been a breach reported to us or in the press of a user's encrypted database -- and there have been plenty of lost, stolen devices in that time, including many from rich people, celebrities, and other "high-value targets." Yet in all that time, no reported breaches.

    If the data I release to Agile is as secure as Agile claims it is, then Agile should offer to refund every dollar I pay as a subscriber if my data is breached. Can you direct me to the webpage where Agile guarantees the safety of my data?

    I know of no major security/encryption software developers (including our direct competitors) who offer this, primarily because it's a gimmick, as Bruce Schneier pointed out all the way back in 2009 the last time someone attempted it (side note: the company that tried that no longer exists). That's also the reason you won't see us using terms like "military-grade encryption" that really are "marketing ploys": because things like that don't meaningfully increase users' security and amount to little more than "security theater." Instead, we prefer to spend our resources making 1Password as strong and helpful a digital tool as possible.

    If Agile really cared about licensees they would offer updates for a fee to maintain compatibility, but Agile can't because they don’t have the resources.

    Huh? We follow a long-understood, industry-standard licensing model: free in-version updates (like from 3.5 to 3.6), paid full-version upGRADES, like from 3.6 to 4.0. This is the case once again with version 7.0 of 1Password, for both Windows and Mac. I'm once again hard-pressed to think of any commercial software developer that continues to keep long-retired versions of its software that were created (and current) years, even decades ago, "updated" - for a fee or otherwise. On the Mac side, we gave users of 1Password 4 for Mac free upgrades to new full versions 5 and 6 due to the difficulty of charging for new versions in the Mac App Store -- but even then, we did not re-open the aging 1Password 4 (or 3, or 2) for Mac code and try to "update" it to work with the very latest browsers, OSes and related technologies. I'm not sure why you'd expect us to. If what you want is "updates for a fee," then good news: 1Password 7 is for you: it has all the latest updates...for a fee.

    I am not interested in placing my passwords in the cloud or suffering a subscription.

    Again, you don't have to: standalone licenses for 1Password 7 (or "updates for a fee," if you prefer ;) ) are available right now. They cost $49.99 currently per-person and per-platform, but will be rising to the full retail price of $64.99 at some point in the not-too-distant future. They will be both available for purchase and supported throughout the life of version 7. Like licenses for all previous versions, a 1Password 7 license will never expire. It can be used to license version 7 of 1Password on as many of the type of device it was purchased for (Mac or PC), for as long as you continue to have hardware and versions of OS/browser with which it will run. When 1Password 8 is released, like all other previous legacy versions, version 7 will no longer receive compatibility updates or any new development. I do not know what 1Password 8 will look like, cost, what features it will contain, or when it will be released.

    I feel like my interest and Agile’s interest are diverging.

    And that's fine. I've asked some follow-up questions in this post and my previous one because quite frankly, I wasn't entirely sure what your interests were. I'm still not entirely sure. But if you're sure we're going in different directions, then we wish you well in your search for a password manager that ticks all your boxes, and we'll be here if you decide to return. :)

  • brentybrenty

    Team Member

    I didn't mention email specifically. What I did say was "to inform their valued customers". The semantics aside, the company (AgileBits) sends messages to users every day and in many different ways. The forums are an obvious example.

    @Drewski: FYI, you're writing this in our forum, which has an announcement on this subject right at the top (and other threads discussing it as well). As far as spamming 1Password users, we don't share that cynicism and contempt for others.

    On the other hand, the bad guys, perhaps even state sponsored bad guys, will invest the resources to attack such a valuable asset and that worries me. If the data I release to Agile is as secure as Agile claims it is, then Agile should offer to refund every dollar I pay as a subscriber if my data is breached. Can you direct me to the webpage where Agile guarantees the safety of my data? Talk is cheap.

    What you're describing has not happened, and, in your example, hypothetically if that did occur, it wouldn't be through any fault of ours: you'd either need to be using a compromised password to secure your data (weak or known), or be the target of a state actor with an enormous amount of resources (the likes of which does not today exist, given that there are real world constraints power). Update your stuff, use a long, strong, unique Master Password, and you don't have to worry about any of that in the near term; and, long term, we'll continue to evolve 1Password's security as the security landscape changes, rather than merely hoping that what worked a decade ago would still be viable today, and so forth. Security is a process, and you're part of that too.

    We promote memberships because they're the best option for the vast majority of people, and because we learn from our mistakes: we promoted both side by side for a long time, and it caused a lot of people a lot of trouble when they purchased a license and expected it to work on all their devices. Plenty of discussion about all of that here in the forum, if you're interested, but this thread is not the place. I'm glad that you were so unaffected by that that you still think it's a viable option, but in reality it is not.

    And, as always, we are here to help you use 1Password if you need assistance. If you have questions -- rather than demands, insults, and innuendos -- I'll do my best to answer them.

  • LarsLars Junior Member

    Team Member

    @btcompute

    What, specifically, is the risk in turning off this option?

    Installing a malicious version of Chrome. With code-signature verification checking active, you would be alerted to this, and 1Password would refuse to work with the version that fails code signature check. In fact, this is what's happening to 1Password 4 for Windows with the current version of Chrome (though not because it's malicious, but because Google changed code signature). With it off, you 1Password will happily connect to a version that might have been designed to exfiltrate your data.

    You state that agilebits “moved to supporting the major browsers”. Why then would to continue to have ver 4 work (without turning the option off) in other browsers but not in Chrome, maybe the most widely used web browser?

    Not sure I understand your question. If you're asking why we don't continue to update version 4, it's because version 7 has been available for nearly 9 months, and once new versions are released, older versions enter legacy mode which means they don't receive compatibility updates or new features/development. If you don't update Chrome, you don't have this problem. To be clear: we don't recommend you NOT update Chrome, we recommend you update all your mission-critical software: OS, browser(s) AND 1Password. Hope that helps! :)

  • LarsLars Junior Member

    Team Member

    @veteze - you're quite welcome. We'll be here if you decide to come back. Stay safe out there. :)

  • Agilebits, I paid 25$ for 1password 4! I want USE THIS application, I am not an idiot to keep all my private data in cloud. Please, return back my money, this is not acceptable and not secured for me.

  • @MikeT

    Regarding this:

    Each 1Password has a copy of all items and local changes in its local database; so if it detects an incoming band file that has items missing, 1Password is not going to remove them in the local database but instead it's going to import whatever changes is in the incoming band files and then re-upload its local changes (the ones missing in incoming band) to the same band file and push it back, so the other client will have the same list.

    So it is true that if my sync software detects the same band file changed on two devices, it doesn't really matter which one overwrites which during the sync?

    If that's true, then I imagine I need to do another sync to get both devices to then have the same, most up to date password database?

    Do I have that right? Thanks.

  • LarsLars Junior Member

    Team Member
    edited February 22

    Welcome to the forum, @leonid1812! If you paid $25 for 1Password 4 for Windows, then it sounds as if you got it at a 50% discount. Congratulations! That's a heck of a deal, and it sounds as if you've gotten multiple years of use out of it already. You're absolutely welcome to continue using 1Password 4 for Windows -- your license never expires, and you can install version 4 and use that license to authorize it on any device and OS on which it will continue to run. What we don't guarantee (nor do any other software companies of which I'm aware) is that as you upgrade other parts of your system to the very-latest versions, that the legacy 1Password 4 for Windows will continue to be compatible/operational. That's what's happened now with Chrome -- you updated to the most-recent version, and it has a different browser code signature which 1Password 4 for Windows does not recognize. You can:

    1. You can use a different browser such as Firefox, Vivaldi, Brave, Opera -- though eventually these may have the same problem as well.
    2. You can upgrade to 1Password 7 for Windows, which will verify the new code signature of Chrome.
    3. You can turn off browser code signature verification, as has been outlined more than once in this thread THIS IS NOT RECOMMENDED, as I've explained earlier in this thread, since it decreases your security.

    We're not going to be refunding a three or four year old, 50% discounted purchase at this point in time, but I do hope you'll consider keeping current with your security software. Standalone licenses for 1Password 7 for Windows are currently $49.99, so you can continue to keep your data on your own device without syncing it, if you prefer.

  • With new version of 1Password 7 you pushed very dangerous solution to keep all passwords in cloud. Many companies and application who suggested this architecture proposal have already faced with hackers. Many users accounts were hacked and many secure data were lost! I am sure that you thought and added the terms to 1password 7 license agreement. But this is the worst solution then possible. You are thinking about the money but not about your users. I suppose you will lose all your user when your 1password 7 application will be mass hacked!

  • your license never expires, and you can install version 4 and use that license to authorize

    yes, my license is never expires and my 1password application is never works because of development fails.

    Congratulations!

    I bought this 1password 4 application only 4 years ago and now it doesn't work! Thanks a lot! You have very good support and you worried about your customers!

    if you got it at a 50% discount.

    I am not sure about the real price. May be I paid 50$ as many losers in this chat :(

    Please, refresh and update the 1passord 4 application. I will BUY IT a second time if need it, but keep all my private data on your server this is not acceptable for me! I am not a crazy man!

  • brentybrenty

    Team Member

    With new version of 1Password 7 you pushed very dangerous solution to keep all passwords in cloud. Many companies and application who suggested this architecture proposal have already faced with hackers. Many users accounts were hacked and many secure data were lost!

    @leonid1812: That's correct, but not because of "the cloud", but rather because these companies 1) had access to users' data and 2) did a poor job of securing it. When you use a 1Password account, you choose a Master Password, a 128-bit Secret Key is randomly generated on your device, both are used to encrypt the data locally before it is sent to the server, and those "keys" needed to decrypt it are never sent to us. This is in contrast with most websites, which have your password, which can then be stolen from them. The only thing we have is an encrypted blob that is not feasible to brute force, even if that were stolen from us. I'd encourage you to check out the security white paper for details on how all of this works:

    1Password security

    I am sure that you thought and added the terms to 1password 7 license agreement. But this is the worst solution then possible. You are thinking about the money but not about your users. I suppose you will lose all your user when your 1password 7 application will be mass hacked!

    Can you elaborate on the specific threat you have in mind? Again, we don't have the means to decrypt the data; only the user does, so an attacker would need to target you in order to get the "keys" to decrypt it. Therefore, you would need to get "hacked" for someone to get your data. And you being "hacked" -- stolen from, in this case -- doesn't represent a flaw in 1Password.

    yes, my license is never expires and my 1password application is never works because of development fails.

    1Password seems to work here. Both version 4 and 7. Except, as the topic of this discussion, the old version of 1Password does not know about Chrome's new code signature. So while 1Password 4 still works, it cannot connect to that, only supported browsers which have not changed in this regard.

    I bought this 1password 4 application only 4 years ago and now it doesn't work! Thanks a lot! You have very good support and you worried about your customers!

    I bought an iPhone 6S four years ago, and it no longer works. Thanks, Apple! I got a ton of good use out of that...and 1Password is much cheaper -- 25$ for you (I may have gotten that deal too, but I don't recall for certain)! Also, 1Password 4 still works. Just not with Chrome 72. Plenty of other browsers out there if you want to continue using it. :)

    I am not sure about the real price. May be I paid 50$ as many losers in this chat :(

    Sorry, but if you're not going to be respectful, you'll need to leave. I really don't see the benefit of calling other 1Password users -- or anyone -- names, and it's not something that's acceptable here -- or in society in general, actually:

    Forum guidelines

    Please, refresh and update the 1passord 4 application. I will BUY IT a second time if need it, but keep all my private data on your server this is not acceptable for me! I am not a crazy man!

    I don;'t know what you're going on about here. As Lars already told you, licenses are available for 1Password 7. Memberships are a better option for most people, but they are not the only option.

  • Dear old 1passwords users, could you please recommend me an alternative to 1password 4?
    Does anyone tried the Kaspersky Password Manager? It has a free version.

  • LarsLars Junior Member

    Team Member

    @leonid1812 - this is a forum for us to assist 1Password users with 1Password, not for general discussion or advertisements for other products, whether competitors to us or unrelated products. There are plenty of places on the internet where you can discuss with other users what password manager all of you prefer. This is not that place, so please refrain from attempting to start such discussions.

  • Lars, forum is a place where application manufacturer tried to help they customers to fix problems with product. In our case - you use this forum as an advertisement of your new dangerous product. You are not going to solve any users problems. You are cheating your customers and you are pushing they to pay 50$ yearly :(

  • edited February 25

    Look how simple you can lost your 128-bit key and all your personal data!

    Kevin Mitnick demonstrates how easy it is for a hacker read your email messages - YouTube

  • @leonid1812

    To be fair, 1Password's design isn't automatically dangerous, and no one has demonstrated that specific cloud-enabled design to be dangerous.

    While I agree 1Password shouldn't push it's cloud-only approach so heavily, it's perfectly possible to purchase 1Password for use offline-only. I and others on this thread have discussed that on this thread. I prefer that for greater security, but I wouldn't call the cloud approach crazy.

  • LarsLars Junior Member

    Team Member

    @leonid1812 - while I appreciate your perspective on what you think this forum should be, I'm not certain what you think a video of email message hacking via a hardware fiber splitter and Wireshark has to do with whether we will or won't continue to update the legacy version 4 of 1Password for Windows. As both brenty and I have mentioned, standalone licenses for 1Password 7 for Windows are still available; you do not have to use a 1password.com account if you don't wish to.

  • no one has demonstrated that specific cloud-enabled design to be dangerous

    LastPassword application has the same model like new 1password 7...
    2016: https://thehackernews.com/2016/07/lastpass-password-manager.html
    2017: https://www.pcworld.com/article/3185731/security/lastpass-is-scrambling-to-fix-another-serious-vulnerability.html#tk.rss_all

    Let's waiting for the similar news from 1password side

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file