Setup with standalone vault [restored for paid customers in 7.3.4]

245

Comments

  • I'm actually pretty confused with the subscription model.
    Have been staying at v6 for the same reason.
    I just need a vault synced via Dropbox, I don't want my vault to be stored somewhere else.
    So moving forward, all vaults have to be stored with 1P's cloud?

  • For the record, i agree with haaf's comment on this and furthermore would like to state that the moment you disable the creation of new file synced vaults on desktop you will loose me as a subscription customer despite it being the most convenient solution out there.

  • PoolartPoolart Junior Member
    edited July 12

    removed

  • To everyone, who was as sceptical as me about storing my passwords, logins etc anywhere else than on my home NAS (for syncing purposed), I highly recommend to read the 1PW security whitepaper. It totally convinced me that my data is as safe with 1PW's servers as anyhwere else. Perhaps even safer.
    https://1password.com/files/1Password for Teams White Paper.pdf

    With this in mind, it's safe to switch to the subscripion model which gets you acces to all of 1PWs features. If you don't like subscriptions.....well, I'm not a fan of them either, but in the (roughly) two years a major version usually lasts, you really don't pay that much more than for a standalone version. For the tiny bit more you do get increased security with the additional secret key. Even if over the years we pay a lot more: I think we all have spent much more money on things much less useful.

    To be honest, I don't even know why I would want a standalone vault, sync or no sync. Without sync, I'm at danger to loose my data, as someone already pointed out here. With sync...why not switch the best sync option, which in my opionion is the 1PW-account.

    No, I am not being paid by AgileBits to say all of this, nor am I affiliated to them in any way. As I mentioned above: I used to be like so many of the people here complaining about subscripton, storing passwords in the cloud etc. Then I gave it some thought, did some research and in 1PWs case, I am convinced.
    I also tested a lot of options out there and I asked myself....do I want a piece of software, which as a business model I like, or do I want the best piece of software?

    Could there have beend more communication? Yes. Maybe. What would it have changed, if the release notes mentioned the removal of a feature? You simply don't update a critical application like you password manager?

    Maybe a last tought on subscriptons: I always want to use the best software and I want to support them. I will always prefer one-time purchases, but if, for example, Carbon Copy Cloner were to switch to subscription, I will not hesitate a second to switch.

  • PoolartPoolart Junior Member
    edited July 12

    The local vault is only removed in the free version or also in the Pro Version? I have not tested yet
    If only in the free Version, I'm a little bit frankly, I can understand it. If also in the Pro Version, I think you make a big big mistake.
    I'm using 1Password since its on the market and sorry Guys, Passwords are the most sensitive things there are and I will never be willing to store them anywhere in the cloud. If you have the intention to move everything only to the cloud in the future and just want to offer only the subscription and syncing in the cloud, I am definitely out as well.

  • I exported my data, and imported it into a self-hosted Bitwarden instance. Removed 1Password browser extensions, and installed the Bitwarden ones. Did the same for the mobile app. Problem solved.

  • I'm confused. If the idea is to avoid making mobile 1Password free-to-use, isn't a better solution just one in-app purchase away (while communicating on it also)?

    Some people are mobile-first. Making the mobile app a "companion app" only (unless subscribed, maybe, in which case the name "subscription trap" applies here) seems like a serious downgrade as well.

  • Just wanted to lend my thoughts that seeing 1Password’s attitude towards this is causing me to seriously doubt continuing my subscription when it expires. Not mentioning features like this in the release notes, at a minimum, is ridiculous.

  • Yeah this worries me, until I know for sure my functionality isn't going to be taken away, I guess I won't upgrade to the latest version. Honestly, seeing in-app advertising for the first time was a BIG red flag for me, it really alarmed me to see that they can inject arbitrary code in to this app I bought 6+ years ago.

    For the record, I've been very happily using 1pw desktop + ios + browser extension since 2013. In 2013 1pw was still quite new and unproven and in most peoples' estimation $50 for the ios app was crazy, but I did it anyway.. I guess it's naivete to expect corporations to take care of their early adopters.

    I will switch to bitwarden if this negative trend continues of not informing customers while taking features away, and advertising in a paid app..

  • I am also a user for many years now. But the way this is going makes me reconsider my choice. I was always happy with 1Password and recommended it in my security workshops / teachings.

    It began with the "default" installation for monthly subscriptions vs. one time payments. The one time payment options was made deliberately hard to find.

    And now we see local features being removed without any notice.

    I am with many of the users here. This is not about wanting software for free. The way this is done and communicated, or the lack of it, is what makes me looking for alternatives. I guess I will have to stop updating 1Password and look for an alternative. Because with this experience I assume it is only a matter of time until everyone is forced into a monthly subscription (which simply isn't feasible for most of us, that not only have to pay 1Password, but also MS for Office, Adobe for graphics, etc.pp., the accumulated costs of a "normal" users software becomes unbearable).

    Sorry to see this happening.

  • i just want to express my utmost disappointment in agilebits for doing this.
    Without any notice in the update notes, you silently removed the option of creating local vaults on iOS devices.
    This means for future setup on my device i need to move my passwaord data to your cloud service.

    Also this removes the last option to sync between devices (Mac / PC and iOS) not using a cloud then.

    I think this is a very shady move and despite i was a long term customer since Version 4 of 1PW for windows and also purchased the PRO app version for iOS long time ago. i am now gone. I am fed up with this policy.

    I dont want my passwords in a cloud.


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided

  • Most people are going to draw a line at being deliberately deceitful. Whether or not you intended is irrelevant at this point. We all know you're going to weather the storm regardless but I will be personally shopping for a replacement regardless. Best of luck.

  • brentybrenty

    Team Member

    @Niklas, @racer321: Rather than this being a grand conspiracy, not everything is always in the release notes, and not always clear when it is. I'd like us to do better. As an example, this change apparently didn't make it into the release notes either. I prefer developers focus on coding rather than release notes, but I like them to be complete as well since I often forget what was added when and use them as a reference.

  • brentybrenty

    Team Member

    @natehouk: The "changes [you] noted" are that the App Store version of 1Password for Mac does not have a "standalone" purchase option, as we have that in the version from our website instead, for the reasons laid out here:

    Getting 1Password 7 ready for the Mac App Store

  • brentybrenty

    Team Member

    @haaf: I appreciate you taking the time to try to boil this down, but I think you've misunderstood. That's likely our fault because of the lack of clarity in the first place, and I suspect you're just just going off of some of the other comments here. To be clear, you can still sync standalone vaults in 1Password for iOS. The difference is that the app cannot be setup by creating a new local vault on the device; you'd need to sync an existing vault from another. Again, sorry for the confusion this has caused. I hope that clarifies things. Let me know if you have any questions.

  • brentybrenty

    Team Member

    I just need a vault synced via Dropbox, I don't want my vault to be stored somewhere else.

    @resting: You can do that.

    So moving forward, all vaults have to be stored with 1P's cloud?

    Nope.

  • brentybrenty

    Team Member

    @poolart: Local ("standalone") vaults are not being removed. Creating a new one when setting up the app is no longer an option, but you can sync an existing local vault from another device.

  • marcodenamarcodena
    edited July 12

    As an early adopter of 1Password, I see these answers and this behavior very disrespectful. Software updates that insert or remove features should be avoided, especially for security software that builds everything on trust.

    BTW: you achieved the first page of HN https://news.ycombinator.com/item?id=20417832. Congrats :)

  • Hi team,

    I’ve been a 1Password customer for a long time. I bought standalone copies for three platforms back in the day, and I later switched to your subscription model so I could share a vault with my family. I convinced many friends and colleagues to use your product as well.

    And I’m disappointed by your response in this thread. You need to mention changes like this in release notes. Even better, you should publish advance notice on your blog. Be upfront about shifts in your business model. I want to feel safe entrusting this critical service to you for the foreseeable future. You didn’t remove a feature I depend on this time, but now I feel you might in the future.

    No one in this thread sought to understand this customer’s use case. Reading between the lines, I think perhaps this customer crosses international borders and wants only a few items in a local vault when he does so. Perhaps someone on your team could offer an alternate approach.

  • brentybrenty

    Team Member
    edited July 12

    @c1pwt07: It's not "arbitrary code", and it's not being "injected". Version 6 has literally not been changed for almost two years. We just enabled the update notification. I've literally spent the last year answering messages from people demanding to know why we didn't tell them a newer version has been available, so I'm glad that we were finally able to "flip the switch" on this. I'm sorry if you didn't like how it was presented, but you won't see it again after restarting.

    @ezfe, @teebz: As I mentioned above, rather than this being a grand conspiracy, not everything is always in the release notes, and not always clear when it is. I'd like us to do better. As an example, I noticed yesterday that this change apparently didn't make it into the release notes either. I prefer developers focus on coding rather than release notes, but I like them to be complete as well since I often forget what was added when and use them as a reference.

  • I join those who are disappointed at this change, and the fact that it happened without communication. I have been worried at the direction 1Password seems to be going (subscription model only), and this might just be the virtual "drop that overflows my cup." I am going to actively start looking for another solution, and might not continue my family membership when it expires.

  • brentybrenty

    Team Member

    @gcsventures, @tom_tom: Indeed, the idea is making the 1Password mobile apps free to use as companions to the desktop apps. You're right that some people are "mobile first", but those are the people most at risk of losing data. So we definitely want to push those people to a 1Password membership, to get away from people using 1Password only on mobile devices without any backup of their data. I personally want that, and I won't mince words or prevaricate about it: I've personally seen too many people lose data that way, and it sucks every time, for me as the one delivering the bad news, but even moreso for the user. I've lost data in the past myself and wouldn't wish that on anyone. I appreciate your perspective, and I'm sorry if this change is unwelcome to some people...but until you're in the position of losing data or having to tell someone else that they're out of luck, I think you would have a very different perspective. We're responsible for helping people protect their important data, and part of that is preventing them from losing it. You have the luxury of not having to care about what happens to other people's data, so long as yours is safe; we don't. I wish we'd made this change years ago, as it ensures that someone can't be in the position of having their 1Password data only on their iPhone when it goes into the pool.

  • Hi @brenty, I don’t think it’s a conspiracy and I understand it’s likely just an oversight but the nature of their response to complaints is more what bothers me-rather than the original issue itself.

  • tom_tomtom_tom
    edited July 12

    Dear @brenty this is a pretty bold and very unpleasant statement from someone who has actually no idea of my background nor the work I do or in what context I recommended 1password.

    Again, the main reason for this is the way the company moves in a direction to not communicate openly, as we have seen in the release notes, and the behaviour to push people towards subscription models.

    I am also truly worried about the way the responses in this thread are handled.

    And just to give you some context when you write comments like "You have the luxury of not having to care about what happens to other people's data, so long as yours is safe; we don't. "
    Unfortunately I dont have this luxury. I recommended 1password when I volunteer to teach and coach NGOs, journalists and human rights activists on basic cyber security, attack surface and basic threat modelling.

    I do have the luxury to operate in a very safe country, where I dont have to worry about certain targeted actions. However I dont have to luxury to recommend tools that are marketed this way, because I am responsible for their OpSec and the consequences they face.

    Edit: Unlike you @brenty, I dont have the luxury to get paid for this, I do this all for free, sacrificing my family time, nights and weekends to train and educate people on InfoSec.

    PS: We have seen a similar reaction around the "disappearing" of the one license purchase option and the cumbersome "workaround", so this is not the first time paying clients feel disappointed and left alone.

  • 1pfanboi1pfanboi
    edited July 12

    @brenty I just want to chime in and say that, I too, agree with the rest of the customers in this thread.

    I'm a huge 1Password fan. I've been a user for nearly a decade - I originally purchased the iOS/macOS/etc apps individually ~8 years ago. 1-2 years ago I started subscribing to a 1Password subscription and this year I've onboarded the rest of my family onto a Family plan.

    So, to be clear, I'm not personally going to be affected by this change - I don't need the ability to create a vault locally on my iPhone.

    But having said that, and I won't mince words, I think this change ******* blows and 1Password's response is a slap in the face to a lot of loyal 1Password customers.

    You're right that some people are "mobile first", but those are the people most at risk of losing data.... I've personally seen too many people lose data that way, and it sucks every time, for me as the one delivering the bad news, but even moreso for the user. I've lost data in the past myself and wouldn't wish that on anyone. I appreciate your perspective, and I'm sorry if this change is unwelcome to some people...but until you're in the position of losing data or having to tell someone else that they're out of luck, I think you would have a very different perspective.

    Sure, but that isn't necessarily your call to make. (And I say that from the perspective of someone who 1) has lost data 2) has told other people their data is lost) Someone might wish to make a vault locally and backup their phone with iCloud. Or locally to a computer. Or they explicitly reach the conclusion that they don't want to backup their data. Either way - that's their call to make, not your's.

    We're responsible for helping people protect their important data, and part of that is preventing them from losing it.

    Once again - no you're not. You're conflating 1Password "the service" with 1Password "the app." 1Password "the service" is a paid service where you manage my data - in that case I completely expect you not to lose it. But if I'm simply using the 1Password application, without the cloud service, you aren't responsible for my data and it isn't your job to prevent me from losing it.

    Regardless, at the same time as other developers and services move to make their mobile applications work independently of their desktop counterparts, 1Password is moving in the opposite direction and increasing friction for "mobile first" users.

    You've casually removed a major feature, failed to communicate about it, and then failed to empathize with your users - honestly I think 1Password's handling of this is as bad as the root issue itself.

    You can count me among the rest of the folks who'll be cancelling their plans and migrating their families to a different, pro-user, solution.

    Edit:

    To provide some more actionable feedback...

    If this is about data loss prevention, make it abundantly clear to users that the local vaults aren't backed up and users should make sure to backup their phone... or subscribe to a 1Password plan.

    If this is about the app being free, make the ability to create a vault locally without other devices/cloud services an In App Purchase.

    Honestly both/either of those would be completely fine (with me personally). But completely removing the feature is absolutely overkill.

  • @brenty I appreciate the response.

    Over the past decade, I have been in the position of helping customers both as a customer support person, and as a product manager and as a CTO, amongst other sets of responsibilities in between. As an IT professional, I have also helped not just other professionals be they customers or colleagues, but also friends and family deal with a slew of personal computer-related issues including data loss, both on the prevention side, and on the "bad news" side.

    I take responsibility for the recommendations I make, as people choose to trust me when I make a recommendation on a particular product, service, or way forward. This is actually my reason for being here in this conversation. I wanted to dig into what the stance of the company is on this issue, which I think is an important one, as that affects my recommendations moving forward.

    Back to 1Password now, in my over 6 years of being a paid customer, upgrading to every new standalone version as soon as a new one comes out, I have recommended 1Password plenty.

    I get it, you're responsible for everyone's experience using 1Password. And you have your perspectinve on how to best do that. I respect that, and I think I understand the concerns you brought about best helping people.

    I absolutely agree with the notion of providing safe defaults. So that anyone, anywhere, doesn't run an unnecessary risk (here, data loss) they might not, for the most part, even be aware of when they choose to take it.

    But that's not what this is about. What it is about, is removing user agency, suppressing a legitimate use case (maybe not to you, but it is 100% legitimate to the people using your product that way), when your users themselves make the informed choice to work outside of the default path you laid out for them (even if it's arguably safer from your standpoint). It's about removing capability, without notice, without documentation, and most importantly without much of an alternative (mobile + no cloud + no sync = gone). On that note, it also brings concern as to what you will do on desktops and laptops next. I mean... the data loss argument can also work there... Users can't be forced to make backups of their computers, so what will you do next? Take the choice of local use away there too?

    In the end, every user is responsible for their choices. You make a product, and people get to choose how they use it. It's our collective jobs as software professionals to give users safe environments to work within, to provide UX for people not to shoot themselves in the foot by accident, as well as to support them when the worst happens. But it's also our collective jobs to help them do what they want/need to do rather than what we want them to be doing instead, let alone take something they rely upon away right from under them.

    You changed the behavior of a tool they relied upon for a legitimate use case. You (Ben, actually, but I'm assuming team cohesion here) first brought up dropping free-to-use as an answer.

    I get why people commenting here are upset. Why don't you?

    I'll leave it here, but before I do, a few comments on your assumptions:

    until you're in the position of losing data or having to tell someone else that they're out of luck, I think you would have a very different perspective.

    Yeah, I've actually been there, so thanks for that.

    You have the luxury of not having to care about what happens to other people's data

    Not really, no. Working on software products and services kind of takes that away from you.

    Best of luck moving forward.

  • My thoughts on this topic as a long-term user (I’ve payed for the App)…
    Passwords are one of the most important data we have. So as a user we have to absolutely trust the App and its developers to keep the data safe and secure - not only now but also in the future.

    I understand that putting all the data into the cloud is comfortable, but it also introduces problems and issues, which is why this is not an option for all users. This was not an issue in the past, because 1Password did also provide local vaults. So this was an App for all users, those who want to save passwords locally, and those who are OK with the cloud.

    But now you’re removing critical features for one user group. This is unfortunate, but would be at least acceptable if you would communicate this so the users can prepare for this. But you did not. You even removed critical features in a „tiny minor“ update where no one would expect such a move, letting some of your users running into trouble, because they would find out about the missing feature when it’s too late to go back.
    But also in the past the communication about updates and their changes was not always as it should have been.

    Unfortunately your response about this topic in this forum thread doesn't give me much confidence that this won’t happen again or that you really understood the gravity of the topic. The trust I’ve mentioned above is gone (for me at least - I’m sure a large part of your user base is using the cloud and won't notice this problem at all). So I’m looking for alternatives now. I really don’t want to experience any more bad surprises in the future. Again: these are my passwords, one the most valuable and important pice of data, and I can’t risk that these are taken „hostage“, locked-in into a cage etc.

    You say that you want to protect the users data by „nudging“ them to use your cloud. Please don’t worry about me loosing data, I take care of my data, create backups etc. But I do not really trust clouds. Every few weeks we learn from another breach of an online service where millions of passwords got stolen, this affects small companies, big ones, popular ones. The App 1Password itself has a feature which tells me about such breaches if one of the saved passwords could have been affected. Why should I expect that the 1Password cloud is the only one that 100% secure? But not only security is an issue with clouds, cloud servers are also sometimes down; Apple currently has big issues with their iCloud in combination with the early beta releases of iOS 13, which actually destroys data in the cloud. And also what happens if your cloud service doesn't make enough money, so you are forced to discontinue it (Microsoft has a big reputation of discontinuing services where users payed for content that can no longer use afterwards, but also other companies have done this). So there are many reasons why it’s not always a good idea to go „all in“ and exclusively into a cloud service. I don't blame users who do - I know it’s very comfortable. But you need to understand, that the cloud can not be the answer to everything.

    So if you slowly move to a cloud-only solution, you have to expect that some users are upset, especially when working without a cloud was the reason why thy have purchased the App in the past.

    So, I say good bye to 1Password. It's sad, because I really loved the App, but the recent development is no longer working for me.

  • I was pointed out the existence of this thread, and now I am confused.

    My setup : I store everything locally on the phone. I don’t want my data to appear on any cloud server at any point in time. I make regular backups of my data, using the backup feature in the app, and store those backups on my backup drives. Making sure those backups get there without passing any cloud server.

    Now, consider my phone getting destroyed. What are my options to restore my backup on a new phone? Do I need a subscription? Do I need to store my data in the cloud?

  • @brenty this is exactly the condescending tone I was talking about. In want to believe you, but you prevent me from doing so.

    Walk the walk.

  • I've been a paid standalone user since 2008. Others have provided plenty of commentary that I agree with so I'll keep it short and comment only on the specific issue at hand.

    Removing a major feature should be done in a major version bump, and certainly not a patch release. Have a look at semver.org for a more detailed explanation.

    Even if the feature was removed, it should most definitely be in the release notes. Incomplete release notes are less useful than nothing at all since they provide a false sense of trust (as opposed to a user choosing to role the dice with no release notes).

    Based on the responses (as well as the entire subscription model switch), I'm not sure that this sort of thing won't occur again. Going from 100% positive and amazing Mac and iOS apps back in 2008 to something less than than over the past couple of years is not the direction I like to see. I'd probably give the subscription a try if incidents like this didn't keep cropping up.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file