Why sign up for a 1Password membership?

khad

@hukaze,

It's true. We are de-emphasizing standalone licenses for all of the reasons I listed in my post above. It's a better experience for pretty much everyone. For those that still want standalone licenses, we make them available.

To me, 1Password standalone licenses are a bit like a certain $30/month cell phone plan from T-Mobile. Let me explain.

If you don't mind managing everything yourself

I don't know what country you live in, but here in the United States, individual plans with unlimited texting, calling, and LTE data are $77.50 on average. Now, most of the carriers offer alternative plans around $50 or so, but T-Mobile also offers a plan that's less than half the unlimited price! Only $30! Crazy right?

The catch is that it only comes with 100 minutes of talk time and 5 GB of data. So you have to either never talk on the phone, or find some other way to manage your minutes: Google Hangouts, SkypeOut, etc. It's kind of a PITA if you don't know what you're doing. I would never set my uncle up with a plan like this, for example. He just wants to make phone calls and not have to worry about how many minutes he has or opening a specific app to do it. It would drive him insane.

Because of this, T-Mobile doesn't make signing up for the plan super obvious. Tons of their customers would be extremely disappointed if they stumbled on to the plan without realizing what they were signing up for. Their calls would be getting cut off every month when they hit the limit. On top of that, it's not available to new customers. You'd have to port your phone number out and then port it back in to get the deal.

It's the same sort of thing with a 1Password standalone license. If you buy a standalone license, you have to sync everything yourself, you don't get automatic backup, you have to buy a separate license for every platform. People were jumping through all these hoops to get things working when they literally did not have to. We already had a better way: easier, with built-in syncing, automatic backups, etc.

People were buying standalone licenses when that wasn't what they actually wanted! I don't blame you if you're a little skeptical of that claim, but it was an epidemic. I'm not sure how I can prove that to you other than to go looking around at older threads on our discussion forum. We would get emails from folks like, "I paid for it! Why do I have to buy it again on my mobile device? And I can't get syncing set up with Dropbox. You said I could use the app everywhere. Help!" They read all about the 1Password memberships, decided that was what they wanted, but then bought a standalone license on accident.

After seeing so many frustrated customers who just wanted things to work, we had to take action. There are entire articles written about how to get that T-Mobile plan and it's often discussed on Reddit where folks who are keen on all these things can find it. 1Password standalone licenses are not nearly as hard to find or purchase as that T-Mobile plan, but we caused way too much pain and confusion by making them as easy to purchase as a 1Password membership.

Make the secure thing to do the easy thing to do

I'll quickly reiterate a few of the points from my post above, but I do encourage you to read it (just the "Why we introduced 1Password memberships" if you're in a hurry).

Our goal with 1Password has always been to make the secure thing to do the easy thing to do. 1Password membership are an enormous step in that direction:

• No more pissed off customers with lost data because they didn't set up some complicated third-party syncing just right.
• No more frustrated customers because we don't have any control or visibility into third-party sync solutions and are therefore limited when troubleshooting those kinds of sync problems.
• No more annoyed customers who rightly expect to be able to use 1Password on all their devices without having to buy it 2 or 3 times (once on each platform they use).
• No more crushed customers who forget their Master Passwords. Family organizers and team administrators can recover accounts for family and team members. (I literally cannot overstate how huge this one is. You try telling a sweet 70-year-old man that he just lost everything he had stored in the app you make. It sucks. A lot.)

So, yeah, we sort of feel a moral obligation to make the easier and happier path the default one for everyone.

However, like the folks on the $30 T-Mobile plan, the standalone licenses are out there if none of that interests you, and you're a bit more of a DIY-er, more technically included, and don't mind doing more advanced setup and troubleshooting.

aakash

Hello! While not a fan of subscriptions, I understand the need for software vendors to switch to subscription models. However, one personal preference I have is to store my data on my computer and use WLAN syncing to sync it with my mobile device - this is one of the main reasons I chose 1Password when I was comparing various password managers a few years ago. I recognize that setting up WLAN syncing is more difficult, and that using 1Password.com is easier to set up. However, for people who are still interested in utilizing the WLAN sync mechanism, and are fine with joining the subscription model to get the newer features, is there a planned option to offer the option to not have the encrypted passwords stored on 1Password's server? From what I read at https://support.1password.com/wlan-server, it appears that the WLAN feature was only available with v4 and was not made available with v6.

Thank you for your time!

khad

From what I read at https://support.1password.com/wlan-server, it appears that the WLAN feature was only available with v4 and was not made available with v6.

Thanks for asking about this, @aakash. There is a difference between Mac and Windows in this regard.

• On Windows, the WLAN server is only available in v4. For v6, our focus has been on 1Password.com accounts, so there is no support for any of the advanced syncing options in 1Password 6 for Windows.
• On Mac, the WLAN server is available in v6.

Don't let the numbers fool you, though. Versions 4 for Windows and 6 for Mac were developed concurrently. But once we introduced 1Password membership, we started from the ground up on Windows and gave the new app a matching version number with the Mac app.

aakash

Hello Khad! Thank you for your prompt reply. To clarify, is WLAN syncing support (or any other means to sync without using the cloud) on the roadmap for 1Password v6 (or newer)? Or, is the expectation that 1Password customers must now use the cloud to do any sort of syncing between 2 devices. Please note that I am fine taking additional more complicated measures to accomplish this as long as it's supported, and note that I understand that I would have to join the subscription model - I am just looking for support for this using modern versions of 1Password where other newer features are being added.

I definitely appreciate the great support I receive from AgileBits, but if WLAN syncing is no longer planned to be an option (with the paid monthly subscription model), I will have to review other password managers and re-evaluate features that other password managers offer that 1Password does not currently offer and consider them (since it appears that WLAN syncing is a rarer feature these days).

I hope AgileBits considers options for its customers who are willing to pay but would like non cloud based sync solutions.

Thank you for your time.

[Btw, your spam block feature on your comments section is rather annoying since it is preventing me from making a quick edit to the comment I just posted since it is being seen as a "second comment", when it is really just the same comment that is being modified - please consider changing this]

khad

Hey @aakash,

It looks like your edit worked just fine, but please let me know if you have any further trouble with it. :+1:

There are no current plans to add any of the advanced sync options to 1Password 6 for Windows, but they remain available in 1Password 4 for Windows in addition to 1Password 6 for Mac. Since the advanced sync options don't require a subscription, you can continue using the version of 1Password you currently have with your standalone license.

aakash

Thanks - after I resubmitted the update after the 300 seconds it specified, it worked. What I was suggesting was that the comment section should not have rejected an update to the same comment.

As for the WLAN syncing, that's unfortunate news. Thanks for confirming that and I'll begin to look at other solutions.

allanster

Brenty says "That's part of the reason we WANT to offer both licenses and subscriptions.

Khad says "We're DELIGHTED to continue to offer standalone licenses for folks who prefer them."

-> Let me get this straight, you're going to HIDE the links for perpetual, make people CONTACT and INQURE first to purchase perpetual, but you WANT to and are DELIGHTED to continue selling both models. Right.

---

Ben says "Our current position is that as long as folks continue to purchase licenses we'll continue to sell them."

Brenty says "Unless everyone stops buying standalone licenses because we now also offer subscriptions (ironic?) we have no plans to stop offering either"

-> Gee, I can't imagine perpetual sales ever dwindling when most people never see them even offered in the first place, and aren't going to take the time to pour through forum threads to figure out that they exist. I also can't imagine why many of your customer posts in just this thread alone accuse you of being disingenuous.

I would have been perfectly fine with you presenting the subscription option alongside perpetual (which built your company), but instead you've chosen to bury it and talk out both sides of your mouth that you want to continue selling it. Wow, just wow.

Furthermore, just how stupid do you think we all are? Judging from some of your comments I'm guessing you think that about most of us. "Perpetual is just WAY TOO HARD to configure and sync, MOST of you will be better off with Subscription". Was Perpetual just way too hard for your loyal customers of a decade that put you where you are today? I clearly remember being marketed how EASY and CONVENIENT it was. Hmmmmm. Condescend much? And the comments about having to constantly help people figure things out. I bet you're spending more time now defending and answering licensing questions and based on this thread and the others I perused, sounds like many of us our downright angry versus the past when some of us were just frustrated.

---

Since 2007 I've bought licenses for family and friends and recommended it to many more than I can remember. I also have always held your brand in extremely high regard. Immediately upon going to your site and seeing this... 10 years of positive feelings down the toilet.

I also happen to be in charge of infosec for a large group of companies and was actually coming here today with thoughts of purchasing a large quantity of licenses for work. No sale. Anyone in here remember Adobe when they said you will ALWAYS be able to buy Creative Suite 6 OR Creative Cloud? Try to buy a perpetual license today, you can't. I just recently switched several departments in one of our companies from Suitcase to FontExplorer after a decade. Why? You already know why, they both cost the same, they both work well, but Suitcase went subscription. No sale.

You'd do well to heed the Aviator's words about their entire community shunning a product for doing this. Once that bad taste gets in your mouth, it spreads fast, far, and wide. I don't want to logon, figure out how, and update umpteen accounts each time I get a new card at home or work. I also don't care how much you think you can quantum double doo hickey encrypt MY data, my BLOB stays with me. Period. Steve Wozniak would tell you the same, of course what does he know, I mean, just being the real brains behind Apple and all.

Looking at google trends from August 2015 before you BURIED perpetual, 1546 people looked for "1password standalone" and I'm gonna go out on a limb here and suggest they weren't happy when they keyed it, and it's trending higher (so is "1password alternative").

I know you employees are just in here doing your jobs, and I don't envy you, putting lipstick on a pig ain't easy. Suggestion - if you were genuine in your statements about "you WANT to" and "are DELIGHTED to" continue selling subscription, then put it back on your PUBLIC page where people can actually see it and buy it. Call me crazy.

khad

@allanster,

We did offer standalone licenses directly next to the subscription option for months. I mentioned this in my previous post:

People were buying standalone licenses when that wasn't what they actually wanted! I don't blame you if you're a little skeptical of that claim, but it was an epidemic. I'm not sure how I can prove that to you other than to go looking around at older threads on our discussion forum. We would get emails from folks like, "I paid for it! Why do I have to buy it again on my mobile device? And I can't get syncing set up with Dropbox. You said I could use the app everywhere. Help!" They read all about the 1Password memberships, decided that was what they wanted, but then bought a standalone license on accident.

After seeing so many frustrated customers who just wanted things to work, we had to take action.

Here again are all the problems 1Password memberships solve, and all the things customers complained they weren't getting when they accidentally purchased a standalone license:

• Lost data because they didn't set up some complicated third-party syncing just right.
• Trouble getting everything to sync, and we're limited how much we can help because we don't have any visibility into iCloud or Dropbox.
• Expecting to be able to use 1Password on all their devices without having to buy it 2 or 3 times (once on each platform they use).
• Forgotten Master Passwords. (Family organizers and team administrators can recover accounts for family and team members. This is impossible with standalone vaults, but it's something people expect and demand. As I said above, I cannot overstate how huge this one is. You try telling a sweet 70-year-old man that he just lost everything he had stored in the app you make. It sucks. A lot.)

I don't want to logon, figure out how, and update umpteen accounts each time I get a new card at home or work.

That's exactly what a 1Password.com account solves. All your vaults are in one place. There is just one thing to sign in to. With standalone vaults, you would need to have: your iCloud or Dropbox credentials plus each vault has its own Master Password if you have multiple vaults. Oh, and you need to configure syncing for each one separately. This is not something regular folks enjoy doing. Sync issues were the single biggest source of pain for our customers before 1Password.com accounts were introduced. Now, people just sign in and all of their vaults are available to them. That's it.

As someone who works for a security company, I completely understand where you're coming from, but most people don't want to manage syncing themselves. If they didn't trust the open security design of 1Password, they wouldn't use it — no matter how it was being synced. But because they are already trusting us to get the security design right, they trust us to handle the syncing as well.

As we grow as a company — well, there are only so many geeks like us who are willing to mange their syncing themselves, willing to troubleshoot it when something goes wrong (or simply have the patience for someone else to troubleshoot it), and are okay with the risk of forgetting their Master Password and losing all of their data forever. Instead, most folks just want things to work, so we provide that option (and more) with every 1Password membership.

On the other hand, if you, me, and other technically-minded folks like us want to manage syncing ourselves, we still have that option.

allanster

@khad - Yours is one of the many aforementioned condescending statements I was actually referring to...

"People were buying standalone licenses when that wasn't what they actually wanted!"

In other words we customers are too dumb to even know or purchase which model we want? It's amazing we're even intelligent enough to know we need something like this and find our way to your site.

Have you considered the possibility that if people couldn't figure out which model they were buying and what they were getting then marketing/design did an awful job presenting it? You certainly seem well versed in pointing out the differences between the two models in here. Maybe Agile should give you a crack at retooling the 2 models page? Are you sure we users can grasp all of this?

It ain't rocket science, 2 models, 2 columns, couple of emphasized limitations on the perpetual, and you don't spend time having to explain it over and over in here. It also removes the appearance you're purposely and willfully killing perpetual.

Either... it wasn't presented clearly OR we're stupid OR you're killing perpetual. 2 of those 3 possibilities aren't going to set too well with a sizable portion of your longtime loyal customers (and free evangelists). So which is it?

PS... This is first hit on google for "1Password standalone".

khad

@allanster,

I don't take as low a view of 1Password users' intelligence as you seem to. As I mentioned, what you describe is exactly what we had for many months. Two different ways to purchase 1Password, presented side by side. I'm not sure how that would not be confusing, though. People just wanted to purchase "1Password". Since there were multiple options for purchasing what they thought was one thing, that lead to confusion. Simple as that.

Now there is just one easy and clear sign up option, and for folks who want standalone licenses, they are still available but not presented in a way that causes that same confusion.

allanster

Great, so then since you're "delighted" to continue selling perpetual, and we aren't on the main page but we ARE on the number 1 hit page for people actively searching for perpetual, why not edit the first post in here to show us links for each of the available perpetual licenses (mac, windows, bundles, etc).

Then people who actually want them can find them, customers aren't forced to search threads for where you've already posted some of them. Shouldn't be a problem right? I mean after all, your coworker is on record stating that you "want" to sell them.

I'll look forward to your posted links.

AGAlumB

Maybe Agile should give you a crack at retooling the 2 models page? Are you sure we users can grasp all of this?

@allanster: I can't say for certain since I don't know the exact numbers, but I'm pretty sure we went through more iterations of our website and app setup processes in the past year than in the previous 10 years combined. It was a lot of work, and "retooling" so much also caused some additional confusion. So we've already gone out of our way to do what you're proposing; it just didn't work out the way any of us wanted it to and insults aren't going to change that.

Great, so then since you're "delighted" to continue selling perpetual, and we aren't on the main page but we ARE on the number 1 hit page for people actively searching for perpetual, why not edit the first post in here to show us links for each of the available perpetual licenses (mac, windows, bundles, etc).

When Khad said that back in August 2016 we (and our customers) were much more delighted than we are today to offer several (and I mean that literally) options for purchasing and using 1Password front and center on in our apps and website. It doesn't make sense to take that so far out of context since, at the time, we were marketing standalone licenses alongside the subscription service. Since your complaint today is that we're no longer doing that, it seems more appropriate to put in in the context of where we're at now, which Khad already elaborated on extensively. Seriously, that was 8 months ago. I understand that you're picking and choosing to try to argue your point, but you just can't have it both ways. And you really don't need to argue this at all! No one has taken anything away from you, and you can continue to use 1Password as you have been.

Then people who actually want them can find them, customers aren't forced to search threads for where you've already posted some of them. Shouldn't be a problem right? I mean after all, your coworker is on record stating that you "want" to sell them. I'll look forward to your posted links.

While it sounded like you'd already purchased the licenses you need, I'm sorry if we misunderstood. As mentioned previously, they are still available on request, so if you'd like to purchase one (or more), just shoot us an email at support+licenses@agilebits.com and we can help you with that. Just post the Support ID you receive here so we can find it and get back to you more quickly.

allanster

@khad @brenty - I'm gonna take a step back here and make it clear that I've been passionate and enthusiastic about 1password for the decade I've been using and promoting it. It's elegant, sleek, and sexy. It's a fantastic creation. I've been more than happy to pay for upgrades and would be fine doing so annually. I want to see Agile dominate this sector and wish you much success.

That being said, being in the job position that I'm in, there are a sizable number of people that ask me for advice on which products to buy and use, and there's no way I'm going to continue recommending your product to them. How does this roll off your tongue?...

"Yeah it's great, it's easy, just go to their site and buy the one that says perpetual, oh wait, you can't, look around for a "contact" button and inquire with them about perpetual, wait for a response, and then buy it unseen. No, you can't at least look it over first, it's a secret." You think I'm actually going to say that to someone with a straight face?

I find it comical that you both are trying to twist my words around.

• I don't "seem to" have a low view of your customers' intelligence, it is you who do so when you make the statements that I already pointed out that come across as condescending.

• I'm not the one "picking and choosing" and "insulting" here, you are. You are insulting your customers' intelligence, on the one hand you say we still get to choose models, but on the other you won't even post the links to the standalone on a page that is AWAY from the one your "marketing" AND is a page where people are CLEARLY wanting perpetual or they wouldn't be here on this page in the first place!

Parallels (and many other successful companies) somehow magically has found a way to market both models side by side (and I happily continue buying from them). But you would have us believe it just can't be done. That is what is insulting. I'm merely pointing it out.

Other customers have already pointed out the ambiguity going on here and that it doesn't give us warm and fuzzies coming from somewhere when we are looking for security from them. You've told us...

• Both models are the same application, but you've taken away the option to sync local in the subscription (not the same).

• You "can still get it" for "as long as there is demand" but then you hide it. You do realize we can read between the lines, right?

Let's be clear here, my point wasn't that your customers are stupid, my point was that we are NOT stupid. Agile has every right to create, sell, and market how they see fit, and customer's have a right not to buy your products or "services". I'm not some troll looking for an argument here, I love 1password and feel like you're needlessly destroying something that I have become quite fond of. I (and many others) want to continue buying and OWNING a great product on the terms that have been marketed and sold to us for the last decade. My complaint is how you're going about this and I hope someone at your company will read many others and my displeasure and rethink how you're handling this.

khad

@allanster,

We sincerely appreciate your longtime support. 1Password wouldn't be the app it is today without folks like you who bought licenses and upgrades to those licenses over the years.

Licenses can be purchased here:

https://agilebits.com/store

I didn't add a link to the first post in this thread since the way the forum software works is to show the most recent post — not the first post — when someone clicks a link to a thread. So it's more important for the link to be the most recent post than the first one.

That said, it sounds like you are doing exactly the same thing you are accusing us of doing: steering people to purchase 1Password in a specific way. Maybe the majority of people you are recommending 1Password to would be happier with a 1Password membership and all of the benefits that come with it. Do you present that option to them?

My own family and friends have found it much easier to set up and get started sharing items with a 1Password.com account. Some of them never did figure out how to set up sharing with standalone vaults and Dropbox shared folders. But now they just move items they want to share to the built-in shared vault. It's that easy.

Of course, maybe you enjoy being the IT department for your friends and family — setting everything up for them. I know I used to really enjoy that. But I think I was enjoying the tinkering at the expense of the experience my friends and family were having. They were always hesitant to ask for help because they felt they should have been able to figure it out themselves. They're smart people! Really smart. My uncle, for example, is an accountant. It just isn't his area of expertise. He and many others are happy to go with the option that means more functionality with less hassle. Now he doesn't need to contact me when he wants to create a new vault or share things with a guest (like a contractor) at his office.

It reminds me of my old motorcycle. I owned a 1973 Honda CB750 for years. Something was always going wrong with it. Part of the joy of that bike was working on it. But at some point, it just got to be too much — even for me, and I loved that bike! I bought a late model Triumph and now I just change the oil once or twice a year. Still haven't had to worry about brakes or tires yet. But that's probably all I'll ever have to deal with. No more waiting on obscure parts to come in. No more missing good riding days because the bike was being repaired. I have a bike now that Just Works. I get to ride it every day. I'm happier. I can't even imagine what that would be like for someone else who didn't have the passion for that old Honda like I did.

Just something to think about.

allanster

@khad - Thank you for the link, it is appreciated. FYI in my browser first post loads first. And no, it doesn't just "sound like" I'd be doing exactly what I am accusing you of, I absolutely would be doing just that, and openly admit it.

We aren't going to come to terms on how this model is "better" for us. So naturally I'm going to recommend what I deem to be most cost effective and secure. We already could sync in perpetual to 3rd party cloud (if we wanted to) and you spent years telling us how secure that was. I trust but verify Agile to give me a place to store local and I verify with other tools that 1password is behaving properly. I don't do cloud at work or home, Amazon broke the internet a few weeks back (2nd time), our business stayed up and running just fine (both times). I sync iPhone in iTunes. I back up drives in triplicate and store offsite in locations of MY choosing. If you're application models were truly the same, I could store and sync local in your subscription, but reading here I cannot, so where does that leave me when you eventually suffocate your first born (perpetual) who put you on the map and gained your loyal base?

It's definitely better for Agile. I understand SaaS quite well, it increases a software company's valuation for IPO. It balances, regulates, and stabilizes revenue. You no longer swing from no sales to massive sales in the 4th quarter every couple of years. BUT... when you don't start out that way you can guarantee 3 years of self inflicted pain transitioning and hope you survive it. Just ask Adobe or Microsoft. I spent thousands over the years on Adobe starting with their first version of Photoshop, since they went subscription only, they haven't gotten a dime from me and never will again. I keep CS6 and have it running just fine in Sierra. When it no longer will, I'll switch to Affinity.

I just looked at first page of a macrumors thread, 24 individuals posted thoughts on there, 1 positive, 1 neutral, and 22 negative. Do the math. Where I stand, Agile could have handled this in a much simpler, more palatable, and profitable way. Sell perpetual and then offer $X/mo value add to those who wanted your sync service. Obviously you felt like it wasn't compelling enough or you wouldn't have put your first child in the closet. Had it been presented this way I wouldn't have given it a moments thought. I don't disagree with you that for most people convenience trumps security, but let's not delude ourselves that cloud doesn't alter the security footprint.

Is windows and family standalones no longer an option?... https://agilebits.com/store

jpgoldberg

I must confess to jumping in here late and not having read much of the preceding discussion, but I do want to address the very reasonable question of how we have been telling people for years that local data is more secure than hosted data while we are now very much encouraging use of our hosted solution.

That is a very good question, and I can't blame anyone for initially wondering whether we are basing our security assessments on what we are selling instead of basing what we are selling on our security assessments. I hope that after you read this, you will see that we are doing things the right way around.

Rationale for "local is better"

We need to start by going through why we have long advocated for local data as providing better security. It is when we look at the specific reasons and how they play out in what we have built that I hope it will become clear that we built the 1Password service with the same security principles in mind.

Not knowing where you log in

Some people reading this might recall the Agile Keychain Format (AKF). The AKF, which was replaced by OPVault over the past four years, did not encrypt the Titles of items nor the URLs associated with Logins stored in the AKF. This wasn't ideal, but it was technically necessary at the time the AKF was developed.

A major advantage of keeping your data local is that that we wouldn't have any way to learn those item Titles or URLs or when you used particular items. We simply don't want to know if you have a Login for ISecretlyLoveNickelback.org, and we don't want the ability to know that.

But that was an issue for the AKF. With OPVault both advances in computing power and a few really clever ideas that Roustem had allowed us to keep Titles and URLs fully encrypted while still allowing the browser extension to find items to match and to quickly be able to display a list of items without having to decrypt everything in the vault.

That design feature of OPVault, which has Titles and URLs encrypted, carries over to our service. We still have no way to know what sites and services you have data for. And that is how it should be.

Not having crackable data

If someone were to capture your encrypted AKF or OPVault data they could run an automated password cracking attack on your Master Password. Now we have gone to great lengths to make sure that such a password guessing scheme would be expensive. Instead of being able to make millions of guesses per second, an attacker should only be able to make thousands. (All depending on hardware thrown at the problem.) But ultimately there are limits to what we can do with those sorts of defenses.

So I like to describe our wariness of hosting your data as cowardice. No matter how well encrypted the data that we would store is, if the Master Passwords for them could be guessable, then these would be valuable to an attacker, whether that attacker is an insider, armed with a subpoena, or a more traditional criminal.

Our solution to this is your Secret Key.¹ This is a high entropy secret stored on your devices that gets combined with your Master Password during the key derivation process on your devices only. What this means is that if someone captures data from us they are in no position to run a password cracking attack as they would need to guess a combination of your Master Password and your completely unguessable Secret Key.²

We were not willing to go forward with hosting your data until we could be sure that what we held could not be used in cracking.

Encryption over authentication

One reason to be wary of a hosted solution is that master secrets (Master Password and Secret Keys) could be compromised during authentication.

In a traditional authentication system, you send your username and password to the service. That gives the service the opportunity to learn your password. It also allows for that password to be captured in transit. But as I have said, our design principles from the very beginning have been that we don't want to even be in a position to learn your Master Password.

So we need to make sure that our authentication system doesn't offer any kind of shortcut – for us or anyone else – in acquiring the capacity to decrypt your data. And that is what we have done.

A combination of expiring patents and careful design allows us to build an authentication system in which no secrets are transmitted during authentication. The expired patents allow us to use SRP. And careful design of our key derivation process means that that your long term authentication secret cannot be used to derive anything that would help decrypt your data.

This allows us to use an authentication system for access to encrypted data that is stronger than what most are using for their synching solutions, and it again meets our requirements that we receive no user secrets. It also means that we don't have to rely on the secrecy of TLS.

Reasons versus rules of thumb

As you have seen there are very good reasons why we talked up the security virtues of local data. But I hope you see that we didn't forget about those reasons; instead embraced them. The design of our service from our first planning meetings to everything that has followed has centered around staying true to the principles and concerns that underly that advice.

“Don't host data” was a good rule of thumb for a long time, as it covered the concerns described above. But rules of thumb must be evaluated with an understanding of the reasons behind them. Those reasons have played a central role in our current design. We have build our subscription service around the very same principles that had us wary of hosting data for such a long time.

Anyway, I hope that this helps.

Cheers
-j

Chief Defender Against the Dark Arts @ AgileBits
Https://1password.com

---

1. The Key formerly known as "Account." ↩︎

2. It is still important to have a good Master Password in case someone steals your data from your systems. For the most part, if they can steal the your encrypted 1Password data from your computer, they can also steal your Secret Key. But your Secret Key keeps you safe if someone steals data from us. ↩︎

prime

I'm going to put my voice on here since I was actually very against the subscription for a while. I didn't like they didn't have 2SA (and learned that the secret key is a very good thing), and other stuff. Then I read this on MacRumors, and I lost all trust in Dropbox (I have to use Dropbox over iCloud and wifi sync for my set up). At that point I actually moved to iCloud and just sacrificed 2 computers, but wanted a better way. I like Apple stuff, and use mostly Apple stuff, but I didn't want my passwords strictly on Apple stuff (we have 1 Windows computer in our set up).

I started to read all the security stuff on 1Password families and start reading this. Now I am no expert, but I have friends who are. They helped me understand stuff that I didn't, and I felt better about it. I am still reading it, but now I'm at a point Agilebits has my trust. They have 3rd party audits and a $100,000 bounty program, and that also made me feel better.

Now to a new subscriber, this is FAR easier to set up. When I told people before about this (the non-subscription version), I had to explain why they needed a 3rd party company to work it, and in some cases set it up for them. After setting up my moms (added her to my family plan), I deleted the app from her iPhone, gave it to her, and told her to set it up. She watched me doing her iPad, but she was able to set it up on her own. I was very happy, and she's almost 70 years old.

My in-laws are in another state 4 months out of the year. My fear was they needed to get new iPhones and I know they couldn't set up 1Password. We joked how they would fly me out to help them. This new subscription is so easy, I know they won't have an issue setting up a new device.

My wife uses Windows at her work. Seeing how Dropbox lost my trust, she never had a way to back up her work passwords. 1Password for Families gave her a back up now, and she can access the passwords if needed at home via the website access.

Another fear I had was my mom, daughter, or in-laws locking themselves out. Families solves this with the recovery feature. I am the family IT person, but it does get tiring at times. I like messing with computers and reading about this stuff, but on my time and when I want too.

They offer more as a subscription (I've listed a few of them), it's easy to set up, and it just works. I'm sorry you feel the way you do, but I don't feel this way anymore and I enjoy it. I will support a company that proves they are worth it. I've said this many times, but I've spend more on unless things that last only an hour... coffee. This is worth more than coffee to me (don't get me wrong, I'm not giving up coffee anytime soon).

Oh, you brought up the Amazon outage, iCloud also runs on them too. So iCloud was also down. Also, people like to complain when something changes. I've learned you have to read deep into the complaints to see what the real problem is. People also don't research at all, they read a title and assume they know everything. MacRumors stopped th thumbs up and down (I think it's just up now), so not sure how you got 24 total with 22 negative 1 positive and 1 neutral. Heck, depending how old that article was, I've might have been one of the negative people, but I researched and changed my mind.

allanster

@jpgoldberg - I was actually just in hashcat reading an old thread containing many of your posts. I've worked in IT for decades and I know herding cats and making them happy is never easy.

Respectfully though, I gotta tell you, there is a pervasive theme I see in here, and it's support telling customers that whatever we're inquiring about is the "wrong" question. I was just reading a thread from 2011 where multiple people were asking how to delete password history and were being told they don't need to and shouldn't want to. Fast forward to 2016 in another thread and I see people asking the same questions and being told the same answers. I sympathized with a customer saying he felt the "answers" were condescending (I do too). I think if you do a thread search for that word (condescending) in here you may see what I'm saying. I took the time today to read all of many pages in a macrumors thread and Agile's customers' opinions were overwhelmingly negative with what is going on (I'd guess 95%). Being somewhere neutral is also helpful in reading what they're actually feeling because many are more willing to express their frustration there as opposed to here. The same C word was also brought up there.

Some of us aren't comfortable with our blob's anywhere but home. Some for technical reasons, some for nonsensical reasons. Doesn't really matter. It's my data on my filevault encrypted local or the highway. My footprint is smaller than yours no matter how you slice it. In order to keep investing in 1password I would have to feel I'm being given the same options that made me grow to love it in the 1st place. I (and others) feel like we're being pushed around and told "this is how you have to do it". Why can't we old school have the options we've always had and power to all those who want to embrace the new ones?

allanster

@prime - Glad you're happy with your workflow, it's just not for me (and many others). On how I got 24 total with 22 negative 1 positive and 1 neutral... it was simple, I just read them, these customers left no doubt where they stood. Bear in mind, that was just page 1, I later read all of the pages and it certainly didn't improve. I'm not really interested in posting the link here, it can be found easy enough. I'm not looking to bash or vent believe it or not, I just see a company that I have truly admired over the years making what I feel are some huge PR missteps, I care enough to take the time to let them know. Whether they listen or not is on them.

khad

Why can't we old school have the options we've always had and power to all those who want to embrace the new ones?

That's the thing. You can. Nothing has been taken away from you.

Now, I can't speak for anyone but myself, but I sincerely apologize if anything I've said has come across condescendingly. That was absolutely not my intention. I was presenting reasons why the majority of our customers prefer 1Password memberships, and @prime is a — um — prime example. And he was vehemently opposed to it at first.

I don't say that to imply that I think you will or should eventually change your mind, but many folks have. For those those don't, can't, or won't, nothing has changed. Keep using the advanced sync options like you always have.

We hope you stick with 1Password for many more years to come, but if/when the day ever comes that you want to switch tools, exporting your data is easy. We want happy customers not trapped ones. In the meantime, you can keep using 1Password like you always have.

jpgoldberg

@allanster correctly pointed out that,

Some of us aren't comfortable with our blob's anywhere but home

May I ask how you synchronize your data and across how many systems you do so?

Maybe you don't have a need to synchronize your data or maybe you are among a small portion of people who can manage to reliably synchronize your data in a manner that is more secure than what we offer. But the overwhelming majority of people will end up using a synchronization system that is either less secure than our service or far less robust and reliable.

The trickier question is

Why can't we old school have the options we've always had and power to all those who want to embrace the new ones?

Yeah. That is what we wanted, too. We thought we could run both systems side by side for a long long time. Eight months ago, if you'd asked "would we be strongly be pushing people toward subscriptions in eight months?" we very honestly would have answered "no". Now, as you well know, we very much steering people toward subscriptions. We thought back then that over the course of many years pretty much everyone would come to see the superiority of subscriptions, but we could give them time to come to that realization.

So what has happened since July that has led us to change our approach? The answer is that once we introduced Individual accounts we had an enormous amount of customer confusion. People didn't know whether they purchased a license or a subscription. People tried to use their license codes as Secret Keys or their Secret Keys as license codes. There was an enormous growth in support queries about synching not working that stemmed from people not knowing which system they signed up for. They had some vaults synching by Dropbox and others through our service.

When I say "enormous growth in support queries" I mean enormous. A very large number of people were struggling to use either system well because they were actually trying to use both without knowing it. The situation was simply untenable. Running both on an even footing is fine for our long term and expert users, but it was a real struggle for most people. Like you, we understand both systems and sync setups for all of them. So we failed to anticipate¹ the trouble that presenting both would cause to a very large number of people who need it to "just work" and have not spent time considering how the data is moved about. Suddenly we needed on-boarding to be simple, and we need people's next connection with a new device to be simple without them having to know which system they picked during initial on-boarding. So we were faced with the choice of either steering people away from Individual accounts or steering them away from non-subscription options.

We went with what we consider to be the superior option even though we weren't able to give the world enough time to see that. And so that is how we are all in this situation today.

---

1. In retrospect, we really should have known better. ↩︎

allanster

khad - Thanks for your kind words.

khad

It truly is my pleasure. I hope you have a fantastic rest of your week. :+1:

allanster

@jpgoldberg - Truth be told I don't sync, I push and overwrite. I experimented with syncing but saw instances where items would duplicate or sometimes notes within items would merge and end up with redundant notes. I don't fault Agile for that because I do some unorthodox things with my workflow. I also have always worked off a master anyway with multiple slaves which includes iPhone. More work for me but also more peace of mind for me.

You can easily look at my post history and see I've only participated in one other discussion and that was simply to chime in on a request for SpiderOak. I honestly don't store sensitive data there either, but I thought they would be the best option for those who did cloud at the time it was being requested.

The alarming part for me in the direction Agile is going with this is your inevitably albeit slowly killing your firstborn, which unfortunately is going to alienate your geek base. But your geek base is who has in the past driven your sales to nontechnical crowd. So you are effectively decimating your own army. Your in a quandary to be sure, I certainly wouldn't want to support nontechnical users with LAN syncing either, so I get where you're coming from.

I can't speak for others but I'd be fine with you pushing cloud aggressively with a link (however small) somewhere on that page to perpetual. It could even include a click through page warning the masses to "abandon all hope ye who enter" and the requisite urging of why they should click back to the so much easier / convenient / cheaper / & superior subscription. Where I feel you cross the line with me is when you completely remove the path to get there on my own. Sure I'm going to curse you a little bit while getting there, but then feel relieved when I can still get there on my own and all will be forgiven and forgotten. But making perpetual "by request only" takes me to a whole new level of frustration and apprehension that doesn't go away. It's enough to make a customer who's never complained or spoken in a decade of merry use go on rants and tirades like I've been doing in here now.

jpgoldberg

Thanks, @allenster!

I love our geek base. We all do. But at the same time, we want secure password management to work for non-geeks.

I will, however, have to abandon this discussion for a while. I have a plane to catch. So forgive the brevity of my reply.

Cheers,

-j

AGAlumB

@allanster: You're absolutely correct that the "geek base" has driven sales to some extent. I think anyone participating in this kind of discussion has experience with that! But while it's certainly appreciated and good for business in the short term when you or I get a friend, coworker, or family member to buy a 1Password license, there's a darker side to their long-term prospects for these folks. Even if you've convinced many folks to buy licenses, you aren't personally available them 1Password 24/7. And after all, that's not your job; it's ours.

Sales are appreciated and necessary to run a business, but when people have a frustrating experience because they're using the old model when the new one is available to them and they'd be happier with it, that isn't good for them or for our business long-term. The thought that you'd continue to do encourage people to buy licenses because you prefer them is kind of scary. While it seems clear that you recognize that you have a very specific workflow that isn't a good fit for everyone, that's the only reason you'd really need to stick with the standalone version. Apart from that, it's just personal preference, so I'd hope you'd keep that in mind and leave room for the preferences of others rather than pushing folks toward licenses, as those just aren't a good fit for most people — present company and similarly geek-centric audiences of tech sites excluded.

Ultimately, when you convince someone to start using 1Password, you only have to support those people in your spare time. For us, it's a full time job we take very seriously, which we've been doing for a decade: we've gone from "standalone" only, to offering 1Password.com alongside it, to no longer marketing licenses only after a lot of careful consideration, hard work, and learning from our mistakes. Offering standalone licenses alongside 1Password.com memberships was a mistake that negatively impacted thousands of people. Some we were able to help in enough time that they chose to stick with 1Password despite the initial confusion, frustration, and drain on their time. But many others wrote off 1Password as a result, and while I'd like to think that they're using another password manager instead now, for some this soured them to the whole thing and they're less secure as a result of our missteps. That not only sucks for them and us, it also sucks for you because some of them would have been in the license camp, and all of them would have been 1Password users whose support helped us make 1Password better for all of us otherwise. It really isn't as simple as black and white, and all of those are real people we failed to help secure their digital lives by having things setup the way you'd prefer. This isn't me saying, "See? We tried your idea and it was stupid." It was our idea to do that; it just didn't work out the way anyone would have hoped.

You may anticipate that you'll suffer in the future as a result of our decisions, but it sounds like you have exactly what you need already. We really have to first consider the majority of people who only want to use 1Password across all of their devices with the same data without having to manage their own sync (or non-sync) solutions, and do whatever we can to to get them there. 1Password power users driving sales is really only a good thing if new customers people become happy 1Password users. Otherwise we might as well sell shovelware, make a quick buck, and cash out. We've done an absolutely terrible job of adopting that business strategy. :lol:

allanster

@brenty - I understand and appreciate your position from a business perspective, I do not as a customer.

For Agile's sake, I didn't really want to get into too much detail here as to why I don't recommend this model for anyone, because it may negatively impact your sales, but I do feel a need to respond to the "scary" comment so let the cards fall where they may...

When people come to me for security advice just because I don't agree with you doesn't mean it's scary or that I don't take it as seriously as you do. I could argue I take it more so. I don't operate off the idea that I'm gonna dumb down and relax reality based on their technical chops. What was true decade's ago is even more true today, the only truly secure computer is in a concrete box with no openings, buried deep beneath the earth. Period. But I'm not offering to provide them support either (excluding elderly family).

You and the crew survive the volleys being thrown your way, you grow exponentially, you IPO, you're outta there, you're on a boat sippin' juice. Who's minding my blob now? What happens when Nagheenanajar forgets that decimal place in the latest build and now it's uploading and exposing my secret key as well?

Scenario 2, you did not survive the angry horde, you fail, you liquidate, meanwhile your data center does too. The cyber rats go to auction and buy drives for pennies. Who's minding my blob now?

Ridiculous? Yes. Implausible? Maybe. Impossible? Anything is possible.

My scenario, my blob sits on my FileVault2 encrypted drive in my possession and my network tools tells me what you're up to.

Who's scary now?

AGAlumB

Blaming the Indian when everyone knows it was the white guy's fault: This time you have gone too far, sir.

prime

@brenty this is my guessing if you guys go out of business..IF...
I log on my computer
Export my passwords
Get a new password manager
Import the data into the new password manager

The data is on my computer, iPad, and iPhone. The only thing tha would stop is 1Password.com and syncing my of my data.

Am I right?

1Password doesn't have our data on drives in someone's basement. They use AWS

khad

Yep.