Can I still buy standalone license for the 1password? [no longer being marketed]

1468910

Comments

  • brentybrenty

    Team Member

    Now I just found out that you've completely replaced the product [...] without telling your customers. What in the world? Why would you force this on everyone? Yes, I understand I can continue to use it until it breaks (or you remove the current iOS version from the app store). [...] I'm perfectly happy for you to add such a service if you want, but removing the defining feature of your software is a betrayal to your users.

    @chmullig: We haven't forced anything on anyone, or replaced or removed features; and, as you pointed out, you can continue to use the product you paid for. It doesn't sound like you're interested in 1Password.com and that's fine; it only changes how you use 1Password if you choose to switch.

  • brentybrenty

    Team Member

    Awhile back I attempted to setup a family member with the wonderful 1Password software that I had enjoyed so thoroughly, but to my dismay I was met with a new business model (and the standalone client quietly locked in the trunk amidst a sea of marketing). [...] You see, I used the product steadfastly without ever visiting the website -- just dutifully updating when told to ; a kind of hallmark of great software. I never saw it coming.

    @rtrd: And you can continue to use 1Password today just as you have been. But 1Password.com exists today due to overwhelming requests over the years. It's only one piece of the puzzle, but a big part of this is folks wanting their loved ones to benefit from 1Password's security, but without the hurdles of figuring out licensing for different platforms, sharing, and configuring sync for individual vaults across multiple devices. Most people don't want to deal with any of this and, frankly, shouldn't have to. That's where 1Password.com comes in, and why it's our focus.

    The hubris of migrating to a non-optional cloud-based subscription model is that:
    It issues an ultimatum to existing customers (happy customers, or in my use case above a new potential customer).

    Nope. You can continue using the 1Password setup you already have if it suits you. But we do want to offer new customers the best 1Password solution we have today. And if they would have needed your help figuring out local vaults, 3rd party sync, and licensing, 1Password.com makes all of that much easier. Everyone deserves security, not just folks who are lucky enough to have someone like you to navigate this stuff for them.

    It violates the principle of least astonishment -- something that password management software should follow rigorously.

    I can see where you might be astonished, but all of the people asking us for these features over the last decade aren't; so I do think it's worth considering other perspectives.

    Given that the standalone client is no longer receiving development attention, and it is in-fact closed source software, the option is to convert or find another solution. "Fool me twice" is already in the rearview, so my guess is I'll have to make the ancient trade-off of security vs. convenience.

    Not really, but that's your call to make.

    The circle is now complete. Thanks and good luck.

    Likewise, if you do choose to abandon 1Password in spite of being happy with it and having a setup that works for you, just know that we're rooting for you. Everyone deserves security. We'd rather you use something else than nothing at all. Take care, and stay safe out there.

  • I agree with @rtrd regarding the new business model. I was a happy user of the standalone app for a long time and was quite surprised when you introduced the subscription model and 1password.com. I do not like the subscription model, but fine, everybody has to make a living and I could arrange myself with paying a monthly subscription for such a good software. But forcing users to store their most valuable digital data on a cloud server is simply unacceptable (I know I can use the existing app as long as it works, but Windows for there is no such option anymore). It is no coincidence that security experts are amongst your harshest critics. In my eyes there are two major problems with your cloud-centered approach:

    1. Storing passwords in the cloud creates an unnecessary dependency on the cloud, in this case on your service. Yes, I am aware about the caching mechanism and yes, you have great server uptimes. Nonetheless we are then dependent on you. We give part of our control over our data to you. This is incidentally also the reason why I can't see any larger company with a halfway serious IT department using 1Password. Companies like to keep control over their employees' data. They do not like to be dependent on a third party service for something as vital as access data (which if lost or inaccessible in the event of an outage will easily lead to large financial losses).

    2. The second issue is that your design creates an unnecessary liability regarding the security of our data. With local vaults, my data stays within my network, maybe even within my machine. With cloud storage you increase the attack surface. I do not doubt in the slightest that you have put a lot of thought and effort in your security design, and as as far as I can tell, it is quite solid and the exposure risk probably very low. But you know what the two most important words were in the last sentence? "Quite" and "probably". No matter how good your design is, no matter how foolproof your strategy to thwart attackers - the fact stays that with cloud storage now not only my private network can be attacked, but also your network is a potential target. Even if an attacker "only" gains access to my encrypted blob on your server, he then has my encrypted blob (and presumably that of other users as well) which he otherwise only could have obtained by targeting my personal network. It is just another liability which many of us tech savvy and security aware users are not willing to accept.

    My plea would be this: You have a great product. A great service. A great support. A great design. Great usability. At the moment you have the perfect recipe for a password manager. I really like 1Password and I absolutely do not mind paying for it. Great work should be rewarded. Please do not destroy that great app you built and do not force me to look elsewhere for a password manager solution. I do not want to find myself checking out the competition with the three dots.

    Marketing a cloud storage as your first go-to option for users who want the hassle-free 1-2-3-done experience is fine. (Your emergency kit is a nice touch by the way. Very few solutions think about that.) But let the tech savvy customers use the storage location and synchronization method of their own choice and ultimately let them employ the security design of their choice.

  • brentybrenty

    Team Member

    But forcing users to store their most valuable digital data on a cloud server is simply unacceptable

    @dbm14: We're not, not only because no one is required to use 1Password.com, but also because even if they do only encrypted data is transmitted and stored; only you ever have the keys to your data.

    Yes, I am aware about the caching mechanism and yes, you have great server uptimes. Nonetheless we are then dependent on you. We give part of our control over our data to you.

    Let's be realistic: If you're using 1Password at all, you're dependent on us to some extent. 1Password is not open source, and if an OS or browser change breaks something we're the only ones who can fix it.

    That sounds kind of dire, but I think we've got a great track record there. We still have customers using 1Password 3 and 4. But at the same time, you still have the same control over your data whether you use the standalone 1Password apps with local vaults or 1Password.com: You're the only one with the means to decrypt it, and you can export your data at any time. Which one you prefer is irrelevant in this context.

    This is incidentally also the reason why I can't see any larger company with a halfway serious IT department using 1Password. Companies like to keep control over their employees' data.

    Well, they're out there. And 1Password Teams offers a lot of tools to facilitate these things, many of which aren't feasible with a standalone app. Maybe 1Password Teams isn't a good fit for your company. I don't know. But that doesn't mean that your case is universal.

    The second issue is that your design creates an unnecessary liability regarding the security of our data. With local vaults, my data stays within my network, maybe even within my machine. With cloud storage you increase the attack surface. I do not doubt in the slightest that you have put a lot of thought and effort in your security design, and as as far as I can tell, it is quite solid and the exposure risk probably very low. But you know what the two most important words were in the last sentence? "Quite" and "probably". No matter how good your design is, no matter how foolproof your strategy to thwart attackers - the fact stays that with cloud storage now not only my private network can be attacked, but also your network is a potential target. Even if an attacker "only" gains access to my encrypted blob on your server, he then has my encrypted blob (and presumably that of other users as well) which he otherwise only could have obtained by targeting my personal network. It is just another liability which many of us tech savvy and security aware users are not willing to accept.

    Security researchers will tell you that it's much easier to get access to secure data through social engineering. If someone has to get your Master Password (and Secret Key) from you directly, they might as well get the data from you too. And we'd always love to have more folks banging away on our security to find anything we can improve, in addition to 3rd party audits that are performed.

    From the beginning, 1Password has been designed not in the hopes that someone won't get the encrypted data, but with the assumption that they will and it still needs to withstand attack. Relying on local storage to "hide" the data isn't good security, so we've never depended on that. And no matter how dedicated you are, we have a lot more resources at our disposal to secure our systems against attack than an individual can do alone. One person has to sleep and probably go to work, but as a team we can offer round-the-clock coverage, and working with outside experts gives 1Password.com an advantage that is out of reach of almost any individual. Security should be for everyone, not just the rich guy (or company) who can afford to hire pen testers and contractors to test and monitor their security.

    My plea would be this: You have a great product. A great service. A great support. A great design. Great usability. At the moment you have the perfect recipe for a password manager. I really like 1Password and I absolutely do not mind paying for it. Great work should be rewarded. Please do not destroy that great app you built and do not force me to look elsewhere for a password manager solution. I do not want to find myself checking out the competition with the three dots.
    Marketing a cloud storage as your first go-to option for users who want the hassle-free 1-2-3-done experience is fine. (Your emergency kit is a nice touch by the way. Very few solutions think about that.) But let the tech savvy customers use the storage location and synchronization method of their own choice and ultimately let them employ the security design of their choice.

    Thanks for the kind words and encouragement! It's good to know that you value the work we do. Tech savvy customers can continue using the same setups they've grown to love, even though right now we're focused on making security not only accessible to less techy folks, but also less hassle for those who are but want to leave IT at work when they go home, without having to sacrifice security. Cheers! :)

  • ohoosohoos
    edited July 2017

    I really like 1Password on my mac an phone. I came back to Agilebits to see how I can buy a version for my wife and daugther.

    I totaly argree to dbm14. 1Password is great but I also will not subscribe to your service. I hope you change your decission soon and offer single user licences again.

  • brentybrenty

    Team Member

    @ohoos: Thank you for letting us know about your preference. I don't have anything new to share on this topic, but if you'll shoot us an email at [email protected] and post your Support ID here I'll see if there's anything I can do to help. Again, we feel very strongly based on our own experience and customer feedback that 1Password.com is the best way to use 1Password, as it makes it easier for everyone to secure their digital lives. Everyone deserves that, and not everyone has someone like you to help them navigate this stuff.

  • Hi @brenty,

    thanks for your quick answer.

    I'm sorry I totally disagree to 'customer feedback that 1Password.com is the best way to use 1Password'.
    I think that is the wish of your marketing.

    And I also disagree to 'makes it easier for everyone to secure their digital lives'. Disestablish taxes would also make our lives easier, but it is not (also) a good idea.

    Be sure that only a very few cusomers complain about your strategy, most of them will vanish siliently.

  • BenBen AWS Team

    Team Member

    Hi @ohoos,

    So far that has not been the case. Certainly there are some more technical users who were comfortable managing multiple licenses, setting up sync themselves, using a 3rd party service to share, etc... But most people aren't and are happy to have a service that makes those things seamless for them.

    We appreciate the feedback though, and hope you'll reconsider. If not, we hope you're able to find a password management solution that you're comfortable with and confident in.

    Ben

  • Ah so that means when the criminals/government of canada / hoster / whoever forces you to give them access to the vaults or hacks you / your hoster / something in between, they will get my data?
    Yeah I know its encrypted but when someone breaks it, he/she/gov only needs to go to you and get access to everything (Cause there is only one place where every data is stored)?
    "Great" idea people!

  • brentybrenty

    Team Member

    @Some_Important_User: Actually that couldn't be further from the truth. They'd literally have to target individual users to get their Master Passwords and Secret Keys, both of which are needed to decrypt the data, and neither of which are ever in our possession. Be sure to check out the 1Password.com security white paper for all the details. :chuffed:

  • chighchigh Junior Member

    even if a better solution, in both regards, now exists.

    That's purely an opinion.

    I don't care if I have to buy into a subscription for the software (already do with Adobe's CC and Office 365) for the continuing revenue aspect of your business, but eventually forcing data to be available only via the cloud to me is unacceptable. I don't necessarily want to sync my data to the cloud, encrypted or not. I've been in situations where the system I had 1Password installed wouldn't be able to reach the servers to sync.

    Perhaps I am reading things incorrectly, but if this goes away, I feel like I'm going to get a "Take a hike. You choose to use 1Password." The technology to do this is already in the product; is it that difficult to keep it in the product? Or have I misinterpreted the direction? Why take away that choice of where my data is stored?

  • Michael TsaiMichael Tsai Junior Member

    @brenty:

    First off, we don't have the keys to your data. Ever.

    That's what the white paper says, but there's no way that I can practically verify that. Whereas, with a local vault I can make sure that 1Password has no access to the network.

    I'm not sure how "under active development" could be interpreted as "set in stone". We don't have anything to announce for future versions because we're still working on the current one.

    Because you refuse to say that standalone will be supported after version 6, while making repeated comments about how you are not focusing on it and one day the current version will stop working. Standalone is stuck using the less secure Agile Keychain format. Meanwhile, the talk about 1Password.com is the opposite.

    We haven't forced anything on anyone, or replaced or removed features

    You dropped support for 1PasswordAnywhere.

  • rickfillionrickfillion Junior Member

    Team Member

    That's what the white paper says, but there's no way that I can practically verify that.

    The Javascript source to the webapp is pretty easy to get to. We invite anyone to go inspect it.

  • BenBen AWS Team

    Team Member

    That's purely an opinion.

    Yep, it is our opinion, based on a huge number of interactions with customers.

    I don't care if I have to buy into a subscription for the software (already do with Adobe's CC and Office 365) for the continuing revenue aspect of your business, but eventually forcing data to be available only via the cloud to me is unacceptable. I don't necessarily want to sync my data to the cloud, encrypted or not. I've been in situations where the system I had 1Password installed wouldn't be able to reach the servers to sync.

    That is why we locally cache your data. Even if you're offline for an extended period you can still access your data. Changes made on one device are of course not going to be reflected on another, but that wouldn't really be any different with syncing 1Password with iCloud or Dropbox, which is what most folks were doing before memberships.

    Perhaps I am reading things incorrectly, but if this goes away, I feel like I'm going to get a "Take a hike. You choose to use 1Password." The technology to do this is already in the product; is it that difficult to keep it in the product? Or have I misinterpreted the direction? Why take away that choice of where my data is stored?

    Nowhere have we told anyone to take a hike nor have we said we're taking anything away from anyone. In fact we've said quite the opposite.

    We have no plans to remove the ability to use standalone local vaults from the products that have those features. That does not necessarily mean that we'll be adding that into any products that we create in the future.

    Because you refuse to say that standalone will be supported after version 6

    You're right: we do refuse to say that because we can't guarantee it and if we say it people will hold us to it for eternity.

    while making repeated comments about how you are not focusing on it

    Correct.

    and one day the current version will stop working.

    That is just an assumption (but likely a fair one), and we couldn't make any estimates of when that might happen. 1Password 3 for Mac continued to function for years after we stopped developing it, and still functions to some extent to this day even on modern operating systems.

    We'd much rather under promise and over deliver than the opposite, so that we're not backed into a corner because of a promise we made years ago that may no longer be feasible or reasonable.

    Standalone is stuck using the less secure Agile Keychain format. Meanwhile, the talk about 1Password.com is the opposite.

    This is not accurate. Standalone vaults are now created as OPVaults by default and any legacy Agile Keychains can be converted. Please consider starting a new thread in the Mac (or other relevant) forum if you need further assistance with this.

    You dropped support for 1PasswordAnywhere.

    That was because of security concerns and the fact that technology had evolved to the point where it was broken, and happened long before we were offering 1Password memberships. It wasn't done to motivate people to buy into something they didn't want.

    Ben

  • BenBen AWS Team

    Team Member

    Additionally @chigh I just responded to this in another thread and think it may be what you were getting at as well, so I'll include it here:

    I know we're in the minority here but I would like the option to pay the subscription to support Agilebits but still have the option for local vaults.

    That is actually already possible. It isn't necessarily the recommended setup, and I certainly would not recommend it to a new customer, but if you've already got local vaults set up and don't mind losing out on the benefits that the 1Password.com service offers, you can certainly subscribe for the app updates and continue to use local vaults.

    I can't promise that this will continue to be the case indefinitely, but it is certainly possible now.

    Ben

  • chighchigh Junior Member

    Yep, it is our opinion, based on a huge number of interactions with customers.

    Still an opinion. Not a fact.

    We have no plans to remove the ability to use standalone local vaults from the products that have those features. That does not necessarily mean that we'll be adding that into any products that we create in the future.

    And that's my beef. Therefore, I'll continue to use 1Password as I have been with a local vault (for at least 10 years). I will hope the product keeps this ability in the future. The day I'm required to store all my 1Password data in your cloud, I will be forced to re-evaluate 1Password.

    That is why we locally cache your data. Even if you're offline for an extended period you can still access your data.

    Unless the device is unable to reach the data to begin with. (But how did you install 1Password? Surely, you needed access to the Internet to install it. — Installed from a portable storage device, of course.) You can say cache all you like, but caching requires the application to retrieve data from your cloud—which is not local.

  • chighchigh Junior Member
    edited July 2017

    That is actually already possible. It isn't necessarily the recommended setup, and I certainly would not recommend it to a new customer, but if you've already got local vaults set up and don't mind losing out on the benefits that the 1Password.com service offers, you can certainly subscribe for the app updates and continue to use local vaults.

    I don't use those "benefits" now, so what am I losing? ;-)

  • BenBen AWS Team

    Team Member
    edited July 2017

    Still an opinion. Not a fact.

    I'm not arguing that. :) It is a subjective statement. "Better" is subjective.

    And that's my beef. Therefore, I'll continue to use 1Password as I have been with a local vault (for at least 10 years). I will hope the product keeps this ability in the future. The day I'm required to store all my 1Password data in your cloud, I will be forced to re-evaluate 1Password.

    Fair enough.

    Unless the device is unable to reach the data to begin with. (But how did you install 1Password? Surely, you needed access to the Internet to install it. — Installed from a portable storage device, of course.) You can say cache all you like, but caching requires the application to retrieve data from your cloud—which is not local.

    How is that different from storing your data with iCloud or Dropbox?

    Ben

  • chighchigh Junior Member

    How is that different from storing your data with iCloud or Dropbox?

    It's not other than the fact with Dropbox, the data is still local to the desktop/laptop and the sync part is secondary.

    Therefore, I'll rephrase and include to mean "any cloud service".

    Again, I'm going to continue to use local vaults. Perhaps my opinion will change in the future.

  • BenBen AWS Team

    Team Member

    It's not other than the fact with Dropbox, the data is still local to the desktop/laptop and the sync part is secondary.

    Which is the same with 1Password.

    Again, I'm going to continue to use local vaults. Perhaps my opinion will change in the future.

    I'm not telling you that you can't. :)

    Ben

  • chighchigh Junior Member
    edited July 2017

    Which is the same with 1Password.

    Then how is it not a local vault? Because you said that it allows for the data to be cached locally. If sync is now described as secondary...

  • BenBen AWS Team

    Team Member

    Then how is it not a local vault?

    I don't understand the question, but I'll try to elaborate and hopefully I'll hit the point you're looking for. If not could you please clarify?

    When you're using 1Password.com vaults the data is encrypted and written to the disk on the device you're using and then uploaded to the 1Password service. The difference between a local vault and a 1Password.com vault is that latter bit (the data isn't synced with the 1Password service with a local vault). Also with 1Password.com vaults we don't expose the locally stored sync file (e.x. there is no VaultName.OPVault for each vault). All of the data is stored in a local SQLite database.

    Ben

  • This is the most viewed and replied thread. Why not do all of us a favor and bring back standalone an option for those who wants it.

  • @toobs because not everyone in here is for the same thing. One thing I've learned with the internet, negativity is louder then the positive. People will go out of their way to complain about something, but when it's good, you'll most likely never hear from these people.

    I had he stand-alone licenses for years and switched to the subscription, and very happy. I was also very vocal against the subscription at 1st, I did a lot of research, and made an informed decision.

  • @prime I too had the standalone and switched to subscription and I'm happy with it. It's a lot easier to manage. I just hope that they will come down on the price when it's time to renew.

  • An idea for that is a 2 year renewal with a month or 2 free ;)

  • BenBen AWS Team

    Team Member

    Thanks for the feedback, prime & toobs. :)

    Ben

  • didenkodidenko
    edited July 2017

    I have put features important to me in a simple 3x4 matrix, well, two of them, in the Google Spreadsheet as an example. I feel that most of confusion and explanations in this thread can be avoided if 1password fills out the matrixes honestly without marketing BS (like "we're no longer marketing the option"). If a feature is supported it'd be great to see a version range, or open-ended or date range as commitment for future versions.

    While 1password claimed on multiple occasions that they will not commit to future product features, it still is (as comments here demonstrate) a valuable information for users. Many, myself included, see such lack of commitment as a coward way to plan the deprecation, and so a negative when evaluating the product. May be 1password can own up an actually set user expectations about what 1password management is committed to. Even if a small set. That will enable 1password to assess a worse-case scenario user pool - not a bad thing to know anyhow.

    It is also worth noting, that within a sale of right to use business model a non-commitment to future features sounds OK. Probably because customer perception is that of a "buying product" (even it incorrect).

    In a subscription model a certain announced commitment is expected indeed. Customers naturally see subscription as a more locked-in relationship. If this thread and twitter posts are any indication, they do feel more responsibilities fall on the service provider end regarding future usability of the service - before such customers submit themselves to that perceived lock-in.

  • jponsjpons Junior Member

    I have been a long time 1P user and have recommended it to dozens if not hundreds of clients, family and friends. I have extolled the virtues of local storage vs. creating honeypots of stored passwords (encrypted or not) via a centralized storage system (aka 1password.com). This has been the #1 reason why I use and recommend 1P, specially in light of all the breaches that have taken place on some of the competing products.

    I find it very disheartening that AgileBits is unable to publicly commit to maintaining local/Dropbox/iCloud storage options into the future, I know it has been stated here that there are no plans to remove this feature imminently, but at the same time no commitment has been offered on future support.

    I for one would like to hear a definitive answer on the future of local/Dropbox/iCloud support. In the absence of a commitment of future support I will start looking for alternatives to migrate out of 1P and recommend the same for all of my clients, family and friends.

    I hate to do this as I have been a very enthusiastic 1P user and migrating to another solution will create a big disruption, but I can't in good conscience use nor recommend a system that creates a honeypot of critical information that will inevitably prove to be too great of a target for hackers.

    I do fully understand that individual machines are vulnerable to hacking and could potentially be easier to hack into than a well hardened web service. However, my individual data represents a MUCH less attractive target to hackers than one system with hundreds of thousands, if not millions, of critical data elements.

    Respectfully,

    Juan Pons

  • I wonder how long exactly this is going to go on for before AgileBits realise they're alienating a significant enough proportion of their customer base that they need to change tack.

    There are literally hundreds of comments about these issues across many threads and blog posts.

    And now there are articles too:

    It's very disappointing to see this.

This discussion has been closed.