1Password 6 support for local vaults - months or years?

I'm a big fan of the support for multiple local vaults. When All Vaults first showed up on Mac (Jan 2016), I jumped in head first. A few days later, I discovered that the Windows version was a bit behind the Mac version.

Sob story aside, I get that 1Password 6 (for Windows) is focusing on 1Password.com accounts. It's a good direction for the company, and I want the company to prosper. Without going into reasons, I'm not interested in a 1Password.com account at this time.

I also get that 1Password 4 works as advertised, and I can keep using the version I paid for. 1Password 6 for Windows has never supported local vaults, and it's not something AgileBits is selling.

I've read on posts from more than one AgileBits Team Member that AgileBits wants to add support for local vaults, but there's no ETA because there are other features to work on first.

Therefore, I won't ask when local vault support might arrive, but... can you provide any guidance on a minimum amount of time that I should wait before checking back to get an update? It definitely won't show up in the next day, and I highly doubt anything would happen in the next month, so... at least a year? Several years? A decade?

Thanks!


1Password Version: 6.7.1, 4.6
Extension Version: 4.6.7.90
OS Version: Mac, Windows, iOS
Sync Type: Dropbox

«1

Comments

  • What I want to know is what am I supposed to do when AgileBits goes bankrupt, or a disaster happens and Amazon servers get obliterated, or whatever. With no copy of my data anywhere else, what am I supposed to do? It's not even about the security of AgileBits servers, because I know it's near impossible to decrypt the data stored there. It's about redundancy, only one copy of my passwords is stored, and it is on AgileBits servers.

  • brentybrenty

    Team Member

    @Krzaku: Considering that we're all 1Password users ourselves and would also be out of a job if something like that happens, we won't let it.

    But to answer the hypothetical doomsday scenario question, it's simple: export your data; even using a 1Password.com account, it's cached locally on your device. If your subscription lapses and your account is frozen, you can still access your data and export it.

    Definitely check out our status page and subscribe for alerts if you're concerned about this, as you'll know right away if there's even a minor problem:

    https://1password.statuspage.io

    AWS has a great track record, but if we need to we'll host the encrypted data elsewhere. There's always a backup plan. But if the whole internet goes down, we'll all have much bigger problems, and we'll all have our data anyway. Cheers! :)

  • brentybrenty

    Team Member

    @nosy_decibel: Just as we don't have any news to share regarding local vaults at this time, I also don't have a way of knowing when you should check back that we might have more info for you. You're more than welcome to check in any time. We love hearing from you. Just keep in mind that the answer may be a rather repetitive "not now" for the foreseeable future.

  • FWIW I would do anything to be able to store locally. I am completely okay with paying a monthly fee to do so, I just cannot get passed storing my secrets on someone's remote server. Most InfoSec peeps agree and are quite outraged by this :angry:

  • brentybrenty

    Team Member

    @ohreally: Oh, there are definitely good reasons to be concerned any time you give data to someone else. Even if it's encrypted, as we've seen, a lot of services hold the encryption keys themselves and then they can be stolen along with everything else. :(

    But storing data locally isn't any kind of solution in this day and age, since it means missing out on most of the convenience that we're using this stuff for in the first place. Fortunately, with 1Password.com you don't have to give up convenience for the sake of security. 1Password has always been built with the presumption that someone can get your encrypted data, and therefore it doesn't rely on local storage/sync for security through obscurity. :unamused:

    Indeed, it sounds like security is your chief concern, and it's ours as well. Otherwise we wouldn't use 1Password.com either! There's a lot more detail in our security white paper (which is a great read), but I'd like to offer a few points that summarize how 1Password secures our data:

    1. Your 1Password data is encrypted locally on your device before it is transmitted.
    2. The server receives only an encrypted blob.
    3. Your Master Password is never transmitted.

    You might think I'm talking about 1Password.com specifically there, but that's the case no matter what 1Password setup you use — the only difference being that 1Password.com data is also encrypted using the 128-bit randomly generated Secret Key, which is also never transmitted to us. So there's an additional layer of security there as well that you won't get with local vaults — or other services.

    Indeed, when you use 1Password, AgileBits never has access to your data, regardless of the setup you choose. Even with 1Password.com, your data is encrypted on your device, so all the server ever ends up with is an encrypted blob. And since the Secret Key is created locally, your Master Password is only known by you, and neither is ever transmitted to us, only you have the means to decrypt the data.

    Suffice to say, if someone gains access to our servers and dumps the full database (we've designed 1Password.com with this in mind), they simply don't have what they need to decrypt it, as each individual user alone has the keys to their data. So an attacker won't have that and can't get it from AgileBits, even if they get everything else. So while there's a lot more that goes into making all of this work smoothly, this is something that I think all of us can appreciate.

    And apart from our own efforts, we participate in external audits and cooperate with independent security researchers to find any flaws so we can fix them. So while this isn't often the case, with 1Password.com you can have it both ways and have security and convenience. I hope this helps. Be sure to let me know if you have any other questions. Cheers! :)

  • I realize I can manually export my data, but that's a very manual process. I don't want to click export every day just for my peace of mind, I would much prefer an automatic sort of backup. Let's say that every time a change is made to my vault it gets exported automatically to dropbox or wherever, that would be awesome.

  • brentybrenty

    Team Member

    @Krzaku: Exporting data is something you can do yourself if you wish, and I know some folks will to keep a paper copy in a safe deposit box. But as far as a local backup, that's not something that 1Password.com supports currently, so it wouldn't be useful since you couldn't restore from it. 1Password.com already includes automatic offsite backup, which is more reliable and redundant than anything you and I can do with consumer tech, regardless of how paranoid and dedicated to backup we are (speaking from personal experience).

  • This is not the first topic about 1Password 6 support for local vaults on windows
    https://discussions.agilebits.com/discussion/comment/378246

    @MikeT in December 2016 wrote:

    but nothing changed...

    what the most annoing, Mac version has support of local vaults!

  • brentybrenty

    Team Member

    @karimm: So does the other Windows version: 1Password 4 already supports local vaults fully. As they say, "There's an app for that." We don't have anything new to announce. Posting the same thing in multiple threads isn't going to change that unfortunately. We've got a lot more work to do before we revisit this for 1Password 6.

  • karimmkarimm
    edited July 2017

    I'm pretty sure nothing will change.
    Write to others to know and understand the current state of Affairs. I like many other users of these topics has purchased a license for all platforms (Win, Mac, iOS and even Android).

    @brenty as usually "pretends to be a hose" (i don't know english equivalen, nothing rude ) and pretends that he did not understand - the message is one: "the customer is the fool, we are promised nothing... all use cloud services 1password and no one complains"

    please explain one simple thing, why the version 1P6 for Mac supports the local vaults, and windows not?

  • brentybrenty

    Team Member

    I don't know, that sounds pretty rude to me. But the "hose" thing reminds me of "rubber-hose cryptanalysis", so it does resonate with me. Regardless, you ask a very good question. 1Password for Mac supports local vaults because it always has. We built that into the app years ago. 1Password.com accounts are something we added there relatively recently (late 2015). The 1Password 6 Windows desktop doesn't support local vaults because it never has. It's only existed for about a year and we've been building it from the ground up. To put things in perspective, when it was first publicly available it didn't have any browser integration either. Of course, you're probably wondering why we started from scratch, and it's because it wasn't possible to retrofit 1Password 4 with 1Password.com support (and many other things we'd like to do which require Microsoft's newest tools). So, since we already had a mature app that supported local vaults but 1Password.com users (including us) had no native app on Windows, we've focused on that when building the new app. It's a longer, more complex answer than either of us would like there to be perhaps, and certainly not ideal for anyone involved, but that's the story.

  • I think it is understandable that customers are a bit pissed that you are not supporting local vaults.
    I can see announcements like "You asked for pretty icons, now we have delivered" (or something along those lines).
    All I see is that you have "your priorities" straight and you don't want to support local vaults to push people to subscriptions.
    Also statements like "storing data locally isn't the thing to do nowadays" is a poor argument when you consider we had syncing of local vaults over dropbox.

    Disillusioned customer...

  • brentybrenty

    Team Member
    edited July 2017

    @smith9: I would agree with all of that...except that we are supporting local vaults. I use Dropbox to sync mine across all platforms every day, and help others do the same. So I don't get the use of the past tense there.

    Also, this is what I actually said:

    But storing data locally isn't any kind of solution in this day and age, since it means missing out on most of the convenience that we're using this stuff for in the first place. Fortunately, with 1Password.com you don't have to give up convenience for the sake of security. 1Password has always been built with the presumption that someone can get your encrypted data, and therefore it doesn't rely on local storage/sync for security through obscurity. :unamused:

    And what I'm saying is that local storage isn't a security solution. And even if it were, we're talking about security that is out of reach of everyone but geeks who are interested in dealing with this stuff in the first place. Everyone else will continue reusing weak passwords they can remember and type. So we work hard to make security more accessible to people, because the alternative is not pretty.

  • Cool, I didn't realise that local vault syncing via Dropbox was now available in the windows v6 app.

    Your website and many comments in the forums conflict with that.

  • brentybrenty

    Team Member

    @smith9: As I mentioned a few days ago, 1Password 4 supports local vaults (and Dropbox sync). So that's what I'm using for those myself as well. 1Password 6 does not support local vaults. I'm sorry for any confusion about that.

  • I think a lot of the frustration could be avoided if customers knew the roadmap for v6 windows local vaults with dropbox.
    Then I'd know if I want to give up on 1Password or wait it out.
    I really don't understand why Agile Bits cannot tell us. I am a software developer myself and when we say we don't know when its is coming, that means more like its not an important feature and it is more like 18months+ away.

  • brentybrenty

    Team Member

    @smith9: I think you're right. Unfortunately we don't know the roadmap. We're spending most of our time on necessary changes for browser support (you'll see this in the release notes for both versions, in addition to more in the pipeline). We'll be glad to put that behind us, but it may be a while.

  • How many times are you all going to answer this same question in the forums before you add the feature, or put a big notification on first launch that tells people that can't use the feature?

    This question has been popping up for over a year and it's still confusing. Who is responsible for Windows development? Why hasn't somebody stepped in to make it painfully obvious that this feature isn't implemented and likely won't be implemented? I'm imagining a giant notification that pops up in version 6 when the user imports a vault

    DEAR USER, THIS IS A ONE TIME IMPORT OF YOUR VAULT DATA. 1PASSWORD 6 DOES NOT SUPPORT LOCAL VAULTS. YOUR DATA WILL NOT SYNC WITH YOUR OTHER DEVICES AND NEW LOGINS WILL NOT BE SAVED TO YOUR LOCAL VAULT FILES. DOWNLOAD AND INSTALL 1PASSWORD 4 IF YOU REQUIRE LOCAL VAULT FUNCTIONALITY. NOTE THAT ONLY CRITICAL UPDATES WILL BE APPLIED TO 1PASSWORD 4. ANY NEW FEATURES WILL BE ABSENT.

    and then in 1Password 4 you can have this notice.

    DEAR USER, THANK YOU FOR INSTALLING 1PASSWORD 4 WITH LOCAL VAULT FUNCTIONALITY. PLEASE NOTE THAT 1PASSWORD 4 DOES NOT WORK WITH 1PASSWORD TEAMS OR FAMILIES. TO ACCESS THIS FUNCTIONALITY, AND ANY NEW FEATURES, PLEASE INSTALL 1PASSWORD 6.

    Greg

  • brentybrenty

    Team Member

    @Ancillas: I suspect that this would be helpful to some people, but that sort of thing is also incredibly annoying. Everyone would have to see it, and it could cause confusion where none before existed. We've worked hard to make 1Password a clean app to use, and if we start putting in notices like that we might as well put in an advertisement for our other products. That's an admittedly an extreme example, but both of these are the sort of thing we don't do because it irks us when other apps do this — especially when we've already purchased them. If you bought a license for 1Password 4, there's a download link in the license email you'll need to register the app anyway; and if you're a 1Password.com member, you can download the appropriate app for Windows and other platforms from the Get the Apps page in your account. I'm sorry for the confusion this has caused some people, but with these things in place it isn't something that affects the vast majority of 1Password users.

  • I just had a buddy with a new laptop message me confused because he swore he had a license for 1Password but was being prompted for a sign-in. He's not a dumb person and yet he got stuck.

    It's the same issue my wife hit.

    I know my experience is anecdotal, but it sure seems to my that whatever analytics you're looking at are lying to you. I can see how it would be a nice happy path for new users. That's probably the reason so many existing users are fired up about this issue (again, I point to the numerous forum posts on this topic).

    There's such a disappointing lack of parity between the 1Password apps. In a blog post from 7/13, Dave talked about how the Mac app wouldn't lose support for local vaults because it would be "evil". At the same time, Dave said the Windows app may never get support for local vaults. The lack of empathy stuns me and I honestly don't understand how AgileBits doesn't see the current operating model for Windows as taking a key feature away from Windows users. By Dave's definition, it's "evil".

    I've been paying for a family membership since they were announced in good faith that eventually there would be parity between the various applications. I like what 1Password is about and there are some truly excellent features that make securing my credentials painless. I've been happy to support the development of your new service model and I know that there's no way you can make everyone happy. Still, the lack of commitment is frustrating.

    Please develop the local vault feature and kill version 4 or rip off the band-aid and decide that the feature won't be developed. At least then we can all move on instead of being strung along.

    Greg

  • bundtkatebundtkate

    Team Member

    Hey @Ancillas!

    I just had a buddy with a new laptop message me confused because he swore he had a license for 1Password but was being prompted for a sign-in. He's not a dumb person and yet he got stuck.

    I get this and it's been a bit of an evolving struggle across platforms to get the setup flow to a happy place that keeps confusion to a minimum. We're (relatively) happy with its current state, but we never want to stop improving and we do still revisit the topic periodically. I specifically recall an internal release announcement boasting it was the last time the setup screen would be fussed with and I'm almost positive we've changed it again since. :wink:

    There's such a disappointing lack of parity between the 1Password apps.

    If you're talking 1Password 6 for Windows vs. 1Password 6 for Mac, I'd say that gap is rapidly closing, to the extent it's even fair to judge a scratch-built native app against one that has been built upon past versions for years. Of course, we do still have work to do and we know it. 1Password 6 for Windows' birthday later this year will hopefully be an exciting milestone. :chuffed:

    As for 1Password 4 for Windows vs. 1Password 6 for Mac, if we focus only on standalone vault functionality, I'll give you the All Vaults view and appearances as a significant difference. Otherwise, it's functionally on-par, in my opinion, and even has some features the Mac app lacks.

    At the same time, Dave said the Windows app may never get support for local vaults.

    I'll quote Brenty here: 1Password 4 for Windows supports local vaults. If we remove local vaults from 1Password 6 for Mac, Mac users have zero apps receiving any updates that support local vaults. If 1Password 6 for Windows never gets local vaults, then 1Password 4 for Windows still has local vaults. Maintaining the status quo is equal to not taking away local vaults on either platform.

    Still, the lack of commitment is frustrating.

    We do understand this, but I think it would be much more frustrating for us to make promises and fail to keep them. We already over-promised once with 1Password 6 for Windows and we don't want to do it again. I'd much prefer you be frustrated with us now and pleasantly surprised if standalone vaults do make it into 1Password 6, than make promises to keep you happy now only to have you (understandably) irate with us when we miss the mark.

  • Well Agilebits, the beauty of our capitalist society is that there is competition. That competition just happens to offer free alternatives to 1Password's current subscription based business model. As such, we do not have to be forced to give 1Password any more of our money. Even if they finally do see fit to start respecting their existing Windows customers again, we can always come back. Until then, it is obvious by Agilebits actions, or lack thereof, that they do not care to address their existing customer base and embrace brand loyalty.

  • brentybrenty

    Team Member

    You're entitled to your opinion, but I think that the fact that we're maintaining the standalone app and building a new one simultaneously says a lot about our love for all of our Windows customers. Competition is good though. 1Password isn't going to be able to meet everyone's demands, so it's good that there are alternatives out there so folks can use something other than Post-Its™ and Excel spreadsheets to keep track of passwords if 1Password isn't the perfect fit for them.

  • Thanks for engaging in the forum @brenty. I know it's tough getting beat up from the crowd, but I sincerely appreciate the way you and your team actively respond and conduct business in a very professional manner.

    We may not agree on this particular topic, but I'm excited to keep using 1Password and following AgileBits.

    Cheers,
    Greg

  • In 2012 I have done a feature comparison between the available password managers. Other managers like Lastpass had more features, but 1Password had the support of a local vault storage. That was the main reason, why I chose 1Password. Now the feature isn't available in 1password anymore and I have to chose an other password manager, if 1Password 4 stops working. Very sad :-/

    Because I have nothing against a subscription, It would be very cool, if 1Password can bring us a local vault option for 1Password 6 together with a software only subscription. AgileBits earns payments monthly for the continuous development of the apps and we customers can continue to use our local stored vaults. @brenty Perhaps you can submit this suggestion to the team? That would be really nice.

  • bundtkatebundtkate

    Team Member

    @Kristian This is something we've already tossed around a bit. At this point, however, it's not a decision we need to make. We really never had (and still don't have) any plans to switch to membership-only. The focus on 1Password memberships is more closely connected to relieving the pain points many customers had with standalone vaults that memberships were meant to address than it is with any desire to make a wholesale switch to a subscription model. Standalone vaults in 1Password 6 will arrive or not based upon the availability of development resources and how quickly we can whittle down the existing to-do list. This would remain the case regardless of whether or not 1Password 6 remains membership only if and when they're added.

    @Ancillas Brenty is definitely a trooper. Ultimately, though, we do get why y'all are upset. We may not always agree or have the super powers to change things right away, but we do give a hoot (many, in fact) and part of our job is listening to y'all and serving as advocates for you internally. After all, the fact that we don't gather data about our customers whenever possible means we often have no idea how y'all are using 1Password. This is a worthwhile sacrifice to protect your privacy, but it does mean we need to be having these conversations in order to keep our fingers on the pulse of the community, so these conversations are important to us. Even when (or perhaps particularly when) we don't agree with you. :chuffed:

  • Sorry, but isn't abandoning 1password 4 and putting all effort into 1password 6, extensions, mobile apps etc. which only support 1password accounts basically switching to a membership-only model? I know 1password for mac still supports local vaults, but mac is only one of many platforms you support.

  • bundtkatebundtkate

    Team Member

    @Krzaku If we were abandoning 1Password 4 entirely instead of continuing to support it and update it as needed, I'd agree with you, but that's not the case. 1Password 4 is still supported, still gets the updates it needs to keep working with the latest browser and OS updates, and is still getting security updates as well. As soon as y'all aren't able to use 1Password 4 anymore, I will welcome an "I told you so!" from each and every one of you, but that day is not today and we have no reason to believe it's coming anytime soon. :wink:

  • brentybrenty

    Team Member

    @Krzaku: And keep in mind that the work we've done to update 1Password 4 just this month means it will continue to benefit from the improvements we make to the browser extensions. 1Password 4 and local vaults are not our focus currently, but their demise has been greatly exaggerated. ;)

    @Ancillas: Thanks for kind words. Very generous under the circumstances. I know that this can be a pretty touchy subject, but it's clear that's because we all care about this deeply. :blush:

  • lbeazleylbeazley
    edited September 2017

    @brenty: Is there any plan then to enhance 1Password4's local vaults with the better security features of 1Password6 and later versions?

    The only reason I am looking is to increase hash cycles on the master password, have SHA256 encryption and possibly a two step unlock. Otherwise I am happy with 1Password4. I'd even pay another stand alone license fee for that enhancement to 1Password4.

«1

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file