Can I use 1password without purchasing a subscription? [Yes, but membership highly recommended]



  • I am still using an old, standalone version of 1Password. Since the big push is for people to buy your subscription service am I to believe that your legacy product is now insecure?

  • BenBen AWS Team

    Team Member
    edited September 1

    Hi @supereditor

    That's a fair question and I'll do my best to answer it.

    am I to believe that your legacy product is now insecure?

    The short answer is "no."

    The much longer answer is: We can't recommend using an older version. 1Password 6 has been retired and is no longer being updated. As a security focused company we'd always recommend running the latest versions of all of your software, but especially your operating system, web browser(s), and 1Password. If you opt to use an earlier version that is your prerogative, but it isn't something we can recommend. Licenses never expire, and so you can continue using any version you've licensed for as long as it works for you. As things continue to evolve around the now retired v6 it will be less and less practical (and/or secure) to continue using it. For example, the upcoming Safari 13 will be using an all new extension framework, and as such will not work with v6. While we're not aware of any specific security issues with 1Password 6 sticking with that version may prevent or delay upgrades to other important components (such as your browser) which may have very real security issues.

    It is also worth mentioning that security is more of a gradient than it is black or white. For some it may help to think in terms of the cost an attacker would have to incur to be successful. If they've got $50 to spend can they get access to whatever you're trying to protect? How about $500? How about $50,000? How about $5 billion? If you're keeping up to date with your software and are practicing good security hygiene a $50 budget probably isn't going to make much progress. If you are Edward Snowden and an attacker is a nation state with hundreds of thousands of dollars (or perhaps even much more) to throw at the problem, just keeping your software up to date and not clicking malicious links in emails is probably not going to be sufficient to keep them at bay. You have to consider what attack vectors you are likely to face and what level of operational security you need in order to mitigate those attacks.

    Sorry; that may have been a bit of a tangent, but I think it can help to think in terms of "more secure" and "less secure" vs "secure" and "insecure," and also to be realistic about what threats each of us as individuals may face.


  • Thanks. I really appreciate the frank answer.

  • ag_anaag_ana

    Team Member

    On behalf of Ben, you are very welcome @supereditor!

    If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file