Will updating 1P on Android force me to the subscription mode?

DoctorBrown
DoctorBrown
Community Member

On my Android Droid Maxx I have auto update disabled. On my Windows PC I am running 1P 4.6.1. I just noticed an update for 1Password is pending. In the What's New there is this: " ... Try 1Password free for 30 days, then keep going with a 1Password.com Subscription."
If I update to this version, will I be forced into the subscription mode after 30 days?

I will NOT go to subscription mode. I refuse to store my password data in the cloud. I must have local sync only! I am willing to pay for a one time upgrade cost if that were available.


1Password Version: 4.6.1.616 (19)
Extension Version: 4.6.1 (Mozilla Firefox)
OS Version: Win 7 6.1.7601 SP 1
Sync Type: WiFi Sync

Comments

  • ojix2
    ojix2
    Community Member

    I have a similar question.
    Is it possible to subscribe 1Password and still avoid the automatic cloud sync ?
    Is there any difference in this regard between single user subscription and family subscription ? (because I guess family members will have to sign in their (or a common) account(s) to be recognized as eligible family members).

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2017

    Is it possible to subscribe 1Password and still avoid the automatic cloud sync ?

    @ojix2: It is, but it isn't something I'd recommend. There are a number of reasons, but one it that only 1Password.com has the benefit of the Secret Key strengthening the encryption.

    Really, a big reason that 1Password.com exists in the first place (though it has many other features and benefits now too) is to offer easy, zero-config sync for 1Password users. Typically the comparison is to Dropbox or iCloud, as those are also cloud sync services, and are more popular than WLAN Server due to convenience and ease of use, even though that is often an option.

    But in each of these cases, when things aren't syncing as expected, there's very little we can do to help. This sucks for us because it sucks for our customers. So we built 1Password.com from the ground up to be an efficient, transparent, and secure way to keep 1Password data up to date across any number of platforms and devices. Having trouble with Dropbox/iCloud? We don't own/operate those services and have very little insight into how they work and where things go wrong. WLAN Server not working? While this is a feature we built and maintain ourselves, it's fairly simple, so nearly 100% of the issues that users have experienced with it over the years in aggregate are specific to their network environment, which we also have no control over (e.g. firewall, proxy, antivirus, router, driver, and yes, even incorrect system time).

    So while you could use a 1Password.com membership to get access to all of the apps and sync your own data, you're really making more work for yourself than is necessary, and foregoing a huge benefit of the service. Close to 100% of the time, 1Password.com just works. And with 1Password.com, if something breaks (barring network restrictions imposed on the user), we can find out why and fix it. Using 1Password.com also gets you you automatic offsite backup and access to your data through the web interface.

    This is obviously a really important feature for the vast majority of 1Password users, but the only reason we're comfortable offering it and recommending it in the first place is because of its security. With 1Password.com, your data is encrypted on your device, so all the server ever ends up with is an encrypted blob. And since your Secret Key (F.K.A. Account Key) is created locally, your Master Password is only known by you, and neither is ever transmitted, no one — including AgileBits — has the means to decrypt the data. Even if an attacker compromises our servers, they don't have the means to decrypt it. You can read more details on how all of this works in our white paper, and please don't hesitate to ask any questions you may have.

    So yeah, long story short, while getting all of the apps with a 1Password.com membership is a good deal on its own, there's a lot more where that came from. And apart from simple sync, never needing to worry about losing data is a huge thing that most people take for granted until it's too late.

  • AGAlumB
    AGAlumB
    1Password Alumni

    On my Android Droid Maxx I have auto update disabled. On my Windows PC I am running 1P 4.6.1. I just noticed an update for 1Password is pending. In the What's New there is this: " ... Try 1Password free for 30 days, then keep going with a 1Password.com Subscription."

    If I update to this version, will I be forced into the subscription mode after 30 days?

    @DoctorBrown: No. I'm not familiar with that device, but so long as you're running Android 4.1 or higher 1Password 6 is a free update (Android 5 and 6 required for more advanced features). 1Password 6 works with both local vaults and 1Password.com accounts.

    I will NOT go to subscription mode. I refuse to store my password data in the cloud. I must have local sync only! I am willing to pay for a one time upgrade cost if that were available.

    First of all, thank you for your willingness to support us! Not everyone is willing to pay much for software, if at all! It's fine if you just don't want a subscription, but there's also something important you should know: we don't store anyone's "password data in the cloud". There are plenty of companies out there who do that, and you've probably seen them in the news when their databases got hacked. Of course you can "have have local sync only" if that's what you want. You probably like that because your data is encrypted locally on your device before being transmitted, so that no one can steal your most important data. I can't argue with that. But the thing is, that's how 1Password works no matter what, regardless of the setup you choose — WLAN Server, Dropbox, 1Password.com, or no sync at all.

    There's a lot more detail in our security white paper (which is actually a really fun read, even if you're not into cryptography), but I can appreciate that there's a lot going on behind the scenes when it comes to 1Password securing our data that is not particularly accessible or interesting to many people. I think it's also important that 1Password doesn't shove this technical complexity in our faces. So I'd like to offer a few simple points that summarize how 1Password secures our data:

    1. 1Password data is encrypted locally using the Master Password and Secret Key.
    2. The server receives only an encrypted blob to store.
    3. The Master Password and Secret Key themselves are never transmitted.

    Indeed, when you use 1Password.com, AgileBits never has access to your data, regardless of the setup you choose. Even with 1Password for Families, your data is encrypted on your device, so all the server ever ends up with is an encrypted blob. And since the Secret Key is generated locally, your Master Password is created by you, and neither is ever transmitted, the only one who ever has your password data is you. And since the Secret Key is also used to encrypt the data, 1Password.com is more secure than what we were able to do previously with local vaults. Cheers! :)

  • ojix2
    ojix2
    Community Member

    Thank you very much for the detailed explanation. The expertise and enthusiasm you expressed in the explanation is exactly what I appreciate and is the reason I trust your app and your firm.

    While I am fully happy with my current setting; one-time-purchased 1Password app and data sync with WLAN server, I will read the paper you recommended and think again about what options I will have in the future.

    As you mentioned, I often read news of data hacking of these days, and what makes me nervous is that even if some of the victims’ systems/services were theoretically 100% secure, unexpected errors, mostly human errors, in its fulfillment process caused the data leak. For instance, an employee took an important data back home while he shouldn’t, have or, some staff were supposed to delete an important file after working on it but he didn’t and kept it in a wrong server, and so on.
    From your explanation, I got an impression that 1Password.com has no room for such fulfillment errors, but I will think about it after reading the paper.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2017

    Thank you very much for the detailed explanation. The expertise and enthusiasm you expressed in the explanation is exactly what I appreciate and is the reason I trust your app and your firm.

    @ojix2: Wow. I'm speechless — and that's saying something after my long-winded response... :lol:

    Seriously though, thank you! That means so much. If I can help you or anyone else understand how we protect your data (and our own), and how passionate we are about doing so, I feel like I've done some good. :blush:

    While I am fully happy with my current setting; one-time-purchased 1Password app and data sync with WLAN server, I will read the paper you recommended and think again about what options I will have in the future.

    Hey, that's great too! If 1Password is working well for you, there's no harm in sticking with what you have. And it's always good to keep your options open for the future, in case your needs change.

    As you mentioned, I often read news of data hacking of these days, and what makes me nervous is that even if some of the victims’ systems/services were theoretically 100% secure, unexpected errors, mostly human errors, in its fulfillment process caused the data leak. For instance, an employee took an important data back home while he shouldn’t, have or, some staff were supposed to delete an important file after working on it but he didn’t and kept it in a wrong server, and so on. From your explanation, I got an impression that 1Password.com has no room for such fulfillment errors, but I will think about it after reading the paper.

    Indeed. Scary stuff! Certainly everyone makes mistakes, so our goal is always to make it so that even if we are compromised, turn evil, or one of us does something stupid, we're not in a position to affect 1Password users' data. Don't send us your Master Password or Secret Key, keep them (in a) safe in case you need them, and we're all good! ;)

  • DoctorBrown
    DoctorBrown
    Community Member

    First of all, thank you for your willingness to support us! Not everyone is willing to pay much for software, if at all! It's fine if you just don't want a subscription, but there's also something important you should know: we don't store anyone's "password data in the cloud".

    @brenty: Thank you for taking the time to write such a detailed and enthusiastic reply. I still think that 1Password is one of, if not the one, best password managers. The way it works with the browsers is great. Although the browser integration on Android needs lots of work. I understand that the data is fully encrypted when it leaves my device and you, or hackers, have no reasonable way to recover the data from a hacked server. And the features all make sense for those that need syncing to every type device known to man and don't have the time or inclination to do the work to understand how their technology works.

    (warning: this is going to go off topic... Flames ahead..)
    The biggest issue I have is the larger trend to the subscription model and SoS. AgileBits and just about every software company I have software from is going to this. I detest this and what it means for me. All the subscriptions will eventually add up to at least a hundred dollars or much more per month. (Windows, Office, anti-virus, online storage, password mgr, Adobe photo processing, backup services, music, video streaming.....)

    I also do not like to be dependent on an internet connection 24/7 and online services. What if I travel to a location without service? The reliability and security leaves much to be desired. Not to mention all the big data collection going on that is a total invasion of our privacy (what is left of it). (I'm sure Agilebits is not part of this big data collection...)

    As I stated above, I am perfectly willing and do update and pay for my software when the new versions meet my needs or has features I want. I want to have the choice of when the upgrades occur, and not have some 'new better' junk crammed down my throat. (can you say agile program management)

    The latest 'new better' junk is the Windows inspired 'modern interface'. This is the worst design of a UI I have ever seen (since we got past the command line. And I have been around to see them all.) It looks like a toy. The command icons are junk, they are often hidden or not clear they are command icons. The windows have a god awful amount of white space and gigantic buttons which means I have to scroll to h*** and gone to see a simple list. I installed the latest 1Password trial on a VM and see that Agilebits is embracing this. Between the interface and the subscriptions I can't at this time go to this new version.

    I know in a year or so I will be forced to migrate to this as the version I'm on and Windows 7 goes obsolete or I get other new devices. Maybe by then some sanity will return to the software industry and give me a better interface. Because the subscription model is so lucrative, I can't even hope that that part will change. I just hope that the increased revenue they rake in will inspire them to spend the time to develop better products with less bugs and initial problems.
    (End of flames)

This discussion has been closed.