Windows standalone

You've excised key aspects of the tool as you drive it in a direction that is fundamentally less secure than your previous versions while costing MORE. [...] By removing the ability to manage this stuff locally, you've damaged the product.

@chetman: That's just not the case. Keep in mind that we haven't removed this feature from any of the apps; it just isn't something we've implemented in the new 1Password 6 Windows desktop app yet.

I'm sure YOU don't think of Agile controlling my password vault as a security risk, but I sure do, and candidly so should anyone. Having anyone other than ME control this is a risk, even if I trust that third party today, because I can't control what happens with that third party later. You might sell the company, or sell the product to another company, or discontinue the service, or even go out of business. Who knows?

And frankly, part of the reason that 1Password.com exists is to ensure that none of these doomsday scenarios come to pass. We're really proud of being an independent Canadian software company, and are passionate about protecting our customers' security and privacy by not selling out, selling user data, or selling ads. Having a sustainable business means we can continue to do so going forward.

But you're right. No one knows the future. And that's why we've designed 1Password the way we have. There's a lot more detail in our security white paper (which is actually a really fun read, even if you're not into cryptography), but I can appreciate that there's a lot going on behind the scenes when it comes to 1Password securing our data that is not particularly accessible or interesting to many people. I think it's also important that 1Password doesn't shove this technical complexity in our faces. So I'd like to offer a few simple points that summarize how 1Password secures our data:

1. Your 1Password data is encrypted on your device before it is transmitted.
2. Only an encrypted blob is stored in the database.
3. The keys needed to decrypt it are never transmitted.

This is true whether you're using the standalone app or 1Password.com (though with 1Password.com you get the additional security of the Secret Key also encrypting your data). Suffice to say, even if someone gains access to our servers and dumps the full database (we've designed 1Password.com with this in mind), they simply don't have what they need to decrypt it, as each individual user alone has the keys to their data. So an attacker won't have that and can't get it from AgileBits, even if they get everything else. So while there's a lot more that goes into making all of this work smoothly, this is something that I think all of us (I am not mathematician) can understand and appreciate. Cheers! :)

If a feature you taut on your web site isn't actually in the Windows product you can download and use, but it USED to be, then yeah, it's been excised.

@chetman: You can get 1Password 4 from our downloads page, or from our update site.

That you say you plan to add it later isn't a get-out-of-jail-free card here.

I didn't say that. It's not something we're working on right now and we're being upfront about that. Our focus is on 1Password 6, as Ben mentioned.

Either the tools support user choice for storage location, or they don't. Your web site says they do, with no qualifications, but that's not actually true. I appreciate what you've done for me in private email, but this part still sticks in my craw.

I really don't understand this. The choice is yours. And no one else has to use 1Password.com (or any other sync option) if they don't want to either.

Again, creating a syncing service for 1P may well be a good idea. My issue is that it's fundamentally less secure than local control, and instead of making it an OPTION you've made it MANDATORY. This creates a situation where "subscription" issues could deny a user access to their vault.

It seems like what you really care about is control, but you're conflating a perceived lack of control with insecurity, and these aren't actually synonymous. However, given that only you ever control access to your data (with your Master Password), the addition of the 128-bit Secret Key makes 1Password.com more secure than a local vault, since an attacker would have to successfully guess both of these. It's tempting to make sweeping statements, but I encourage you to take the time to research our security model, which is publicly documented.

I'm glad you're a sustainable business. I want you to remain so; you've been great for years. But there's no part of my password vault use case that should require your ongoing participation. It's another moving part where none needs to exist. No company thinks it'll go under, or get bought, or have fundamental management philosophy shifts, but these things literally happen all the time. With pre-subscription 1P, it doesn't matter what happens to AgileBits (thought obviously I hope you do well). When we tie my password vault access to your business practices, I suddenly have a dependency that doesn't actually help me.

Again, even if that happens, it won't affect 1Password users' data. We also realize that a service such as this has the potential to be a huge target for attack, so we participate in external audits and offer bug bounties to independent researchers who find issues. But most importantly, even if they are able to breach the server, they still don't have the keys to any of the data, because we never had it in the first place.

BTW, I think you're misunderstanding me when I say the new subscription, sync-with-1P.com approach is less secure. There's more to security than preventing bad actors from getting my bank passwords. Security here also means that nobody can keep me from using my vault. By relying on you for sync and access, and by submitting to a constantly expiring license, I place myself at your perpetual mercy. What if I have an ID theft that compromises the credit card on file? What if you have a billing system issue? What if, God forbid, I lose my job and go bankrupt and can't afford to pay?
That is a systemic vulnerability that does not exist with standalone 1P. Access to my data is absolutely less secure and less certain in this scenario, because there's another factor (actually, a whole HOST of factors) that can go wrong. It's that simple.

Nope. You'd still have access to your data. We don't lock anyone out of it, and it's even cached locally for you in the app if you can't connect. And we want happy customers, not trapped customers, so if you decide that 1Password isn't right for you, you can export your data and go elsewhere. This works whether you're using a standalone vault or a 1Password.com account, as this is a feature of the apps themselves. We'd rather you use a competitor's product than nothing at all.

This is a tradeoff my 77-year-old mom will make all day long, so I don't blame you for creating the OPTION. Where we part ways is in that you've made it MANDATORY. Thanks for engaging, though.

It isn't mandatory. If it was, our email exchange would have been very different. I'm sorry that this is lost on you. We've developed 1Password for the past ten years on the principle that it shouldn't be a tradeoff, and we're building 1Password.com in that same spirit. Only now with 1Password.com security is no longer out of reach for many of our loved ones. We still have a ways to go before 1Password is easy enough for anyone to use, but we're making progress and won't give up until everyone who wants to secure their digital lives can. Since we're not willing to sacrifice security to get there, it's certainly a greater challenge than it would be otherwise, but few worthwhile endeavors are easy.

First, it's a bit weird to point out the fact that you can download 1P4 for Windows when it's not possible to register it. That's a problem even if you treat everyone like you did me.

@chetman: Since you had indicated that it wasn't available for download, I wanted to clarify. We have to have it on the site or no one — including those who have licenses for it — can download and use it.

Am I wrong that I cannot use local-only vaults with the current Windows client? Your own support folks are saying in these forums that the Windows client can't write to local vaults.

We currently have two native 1Password apps on Windows: version 4 supports only local vaults; version 6 supports only 1Password.com accounts (though local vaults and other formats can be read for importing).

This means my use case **must depend on 1Password.com, which is a resource to which I'd lose access if AgileBits went away, or had a billing snafu, or whatever, right?

Explicitly, even if your 1Password.com account is frozen due to nonpayment or an error on our part, you can still access (and export) the data.

You say the tool will let me export if the servers go away, or I stop paying you, but what if AgileBits changes their minds about this aspect of it? I'm sure YOU wouldn't, but as I said this whole thing puts me in the position of relying on you guys to never have a change of ownership or management philosophy or whatever.

It seems like if we wanted to lock you out of your data, we could do that with the standalone app too, not just 1Password.com, no different than ransomware.

That's trust I don't have to rely on now, so requiring it going forward is a net negative. No offense.

In the same vein as the above, if you don't trust us, you really shouldn't use 1Password. I think there are good reasons to trust AgileBits as we have a decade under our belt and a track record of being trustworthy. And of course if we were to do any of the things you're suggesting, we'd destroy our reputation overnight, and with it our livelihood.

So, to summarize: First, we have this reliance on your servers for storage and sync. You keep saying this is optional, but it appears this is only true for situations that omit the Windows client.

1Password for Windows version 4 works as a standalone app without ever syncing if desired; 1Password 6 uses 1Password.com.

I find this unattractive from both security and control perspective -- plus, it's got implications for functionality. If you go away, the Win client stops syncing. That's bad, and it's not something I have to worry about pre-6.

That's a great point. If AgileBits disappears and/or the server is no longer available, you'd have to find an alternative. That means we lose customers. And then we need to find other jobs. So you can probably imagine that we're highly motivated to not only keep the lights on and the development going, but also to minimize downtime. So while you're not wrong, keep in mind that this logic doesn't apply solely to 1Password.com the way you imply it does. When (not if) an OS update breaks things in the standalone app, if there's no one around to fix it, you're out of luck. That's not something anyone wants though, which is why we're committed to staying in business. After all, we rely on 1Password too.

Second, you want me to pay you forever instead of selling me a regular license. I get why this is attractive for AgileBits, but this new deal nets out to paying more money for less control when I do the math. I'm not into that.

I agree that paying for a license once is cheaper than subscribing for a lifetime, but the only times I've bought a single license for software is when it disappeared completely. And given that most people expect improvements and support forever, and consistently, a subscription is appropriate. If you have different expectations, then it makes sense that you'd be happy with a license.

Before Christmas understood that 1P6 Windows Standalone was almost ready to be released but release date was never provided. It's been a while since I've been in this forum. I hope I don't understand that 1P6 Windows Standalone is not going to happen.

@Leboyf: That's simply not the case. 1Password 6 has come a long way, but it's nowhere near "complete". And before Christmas it didn't even support Autosubmit in Chrome or multi-word search. Suffice to say this is why we haven't announced release dates or that it was "almost ready". We're working on incremental improvements over time. Granted, we have a lot less to do than we did last year, but there are still many other features and improvements that are needed. Local vaults aren't something we're working on right now, as we're focused on Edge and Native Messaging currently.

When is the planned release date for 1P6 Windows Standalone?

We don't discuss release dates for unreleased software, and even I were to guess I'd probably end up being wrong. And I'm not really much of a gambler. :tongue:

@Leboyf: Impossible to say at this point. We really would have liked to be able to support Edge already, but it's proven to be a much bigger undertaking for us, and for Microsoft as well, as they build out the frameworks for their newest browser. It's good to be able to work with them on this, but given that we don't even know when that will be complete, speculating even further into the future would be reckless.

Hi @leboyf,

As Brenty said, we don't know for the moment. We still plan to add local vaults/license support down the line but it is not something we're actively working on right now. We still have to finish up 1Password 6 and 1Password.com service, after that, who knows.

No, we've stopped selling new licenses for 1Password 4 a short while ago since we're not going to update it with new features anymore.

As of right now, only the 1Password.com service with 1Password 6 for Windows is available for new Windows customers.

@KyleK: Yep, though it's not quite the "reversal" you seem to think it is. Here's what's actually changed: 1Password for Windows is no longer being sold in the AgileBits Store. That doesn't change anything for our existing customers, since we continue to support everyone who's purchased our products over the last 11 years. Those are the people we have a responsibility to. If you need help with a product you've purchased, we're here for you.

And of course 6 months is a long time, especially as we're getting emails every day from confused, frustrated, and downright angry people who purchased licenses and thought they'd be able to use 1Password seamlessly on all of their devices, and folks who were already 1Password.com subscribers who understandably want a native Windows app that's as full-featured as 1Password 4. The best way to do that is to devote as many resources as we can. And heck, I was running a different OS on all of my devices 6 months ago, and the PC I was using at that time has since died. 6 months is nothing to scoff at, especially with regard to technology.

And keep in mind that 1Password.com was actually launched in November 2015 with the 1Password Teams beta, and we sold 1Password for Windows licenses until March 2017. We also marketed the "standalone" option right alongside subscriptions for over a year. But since this was causing a lot of pain for new customers without actually benefiting our existing customers, and because we really need to focus all of our energy on 1Password 6 (rather than on undoing the confusion we were perpetuating), we've de-emphasized licenses. And we've removed 1Password 4 from sale, as it is no longer being actively developed.

Would you really want to purchase a license for a piece of software that will not be getting new features going forward? I know I wouldn't, and that's why we're not selling 1Password for Windows version 4 any longer.

Hi folks,

Sorry to bring up an old thread, but we've recently provided some news on 1Password 7 for Windows that I think you'll all enjoy:

AgileBits Blog | 1Password 6.7 for Windows: a feature buffet

With this release, we finally have enough visibility to chart a course for the future, so we’re happy to announce that standalone vaults will be an available entree on the menu in 1Password 7 for Windows. 1Password 7 will be free with your 1Password membership, but if memberships aren’t for you, paid licenses will also be available.

:)

Ben