Can I still buy standalone license for the 1password? [no longer being marketed]

1235710

Comments

  • The thing about our model is that you don't have to trust us. We don't hold any unencrypted data, and we never have the keys to decrypt the encrypted data that we do have. We've specifically designed the system such that a rogue employee or an attack against AgileBits would not be able to capture any unencrypted secret data.

    From what I know the 1Password.com rely on an online service (please correct me if I'm wrong). That means that we must trust you having that service accessible and available 24/7...

    Also, what if another company give the owners of AgileBits an offer they can't refuse? It would not be the first time a company is bought by a competitor and the company's (in this case your) service/product is removed without further notice... If you have the licensed software with local or Dropbox sync you will at least be able to use it as long as the OS allows it.

  • brentybrenty

    AgileBits Team Member

    From what I know the 1Password.com rely on an online service (please correct me if I'm wrong). That means that we must trust you having that service accessible and available 24/7...

    @macke: Nope! The great thing about the 1Password apps is that they cache your data locally so you can access it even if you're in an underground cave in the woods — no internet. And while we don't have 100% uptime, we're pretty close to that. Generally we just take the server down for short maintenance to push an update. You might find these useful:

    1Password.com status

    @1PasswordStatus on Twitter

    Also, what if another company give the owners of AgileBits an offer they can't refuse? It would not be the first time a company is bought by a competitor and the company's (in this case your) service/product is removed without further notice... If you have the licensed software with local or Dropbox sync you will at least be able to use it as long as the OS allows it.

    We have refused many offers. We're simply not for sale. We're proud to be completely independent, have been for over a decade, are beholden only to our customers, and charge sustainable prices for our products so we can continue to do what we love. And a 1Password.com membership means that you don't ever have to worry about updating your OS and 1Password not working: you'll always have the latest version. We make sure that 1Password works because not only do all of our customers depend on it, we do as well. Cheers! :)

  • Please send me the Link to buy a stand-alone license for Windows, that I can consider what I'll do. (Yes I read all your arguments against it.) I have to say it, I passionately hate any subscription model. If your company decides to back out from stand-alone licenses, then you force me to go to your competitor (the red one with the three points), although I am very satisfied with 1Password.

  • brentybrenty

    AgileBits Team Member

    @Artdirector: As mentioned previously 1Password for Windows licenses are no longer for sale. 1Password 6 does not support local vaults, so we don't have licenses for that; and 1Password 4 is not being sold any more because it is no longer being actively developed.

    You can, however, get the latest version of 1Password for Windows and other platforms with a 1Password.com membership, which also includes the web interface, Travel Mode, and does away with license management and sync configuration altogether — you simply login to your account to authorize a device and access your data. You can try it for free for 30 days to take advantage of all of its benefits, and if you'll email us at support@1password.com and post the Support ID you receive here, we'll be happy to help you with your transition. Otherwise you can continue using any version(s) of 1Password you've already paid for. Cheers! :)

  • @brenty – Thank you for your quick response! It was a nice time with you, unfortunately it ends here now. Ciao.

  • brentybrenty

    AgileBits Team Member

    You're welcome. I'm sorry that's not the answer you wanted to hear. We're sad to see you go, especially since it sounds like you're happy using 1Password, but we'd rather you use something else than nothing at all. Stay safe out there.

  • I just became aware of the change to a subscription model and reading through the posts here has left me a little confused. My wife and i have one 1Password account on all of our devices which syncs through Dropbox. And this method has been seamless with every new device and operating system. Since we both need access to the same data that has worked perfectly for us.

    The 1Password apps automatically update to the latest versions that you release. Currently 6.7.2 on our iOS devices and 6.7 on our macs. I just want to confirm that this method will continue to function in the future.

  • k0nservk0nserv
    edited July 10

    I too am a long term user of the standalone version of 1Password. Personally I've always used the WiFi sync option explicitly because I want to sync without my vault ever leaving my network. I'm saddened by the news and direction you are taking, but I understand the reasoning. However I need you to clarify what the status of the standalone version of 1Password is on all platforms. Will it receive support, bug fixes and security updates when required? Given that you are still selling it I expect you to continue support. Especially interested in the status of the Windows version as you are not selling it anymore. Is the windows version to be considered unsecure in that case?

  • BenBen AWS Team

    AgileBits Team Member

    Hi @pappjo,

    First, not to be pedantic, but to clarify terminology: unless you're paying a subscription you do not have a 1Password 'account'. 1Password accounts refer to 1Password.com subscription membership accounts. What you have is what we would refer to as standalone copies of 1Password 6 for Mac and 1Password 6 for iOS.

    Your license allows you to use 1Password version 6 on your Macs and iOS devices, but does not entitle you to an upgrade should one become available. It also doesn't entitle you to any other platforms (Android, Windows, etc). And it does not include the 1Password.com service (which you can read about the benefits of here: What are the benefits of a 1Password membership? ).

    Licenses never expire, and you're welcome to continue to use what you have for as long as it works for you. Once 1Password 6 is no longer supported we cannot guarantee compatibility with future operating systems, future changes made by Apple to current operating systems, or other changes made by other 3rd parties (e.x. Dropbox).

    The best way forward is with a 1Password membership, especially if you are sharing data with someone else. Standalone 1Password was not designed with sharing in mind -- it was always an 'add-on' accomplished through a 3rd party service (Dropbox). That was one of the primary reasons we built 1Password memberships. With memberships sharing was part of the design from the ground up, and is a 1st party solution.

    If you'd like to discuss your particular situation with our sales team, so that we can best assist you in transitioning to a membership, please drop us an email to sales@1password.com and include any receipts you have for previous 1Password standalone purchases.

    I hope that helps!

    Ben

  • Thanks. It's a 1Password stand alone service then for just my wife and myself that is enabled on all our, Apple only, devices and will remain that way for the foreseeable future. Should the service or app versions no longer be supported or function on whatever the current OS or iOS versions are out then I would look at the subscription model.

    For now everything functions flawlessly and I see no need to mess with that. Thanks again.

  • BenBen AWS Team

    AgileBits Team Member

    Fair enough, thanks @pappjo.

    Ben

  • Please understand I've always been somewhat concerned about the syncing method through Dropbox. At one point both iCloud and Dropbox syncing were possible. But since we each have separate iCloud accounts we maintained the Dropbox method. I had asked in the past what other options might be available and I believe at one time Sugarsync was also an option but we never explored that.

    I was a little edgy about the reliance on Dropbox in case something occurred there making this no longer viable. But currently as I mentioned this has been a flawless process. Once that is no longer the case I have no issue with converting to your current set up. I have been doing that for some time as we started initially with 1Password directly from you and then purchased the Mac app store version when that became available and recommended, as well as purchasing the iOS versions when they were first available. And purchasing the replacement versions that were introduced.

    But I'm always loathe to change something that is functioning perfectly until it no longer does.

  • Michael TsaiMichael Tsai Junior Member

    The great thing about the 1Password apps is that they cache your data locally so you can access it even if you're in an underground cave in the woods — no internet.

    Except that this does not include documents/files/attachments.

  • BenBen AWS Team

    AgileBits Team Member

    I totally understand. For customers that are happy with their current setup we're not trying to take anything away. But we do want folks to know there is a better option out there. Customers have been asking us for a long time to make syncing and sharing easier. Based on those demands we created 1Password.com accounts. The only way to provide this service is as a subscription. We provide the sync service as well as the apps as part of this subscription. The ability to easily share passwords and other important data amongst family and team members has been immensely popular with our 1Password.com subscription customers.

    But I'm always loathe to change something that is functioning perfectly until it no longer does.

    The only thing I'd say is that sometimes a little preventative maintenance can help prevent a headache later. I'm not suggesting that you need to jump on this right now, but I would suggest checking back with us periodically (particularly before doing any major software updates like a new OS) and making sure your current setup will continue to function with new versions.

    Thanks for the feedback!

    Ben

  • One last question. If and when I set a subscription up will we have any further need for Dropbox? Essentially the syncing function with 1Password is about the only thing we use it for.

  • Michael TsaiMichael Tsai Junior Member

    The only thing I'd say is that sometimes a little preventative maintenance can help prevent a headache later. I'm not suggesting that you need to jump on this right now, but I would suggest checking back with us periodically (particularly before doing any major software updates like a new OS) and making sure your current setup will continue to function with new versions.

    This is worrying. It sounds like you're announcing-but-not-announcing that you are going to be dropping support for standalone, or that you’ll just let it stop working if any compatibility issues come up. I realize that you can’t predict the future, but I don’t recall any ominous statements like this back when standalone was the only option. And this is not the type of thing I hear from developers of other apps that I rely on.

  • chighchigh Junior Member

    I have my own opinions about no longer being able to keep a local vault (if I understand everything correctly), but from the comments throughout the rest of this thread, my opinion isn't going to change any minds, which is irritating (to put it nicely), but seemingly nothing I can do about it.

    With the subscription model, can one generate local backups of the vaults associated with the accounts like we can create backups of the local vaults now? I don't mean what the app downloads and caches, but a full backup.

  • rickfillionrickfillion Junior Member

    AgileBits Team Member

    can one generate local backups of the vaults associated with the accounts like we can create backups of the local vaults now? I don't mean what the app downloads and caches, but a full backup.

    Currently, no. This is something I really want to see changed. This was by design initially. 1Password.com started out as 1Password Teams and in a company environment the data in my account belongs to the company owning the account, not to me. This is why local backups wasn't originally brought in. As a company you might want a backup, but that's a different backup than just vaults... you'd likely want things like users, groups, settings.

    For people using 1Password.com as a replacement for local vaults, I still see a need for backups that are more like the old local backups. I think it's important that we make this available to users... it's your data after all.

    Rick

  • EtherealmindEtherealmind Junior Member

    I'm sorry to say goodbye, but its goodbye. I have too many subscriptions which take control of my finances away from me.

  • BenBen AWS Team

    AgileBits Team Member

    Understood. I hope you're able to find a password management solution that meets your needs and that you can feel confident in, @Etherealmind. We think 1Password is the best solution out there, but it can't be everything to everyone.

    Best of luck!

    Ben

  • brentybrenty

    AgileBits Team Member

    Except that this does not include documents/files/attachments.

    @Michael Tsai: You can download these files to your device as well, and they will be cached locally so you can access them offline.

    This is worrying. It sounds like you're announcing-but-not-announcing that you are going to be dropping support for standalone, or that you’ll just let it stop working if any compatibility issues come up. I realize that you can’t predict the future, but I don’t recall any ominous statements like this back when standalone was the only option. And this is not the type of thing I hear from developers of other apps that I rely on.

    The versions of any software product we're using today will cease to function at some point in the future. That's just technology. It doesn't stand still. I don't know when that will come to pass for 1Password 6 in particular — especially since it's still very much under active development — but if it helps you put things in perspective, we still hear from customers running 1Password 3, which was developed from 2009 to 2012.

  • The versions of any software product we're using today will cease to function at some point in the future. That's just technology. It doesn't stand still. I don't know when that will come to pass for 1Password 6 in particular — especially since it's still very much under active development — but if it helps you put things in perspective, we still hear from customers running 1Password 3, which was developed from 2009 to 2012.

    That's great, but being a security product it's important to have clarity on whether or not 1Password 4 will continue to receive bug fixes and security updates. For a tool like 1Password it doens't matter if it still runs but there are known unfixed vulnerabilities, it's unusable at that state. Also for iOS I'm worried that I'll update the app and one day find that the wifi syncing support is gone which would completely break my workflow. I'm only asking for clarity on this going forward

  • Michael TsaiMichael Tsai Junior Member
    edited July 10

    You can download these files to your device as well, and they will be cached locally so you can access them offline.

    How can I tell 1Password (Mac and iOS) to download all the attachments and cache them locally/securely? Can it update the cache automatically if I modify the files from another device?

    The versions of any software product we're using today will cease to function at some point in the future. That's just technology. It doesn't stand still. I don't know when that will come to pass for 1Password 6 in particular — especially since it's still very much under active development

    You are talking as if 1Password 6 is set in stone and it's just a matter of when something changes that causes it to break. Yes, this is true of any software. This is why I would expect to see AgileBits commit to fixing any problems that arise. I don't care whether version 6.7 still runs with macOS 10.14. I care whether at that time there will be a version I can upgrade to that does work. It really seems like you are trying to avoid answering that question. Likewise, if a security flaw is found in standalone, will it be fixed?

    Now, I understand that it's possible that Dropbox and/or iCloud will not exist at some point in the future. Obviously no one is going to hold it against you if 1Password stops syncing with Dropbox because there is no Dropbox (or Dropbox removes their API or something). But I really don't want to hear a year or two from now, “Dropbox support is suddenly broken. We don't want to update our code because we prefer 1Password.com. We've been telling you for years that 1Password 6 would one day case to function.” Or an iOS update removes standalone support from the app, with no way to revert to the previous version. And then I lose access to all my passwords and have to scramble to find another solution. If the plan is that standalone is not going to be supported, please just tell us now and I'll regretfully look elsewhere. Or, better yet, please give us a real commitment that it will be supported so that I can keep using and recommending it without worry.

  • With the recent bad press that you guys have gotten for discontinuing the standalone, maybe you will change your minds? Who knows?

  • rvdmrvdm Junior Member

    AgileBits makes a point about not being able to predict the future, and of not making promises of what will and will not happen to 1Password. I think that makes sense; we don't know everything that will change in technology, and this shows a healthy and careful approach to unexpected events. In the case of a company and product, this helps customers: they know what to expect, and those unexpected events can be dealt with gracefully and in an agile manner. The name fits.

    In the case of discontinuing local vaults, there's a bit of a mismatch between that philosophy and decisions around the product. Customers are to depend on a centralised version and company. In the centralised vault model, we have to commit to a subscription with unpredictable future cost, and we have to gamble on algorithms AgileBits chooses for our most valuable information. Encryption algorithms commonly become obsolete, and encrypted content is suddenly crackable. In my local vault setup an unexpected event like that would suck, but I'd be able to deal with it in an agile manner. In the new setup, I depend on many new external factors that I can't predict: encryption, central security, AgileBits security practice, as well as those capabilities at AgileBits partners. The attack surface grows, as does dependency on this central 'cloud' infrastructure and AgileBits itself.

    I totally understand the usability angle, the need for MRR/recurring revenue for customers, and the temptations of a subscription model. What I don't understand is why AgileBits doesn't choose to commit to doing what they can to keep supporting local vaults next to this subscription model.

    I'm not alone in having spent money on - multiple - 1Password licenses since about 8 years ago. Premium money for a Premium product that has been worth it. Now, I'm hoping AgileBits takes the philosophy they've been leaning on when customers ask about future features: give customers the choice, don't bet all on the subscription model, and allow customers to keep their data in a place they trust. Cloud subscriptions might be amazing for some, and can be a fantastic (first) model. That does not mean the market for local credential storage will go away. It's not a coincidence that many security experts complain about this. Take them seriously, and let them hold on to their local data, as we don't know what will happen to the central bit(s).

  • I've been a long-time 1Password user, coming from the disaster that was LastPass (and prior to that Password Manager), across several platforms. What a great product it was.

    Awhile back I attempted to setup a family member with the wonderful 1Password software that I had enjoyed so thoroughly, but to my dismay I was met with a new business model (and the standalone client quietly locked in the trunk amidst a sea of marketing). I thought, "why was my beloved 1Password in such a hurry to become a product I left in the dust years ago (LastPass)?" You see, I used the product steadfastly without ever visiting the website -- just dutifully updating when told to ; a kind of hallmark of great software. I never saw it coming.

    The hubris of migrating to a non-optional cloud-based subscription model is that:

    1. It issues an ultimatum to existing customers (happy customers, or in my use case above a new potential customer).

    2. It violates the principle of least astonishment -- something that password management software should follow rigorously.

      Given that the standalone client is no longer receiving development attention, and it is in-fact closed source software, the option is to convert or find another solution. "Fool me twice" is already in the rearview, so my guess is I'll have to make the ancient trade-off of security vs. convenience. The circle is now complete.

    Thanks and good luck.

  • I bought and have paid for upgrades for 1Password Mac for the last 5 years. It's been a very solid and reliable system, with a trust model I'm willing to accept. I have happily recommended it to many friends and family who also pay for it. Now I just found out that you've completely replaced the product with a cheap knockoff of LastPass, without telling your customers. What in the world? Why would you force this on everyone? Yes, I understand I can continue to use it until it breaks (or you remove the current iOS version from the app store).

    I'm disgusted by this move, and pissed off that a product I've used and enjoyed for years has no future. I'm perfectly happy for you to add such a service if you want, but removing the defining feature of your software is a betrayal to your users.

  • brentybrenty

    AgileBits Team Member

    @Michael Tsai: I'm not sure how "under active development" could be interpreted as "set in stone". We don't have anything to announce for future versions because we're still working on the current one. And if you've been keeping up with updates, you'll have noticed that we recently added support for Dropbox's new API in the mobile apps so that that will continue to work for you and everyone else who depends on that to sync your 1Password data.

  • brentybrenty

    AgileBits Team Member

    @toobs: We haven't discontinued anything recently. We stopped marketing standalone purchases months ago, but all of the apps have received updates of some kind this month already.

  • brentybrenty

    AgileBits Team Member

    AgileBits makes a point about not being able to predict the future, and of not making promises of what will and will not happen to 1Password. I think that makes sense; we don't know everything that will change in technology, and this shows a healthy and careful approach to unexpected events. In the case of a company and product, this helps customers: they know what to expect, and those unexpected events can be dealt with gracefully and in an agile manner. The name fits.

    @rvdm: Thanks for the kind words. We're not perfect and can't always please everybody, but we work really hard on the things that will benefit the greatest number of users, and, most importantly, on making 1Password secure and reliable. That's why we've still got customers running 1Password 3 today. The OSes and browsers that work with it have long ago become obsolete and insecure, but a lot of people can still safely depend on 1Password. I think that says a lot.

    In the case of discontinuing local vaults, there's a bit of a mismatch between that philosophy and decisions around the product.

    These are really interesting points. But first, we haven't "discontinued" local vaults. I think it's a safe bet to say that most (or all) of the folks in this particular discussion are still using them because they're still very much secure and available — even if a better solution, in both regards, now exists.

    Customers are to depend on a centralised version and company. In the centralised vault model, we have to commit to a subscription with unpredictable future cost,

    No, it's very predictable. License upgrades, however, are very unpredictable. We can't tell you in advance how much they'll cost or when they'll be available.

    and we have to gamble on algorithms AgileBits chooses for our most valuable information. Encryption algorithms commonly become obsolete, and encrypted content is suddenly crackable. In my local vault setup an unexpected event like that would suck, but I'd be able to deal with it in an agile manner.

    I really don't think you could patch a vulnerability in your local setup in a timely fashion. With 1Password.com, we can remotely fix any issues for all members. I think you'll be interested to know that apart from our own efforts, we participate in external audits and cooperate with independent security researchers to find any flaws so we can fix them. None of the encryption we've used for local vaults has been cracked or "become obsolete", but we're using even more advanced crypto in 1Password.com (of note, crypto obsolescence doesn't happen because it it can be cracked — that's called broken — but rather because we deprecate them in favour of stronger cyphers to protect against hypothetical future attacks). All of that sounds a bit scary, but read on. ;)

    In the new setup, I depend on many new external factors that I can't predict: encryption, central security, AgileBits security practice, as well as those capabilities at AgileBits partners. The attack surface grows, as does dependency on this central 'cloud' infrastructure and AgileBits itself.

    With a local vault, you still need to depend on encryption. That's no different whether we're talking about 1Password.com or really anything else in the 21st century. But what you don't have to worry about is security practice of AgileBits or our "partners". First off, we don't have the keys to your data. Ever. And we're an independent Canadian company and don't "share" (or, sell) customer data with "partners", accept outside funding, ad money, and we're not for sale ourselves either.

    I also think it's worth mentioning that if we do have to make changes to the encryption in the future (though we've gone to a lot of trouble to use stronger crypto than is necessary today to future-proof all versions of 1Password as much as we can), a 1Password.com membership means that you'll always get the latest version. You won't ever have to try to weigh the relative costs of upgrading against any security improvements, much less features or compatibility with a browser or OS.

    At the end of the day, we wouldn't use 1Password.com either if we weren't fully committed to its security (as well as privacy and availability). There's a lot more detail in our security white paper, but I can summarize how 1Password secures our data in a few points:

    1. Your 1Password data is encrypted locally on your device before it is transmitted.
    2. The server receives only an encrypted blob.
    3. Your Master Password is never transmitted.

    You might think I'm talking about 1Password.com specifically there, but that's the case no matter what 1Password setup you use — the only difference being that 1Password.com data is also encrypted using the 128-bit randomly generated Secret Key, which is also never transmitted to us. So there's an additional layer of security there as well.

    But most importantly, when you use 1Password, AgileBits never has access to your data, regardless of the setup you choose. Even with 1Password.com, your data is encrypted on your device, so all the server ever ends up with is an encrypted blob. And since the Secret Key is created locally, your Master Password is only known by you, and neither is ever transmitted to us, only you have the means to decrypt the data.

    So, to summarize, if someone gains access to our servers and dumps the full database (we've designed 1Password.com with this in mind), they simply don't have what they need to decrypt it, as each individual user alone has the keys to their data. So an attacker can't get what they need to access 1Password.com members' data from us; they'd have to get the "keys" from each individual user. So while we've made some improvements, this is fundamentally the same threat model as the 1Password we've all been using for over a decade.

    I totally understand the usability angle, the need for MRR/recurring revenue for customers, and the temptations of a subscription model. What I don't understand is why AgileBits doesn't choose to commit to doing what they can to keep supporting local vaults next to this subscription model.

    I think actions speak louder than words. We've released updates (including betas) for all versions already this month. That said, we can't do everything, and it isn't possible for us to work on all the things we want to at once. Local vaults are "done" in the sense that "there's an app for that" already. Right now our primary focus is on 1Password.com because it's relatively new and there's still a lot we can do to improve it.

    I'm not alone in having spent money on - multiple - 1Password licenses since about 8 years ago. Premium money for a Premium product that has been worth it. Now, I'm hoping AgileBits takes the philosophy they've been leaning on when customers ask about future features: give customers the choice, don't bet all on the subscription model, and allow customers to keep their data in a place they trust. Cloud subscriptions might be amazing for some, and can be a fantastic (first) model. That does not mean the market for local credential storage will go away. It's not a coincidence that many security experts complain about this. Take them seriously, and let them hold on to their local data, as we don't know what will happen to the central bit(s).

    It sounds like a lot of people are assuming that 1) 1Password.com is less secure than the standalone 1Password apps (the opposite is true), and 2) because 1Password.com exists no one can use the standalone apps any longer. That simply isn't the case. No one is taking your local data away. Cheers! :)

Sign In or Register to comment.