Can I still buy standalone license for the 1password? [no longer being marketed]

1456810

Comments

  • Michael TsaiMichael Tsai Junior Member
    edited July 12

    @brenty

    I was trying to follow your logic from this statement:

    If your server gets hacked, it could start sending compromised JavaScript to the browser.

    Can you clarify "hacked"? Maybe I jumped the gun. What threat are we talking about exactly?

    This was all in response to:

    First off, we don't have the keys to your data. Ever.

    That's what the white paper says, but there's no way that I can practically verify that. Whereas, with a local vault I can make sure that 1Password has no access to the network.

    For the Web, I was invited to inspect your JavaScript source. But at some point after I do that your server could get hacked so that it sends bad JavaScript to the browser, which makes it send my data to a bad server. In other words, the threat is that there are potentially a lot of people trying to compromise your server because they know it has everyone's data and (if compromised) is a way to get the master passwords, too. I don't plan to use the Web site much, but as 1PasswordAnywhere has been discontinued it may be the only choice in some cases.

    For the native app, we have to trust that it is not sending private data anywhere. Previously, this was not necessary because I could just block it with Little Snitch. Now, I can't block it without breaking syncing. So, to me, this is less secure than before because it's gone from “the app is isolated” to “the app is talking to our server but we assure you that only certain data will be sent.”

  • BenBen AWS Team

    AgileBits Team Member
    edited July 12

    I see what you're saying @Michael Tsai. This is why code signing is important. That is something we do with the native apps, but isn't currently possible with the web client. We're looking into a few different things to help mitigate this:

    1) Less reliance on the web client / more access to the admin console etc from the native clients
    2) Delivering a code signed client to access the web APIs with

    This is just in the brainstorming phase at this point, so I don't have any deliverables I can make promises on, but I wanted to let you know it is something we're thinking about. It has been discussed in a little more depth over here.

    Ben

  • Michael TsaiMichael Tsai Junior Member

    @Ben Thanks for the link to that thread. Very interesting.

  • BenBen AWS Team

    AgileBits Team Member

    You're very welcome. :)

    Ben

  • Hi Ben,

    Thanks for the reply. You guys have been darned good in the past at listening to customers, and we've been down the local sync rodeo a couple of times before.

    Given this business model, you're right, a cloud service requires a subscription, but a subscription should not require cloud. I'd have dropped my CC and Office licenses immediately if they required me to use cloud storage.

    Adobe and Microsoft made it very clear - it's licensing change, not a functional change. You're refusing to do that, and we wonder why. I give many briefings on future 'plans' and have the legal boilerplate about commitments and forward looking statements memorized. 'No plans to remove' does not equal 'plan to keep'. We understand that things change, but there's a very important intent and nuance in the language you're using. One breeds confidence, the other raises concerns.

    Clearly the development effort will focus on the subscription client, not the standalone, and a browser, iOS or OSX update will break it at some point (much as High Sierra has). How long will you continue to support the standalone client for those changes? We don't know. It's not at all clear that it's a single code base and application by the way.

    Regarding the secret key, code and crypto are not the same - I was very careful in my words there "unless a defect in the implementation of the crypto is discovered" - emphasis added. It's about bugs, not bad math. You guys have done a great job at protecting against brute force cryptanalysis, and it's one of the reasons I recommend and use your product. But code has bugs, and even formal validation can't get them all.

    I wish you the best of luck with the teams service. I talk to hundreds of companies a year, and they fall into two basic categories - "Yay cloud!" and "Nay Cloud!". I think the latter are in for a rude shock over the next few years, but even the Yay crowd wants enterprise-class SLA's and guarantees. They also have fall-back detection capabilities (user behavior analytics for example) that can quickly shut down access if a breach occurs, so their threat model is different. I know you can and do sell into large orgs, but for those of us without a contract (or the ability to get one put in place), our only option is to either split solutions (work/personal), or find an in policy option that covers both.

    My net is that I wish you would force people to a subscription service for all future updates, sunset the perpetual license, and include local syncing as an option in that service. That would simplify life for your users, and clear up any confusion about support and commitments. Yes, some people would complain, just like the folks running CS6 and Office 2003 complained when Adobe and Microsoft moved to the cloud and those perpetual licenses stopped getting updates. Some still run old, crippled, insecure code because they don't want to buy the subscription. They are loud, but weren't generating revenue anyway. Unfortunately, the attempt to avoid those complaints is causing a whole different level of concern.

    So how about it? Give us local sync, and we'll subscribe? My credit card is ready :-)

  • BenBen AWS Team

    AgileBits Team Member

    @dougl,

    Given this business model, you're right, a cloud service requires a subscription, but a subscription should not require cloud.

    And it doesn't. It is entirely possible to have a subscription account and only store items in local vaults. I don't personally see the sense in that, but if it works for you then great! It works for us too. Of course I'd encourage you to take advantage of the service that you're paying for by using 1Password.com based vaults, but if you don't want to do that nobody is making you even if you have a subscription.

    it's licensing change, not a functional change. You're refusing to do that, and we wonder why.

    I'd argue that statement is inaccurate (that we're refusing to do that), seeing as it is currently possible to do that and we don't have any plans to change that. It isn't the recommended solution, but it is certainly possible, and maybe it is the best fit for you.

    Clearly the development effort will focus on the subscription client, not the standalone, and a browser, iOS or OSX update will break it at some point

    They are the same client.

    (much as High Sierra has)

    I haven't personally kept up much with High Sierra as my focus is more on iOS but certainly if 1Password is not running smoothly there now it will be by release if not before.

    How long will you continue to support the standalone client for those changes? We don't know. It's not at all clear that it's a single code base and application by the way.

    Again they're the same client. There is only one "1Password for Mac" regardless of if you have a subscription or a license.

    But code has bugs, and even formal validation can't get them all.

    You're absolutely right, but we have taken a number of steps to ensure that any bugs that do pop up are not show stoppers, including our BugCrowd program:

    Bugcrowd | Your Elastic Security Team, better security testing through bug bounties and managed security programs

    My net is that I wish you would force people to a subscription service for all future updates, sunset the perpetual license, and include local syncing as an option in that service. That would simplify life for your users, and clear up any confusion about support and commitments.

    That is essentially where we are today. We're no longer marketing standalone licenses, and local vaults & 3rd party sync are a part of the offering.

    So how about it? Give us local sync, and we'll subscribe? My credit card is ready :-)

    I'll take you up on that offer! :) Local sync is already in the product, with no plans otherwise.

    Ben

  • Thanks Ben, I'll update my blog with some additions from this conversation. Knowing it's a single app with two (one legacy) licensing model helps. I do wish the company would state 'We plan to keep local sync', rather than 'we don't plan to remove it' even if there's an * about 'plans may change' included. It's semantics, but it is driving perception about intent/focus/acknowledgement of importance.

  • BenBen AWS Team

    AgileBits Team Member

    Thanks for the feedback. :) :+1:

    Ben

  • One last question just to make sure I understand - someone can buy a subscription, use a local vault with local sync, and have absolutely no information sent to your servers, correct?

  • BenBen AWS Team

    AgileBits Team Member

    One last question just to make sure I understand - someone can buy a subscription, use a local vault with local sync,

    Yes.

    and have absolutely no information sent to your servers, correct?

    Obviously all the information that we would normally have as part of a subscription would be sent to us (billing info, etc), but it is entirely possible to do as you've described and store no 1Password data on our service.

    Ben

  • Thanks Ben, that makes it a lot clearer. Ton of confusion around all this, I'll get my post updated. Appreciate the conversation!

  • mikeyhmikeyh Junior Member

    If you are a power user, administrator or security professional purely interested in self managed local vaults, local folder sync, Wi-Fi sync and local backups hopefully this is a good summary:

    https://discussions.agilebits.com/discussion/80106/the-future-of-local-vaults-local-folder-sync-wi-fi-sync-and-local-backups-with-subscriptions/

  • BenBen AWS Team

    AgileBits Team Member

    Thank you both. :)

    Ben

  • @Ben

    What about windows? Right now 1Password6 actively does not support local sync or Dropbox.

    So your statement is incorrect. A user cannot buy a subscription and use only local sync.

    Also is local sync a feature of the subscription plans? It doesn't seem to be. It seems that "local cache" is the feature there.

  • Hi AgileBits team,

    I followed the recent changes in 1Password and it seems it is only going worse.
    Let alone that your new password vault format does NOT support any local sync on Windows and Android (which is plain ridiculous), you are now pushing new and existing users into a subscription model that includes cloud sync.
    And you know what: 1Password 4 will definitely be the last 1Password I bought if you continue with your marketing strategy.
    I can totally understand that some of your managers see a huge pile of money laying on top of the table labeled subscription model. But as a security-concerned user I just dont want any cloud sync, no matter how many times you claim the sync and password storage is secure.

    At the moment I just can't understand why you continue to offer two versions of 1Password: 1 single user license, one-time purchase and a version that includes cloud sync, subscription based.
    I would perfectly fine if you say that the single-user license / version does not support cloud sync. Okay, no problem, I could live with that. But having to pay a monthly fee for a service I do not use and will never ever use? I would call this a rip-off.

    I see absolutely no problem in offering two separate versions, but you may enlight me with a suitable explanation why you think it's a problem.

  • dougldougl
    edited July 13

    Hi Ben,

    I tried to sign up for a subscription (per my word). There doesn't seem to be any way to do so without setting up a web vault. Unfortunately, that's not good enough. Railroading people into a web vault, then allowing them to disable it is going to cause accidental data disclosure, and isn't acceptable.

    Did I miss something, or is there another path?

    The point about Windows not supporting it is also well taken.

    I have no problem buying the new version on subscription - that's the way all software is moving - but it needs to offer local vaults and local sync as a full peer option without any unnatural hoops or hidden options. Recommending cloud is fine, but it remains an open question if I can endorse 1P, as I can't seem to find a way to subscribe without a local vault (without calling in to sales).

  • krlklmkrlklm Junior Member

    "Why Security Experts Are Pissed That ‘1Password’ Is Pushing Users to the Cloud"

    https://motherboard.vice.com/en_us/article/evdbdz/why-security-experts-are-pissed-that-1password-is-pushing-users-to-the-cloud

  • @dougl you can, I'm doing it now, and I have the subscription.
    Settings
    Vaults
    Sync additional vault
    And you pick from there what you want to use.

  • Hi @prime
    maybe @dougl is referring to the initial setup of a 1Password.com account, where you need to complete the steps in the browser and which creates a vault per default.
    If I'm not mistaken, that vault is there but does not need to be used.

  • @Manaburner, exactly.

    Here's my updated update to my blog post (with one line removed that's not appropriate for this venue).

    Revised update:

    I’ve had conversations with AgileBits via their support forum, and there’s been some back and forth, so let me revise my update and consolidate what I’ve learned.

    • For existing users on OSX and iOS, local vaults and local sync remains in place. Agile states no plans to remove, but will not commit to that functionality long term.
    • For users on Windows and Android, local vaults and local sync are not available.
    • New users must buy a subscription to 1Password.com, which forces them to create a web vault, master passphrase and such. Once signed up, OSX and iOS users can jump through some hoops and convert to a local vault. This will result in challenges, accidental use of the incorrect vault, and is generally a pain – it’s well hidden, by design.
    • As The Register put it, “1Password won't axe private vaults. It'll choke 'em to death instead.” That pretty well sums it up.

    I understand that the company needs a more sustainable revenue model, and a subscription option is the way to go. Adobe and Microsoft are right there too. But the insistence on linking subscription to cloud vaults just makes no sense. We in the security industry are often painted as acting as if we are ‘smarter than the users’, and this is a prime example of it. While cloud vaults may make sense for the majority of users, it is by no means appropriate for everyone.

    Our job as security professionals is not to say yes or no to a solution, it’s to present options, risks, and yes, recommendations, but then let each user make their own decision. Once they decide, then we tell them how to be safe given their own constraints and preferences. **We do not own the risk, users do. **

    Until and unless AgileBits allows users to download the software, purchase a subscription, and use local vaults and local syncing without any cloud involvement, across all four major platforms, I can no longer recommend 1Password for new users. Again, let me be clear – I’m happy to move to a subscription model, but artificially linking that to a cloud service is an unacceptable downgrade in the security of the solution.

  • edited July 13

    I am a long time 1P user and evangelist having recommended it to countless colleagues, friends, and family.
    I created a forum account to comment on this topic.

    It is understandable that you would transition to a subscription model, but requiring, promoting, or even just defaulting to cloud based vaults is something no security conscious professional can recommend. The recent outrage on forums, newspapers, and twitter over your trajectory towards that, seems to validate that point.

    The way I have always seen it, the most compelling advantage 1P had over other solutions was the level of control over one's setup and data.

    Unless you can provide assurances that there will always be an option to store all vaults locally and on my choice of cloud storage, then I'm afraid 1P will stop being the product of choice. I am certain that I am not alone in that.

    I appreciate that the option is currently available, and even though I am no fan of the subscription model for software I am happy to pay to support a company I have grown to love. But you have to make sure that the option for local storage remains available and easily accessible forever. Love for the company is not unconditional and alienating your biggest fans can have knock on effects.

  • BenBen AWS Team

    AgileBits Team Member

    @dougl,

    It isn't possible to create an account without creating a vault, but you don't have to use that vault, and it can be hidden from the UI (1Password > Preferences > All Vaults > Uncheck the 1Password.com vaults).

    Ben

  • BenBen AWS Team

    AgileBits Team Member

    Thank you everyone for your feedback.

    Ben

  • Thanks Ben, you're a trooper to be the face of the company through this. Unfortunately that's not sufficient - local vaults need to be a peer feature, not a hidden hack.

    Hopefully the outcry has the powers that be rethinking a cloud-only strategy. I had two of my colleagues reach out this morning on this topic. They're on board with the general reaction, and are no longer recommending 1Password either. it's unfortunate that flexibility and user choice are no longer design points.

  • BenBen AWS Team

    AgileBits Team Member
    edited July 13

    Thanks Ben, you're a trooper to be the face of the company through this. Unfortunately that's not sufficient - local vaults need to be a peer feature, not a hidden hack.

    Thanks for the kind words. :)

    I'm sorry but that is unlikely to be the direction we go. We feel that for most folks the 1Password.com service is going to be the better option, and so that is what is going to be front and center. For power users who want local vaults, that'll still be there.

    User choice is a great thing until it reaches critical mass of causing significant confusion. Put yourself in a non-technical user's shoes a few years ago, when we ran both models side by side. As an example:

    I'm a family man looking for a password management solution because a friend told me I needed one and pointed me in the direction of 1Password.
    I go to the website and see there are a lot of choices:

    • 1Password for individuals, 1Password Families, 1Password Teams, or standalone licenses
    • I've got a family, so it doesn't really make sense to buy a separate thing for each individual when I could just buy one larger membership, so the individual thing is out.
    • I'm not running a business, so even though the idea of more customization of permissions is cool I don't really need that, so 1Password Teams is out.
    • Now I'm down to 1Password Families or standalone licenses. My buddy said he uses standalone licenses, so let's take a look at that. I see I'm going to need multiple licenses... because desktop is sold separately from the mobile apps, and each person needs a license. I'm going to need a 1Password license for me, a 1Password license for the wife, 1Password for iOS' Pro features for me, 1Password for Android for the wife (try as I might I can't get her to switch to iOS), iOS Pro features for each of the kids... okay that is like 6 different purchases that is going to cost well over $100. Wow. And that doesn't include upgrades? Okay maybe I better look at this 1Password Families thing before I make a decision.
    • Okay cool, I only need to buy one thing with 1Password Families. It is a monthly (or annual) subscription, but it includes everything I need as well as upgrades. Great! Sign me up.
    • So now I've got 1Password Families, but my buddy said I should avoid the 1Password cloud. Okay. So I need to figure out how to get my data on all of my devices without using the 1Password cloud... I could use iCloud! I'm already paying for iCloud. Perfect!
    • Oh wait... I want to share a vault with the wife, and she uses Android... no iCloud. Back to the drawing board.
    • Talked to my buddy. He said it is best to avoid ANY cloud. WLAN sync it is!
    • Hmm. This WLAN thing doesn't seem to work so well. The desktops can't see the phones. The phones are on WiFi, but the desktops are connected with cables... maybe that has something to do with it? And what do I do when I'm away from home, but the wife has been home planning our vacation and added a new login for that one travel site that I want to check on and see how the plans are going....

    ....

    In could go on and on. You could spend a whole day before even getting started. There is a balance between simplicity and advertised choices. If you know you need a local vault: great, but we're not likely going to advertise that to everyone.

    Ben

  • Catalin1PCatalin1P
    edited July 13

    The problem with the cloud is that it will be always a target for hackers. As long as the 1Password team won't make mistakes and there are no bugs or humans mistakes and everything is airtight, there is nothing to worry about. The competitors are already using cloud storage and there have been no problems. I am sure that 1Password has learned a lot about from the competitors mistakes and have improved 1Password after seeing what happened to them. Seems like the cloud is the future. Let's take an example. As far as I know, iCloud, Dropbox and almost all cloud services have been a target for the bad guys, but as long as the team behing these services use the newest technologies and encryption's to secure the data on its cloud service, I don't see the problem in using the cloud in the first place.

  • dougldougl
    edited July 13

    Hi Ben,

    I don't disagree with any of your points, and I've been there myself fiddling with local sync to get it working. But forcing a cloud vault setup - especially having the master passphrase entered in the dirtiest piece of code on most folks computers (the browser) is unnecessary and risky. If the master passphrase is never sent the cloud - and that's an advertised security feature - then there's no reason to have folks setup the system with it in the browser. That alone is a complete show stopper for me.

    Let me paint a different option for you, because the subscriptions and cloud are still getting confused.

    A user goes to 1Password.com, and buys a subscription. That includes creating an account, paying the bill, but not anything to do with secret keys or passphrases - no vaults.

    After purchasing they're presented with instructions to download the software. The software then walks them through setting up a cloud vault.

    The software then goes through the process to vault with a master passphrase that never leaves the users devices, prompts the user to link it to their 1Password.com account, offers to change the online account password to a real one that's automatically stored in the vault, and bob's your uncle.

    But, on the initial configuration screen, either from the menu, or in a tiny button, there's an 'advanced user' option that, when triggered, asks if the users wants a local or cloud vault, and at that point only sets up the local features.

    This decouples the subscription from the deployment model, and solves the issue. It should also align with your desire and belief that cloud vaults are appropriate for all new users.

    I, and my other colleagues I've talked to, do agree that for a lot of folks, cloud vaults make sense. But removing the features that more advanced users need - the very people who recommend your products to the masses just isn't ok. We recommended 1Password because you covered all use cases. With your change, there's no real reason to choose you over any other cloud-only solution, and you're going to be relegated to competing on price alone as a commodity offering. Those very same low-tech users won't understand the nuances of the different services, and folks in the industry won't bother explaining them any longer because you've alienated us as customers.

    P.S. A light bulb went off - is reducing support costs the primary driver for forcing cloud vaults? If so, then on that advanced screen put up a warning that says 'Troubleshooting local sync is only provided via peer-to-peer support in the agilebits forum'.

    P.P.S @Catalin1p there have been numerous attacks against the cloud-based competitors, including loss of user data. This isn't the same as losing iPhotos or google calendar (hopefully the user had a backup). A compromised password vault is catastrophic.

  • BenBen AWS Team

    AgileBits Team Member

    Additional information on this subject can be found here:

    AgileBits Blog | Why We Love 1Password Memberships

    @dougl

    Why does the current flow need to change? You have the option of never storing any data in a 1Password.com vault. One will exist, but so what? The Master Password and Secret Key have no bearing on your standalone vaults. 1Password will unlock only with the Master Password for the Primary standalone vault. Try it. :)

    We agree regarding the web interface and are working to reduce our reliance on it. It is a great convenience feature, but it would be better to have the admin console and signup process available in the native apps.

    Ben

  • @dougl AgileBits should pay you for a new business plan ;).
    I like that the suggestion is very constructive. It seems feasible and such a scenario would be perfectly acceptable for me.

    ...'Troubleshooting local sync is only provided via peer-to-peer support in the agilebits forum'.

    I wouldn't mind having to resort to forum help as long as a feature is actively maintained and improved by the developers.

  • Hi Ben,

    Aside from the fact that no secret key or master passphrase should ever be required to be transmitted via a browser, because it's undocumented, hidden, complex, and leaves stale data in a vulnerable state. Can a user completely remove all cloud vaults after doing the hack-around?

    From a business standpoint, folks will run into exactly what I did. I tried to subscribe, was asked for a master passphrase, and immediately abandoned the session because it looks like I'm being railroaded into the cloud. With no other options presented, it's a poor user experience.

    Let me flip it around and ask this: Isn't setting the default to cloud with appropriate warnings, recommendations, and guidance enough? Why are you actively trying to hide and make using a local vault and local sync difficult, user hostile, and clunky? Do you not trust your users to take all the facts and data into account and make their own informed decision?

Sign In or Register to comment.