1Password 4 does not support Chrome 72 or later [1Password 7 is available]

135

Comments

  • Greg
    Greg
    1Password Alumni

    Hello guys,

    You should disable "Verify web browser code signature" check in 1Password 4 at your own security risk. For more information about 1Password 4 and Chrome 72, please check my reply in a similar thread here.

    If you have any other questions, feel free to raise them. Thank you! :+1:

    Cheers,
    Greg

  • Lars
    Lars
    1Password Alumni
    edited February 2019

    @piersg

    I feel that your attitude, reflected in some of the replies above, is "get a new licence, get a new browser, or get a new password manager"

    1Password is a security company. It would be bordering on malpractice for us to suggest anything else, besides that users keep their browsers, their OS and their security software as current as possible. If "customer focused" means to you that we should suggest ways for users to reduce their own security, you probably won't be seeing a lot of that from us.

    So how about a sweetener for these users in the form of a special upgrade price? I would be interested in upgrading to the standalone version, but if the only way to find out how much it costs is to install the new version...

    It's been mentioned, yes, but it isn't actually true: this forum is evidence that we're perfectly happy to discuss the cost of standalone licenses; we just don't promote it on our pricing page. For the record, a standalone license for 1Password 7 for Windows is currently at $49.99, a 23% discount off the eventual full retail price of $64.99.

    ...how long will my new version be supported for? Just another 18 months?

    I want to make a distinction between "will be supported" and "will continue to receive updates to the code." The former will be quite some time indeed. We still regularly are assisting people who are using 1Password 3 for Mac (from 2009!). Of course, with a ten year old version, so much has changed and become incompatible between OS, browser and out-of-date version of 1Password for Mac, often all we can do is help such users get upgraded to newer versions, but there's no formal limit on when we arbitrarily stop supporting older version, based on the age of the version a user has. We'll try to help however we can. What won't be happening is pulling developers off working on the current versions of 1Password to re-open the code base of years or decades-old versions to try to figure out ways to make them compatible with modern versions of OS and browser.

    I can't make any kind of prediction about the future, as far too many issues bear on something like that. However, if history is any guide,

    • 1Password 1 for Windows was released in April of 2010
    • 1Password 4 for Windows was released in June of 2014
    • 1Password 7 for Windows was released in May of 2018
      (these were the paid upgrade points)

    • 1Password 3 for Mac was released in November 2009

    • 1Password 4 for Mac was released in October 2013
    • 1Password 7 for Mac was released in May 2018

    Going forward, I would expect shorter times between releases, perhaps more on the order of 1-2 years, but again, I have no concrete idea and we have no formal schedule for new full-version upgrade releases.

    I want to support development, and I feel like a valued customer.

    Awesome! We've got you covered whether you prefer either a more-regular and easy-to-budget for 1password.com membership, or a less-predictable, larger but less frequent standalone license. Whichever you choose, we'll continue to give our best effort into the newest version of 1Password. Thanks! :)

    Oh, and P.S. - I don't know how much longer the "launch special" discount of over 23% off on a standalone license of 1Password will be available, so I wouldn't wait too long if that's the route you plan to go.

  • Hi @pir2,

    I've merged your post in this thread about 1Password 4 no longer supporting Chrome 72, please read Greg's post here: https://discussions.agilebits.com/discussion/comment/489415/#Comment_489415

  • Flandy
    Flandy
    Community Member
    edited February 2019

    Well this sucks. I specifically picked 1Password as my password manager back in 2016 specifically because it was a one time payment. Now not even 3 years later I'm basically being forced to upgrade to 7 and you guys can't even offer a discount to those of us who bought your super expensive license key? Honestly I wouldn't mind going the monthly subscription but at least offer me a discount. As it stands now I'm feeling super ripped off and can't bring myself to give you even more money. Like please consider offering a discount/coupon otherwise I'll be switching to a different password manager

  • MikeT
    edited February 2019

    Hi @Flandy,

    You can still use 1Password 4 with Firefox, Vivaldi (uses same engine as Chrome) and Brave.

    The purchase you made was for one-time payment for 1Password 4 for Windows license, it does not include unlimited support for third party programs like Chrome in the future, it's not sustainable for us. You can still use 1Password 4 normally but with a different browser and your 1Password data is still protected. We will continue to issue any security related updates but not for new features improvements anymore, that is going into 1Password 7.

    1Password 7 for Windows is on sale right now for 49.99$ (regular price is 64.99$) and all 1Password.com memberships already have one month free as trial.

    As it stands now I'm feeling super ripped off and can't bring myself to give you even more money.

    I'm sorry you feel that way but you just said you bought it back in 2016 and already had more than two years of use (and can still use it with other browsers). To keep protecting your data, we have to be alive and feed ourselves and our families to keep working on 1Password and improving it. We can't survive on unlimited free lifetime upgrades for 1Password and giving out discounts all the time won't help either, we tried that in the past and it wasn't a sustainable business model for us.

  • WLAN sync isn't available in 1Password 7, @mzman, so you'd need to consider an alternative method for your phone before making that leap. If there isn't a sync service you feel comfortable with – keep in mind the only thing that's 100% required is that all devices can access this folder – then 1Password 7 may not be a good choice for you. Is there any sync service you'd be comfortable using? What about that phone – is it an iOS device or Android? If it's iOS, that may limit your options, so that's something else to consider.

    As for a general resource for upgrading, you can find that here:

    https://support.1password.com/upgrade-windows/

    To purchase a license for 1Password 7, just make sure to select the "Need a license" option in the app when prompted to pay. 1Password 7 will take care of converting your vault for you and, while it shouldn't impact your sync method beyond WLAN sync. Just like you can copy your AgileKeychain between devices, you can do the same with an OPVault. And, of course, if you do run into any trouble, we're happy to help. :+1:

  • Hi @mzman,

    Yes, that's called Folder Sync and we support it in 1Password 7 for Windows, Android and macOS. You can see the details here: https://support.1password.com/local-folder/

    The only platform we can't support Folder Sync on is iOS due to its file system security design.

  • Hi @mzman,

    I then manually keep that folder synced (with some Android app) to it's equivalent in Windows, both Android and Windows passwords should work as WAN sync has been?

    Yes.

    1Password simply monitors the external folder on the local storage to update its database while you use anything you want to sync that folder between devices. Once you change something in 1Password, it will update its external folder, you then sync that folder to the other devices and 1Password will know the folder has been modified to import it into its local database.

    Any suggestions on an app that works? I use FolderSync for something else.

    I'm not sure what you mean for something else?

    You could use something like Resilio Sync to sync that folder between your devices in your local network. I'm not familiar with any other apps for local network sync, you can ask in the our Android forum.

  • Drewski
    Drewski
    Community Member
    edited February 2019

    Count me as a loyal customer of Agilebits disheartened by a company I have literally supported since April of 2011.

    Over the years I have directed as many people as I could to 1Password because I believed in the company. Agile was 5 ¾ years old, made a groundbreaking product, and recognized the value of customer input and support.

    In the formative years customer input, beta testing, feedback, bug reporting, discussion, and financial support allowed the Founders to transform our frustration with maintaining our passwords to a problem solved.

    So, what’s changed? Why am I disheartened?

    Like so many others I am shocked at the time wasted trying to figure out why my reliable password manager no longer worked in the most popular browser on the planet.

    The younger Agilebits would have used sales data collected, forum registrations, and every other method possible to inform their valued customers of an interruption to their experience as well as solutions and support.

    In the old days, license holders would not be forced through a labyrinth to purchase a new license.

    Way back when, Team Members in the Forums wouldn’t be forced to defend outrageous acts of software companies.

    After touting the ultimate security of a vault on my local machine for so many years, the Founders decide to abandon local vaults in favor of cloud-based vaults. The last straw for me was the puzzling offer of $100,000 to the idiot who would reveal how to steal my data from the cloud. Agile has delighted worldwide hackers with a juicy new target.

    I’m not totally surprised. It’s simple really.

    Agilebits in now a little over 13 ½, still makes a great product but, as planned, must focus on the Founder’s harvest of a matured company grown by their customer centric fertilizer.

    It’s the American Way.

    I’m not sure I’ll keep supporting 1Password and I can longer recommend the company. No hard feelings, I was kinda expecting this, but still had hope. Sadly, I’m looking for a new password valentine.

  • Lars
    Lars
    1Password Alumni
    edited February 2019

    @Drewski - I'm sorry you feel let down. And on Valentine's Day, too. :(

    The younger Agilebits would have used sales data collected, forum registrations, and every other method possible to inform their valued customers of an interruption to their experience as well as solutions and support.

    I've been working here for nearly five years and my first license of 1Password was July of 2007, and in that time, I've never once seen an email that I can remember that was generated directly from AgileBits TO users, unsolicited, informing them of anything. We just don't do that in my experience. And it's not a recent/new/"changed company" thing, either: as far as I know, we never have, for various reasons (not least being: we collect as little information about our users as possible, and often (especially after the beginning of Mac App Store sales) we have far, far from a complete list of who even owns/uses our software.

    Way back when, Team Members in the Forums wouldn’t be forced to defend outrageous acts of software companies.

    I wouldn't defend "outrageous" acts of anyone including my employer, but fortunately, I don't feel pressured to. :) The license purchase process should still be pretty straightforward (especially for an experienced hand such as yourself!), despite the fact that we have de-emphasized license purchases in our pricing pages: you download and install 1Password 7, and on first-run, you'll be shown the Purchase Options screen. Click "Need a license? We have those too,"

    ...and you'll be taken to our FastSpring store where you can purchase a new license for version 7 at the "launch special" price of $49.99 (the same price licenses were for multiple years), which represents an over 23% discount off the full retail price of $64.99. I'm not sure what's difficult about that, but I'm certainly willing to listen, if you found that process unusually tough to navigate. Would you be willing to elaborate?

    The last straw for me was the puzzling offer of $100,000 to the idiot who would reveal how to steal my data from the cloud.

    If you've been following that, then I'm sure you've likely noticed that, to date, no "idiot" has managed to claim that prize, just as there were no reports of which we're aware of users' encrypted data being breached in the pre-1password.com account days, either. Our focus has always been, and remains, our users' security, and I encourage you or anyone else interested in the security model of 1password.com accounts to read the security white paper on the subject, particularly the sections on the role of the Secret Key (summarized much more briefly here. I'd be happy to answer any questions. :)

    Agilebits in now a little over 13 ½, still makes a great product but, as planned, must focus on the Founder’s harvest of a matured company grown by their customer centric fertilizer.

    I'm glad you think we still make a great product, but I'd be exaggerating if I said I was certain I knew what the rest of this meant. There's certainly a great deal of cynicism (much of it deserved) regarding the "dotcom" culture of "start up, kick butt, cash out," yet a casual glance at AgileBits' history shows we're about as close to the antithesis of that stereotype as it's possible to get. Founders Dave Teare and Roustem Karimov, who wrote the original code for 1Password in 2006, still work here every day. Not only have they not cashed out at any point along the line, we've actively resisted offers of acquisition and never taken a dime of venture capital funding because we prefer to grow slowly and sustainably over the long haul instead of looking for the biggest payout and then the quickest available exit. Just as it's been since the beginning, AgileBits has thrived in an increasingly competitive space solely on the direct sale of 1Password to you, our end users. We like it that way, since it means we have no "angel investors" or deep-pocketed corporate parent telling us what we should be doing; instead, we're free to make the best password manager we can, and we're able to answer only to ourselves -- and to our you guys, our users.

    It’s the American Way.

    Well, we ARE Canadian. ;) I'm just gently ribbing you, of course, but I always thought the storybook notion of the American Way as it pertains to business, was the "Main Street" success stories that grow from (literally) tiny garage operations into successful, stable businesses by taking care of their customers and making a product people want. That's pretty much what we've done, over 13+ years. :)

    No hard feelings, I was kinda expecting this, but still had hope.

    I've re-read your post a few times, and I'm still not sure exactly what it is you were expecting. This is a thread regarding the legacy 1Password 4 for Windows app no longer working with the most-recent Chrome update due to changes in Google's code-signing. Was that what you were expecting? That we'd keep updating version 4 indefinitely, for free? Or are you only upset that we didn't try to reach out to our incomplete list of who we think might still be using 1Password 4 for Windows and inform them this was coming (I believe I addressed this bit earlier, but feel free to ask any questions)? Or is it that we now have 1password.com accounts in addition to our other cloud-based sync methods like Dropbox and iCloud? Or that we're "harvesting"(? - still not sure I understand this)? Or that we have 1password.com accounts now (which you don't use)? Or offered a still-unclaimed $100,000 reward on bugcrowd? I'd like to be able to help you, and I will if I can, but I'm truly not sure what's got you so upset that you want to find another Valentine despite saying we "still make a great product": you're not required to create a 1password.com account. You're welcome to use a standalone license for 1Password 7 for Windows, I'd be happy to help if you're having trouble purchasing one. If you decide to test the waters out there anyway, we wish you luck -- just as long as you're not reverting to sticky notes on your monitor or re-using the same password everywhere.

  • Hi @mzman,

    The third one, do not leave 1Password syncing like that, you have to make sure you're done syncing before you leave. This is true for any syncing you do including the previous WLAN sync.

    I change passwords for different logins/accounts on two devices, then sync them.

    When you make the change, it'll be saved to the local database first and then exported to the individual band file in your OPVault that holds that item. Without syncing, you could modify two items in the same band files on the multiple devices, which could get confusing but 1Password is smart enough to know what to do. Each 1Password has a copy of all items and local changes in its local database; so if it detects an incoming band file that has items missing, 1Password is not going to remove them in the local database but instead it's going to import whatever changes is in the incoming band files and then re-upload its local changes (the ones missing in incoming band) to the same band file and push it back, so the other client will have the same list.

    I change passwords for the same login/account on two devices (or change some attribute other than a password on the 2nd device), then sync them.

    Same thing but 1Password doesn't just replace the item, it'll compare both items and run though a series of algorithms to avoid duplicating the data, only merging in the changed parts and put the conflicting data in a separate conflict data like this:

    I lose connection during the sync (perhaps because I leave my house during sync), and only some of the folder's files get synced.

    That could cause corrupted band files, 1Password 7 has code to detect and skip importing corrupted band files, so you won't see updated items. You'd have to re-sync again to push proper band files.

  • Greg
    Greg
    1Password Alumni

    @mzman: On behalf of Mike you are very welcome! Please let us know if you have any other questions, we are always here for you.

    Cheers,
    Greg

  • bellybot
    bellybot
    Community Member

    I bought a standalone licence for Mac when I used to have a Mac, which can be used for 1Password 4 for Windows (I'm now a PC user), but the extension doesn't work for 1Password 4 anymore. I'm considering buying a standalone licence for 1Password 7 for Windows, but wondering how long the extension will continue to work for 1Password 7? And how long will you continue to support it? Will you roll out 1Password 8 and then I have to buy another standalone licence to be able to use it??

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @bellybot! We don't make plans to have older versions stop working intentionally. But what IS true is that when a new version of 1Password is released (whether on Mac or Windows), the previously-current version enters legacy status. At that point, it will receive no further development attention with the exception of critical security fixes should any be needed/discovered. Compatibility fixes do not fall into this category, since our recommendation is always to keep your OS, browsers and version of 1Password up to date. So, if there's a compatibility issue in the current version of 1Password, we fix it as quickly as we can. If a legacy version of 1Password stops being compatible with some newer OS or updated browser, that usually won't be getting fixed; the solution is to upgrade to a more modern version of 1Password, just as you upgrade to new OS and browser versions.

    Long story short: no, 1Password 8 (whenever that comes out) will not, by itself, make earlier versions of 1Password incompatible or unusable. Hope that helps! :)

  • btcompute
    btcompute
    Community Member

    As markherdeg stated above, "Turning off "Verify web browser code signature" in 1Password 4..." worked for me to get 1Password 4 working in Chrome 72 on my Win 10 PC.

  • bellybot
    bellybot
    Community Member

    Thanks @Lars for your reply. I've purchased a standalone licence, hopefully it'll work out cheaper than paying subscriptions when 1Password 8 comes out.

  • ebullister
    ebullister
    Community Member

    Please tell me I understand this correctly:

    v4 no longer works with browsers.

    Going forward, the only way to continue to use 1password with browsers is to switch to v7, which means uploading all of my password data to 1password's cloud. I am OK with paying for a subscription service, but I am not sure I want to give all of my password data to 1password or to have it stored anywhere but on my computer.

    So, is it true that I need to put all my password data on the cloud to continue to use 1password?

  • Drewski
    Drewski
    Community Member

    @Lars

    I've never once seen an email that I can remember that was generated directly from AgileBits TO users

    I didn't mention email specifically. What I did say was "to inform their valued customers". The semantics aside, the company (AgileBits) sends messages to users every day and in many different ways. The forums are an obvious example.

    we have far, far from a complete list of who even owns/uses our software.

    I did not suggest you had a complete list. The entry page for the forums claims 138,000 registered members. Agile could have started with that list. Keeping a company’s customer list is critical to a business if only to demonstrate market penetration. Of course there are many other reasons to maintain a customer list on a continuing basis. To suggest you don’t have records for the purchasers of 1Password stretches your credibility. I1Password 4 licensees continue to waste hours of their time before they discover their software is on the critical list and their reaction isn’t likely to encourage sales.

    The license purchase process should still be pretty straightforward......despite the fact that we have de-emphasized license purchases in our pricing pages:...you download and install 1Password 7

    We agree that it should be pretty straightforward but it isn’t. The Forums are rife with customers who have wasted a lot of time trying to find the details of converting a 1Password 4 license to a 1Password 7 license and can’t find it unless they download version 7. I wonder why you have de-emphasized personal licenses and what that implies if I purchase another one. I am uncomfortable downloading and installing a new program just to find out what the details are for purchasing a new license. There is a lack of transparency that is unsettling.

    to date, no "idiot" has managed to claim that prize ($100,000)

    The prize is a marketing ploy and will never be claimed. Only an “idiot” would invest the required resources, to attempt to defeat what is a robust defense, on the chance they could collect the difference between their investment and the modest sum of $100,000 (pretax). I suggest it would cost more than $100,000 to do the job and no one is going to take the bait. If the offer were serious, the prize would have been large enough to attract the best and brightest. But, Agile’s marketing guys knew if they kept the prize low enough there would be no takers.
    On the other hand, the bad guys, perhaps even state sponsored bad guys, will invest the resources to attack such a valuable asset and that worries me. If the data I release to Agile is as secure as Agile claims it is, then Agile should offer to refund every dollar I pay as a subscriber if my data is breached. Can you direct me to the webpage where Agile guarantees the safety of my data? Talk is cheap.

    My comment regarding the Founders harvest seems clear to me, and I think, to you.

    There's certainly a great deal of cynicism (much of it deserved) regarding the "dotcom" culture of "start up, kick butt, cash out,"

    There’s gold in them thar clouds, and in subscription services as well. Agile needs that cash badly. The overhead costs are eating up the revenue and that’s ok for a startup but Agile can’t be acquired, or float an IPO, if the business is unable to fund customer support, R&D, 125,000 Apple employees who don’t pay for it, marketing, back office, etc., etc., and make money. Agile is making a big bet that they can generate enough revenue to sustain their overhead costs and make a profit by turning away from personal licenses and reaching for the holy grail...subscriptions.
    For me it doesn’t really matter if they win the bet or not. Either way, I am not interested in placing my passwords in the cloud or suffering a subscription. I feel like my interest and Agile’s interest are diverging. To be clear, the Founders are entitled to reap the benefits of their labor, and harvest as much money as they can from an acquisition or an IPO, but they will lose me as a customer if they offer a product I don’t want.

    It’s `the American Way

    The American Way I am referring to is the common practice of throwing some customers under the bus, in this case personal license holders, on the bet that a new concept, a cloud based subscription service, will result in more revenue and more customers than are lost. Personal licensees have become expendable.

    Was that what you were expecting? That we'd keep updating version 4 indefinitely, for free?

    No, that’s a Canadian red herring?

    The forums are loaded with shocked, confused, frustrated, and angry customers unable to navigate Agile’s labyrinth of sales and marketing that intentionally obscures certain bad news like the plight of those interested in continuing locally based vaults that will no longer be supported. If Agile really cared about licensees they would offer updates for a fee to maintain compatibility, but Agile can't because they don’t have the resources. What I expect is the same transparency and honesty Agile demonstrated prior to the launch of a 1Password subscription based on a cloud/server.

    I'd like to be able to help you, and I will if I can

    You could help me, and perhaps others in the following ways.

    Provide a prominent link on the website to a page for current license holders of 1Password that:

    1. Provides a prominent link on the webpage to purchase a personal license that doesn’t include a sales pitch for subscriptions.
    2. Provides the terms, conditions and pricing of acquiring a 1Password 7 personal license before having to download and install 1Password 7.
    3. Explains why Agile has de-emphasized personal licenses, and why customers should invest their money in a de-emphasized model, and honestly detail the level of support those customers can expect.
    4. States the number of personal licenses required, and the cost, if a customer uses the license(s) for different operating systems . As an example, if the customer uses a Mac, Windows, and Android, how many personal licenses must be purchased and at what cost.
    5. Prior to installing or purchasing a personal license for 1Password 7, provides detailed instructions for 1Passwor 4 customers for installing 1Password 7 without having vaults stored in the cloud or on your servers.
    6. Detail the differences in the functionality of personal licenses of 1Password 4 and 1Password 7.
    7. Notifies the owners of 1Password 4 of a change in status (status is Legacy) and what that means for their product. For example, updates needed by 1Password 4 to maintain compatibility with newer versions of browsers will not be offered. (E.g. Chrome version 72)

    I would be happy to answer any questions you may have.

  • asllin
    asllin
    Community Member

    Thank you markherdeg for the below solution. It worked for me with 1Password 4 and Chrome v72.

    Turning off "Verify web browser code signature" in 1Password 4 (under Help/Advanced) appears to make the extension work fine with Chrome 72.

  • asllin
    asllin
    Community Member

    Thank you markherdeg for the below solution. It worked for me with 1Password 4 and Chrome v72.

    Turning off "Verify web browser code signature" in 1Password 4 (under Help/Advanced) appears to make the extension work fine with Chrome 72.

  • Lars
    Lars
    1Password Alumni

    @btcompute - while I'm glad you were able to make an adjustment that allowed you to continue using 1Password the way you wanted, as I said to markherdeg above, we can't recommend this course of action. There's a reason we no longer offer the option to turn off browser code signature verification, and why we've moved to supporting the major browsers instead of pursuing a greater number of alternatives. Obviously, we can't prevent anyone with a copy of an earlier version of 1Password from doing what you and markherdeg have done -- but we'd be remiss if we said we thought it was a good - or secure - idea, just to keep using a retired, legacy version of 1Password.

  • Lars
    Lars
    1Password Alumni

    @bellybot - thank you! I'm glad you were able to find something that worked for you. I have literally no idea about 1Password 8 -- I honestly don't think anyone here does, yet -- but whenever that comes to pass, I hope you'll be satisfied with your options for that as well. :)

This discussion has been closed.