Want to remain standalone / Dropbox user

I've used 1Password for many years; we had it installed on two computers, and synced to that and our phone versions via Dropbox. I finally had to bite the bullet and "upgrade" as my Android version was basically sunset until I switched to 1Password 7. I've given it a 1-month trial (which is nearly up) and don't see that much improvement in the phone version; the desktop version has some nice features but also a large amount of annoyances (like popping up "wanna change your password now???" every time I log in anywhere). That last "feature" is something that caused a great deal of confusion for several elderly friends, who called me in a panic trying to figure out how to tell their current password; I personally find it a major annoyance.

Anyway: I have several quibbles with using the subscription service:
1) ongoing expense, with no end in sight. I've refused to purchase other software that behaves like that.
2) You're using my regular master password to as the login password for this account. When (not if) you get hacked, a hacker now owns every password I have. Quite obviously you can decrypt my data, or your payment page wouldn't offer to use a credit card from my vault.

Using the older Dropbox-based sync puts an extra layer of protection there: a hacker has to get both my Dropbox account and my master password. And hackers go for the low-hanging fruit: they're far likelier to target the corporate servers than they are to go after an individual person.

I was told when I went for the trial, that I would be able to make a one-time purchase of the software even though the default is to go with the subscription version. When I attempted to pay just now, however, there was no such option.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • LarsLars Junior Member

    Team Member

    @MZ123 - thanks for the perspective.

    That last "feature" is something that caused a great deal of confusion for several elderly friends, who called me in a panic trying to figure out how to tell their current password; I personally find it a major annoyance.

    1Password is always going to ask if you would like to save a changed password at a site (or save credentials for a new site); that's literally one of the major portions of its job: saving and filling passwords, and it's not new to version 7. I'm sorry you found it annoying and your elderly friends were confused, but they'd be much more confused if they thought 1Password was silently helping them record their passwords in the background only to discover it wasn't because we changed the default behavior to only save passwords when specifically invoked via a special command from the user. You - and anyone you know who feels similarly about this core feature of 1Password - have always had and continue to have the option to click Preferences > Browsers and either un-check the box marked "Detect new usernames and passwords and offer to save them" or add in specific domain names on which you do not want this behavior to happen - for example, at sites where you regularly make new credentials or change existing ones.

    ...ongoing expense, with no end in sight. I've refused to purchase other software that behaves like that.

    What do you do with other software that does not behave like that? Do you continue to purchase licenses, every so often when a new full version is released? In other words: ongoing expense, with no end in sight? Or do you purchase a single time, and try to use that version as it becomes increasingly old/incompatible with age? My point here is that if any of us have software we like and plan to continue using (all things being equal), there will always be "ongoing expense, with no end in sight," for the same reason that you don't work for free -- any business needs continuing revenue to survive, and more than that, new versions that contain significant new work that did not exist in previous versions deserve an additional purchase. Nobody pays their accountant one year for doing their taxes, then expects them to do every successive year for free because of that one-time payment. I'm getting a bit off-track here, but the point is that if you plan to continue using any commercial software because it works well for you, you'll have "ongoing expense" -- it's just a matter of what conditions/structure you'd prefer to pay. In the case of 1Password, we still sell standalone licenses for 1Password 7 for Mac and 1Password 7 for Windows. They're currently on sale at the "launch special" price of $49.99. So if none of what I've just said makes any difference to you, you can grab yourself a standalone license and continue paying larger amounts, over longer terms. That's essentially what the industry standard license model we use is: you pay larger amounts for licenses to use specific version of our software, and when new versions are released, you buy the new version. The other way to do it - the "subscription model" - also compensates us for the work we do to keep 1Password secure and up-to-date, but it makes your payments much more regular, predictable (and therefore budget-able) and smaller: $3.99/mo for an individual account or $35.88 if you pay annually (works out to $2.99/mo if you're counting). And for that, you get access to not only 1Password for Mac, but also all three of our other native apps, for Windows, iOS and Android, meaning you're free to change devices whenever you wish (or if you take a job that uses a different platform, etc), without having any extra unplanned costs to continue using 1Password on your new platform. Again, it's up to you which of those payment models you prefer, but when the argument is only about "ongoing expense, with no end in sight," I wonder what people think regular license purchases are? It isn't as if you can't stop your subscription at any time, should you decide you no longer want to use 1Password -- just visit the Billing page of your account and cancel, and you're done. Just some food for thought. :)

    You're using my regular master password to as the login password for this account. When (not if) you get hacked, a hacker now owns every password I have. Quite obviously you can decrypt my data, or your payment page wouldn't offer to use a credit card from my vault.

    Well-spotted! But, nope. I can see where it might seem that would be the case, but it's not. We can't decrypt your data, because all of the en/decryption is performed client-side. The 1password.com servers only ever have a copy of the encrypted form of your data, which is synced, encrypted, with whatever changes you make to the same data in installed 1Password apps, or in the browser. We use a protocol called Secure Remote Password to ensure that we don't have to transmit your secrets in plaintext - or in fact, at all. If you'd like to read in (much) greater detail about how Secure Remote Password works, I'd suggest our 1password.com security white paper, specifically Appendix B, entitled "Secure Remote Password" (go figure, ;) ). In fact, I'd suggest the entire white paper for a very in-depth look at how we keep your data secure, even from ourselves, both at rest and in transit on the 1Password servers. :) In regard to the credit card issue you raised, well, yes -- 1Password knows whether you have stored a credit card item (or more than one), in the same way that it knows you have Logins for various sites when you visit them on the internet. That's quite different from US knowing that you have entered zero or one or fourteen credit cards. Again, we don't: we have only the encrypted form of your data, which is only decrypted in your browser or the apps, and for which we possess neither the keys necessary to decrypt the data, nor the secrets (your Master Password and Secret Key) from which those keys are derived, because they are never transmitted to us.

    In the end, however, no matter how secure 1password.com servers and service is, this boils down to a matter of personal preference: if you personally prefer the (for lack of a better word) "traditional" method of paying as you go in lump-sums for specific new versions of 1Password, we still offer standalone licenses for version 7. If you'd like to try a free, 30-day trial of a 1password.com account and see for yourself all of the benefits, we invite you do that, as well. Let us know if you have any questions. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file