Can I use 1password without purchasing a subscription? [Yes, but membership highly recommended]

Hi @supereditor

That's a fair question and I'll do my best to answer it.

am I to believe that your legacy product is now insecure?

The short answer is "no."

The much longer answer is: We can't recommend using an older version. 1Password 6 has been retired and is no longer being updated. As a security focused company we'd always recommend running the latest versions of all of your software, but especially your operating system, web browser(s), and 1Password. If you opt to use an earlier version that is your prerogative, but it isn't something we can recommend. Licenses never expire, and so you can continue using any version you've licensed for as long as it works for you. As things continue to evolve around the now retired v6 it will be less and less practical (and/or secure) to continue using it. For example, the upcoming Safari 13 will be using an all new extension framework, and as such will not work with v6. While we're not aware of any specific security issues with 1Password 6 sticking with that version may prevent or delay upgrades to other important components (such as your browser) which may have very real security issues.

It is also worth mentioning that security is more of a gradient than it is black or white. For some it may help to think in terms of the cost an attacker would have to incur to be successful. If they've got $50 to spend can they get access to whatever you're trying to protect? How about $500? How about $50,000? How about $5 billion? If you're keeping up to date with your software and are practicing good security hygiene a $50 budget probably isn't going to make much progress. If you are Edward Snowden and an attacker is a nation state with hundreds of thousands of dollars (or perhaps even much more) to throw at the problem, just keeping your software up to date and not clicking malicious links in emails is probably not going to be sufficient to keep them at bay. You have to consider what attack vectors you are likely to face and what level of operational security you need in order to mitigate those attacks.

Sorry; that may have been a bit of a tangent, but I think it can help to think in terms of "more secure" and "less secure" vs "secure" and "insecure," and also to be realistic about what threats each of us as individuals may face.

Ben

On behalf of Ben, you are very welcome @supereditor!

If you have any other questions, please feel free to reach out anytime.

Have a wonderful day :)

@outline4: 1Password for iOS can be used as a companion to the desktop app. There is only one 1Password app in the App Store. Just download/update that and you should be all set. :)

@outline4 - a 1Password account is also called a membership. It's the best way to use 1Password these days for most people, for many reasons. But it's different from a standalone license like the one you just purchased. If you have one, you don't need the other. The app on your Mac must be paid for by either a 1Password membership/account OR a license. Since you've chosen the standalone license route, you're already all set.

Man, 1Password used to be straight forward. And it was sexy...

Membership still offers that. :)

There are two different ways to use 1Password:

• Membership / subscription / account / 1Password.com (all used interchangeably for this purpose)
• Standalone / license / without a membership / without an account

Because I've created an account on 1password.com but I am not sure if this is the membership part or not? and I don't know if I should synch it to 1Password or not?!

That is a subscription membership.

So I don't need an account in order to stay in synch with my other devices?

If you want to sync through us, you do. If you want to sync with a 3rd party (Dropbox, iCloud), you do not.

I've ditched Adobe because of it's subscription model, I'll ditch 1Password once it will be subscription only!

Thanks for the feedback. I hope ultimately you're able to find a password manager that meets your needs, even if that ends up not being 1Password. Best of luck whichever way you decide to go.

Ben

Hi @Sam Lowry

There are a number of reasons we've moved to a subscription model, including:

1. We feel it is important to keep on top of the ever changing landscape. Doing so takes a team of people who expect to be paid on a regular basis, not just when some shiny new feature can be developed. 1Password is a relatively mature product. There are and will continue to be features that make sense to add, but expecting something earth shattering every 12 months is probably unrealistic. But all of the software around 1Password continues to change - browsers, operating systems, etc. We have to continually update 1Password in order to keep it working with those systems, and doing so comes at a regularly recurring expense.
2. We want to be able to continue to attract a talented workforce, and as such we have to pay wages that are commensurate with those talents. Certainly development work, support, etc could all be hired out to the lowest bidder at significant savings, but then we would likely see the quality of the offering decline as well. We want to offer our customers the best that is available.
3. Moving to a service based platform has enabled us to build some highly requested features (such as secure sharing) that were not possible before.

About 1Password membership

If your priority in picking a solution is finding the lowest costed option then 1Password isn't likely going to fit the bill. But if you want the best option on the market I'd argue we're a good choice.

As for not wanting to use a membership because it appears to be a large target for attackers... that's why we've designed the system such we never have access to our customers' 1Password data. What we don't have can't be stolen from us. The Secret Key is one way in which we accomplish this:

About your Secret Key

I hope that helps. Should you have any other questions or concerns, please feel free to ask.

Ben

P.S. For what its worth, we generally don't recommend using antivirus beyond what is provided by modern operating systems. The OS itself has protections built-in for viruses and malware. That in conjunction with good computing hygiene (e.g. not opening unexpected attachments or clicking unexpected links) should be sufficient for most folks.