Just to be clear, it's still 100% possible to keep your 1Password vault in Dropbox etc and not use the SaaS version [1]. I felt like this fact was buried in the article.
Edit: Here's the link to buy the standalone license [2] which is hard to find on the site now.
In a post from the founder one week ago [3] he said, "We know that not everyone is ready to make the jump yet, and as such, we will continue to support customers who are managing their own standalone vaults. 1Password 6 and even 1Password 7 will continue to support standalone vaults."
On the other hand, the fact that they're saying not everyone is ready "yet" seems to imply that they expect to eventually migrate everyone off standalone vaults.
This is an important point. I think 1Password folks need to hear that for a lot of customers, it will never be the case. There are many of us that consider managing the storage of our vaults as a fundamental safety feature of a password manager and will never cede control over that function to the company behind our password manager. Moreover, subscription pricing is a no-go for many of us. The possibility that a company will cease operations and the software will cease to function makes this kind of pricing a non-starter for something as crucial as password management. I'm perfectly happy to continue paying for major releases and will always upgrade provided the added features are compelling. But every version I purchase should work in perpetuity and should come with bug fixes, especially if vulnerabilities in the product are found. I don't think I'm being unreasonable.
I love 1Password, but I hate their move towards being a service. There are alternatives that, while possibly not as good/polished, will allow me to continue to manage the password storage the way that I currently do and will continue to work, as is, for as long as I choose to use the software. Using them is a compromise I can make. Having a subscription password manager is not a compromise I can make.
I'm fine with subscription pricing provided the vault format remains published and and accessible and I can control the storage of my vault files if I choose.
I'd even encourage it, I'd like AgileBits to be a long term viable business.
1Password 6 for Windows has been out for a year, and it still doesn't support local vaults. I'm going to consider my own and others skepticism of their commitment to local vaults completely valid.
Given the change to their business model I am concerned they can push an update, where the next time I unlock my vault it syncs my master password and/or decrypted vault to their cloud.
Well, no, unless I missed something, they have not been clear that local-storage 1Password will continue to work. They have carefully left the door open to changing that at some undefined point in the future.
At which point I will migrate away. I love the apps (use it on MacOS and iOS), but local-only storage and non-cloud sync are my hard requirements. I'm willing to pay a monthly rent, but will not 'cloudify' my passwords.
Did you see the links included in my parent post? The founder specifically said that standalone vaults will continue to be supported. You don't have to sync your standalone vault to any service if you don't want to. Though of course it'd be difficult to use both the desktop and mobile apps if you don't sync somehow.
Sure, but when we're talking about a core foundational feature, they do. Richard Stallman would absolutely be willing to say, "We 100% guarantee that gcc will never become non-free software" instead of "we realize that not all gcc users are ready to move to non-free software yet, and we promise that versions 7 and 8 will continue to be free software".
For a lot of people here, not remotely storing the vault is such a core foundational feature.
I did read the blog post you referenced, and that's exactly why I believe they intend to go cloud-only.
Saying something like "we will never force users into cloud storage and sync" when talking about a product like this just isn't that hard, unless that's exactly what you plan to do. Many software vendors have corrected misperceptions when changes seem to point in a direction some users don't want to follow.
This is not a case of misperception. The way they've talked about this make it quite plain that's where they want to go, and the careful phrasing ("at this time", "yet") makes it obvious that they intend to.
There are lots of them out there to choose from. And being able to audit the secure portions is great, but a password manager is the perfect example of what free solutions often don't do well— you need to have a seamless experience across multiple platforms including mobile, and you need to have fairly deep integrations into multiple web browsers, which are notoriously fickle and need to be tracked closely.
The killer feature of 1Password (on Android at least) is that it comes up as a keyboard and can type long passwords into any apps. That seems like exactly the sort of fussy integration that would be really hard to build and maintain in something without commercial backing.
KeepShare's auto-fill works 99% of the time for me, and it also has a keyboard for when that fails. Commercial[1] but GPL[2]. This stuff isn't exactly dark magic that only AgileBits can do.
Yeah, valid point. I forget that people use browser integration. My use case is iOS-only, with sync across a small number of devices, which dropbox is perfect for. Fairly simple to build.
that feature is one of the primary reasons i jumped into the 1password boat from keepass. i have a personal vault and a shared team vault, both sitting on dropbox and shared to various devices and users as required. there is no need to use 1password.com at all.
I recently moved to using SyncThing for syncing my keepass database. I realised that syncing it with Dropbox was not that much better than using a Web-based service.
You're mistaken. It's completely different. While all file syncing tools will let the NSA intercept and mess with your data, a web client like 1Password could trivially be modified to intercept a password or decrypt in place and send data back to the mothership in the clear. Dropbox can't force 1Password to modify its binary.
True, Dropbox is better in that regard. Still, the advantage of SyncThing is that an attacker would have to break TLS to even get to the point of entering the master password.
I was not able to do that with standalone 6.8 for mac and ios. I bought 1Password back in version 4.2, and have gotten free automatic upgrades to 6.8. I believe I even bought the family plan back then, but when I tried to use it recently, I got nothing but dialogs asking me to log in to 1password.com (which I don't have an account on), and/or get a subscription which I have no interest in doing.
It was only by trying to activate an additional family account did I discover the change in the business plan.
No. The alternative sync options are for "If you don’t want the benefits of a 1Password membership", and a "team" or "family" account is by definition a 1Password membership.
Yes, you can make/use local vaults (and sync them e.g. using Dropbox) on iOS/macOS with a membership. Open 1Password, then "Preferences -> Advanced -> Allow creation of vaults outside of 1Password accounts".
Well, you can use third-party syncing with local vaults to sync with family members, e.g. using Dropbox sync with a Dropbox shared folder to share your vault with a family member. This just doesn't fall under the heading of "team" or "family" syncing.
I am pretty sure that you are wrong. If you add a vault to e.g. Dropbox, you can share it. My wife and I had been doing this for years, even when we switched to a subscription. This was also AgileBits's supported/advised way of sharing vaults before 1password.com.
They now just recommend using their 1password.com service for sharing.
Edit: Here's the link to buy the standalone license [2] which is hard to find on the site now.
In a post from the founder one week ago [3] he said, "We know that not everyone is ready to make the jump yet, and as such, we will continue to support customers who are managing their own standalone vaults. 1Password 6 and even 1Password 7 will continue to support standalone vaults."
[1]: https://support.1password.com/sync-with-dropbox/
[2]: https://agilebits.com/store
[3]: https://blog.agilebits.com/2017/07/13/why-we-love-1password-...