It's worth noting (and not super obvious because of their marketing) that "getting a subscription" and "using their cloud sync" are not a mutual requirement. You can pay via subscription and continue using local/Dropbox/etc vaults.
This part was super confusing to me until I dug deeper when a friend upgraded.
So the primary impact of switching from standalone license to subscription, if you're planning on using 1Password for a while, is that instead of paying a larger chunk of money every so often when they drop a new major version, you move to paying a flat couple bucks a month or larger chunk per year.
The developer's comments on the article contradict what you're saying:
> 1Password 7 from the Mac App Store will only support our hosted service, as that’s what you’re purchasing with a 1Password membership. If you install from our website, you’ll have to option to use a standalone vault synced via iCloud if you purchase a standalone license, or use our hosted service if you purchase a 1Password membership.
> As it stands, though, how you purchase 1Password is intrinsically tied to where you store your vaults and how you sync them
If you download 1Password through our website instead of the Mac App Store you can indeed use a subscription with standalone vaults. It isn’t the recommended configuration, as you’re paying for features you can’t use, but it is possible. We intentionally don’t talk about this in marketing as in the past it has caused a lot of confusion, particularly with less technical users. HN is obviously a different audience, and we can talk about that here.
It's super frustrating how vague and contradictory they're being about this :\
I understand why they're subscription-only for the mac app store, as a way around its insane lack of pricing flexibility. Makes sense, fully support, etc. But they seem to be continually pushing the non-cloud options further and further away from visibility :|
Sorry for the confusion. This is simply incorrect and I need to hunt down who is saying otherwise and get this fixed on our end.
If you have a subscription you can create standalone vaults outside of your subscription and sync those using iCloud, Dropbox or WLAN sync if you wish.
This behaves the same in version 7 as it did in version 6.
The first reply on the top comment of the official blog post says "1Password 7 from the Mac App Store will only support our hosted service" so you should probably start by correcting that...
I get the impression that anything that is not on the agilebits cloud is legacy and they will eventually stop supporting the other options bit by bit, despite what they say on HN forums.
I understand the attraction, from a software development standpoint it's much easier to make everything work well when you control the server and client software together.
This. The writing is on the wall ever since the subscription model hit. I'm holding out until stuff breaks, and then I'll transition to something open source for my very modest needs.
Thanks for pointing that out, that was, indeed, not clear to me either. But I expect this will change at some point, for the sake of simplicity for end users. Giving up security for convenience.
I doubt that, personally, because of exactly the reasons you and others are noting in this thread.
Especially in a world where they successfully convince everybody to pay a monthly subscription, the effect of losing every user who wants local vaults would be an immediate visible blow to their revenue stream.
Their goal in moving to subscription services seems less driven by simplicity and more with making that revenue stream more predictable. But whoever runs the marketing side of the house decided the best way to pitch the change was by saying how great the cloud hosting was, and looking around at these comments I hope they realize their error.
Assuming that's correct (since the blog post still strikes me as vague), the answer is clear in their reply: memberships are exclusively cloud, standalone licenses are exclusively local backups / sync.
I’m currently using the 1Password 7 beta with a subscription and no standalone license. I have one vault that is stored in Dropbox and another that is just local.
I have no idea why they’ve decided to handle what they’ve called out elsewhere in this thread as an “advanced feature” that won’t be going away by lying about the feature not existing.
It seems so weird because their subscriptions work exactly how I’d want them to work, but all their public statements actively prevent people like me from knowing that.
Yeah, if it is (and stays) like "memberships get all apps + cloud sync + can still use dropbox sync" I'll happily switch. But I've asked them this question like 4 or 5 times now, and each time I've gotten a slightly different answer.
It's completely ridiculous. And it's burning trust, in a fairly inherently distrustful crowd like you get when you're in the security / crypto field.
I'll clarify for you then :) I'm a developer on our Apple team (Mac and iOS).
If you purchase a subscription you can create standalone vaults and sync them to Dropbox, iCloud, WLAN or Folder just as if you had purchased a license. You'll have both an account (which has vaults in it) and standalone local vaults that can be synced as above.
This is how it behaves in version 6 and nothing has changed with this in version 7.
So if you'd rather have a subscription AND just use standalone vaults you're welcome to do that.
Not however that this may not be true for Android or Windows. I'd have to double check with those teams as to how they do it but at least with regard to Apple platforms this is a viable option if you so choose.
I've brought this topic up internally and hope that we can all be on the same page. My suspicion is that someone from a non-Apple side of the company is answering these. It's tough because our Windows and Android apps are still trying to play catchup with Mac and iOS, so they may not do things that Mac and iOS do.
I do apologize for the confusion though. That said though you can take my answer and trust it. If you have questions though please reach out to our support and mention me specifically (Kyle) and they'll get you in touch with me.
Only one standalone vault is allowed for Android, it doesn't have multiple vault support.
However if you have an active subscription to 1Password.com it will unlock the Pro features for that single standalone vault. So it behaves similarly to how 1Password for iOS does in this regard. The difference is that 1Password for iOS supports multiple vaults.
I've used 1Pw local sync for years, and it's very finicky. When I've contacted support, they only offered suggestions like "restart the app", or "upgrade to the latest version" (even though there's nothing in the changelog which seems possibly relevant). Some days I'll add two new passwords, sync to my other Mac (multiple times, even), and only one of them is transferred.
The move to their own "cloud" as the primary sync system pretty much ensures other sync methods will never get properly fixed. I wouldn't have recommended 1Pw to people looking for non-cloud sync in the past, and now I definitely wouldn't.
As a counterexample: I've been using dropbox sync for years, 1000+ passwords, only ever had one problem due to a conflict ("lost" password I made on mobile, resolved by picking the right conflict-file in dropbox).
That said, I refuse to use cloud-stored browser-accessed password managers, and it's looking more and more like they're pushing for that to be the only option. Not there yet, but oh boy are they pushing it down into the deepest corners of the website.
Not even slightly. Encrypted at rest -> who cares where it is stored or how it's synced.
Desktop app: I can stop updating, firewall the app, use offline, airgap a computer, I have many options for reducing my attack surface.
Website: I have literally no way of locking down a version, possible-but-I-haven't-seen-it to be notified of changes (but likely not block them), and it would be rather trivial for the site to ship new JS that simply uploads your password once entered.
Not that I think you are. I assume you'll approach that with the same level of care as you've given your apps (which has been fantastic). But I do think that you're a gigantic payout if someone successfully breaks in. Why should I throw my eggs into such a large, internet-connected basket?
---
For comparison, injecting a malicious update into the apps to do the equivalent of a trivial, invisible JS change means: 1) getting a change into the binary (maybe they brought their own tho), 2) breaking into your app-signing system which is hopefully among your most-secure locations[1], 3) distributing the app to both customers and employees with a visible update notification, and 4) not getting caught before I download it. For each app. Websites are far, far easier to take control of.
[1]: I'm not aware of any server-side security-oriented frontend-web stack which would mitigate this in the slightest. I hope there is though! I'd love to read up on it if anyone knows of one.
It is finicky! There are multiple components outside of 1Password control when you are using Dropbox, iCloud, or WiFi sync.
We do our best to find, troubleshoot, workaround these issues. We have built an entire Troubleshooting and Diagnostics utility just for that:
https://support.1password.com/diagnostics/
For the majority of users sync with third-party services works well. However, there cases when it gets finicky.
I don't use any third-party services. I use what 1Pw calls "Folder" sync, as it's the only non-cloud method available. 1Pw on Mac #1 saves a binary file to disk, and 1Pw on Mac #2 loads that file from disk. There's no components here out of 1Pw's control. Sometimes, 1Pw simply doesn't write the file on Mac #1, as I can tell by the modification timestamp.
I ran 1PasswordTroubleshooting.app, and sent in the 400KB report it generated. The response I got from tech support mentioned nothing about what might have been found in that file (or what they expected to find, which could prevent data from getting from the application to the filesystem). They simply gave the usual spiel about restarting/upgrading.
> So the primary impact of switching from standalone license to subscription, if you're planning on using 1Password for a while, is that instead of paying a larger chunk of money every so often when they drop a new major version, you move to paying a flat couple bucks a month or larger chunk per year.
One thing that is not clear to me is what happens with the subscription license if you go a long time without internet access. With the standalone license, it checks the validity of the license when I enter it, and then I'm good as far as I've been able to tell forever more.
If I take a laptop with a 1Password subscription, fully validated and synced, and spend 6 months with no internet access, will 1Password continue working?
Remember, 1Password is often used for more than just internet passwords, so wanting to use it with no internet access is not unreasonable.
I'm surprised that no-one on this page has mentioned PasswordSafe (https://www.pwsafe.org). Open-source, supports cloud (Dropbox and iCloud sync) and local storage, available on Windows, Linux, Mac, iOS and Android, and has good pedigree (Bruce Schneier). Gets regularly updated.
I've been using this for years across multiple devices and O/S. A real lifesaver.
> If I take a laptop with a 1Password subscription, fully validated and synced, and spend 6 months with no internet access, will 1Password continue working?
Yes. Obviously it won’t sync with your other devices until you restore connectivity.
This part was super confusing to me until I dug deeper when a friend upgraded.
So the primary impact of switching from standalone license to subscription, if you're planning on using 1Password for a while, is that instead of paying a larger chunk of money every so often when they drop a new major version, you move to paying a flat couple bucks a month or larger chunk per year.