[_jal]

Not the OP, but I dropped 1Password when it became clear you're forcing folks to cloud storage. I was sort of hoping the carefully chosen weasel-words about that used at the time meant you'd reconsider if enough of us made noise, but later releases made it clear where you're headed.

It bummed me out - I really like 1pw. And I still don't have my password situation back to the same level of ease-of-use yet, but I switched to control the timing. Storing my password DB on other people's computers is simply not going to happen.

[oarsinsync]

+1 for this.

The only reason I ever got onto 1Password in the first place was because I didn't have to use any cloud storage, and could use wifi sync between my devices.

I was extremely disappointed as that started to change. It was an absolute nightmare having to retrain all family members in the nuanced differences in how Bitwarden works compared to 1Password. I hope I don't end up having to eat that cost a second time.

[dangus]

It seems really self-centered to retrain non-technical family on new software to satisfy your own philosophical needs that they may not share.

There is nothing about “being a cloud service” that makes 1Password unusable for your family other than your own objections. On the contrary, it probably protects your family against their own incompetence compared to messing with local files, or depending on you to run a server for them (what happens if you’re hit by a bus?)

Obviously that doesn’t mean that Bitwarden isn’t a superior solution, but that’s not why you switched them over.

[austhrow743]

Presumably they 1) haven't enslaved their family and 2) aren't charging them for tech support

If 1) is true then the family doesn't have to do what they say. They choose to do what they say because they value their technical expertise. Part of which is a preference for non-cloud solutions. That they don't share it seems irrelevant if they've already decided oarsinsync knows better. If they're like the average person then they probably don't value any password manager much at all beyond oarsinsync saying to use one.

If 2) is true then it's generally accepted for the free help giver to make decisions that make their life easier that they might otherwise not for a paid client. Your chef dad doesn't go to the same effort to plate food at home as they do at work. Your mechanic brother might pop a beer and ask you to hold the light while they fix something wrong with your motor. And yeah, the family computer nerd will put the free help receivers on to the same software they use so they're familiar with any problems that might occur. If oursinsync moves over to bitwarden themselves but leaves their family on 1Password and something goes wrong with 1Password in the future, what is the non self-centered move? Are they stuck relearning whatever changes 1Password has made since then? Should they refer their family to customer service?

[jodrellblank]

What a weird, accusatory, windmill-tilting comment.

to satisfy your own philosophical needs that they may not share

They are, presumably, adults who could reject the suggestion to change if they had strong feelings about it.

but that’s not why you switched them over

If you think cloud services are bad, then Bitwarden not using cloud services is what makes it a superior solution, and then would be why you switched them over.

There is nothing about “being a cloud service” that makes 1Password unusable for your family other than your own objections.

But you could say that about every tech decision every tech person makes on behalf of other people. 2015 LastPass was hacked and user details stolen, 2017 OneLogin was hacked and they accessed "user data, apps and various types of keys" and they "cannot rule out the possibility that the threat actor also obtained the ability to decrypt data"; "I don't trust (or don't want to have to trust) cloud services" is a reasonable choice to make.

[oarsinsync]

> There is nothing about “being a cloud service” that makes 1Password unusable

As the meme goes, the cloud is just somebody else's computer.

> what happens if you’re hit by a bus?

I've already thought about this, and there are dead man's handles already in place to handover control to a person I trust, who is also a user of some of my hosted services (although not password management, because they also choose to host their own).

> It seems really self-centered to retrain non-technical family on new software to satisfy your own philosophical needs that they may not share.

They are welcome to use whatever they want. None of them think password managers (or backups!) are things that are worth paying for, so I pay for and support my chosen solutions. I don't have the time or interest in supporting multiple products for people who don't value any of the solutions in the first place, so I do the best I can to ensure they have something.

[AGKyle]

Thanks for the feedback.

I won't pretend that we're the password manager for everyone. If we're not the right one for you then hopefully one of the dozens of others out there fit the bill.

I appreciate you taking the time to respond and let me know your opinion on this though. Thanks!

Kyle

1Password Security Team

[_jal]

I assume you have numbers showing the total number of whiners like me are an acceptable loss, but I find dropping that feature inexplicable, honestly.

[AGKyle]

To be clear, we haven't dropped anything.

We still sell licenses.

We still provide local vaults, in fact you can use them via a license (that we still sell) AND you can use them with a subscription.

Want to buy a license?

On the Mac app for instance, open it on a fresh installation. Goto the welcome screen that pops up on first launch, from the list of options choose the "Create a new Local Vault" option in the list. This will take you down the path of buying a license.

Or if you sign up for a subscription, goto advanced options and enable the option to create local vaults. You can sync these to Dropbox or iCloud if you wish, same as you always have been.

There's similar options for Windows. Though it only includes Dropbox syncing and not iCloud.

Hope that helps.

Kyle

1Password Security Team

[_jal]

I know you haven't dropped anything yet.

The Windows release and the choices your firm made about how to talk about the change have made it pretty clear where this is headed.

[AGKyle]

Sorry to say I don't think any words I'm going to say will help here. You'll just have to keep an eye on what we do I guess.

I've said elsewhere but we won't pretend to be the single password manager that works for everyone and I'm sorry if we end up being one that doesn't work for you. Hopefully one of the dozens of others out there work for you if we don't though.

Thanks for the feedback though! I certainly appreciate it and will pass along the information I've gleaned from this thread to the various people that need to see them.

Kyle

1Password Security Team

[StavrosK]

From running a service, I assume the calculation they did was simply "number of people that whine to us because they lost their self-hosted files > number of people that whine to us because we don't allow them to self-host their files".

[AGKyle]

I think this is probably the better way to look at it.

We seen a lot more "I can't access my data anymore" emails before we had our own service. Those seem to have dropped a lot, at least based on my own experience when doing support, since introducing 1Password.com.

At the end of the day, our 1Password.com solution is also more secure thanks to the Secret Key being used as well. Our local vaults are certainly secure, but 1Password.com is even more secure.

No matter what we do we will have people who don't agree with us. The best answer we can have is be able to logically explain why we have chosen to do something the way we have. Whether the user agrees or not is up to them, but we try to be able to at least explain why we chose to go a direction and hope that the explanation makes the most sense for the most people. We don't always get it right, but we certainly try our best.

Kyle

1Password Security Team

[StavrosK]

Yeah, that makes sense, though I might have kept the self-hosting feature hidden behind a wall of "you're REALLY not going to get ANY support for this" text. Then again, the maintenance might not even be worth it.

[AGKyle]

We still sell licenses, it's not super easy to find but it's there. Open the app on a new machine, on the welcome screen of options there's a "Create A New Local Vault" option, which takes you down the path of purchasing a license if one doesn't already exist.

Those on subscriptions can also still create local vaults as well. You'd have a subscription plus the option of local vaults.

So options haven't disappeared, they're all there.

That said, providing an option without support is kind of bad form. We pride ourselves on providing the best technical support we can for our users. Selling a license and then not supporting it would just not be within what we consider good business or, well, being a good developer.

So whatever we sell, we have to support.

Kyle

1Password Security Team

[booi]

There's a good argument that a subscription-based cloud-stored passwords isn't a good password manager for anybody.

[sersi]

I still use 1password because local storage and wifi sync still works but the minute that stops I'll look for another alternative.

[enraged_camel]

>> Storing my password DB on other people's computers is simply not going to happen.

What is the risk scenario you're worried about?

[oarsinsync]

A situation where the remote datastore is compromised and now with it, all of my passwords.

Or if I was to buy into 1Password's worldview, all of my credit cards, bank accounts, ID cards, everything I want to keep a secure digital copy of, is at risk.

Having a sense of control is a huge part of the way we think. Despite the greater risk of death in a car compared to an aeroplane, there's less concerns about car travel because there's a sense of control. Similarly, having the data under my control may be less secure, but that's still within my control rather than dependent on someone else doing the right thing.

[AGKyle]

I think you may want to take a closer look at how 1Password works. I'll give a quick rundown here, but our security white paper goes into much greater detail: https://1pw.ca/whitepaper

Your data is encrypted locally on your devices, it is never available in a decrypted form on any of our servers. A compromise of our servers would result in the attacker getting gibberish (encrypted data).

To decrypt that data the attacker will need both your Master Password and your Secret Key. A Secret Key is a 128-bit key generated locally on your device, your Master Password is a passphrase set by you. These two keys are combined and, to simplify greatly, used to decrypt your data.

The only way an attacker is going to acquire your Master Password and Secret Key are from your devices. Those are the only places those keys really exist.

Guessing both the Secret Key and a strong Master Password are effectively going to cost such a significant amount of money, or due to time and processing constraints, be infeasible.

An attack would have to be highly targeted. In other words, you would have to be a specific target to make any attack be worthwhile. If you believe you are likely to be the target of such a very specific attack you probably have a team of security personnel working for you who could better advise you than I could.

I'd really suggest looking into how we do things. The only feasible attack on your data would be through your devices, and any other password manager that stores data locally on your devices will be impacted the same exact way in this case.

Hope that helps but if you have questions please let me know and I'll do my best to help get you answers.

Kyle

1Password Security Team

Edit: apparently markdown isn't a thing here.

[steveklabnik]

> Edit: apparently markdown isn't a thing here.

Extremely satisfied 1Password customer here. You're correct about lack of Markdown, and for the details: https://news.ycombinator.com/formatdoc

[AGKyle]

Hey thanks! I guess I've never had reason to use Markdown here until now and just discovered that after years of posting here.

Kyle

[vc8f6vVV]

While what you are saying seems technically sound it implies that you do everything right when generating Secret Key. Let's imagine you have a bug and it fills Secret Key with zeros (or some fixed sequence) and it becomes known after quite some time, and in between your server is compromised. How much easier it makes for an attacker to decrypt data en masse? I would assume some people may not like that such attack vector even exists.

[AGKyle]

We can talk all day about bugs and mistakes. They're a fact of life and we are human.

It's also important to remember that your Master Password still plays a role and YOU provide that. If you use a weak Master Password, and we somehow introduced a bug that set the Secret Key to 0's, then your Master Password would be the only thing protecting you. In an ideal world you'd continue to use a strong Master Password.

Kyle

1Password Security Team

[neor]

Thank you for your replies and giving a look into how 1Password handles security.

I've been looking to switch for a while now, as the UI of 1Password looks superior to LastPass and my wife needs a strong UI because else she won't understand her password manager :).

Few questions though; - Will you add support for the newer 2FA options anytime soon? I'd love to use a recent Yubikey when providing the second factor; the FIDO2 keys and NFC on iPhone. - Is there any roadmap on when the newer 1Password X becomes the default plugin for use in browsers? As a Linux user I believe my options to use 1Password are somewhat limited.

[AGKyle]

> Will you add support for the newer 2FA options anytime soon?

We've added Yubikey support for the web client and for 1Password for iOS.

We don't comment on future plans because they could change, but we would like to at least see feature parity here in all of the clients, but I can't comment on when that may happen.

2FA doesn't add the same level of security to 1Password as it may with other services so we need to be mindful of bordering into security theater.

> Is there any roadmap on when the newer 1Password X becomes the default plugin for use in browsers? As a Linux user I believe my options to use 1Password are somewhat limited.

I believe that's the direction we're heading but as I mentioned we don't generally comment on specifics. We've done the whole comment publicly and say "yes, it's coming soon" enough times and then had to backtrack and say "sorry, no can do" that we just don't say anything specific anymore for fear of upsetting users.

We always tell people buy for what the product is now, not what it may be in the future. And outlining future plans gets people to buy based on what it may be in the future, and those simply aren't promises we can always keep. So we do the typical under promise, over deliver when it comes to talking about future plans.

Hopefully this doesn't come across as pushing your questions off, that's not at all what I'm intending but clearer answers just aren't something we can comment on at this time.

If you do have any questions moving over though feel free to get in touch via our support page and I'll do my best to get you answers.

Kyle

1Password Security Team

[ohyeshedid]

"To decrypt that data the attacker will need both your Master Password and your Secret Key. A Secret Key is a 128-bit key generated locally on your device, your Master Password is a passphrase set by you. These two keys are combined and, to simplify greatly, used to decrypt your data."

I'm curious how syncing works, specifically in regards to the Secret Key. Seemingly, to me, if the process works as described; I'd need to copy that Secret Key to each device I want to sync, otherwise there'd be no way to decrypt the data on the new device.

What am I missing?

[AGKyle]

You are correct, you'd need to provide the key to each device.

To sign in on a new device you need:

1. Your email 2. Master Password 3. Secret Key 4. The URL for the server your data resides on

When signing in on a new device we offer a variety of ways to help you do this.

1. Your Emergency Kit, a PDF document, has a QR code that can be scanned on most clients. 2. There's also ways to show the same QR code, or a setup code, within the apps to scan on screen 3. For Apple products we do have a method that saves the Secret Key to the Keychain and can sync via iCloud to help facilitate adding the account to new devices 4. You can always do it manually as well

Hope that helps get a better idea of what has to be done there.

Kyle

1Password Security Team

[sjy]

Have a look at ‘Enrolling a new client’ in the white paper linked in the parent comment. The secret key is transmitted to the new device.

[YawningAngel]

Replying to this as I can't reply to the other child comment: The secret key is emailed given to you when you enroll and is used, frequently, every time you enroll a new device. 1Password would have to screw up catastrophically to just not use it.

Obviously they _could_ screw up catastrophically, but if you don't trust them to operate their service with a basic level of competence you probably shouldn't be using them as a password manager to begin with.

[vc8f6vVV]

The comment above says Secret Key is generated on my device, how can it be emailed anywhere? I don't quite understand how one can enroll other devices with local Secret Key, so I assume Secret Key has to leave my device and travel over the wire. Which raises even more questions, but even if it's not the way it's generated makes a big difference.

[AGKyle]

It is NOT emailed to you.

It is generated locally as I indicated, and as outlined in our white paper.

Where some users get confused, and perhaps rightfully, is that when you sign in you can generate a PDF called an Emergency Kit, that contains the Secret Key. This PDF is generated entirely in JS within the browser. It is not generated on our servers and then downloaded. Some users do get confused about that.

Our web client is effectively a client running in the browser, it's all local and communicates with our servers the same way that a native app would.

Kyle

1Password Security Team

[_jal]

If you have the DB, then bugs, malware, algorithm weaknesses, insider attacks on the code or operational failures on my part could compromise all my stored secrets.

If you don't have the DB, they can't.

[erichurkman]

I'm souring on 1password, for both personal and work (we have it company-wide), based on unexpected pricing and licensing model changes. I really liked being able to buy a version _and have it keep working_. I could get it set up for my parents and nothing significant changed because it wasn't a "SaaS" product. I don't need a subscription for a password manager.

So we're ditching 1password for our family, and are likely to do so for work, too.

[ketralnis]

Same. I'm holding out with a regular licence until they force me off but it's clear that they will, and that they'll probably use the mobile apps as the vehicle.

I've paid for every upgrade for myself and my family so I'm aggregately paying _more_ than I would have paid for the cloud service. But I don't want a cloud service