
Who moved my cheese, 1Password? - danso
https://medium.com/@kennwhite/who-moved-my-cheese-1password-6a98a0fc6c56
======
jshelly
This is strictly a business decision with no regards for serious security.

A subscription model is in their belief the only way to maintain a sustainable
business model that includes growth by providing SaaS with recurring revenue.
Old school static licenses with local storage will not provide recurring
revenue.

Edit: removed a word

~~~
wlll
> This is strictly a business decision

This is my interpretation of the situation having read the (IMO) train-wreck
of a blog post excusing this change:
[https://blog.agilebits.com/2017/07/13/why-we-
love-1password-...](https://blog.agilebits.com/2017/07/13/why-we-
love-1password-memberships/)

> A subscription model is in their belief the only way to maintain a
> sustainable business model that includes growth by providing SaaS with
> recurring revenue. Old school static licenses with local storage will not
> provide recurring revenue.

However I don't really agree with this. I've been buying 1Password since at
least version 3 and don't see any reason why I would stop, I've recommended
the app to family and friends, and I've bought licenses for my family.
1Password had a sustainable business model, they sold quality, recommendable
software with upgrades every couple of years.

edit:

I realise now that "This is strictly a business decision" and "1Password had a
sustainable business model" might be seen to be contradictory, but I do see
differences. With 1Password subscriptions they will make more money than I
estimate I spend on the standalone product. It also means the work put into
new features is de-coupled from a release cycle, and therefore the money
coming in.

~~~
jshelly
I am also a long time customer of 1Password.

Unfortunately or fortunately (if you are a shareholder of a SaaS public
company) we have seen a mass exodus by corporations (see Adobe, MS/o365,
Quickbooks, Basecamp, etc.. etc..) that have moved from the traditional
purchase a license model to the cloud based subscription model.

While I do understand the benefits of storing certain information in the cloud
(GitHub!) when it comes to the storage of critical information such as
passwords I'd rather be in control of that information myself and on my own
hardware.

While 1Password is correct in suggesting that the cloud model may be the best
solution for average users, it runs face first into the best practices of
security conscious professionals.

I would personally be willing to pay a premium for a "Pro" version of
1Password with local storage and keep the cloud based subscriptions for people
that are either unwilling to or do not have the skill set to manage a local
security store.

One more additional note, a move like this should have been more transparent
from AgileBits. It looks a bit like they tried to slip one past the goalie,
which isn't going to give anyone the warm fuzzies especially when it comes to
security products.

~~~
wlll
FWIW Basecamp (disclaimer: used to work there) never had anything other than a
pay monthly SaaS model, and IMO it makes sense given the amount of time people
actually spend pulling dynamically updated web pages from the server and is
more akin to Github in the usage pattern than something like MS Project or
Quickbooks (It's secretly a communications tool).

------
Freak_NL
> I want companies like AgileBits to thrive […] But I want the choice of where
> my data reside.

Either you subscribe to their SaaS business model (and trust them to make the
right choices with regard to your data) or you don't and keep sovereignty over
your data.

If you want data sovereignty, keep your (unencrypted¹) data local, and don't
use proprietary software when you can't decide that you don't want the next
version after reading the release notes.

1: Where 'encrypted' in this context means encrypted with your local, private
encryption keys.

~~~
jvdh
They had a perfectly fine businessmodel. 1Password has been running for years
without the SaaS model:

> P. S. Please don’t think our excitement for memberships has anything to do
> with money. We’re completely self-funded so we don’t have any investors
> forcing us to make changes by looking solely at our bottom line. We were
> doing just fine selling individual licenses and AgileBits was already
> steadily growing before 1Password Teams was even introduced.

[https://blog.agilebits.com/2017/07/13/why-we-
love-1password-...](https://blog.agilebits.com/2017/07/13/why-we-
love-1password-memberships/)

~~~
bjpbakker
True but self-funded companies have investors too. Who sometimes want to cash-
in instead of keep working on their products.

The simple fact that AgileBit uses it as an argument here, makes me even more
skeptical about their decision.

------
lordlimecat
They started doing this about a year ago, and I remember some of the AgileBits
folks telling me I was full of it: local vaults were still first class
citizens, nothing to worry about.

I moved away back then, because the writing on the wall was clear.

~~~
andrewjw
Where did you move to?

------
binaryapparatus
After few years of using lastpass (and following few of the more or less
serious security breaches there) I am using
[https://www.passwordstore.org/](https://www.passwordstore.org/) on both Mac
and Linux machines. Works great, GPG encrypted, GIT synchronized, platform
independent.

~~~
resf
Wait so the name of the website is stored in plain text? So if I want to store
my login for gaymidgetporn.com, there will be a file on my computer with that
name?

And anything or anybody on my computer can see all the websites for which I
have logins just by doing ls ~/.password-store ?

Erm, no thanks.

~~~
eeeeeeeeeeeee
If someone compromised your machine (even just user-level access, not root)
you're already done. Your browser history is not encrypted and they could get
the same kind of information from there.

------
homero
I have used roboform for a decade but they also made a new update which is
catastrophic. They removed the decryption password which could be different
than the cloud login.

Now if they get hacked, that password can also decrypt my info. Before hackers
could get the data but the decryption password was never sent to a server.

------
moe
Very bad business decision, they are killing their own product right there.

In the future everyone googling for a password manager will run into these
blog posts where reputable security researches explain why 1Password is a bad
choice.

It's hard to imagine a more harmful reputation for a company trying to sell a
password manager.

------
cygned
The fact that it takes me half an hour to find the standalone app for the
desktop annoys me every time I recommend this wonderful application.

And, frankly, I know nobody who ever would store their passwords in the cloud.
And I am not talking about security-aware people here.

~~~
Xylakant
I'm security aware and I push my passwords to a (private) github repo. I'm
using pass and the passwords are gpg-encrypted using a key that lives on my
smartcard. I understand that there's a tradeoff there - mostly that pass does
not hide the sites that the account is for, but that works for me, the benefit
of having a backup outweighs the potential damage in my case.

~~~
ryukafalz
I do much the same thing, but I push them to a git repo on a server that I
control.

GPG smartcards are super nice for that though, the machines I use on a daily
basis don't have access to any of my passwords unless I explicitly decrypt
them.

------
petraeus
The 1Password app is a good product but the subscription model they are
pushing is going to turn people off in droves all of whom will go seek out the
next stand-alone password app.

------
devereaux
I suggest to stick to 1Password4, which works fine on both Linux (wine) and
Windows

Maybe they will eventually realize it was a bad move, and start selling again
1Password4 licenses?

I tried very hard to give them money, to get a license on both my laptop and
my tablet but they refused.

I have a working 1Password4 setup on Linux and Windows using Dropbox. I will
not waste half a day to upgrade to something less secure. I will keep using it
until the firefox browser extension stops working. Then I will patch the
browser extension :-)

------
kemonocode
And for things like these is why I abandoned 1Password, LastPass and any
similar services and just decided to roll my own solution.

KeePass has quite a few Android apps (this [1] being my favorite) and even
though it might not be as widely used as these more centralized services, _I_
own my data and _I_ know where and when my database gets uploaded. In my case,
I use SyncThing [2] as well, which keeps my database neatly synchronized
across devices. It's not perfect and certainly has a difficulty curve
(Babysitting SyncThing to make sure it's actually running when it should. Oh!
Also, try telling Android where to sync and actually save the database outside
a few select folders, for example!) but it's not that terribly hard for anyone
moderately computer-savvy.

[1]
[https://play.google.com/store/apps/details?id=keepass2androi...](https://play.google.com/store/apps/details?id=keepass2android.keepass2android&hl=en)

[2] [https://syncthing.net/](https://syncthing.net/)

------
andystanton
Does anyone have any recommendations for an equivalently powerful, cross-
platform password manager that doesn't store passwords in the cloud?

~~~
Freak_NL
Passwordstore¹. A single, simple back-end specification — a file and folder
hierarchy where each plain text file is encrypted using GnuPG — and a number
of clients for any common platform.

If you want to keep it simple, just use the command-line `pass` utility. You
can verify the workings of that fairly simple script yourself.

If you want to share your database across multiple machines, you can use git,
or a non-cloud synchronisation tool such as Synthing². You can even encrypt
(parts of) your password tree for multiple recipients (all using OpenPGP key-
pairs).

Personally, I really like the setup I have with Syncthing and `pass`.

1: [https://www.passwordstore.org/](https://www.passwordstore.org/)

2: [https://syncthing.net/](https://syncthing.net/)

~~~
rafadc
Looks interesting really. Is there any way of acessing the stored passwords
from a mobile phone?

~~~
Freak_NL
I don't own an Android or IOS smartphone, but have a look at the list of
compitable clients, both platforms appear to be supported.

------
yladiz
So the issue boils down to, this person wants control over where they put
their password vaults? To play devil's advocate: what makes your solution
better than one from a company specifically based around security? If you use
Dropbox, iCloud, etc., why is it somehow better than their cloud based
solution? And if you don't choose the cloud option, what makes your local
computer significantly better than their cloud based solution, besides that
you have control over it? An argument I buy is that you need it to be local
for regulatory reasons, but if that's the case you wouldn't be using 1Password
since it's not certified in any of the major ways, like HIPAA (from my
understanding).

I do agree that you should get a choice, but I don't think the argument the
author is presenting is good enough. I do think that the argument that they're
pushing their subscription model very heavily is bad, is true, but I can also
buy 1Password's argument that it's technically more difficult to set up,
because it does tend to be (I remember having to set up something when I set
up 1Password initially, but it's been a while now). I also am not worried
because, trusting 1Password's word, they're not removing the option.

I do use 1Password, and I don't particularly care about this change. If I'm
trusting a company enough to create an app that is essentially the gatekeeper
to my entire digital life, I sure as hell should trust their cloud based
solution. I think that 1Password is still the best; beyond their vault design,
which I have worked with and trust (and trust the researchers who read and
verified the white paper), their UI is still the best for me thanks to its
great integration into iPhone and Safari. I am of course not a security
researcher, but I don't see the inherit negative here.

~~~
wlll
> what makes your solution better than one from a company specifically based
> around security? If you use Dropbox, iCloud, etc., why is it somehow better
> than their cloud based solution?

I deliberately don't use cloud based storage for my passwords, secrets or
other stuff I tend to store in 1Password.

> And if you don't choose the cloud option, what makes your local computer
> significantly better than their cloud based solution, besides that you have
> control over it?

It's the difference between a remote and a local vulnerability.

If Agile Bits buggers something up and introduces a bug that means password
vaults can be decrypted without the master password (or just leak metadata,
whatever) then when stored locally you also need to get access to my local
machine.

If you are uploading your data to someone else's computer you now have
vulnerable data out of your direct control. You've also created a gigantic
target for hackers. There is no compartmentalisation, there's a password
piñata up there with a huge target painted on it.

------
coldcode
As a customer of 1Password since it started, I now find myself just using
Apple's despite it being in iCloud, at least for me since I use Safari
everywhere, works perfectly for me. I wind up using 1Password less and less.
Apple's isn't perfect either but since my life is tied to them in many ways,
it works for me.

------
rvanmil
If, like me, you are a happy 1Password subscription customer and don't care
about this business decision, the one thing I did learn from this article is
to avoid the browser client and only use the native clients.

------
thescribe
As someone who consciously attempts to replace cyclical costs with fixed
costs, I hate the push for X as a service. At the end of my month I want to
pay the minimum number of recurring charges possible.

------
adiabatty
I'm quite happy with local-only 1Password sync via SyncThing and LAN sync to
my iOS gizmos. I've been avoiding using 1Password with cloud sync because it
would increase the attack surface area for little benefit to me.

On the other hand, I do online backup where the data is encrypted by another
passphrase before it leaves my machine. Given that I already have my 1Password
file backed up with this method, would I be much worse off if I used
AgileBits' cloud service?

------
kuon
While I liked 1Password and even was one of the first to try the cloud
offering, the latest decisions shook my trust to the point I moved to KeePass.

------
cjCamel
SaaS and cloud makes sense financially and for support, but it's clear they
have lost their most passionate customers.

The worry for them now must be that they have massively miscalculated the
number of new signups they were getting as a result of recommendations from
these users that are now feeling burned and won't now recommend them above
Lastpass, Dashlane etc.

------
chiefalchemist
Long to short, the concept of passwords has overstayed it's welcome. Think
about the brief and brisk evolution of the internet...and we're still stuck
with the password?

There's got to be a better way...

------
hardwaresofton
So I made a thing that actually sidesteps the whole password storage problem
by just storing your hints instead, it's called passcue:

[https://passcue.me](https://passcue.me)

After putting together a webapp and browser extensions I kind of gave up on
the idea since I didn't think it's something anyone would actually use... Is
anyone interested in an idea like this?

~~~
adrianN
Isn't the whole point of password managers that you can use strong random
passwords everywhere because you don't have to remember them? Passwords that
you can reconstruct from a hint are probably not very safe.

~~~
hardwaresofton
Thanks for the feedback!

Definitely one of the first obvious seeming flaws with the idea (part of why I
dropped it, it seems to inherently wrong to most) -- but a sufficiently long
password (essentially, a "passphrase") with some randomness thrown in is
enough (to at least force a brute-forcer to try the whole space, obviously not
just dictionary words), when it comes to password strength.

Assuming that's true, the big problem with this approach is how to make sure
people use long-enough and sufficiently random passphrases, and I think
encouraging hints helps that. If I have a hint like "elementary school cheer
w1th 0nes and second crush's name with how you feel" \-- I think that's very
hard for someone to either brute force, and hard for them to figure out
without access to that information (and my own personal inner thoughts), and
should be pretty long.

I still think that the safest place for passwords is inside your head (and a
close second is a sufficiently physically secure sticky note). If you think
I'm wrong please tell me, I'd love to hear why I'm wrong, I'm not a newcomer
to the security space but am by no means an expert. Lastpass and Onepass have
never been "breached" per say but a pessimistic view would suggest that it's
only a matter of time.

