I've been using their software daily for over three years. During that time, they have consistently improved their product and have been open about issues (as far as I am concerned). I was a little irked when I saw the subscription model. I was like, "hey, I paid for this." So, I looked up how much I paid in licenses by looking them up.. in 1Password. Turns out I paid about $40 for the Mac, Windows, iOS, and Android clients. That's $40 over three years for something that I use daily.
Then, look at the $5/mo subscription for families. I get something that gives me access to all their software versions (Mac, Windows, iOS and Android) for five people, my entire family (if my cat ever decides to get a computer). I am a software professional. I pay for tools that keep me going and return me money because they offer me productivity. I pay for Things, Bear, iThoughts, and may other apps that have helped me greatly.
One important statement I make to people is: _the price for security is eternal vigilance_. There are always new ways things get attacked and new ways to be more secure. I realized that I was gladly willing to pay $60/year to keep me and my family going while keeping AgileBits running as well. If there was anything that deserves a subscription, it is your security software. If its any consolation, several of my developer friends feel the same way.
My two cents.
I'd rather use something like pass and deal with the downsides. (Though I admittedly haven't switched yet.)
We'll have another solution in the not too distant future that should cover things and be a documented format that anyone with the know how could use.
Also important to note, that if your account ever lapses due to lack of payment. The account is still read-only. You can export your data if you wish even when the account is read-only. We do not lock you out of your data, we just prevent normal use of the application (browser extension, editing items, adding new items, etc). But the data you've already entered is entirely accessible if you want to copy/paste or export.
I don't think anyone who uses a password manager is exporting to CSV for security purposes.
I moved away from 1password at the time of the subscription palaver. I managed to move everything to Keepass but each entry has it's own folder.
I don't blame 1Password for the state of my Keepass db (although they pretty much forced my hand) but the closed nature of 1Password does bite you in the arse when you decide to leave.
Users noticing it after the company is already "going out of business" does not qualify as such.
Of all the entities they could be acquired by, I think NPR is the least offensive of all. And they've stated the intent is not to change how PocketCasts works. The other partners are WNYC, WBEZ, and PRX (helmed by Ira Glass). These are all major publishers of podcasts who have a vested interest in keeping PocketCasts a good app, and growing it. I think this is a bad example.
> Neither has Q Branch, but they ran out of money and had to shut down.
They would still be around if they had subscription revenue. Guess who has subscription revenue?
> Is AgileBits going to be around in 10 years?
They started 12 years ago. If you asked 12 years ago if they would still be around in 10 years, the answer would be yes.
> After getting burned by this over and over again, I just think it's more sensible to stick to OSS options that will probably exist in some compilable state even in the distant future.
Well, don't go LastPass if you want OSS.
Not sure about other solutions, open or closed; I moved over to their subscription service a few months ago and haven't looked back.
We don't prevent people from writing 3rd party tools, but I would also be very wary of using them. Our stance is outlined here:
> We have to advise you to never enter your 1Password Master Password into anything that isn’t 1Password. We aren’t casting aspersions on the integrity or competence of any developers, but we simply can’t advise otherwise.
So as long as you're mindful of this advice from us, go forth and conquer.
I'm not expecting anyone to do the work for free, by the way. You could still charge money for cloud sync or even app extensions and still keep the main repo open. Maybe the code could be a few revisions behind to incentivize people to pay.
In any case, from looking around, it seems that KeePass and possibly Bitwarden fit this bill.
Bitwarden just works and checks the boxes for me. I haven't tried it yet, but there is also a fork  that allows us to use our own hosting.
In practice, (a) falls apart if the user doesn't have the knowledge, experience, or time necessary to perform an audit, which is quite likely for security software. And I feel like (b) isn't great either, as there are plenty of examples of major flaws in open source projects that went undetected for long periods - heartbleed is just one example.
There are major unrevealed flaws in all software more complicated than “hello, world.”
I have made an exception for 1Password, as it is so good. I hate subscription for software, unless there is a clear benefit. In this case, I don't see the benefit.
opvault file access has open source tools. It would suck if they changed out from under me in the future (1password is the best password manager and it’s really not even close) but my passwords are at least accessible.
I use and love 1Password, but there's no way I'm switching to the subscription model. When my version stops working (either through incompatibility or serious security flaw), I'll begrudgingly find something else to use.
People are complaining about subscriptions, because for example you easily loose track of what exactly it is your paying for.
Paying for an upgrade clearly shows you that you're paying some amount for some list of new features. You can then choose whether or not it's worth paying for.
(just to name 1 disadvantage.)
For customers there are 0 benefits to a subscription model.
For companies of course there are many.
OP described in detail the benefit for customers--constantly updated software. Critical for something as security conscience as a password manager.
Paying for software meant they had to make more compelling updates.
That being said, security updates shouldbe part of the price you already paid, since a security flaw is a flaw in their original software.
I'm not so sure - it'd be much easier to write the email saying "Sorry, we screwed up and got a critical security but wrong, but here's an update that fixes it." if a significant portion of your users are paying a subscription - compared to writing that same email just as marketing are preparing to try and convince everybody to pay for a new upgrade...
> That being said, security updates should be part of the price you already paid, since a security flaw is a flaw in their original software.
If that was how everything worked - our industry would be _very_ different. If everybody who ever charge money fo a piece of software was on the hook forever for all flaws it might have, you'd only ever be able to buy software from Apple or Oracle or Microsoft - there would need to be almost as any lawyers as developers in any software company.
I understand your idea - but it's the same idea as people who call up my work saying "Hey, the app you made us doesn't work any more, you need to fix it!" and everybody here is like "Who the hell are _they???_ Never even heard of them." and it turns out its a 32 bit iOS app that they paid for in 2013 and we haven't heard from since (and there's only 3 people left in the whole company who were around in '13, and none of them are iOS devs). We do not fix that for them as "part of the price they paid".
Security vulnerabilities generally aren’t considers latent defects under warranty laws (at least not in NA). I’m not sure what the tech world would look like if it were - for one thing, software teams would probably need a P.Eng. on their teams to ship. For another, using open source software would be even harder to do without an intermediary like Red Hat who would be willing to accept tort liability.
At any rate, your software vendor has no legal responsibility to provide you with security updates. Maybe they should. But you’ll pay for that anyways. How do you want to amortize those security updates? By paying the dividend discount price of the updates up front and risk having the product abandoned in a few years (cheating you out of your ‘dividend’), or by paying directly through a subscription?
If you are paying for a subscription there isn’t necessarily an incentive to provide security updates even more, since they have the functionality of your app hostage if you decide to cancel and the automatic monthly billing has no ties to the quantity or wuality of updates they push out.
That makes no sense - you have it completely backwards. Their incentive to provide me with timely security updates is my continued subscription fees. On the other hand, if you pay the dividend discount price for those security updates up front, they have every incentive to stop releasing updates and cheat you out of your update ‘dividend’.
You pay one subscription fee for both "I can use my app at all" and "security updates" together. Once there is enough inertia for you to not want to switch off, you'll probably keep paying (to use the app at all) even if they don't provide security updates.
If there were two fees - #1 a one time lifetime usage fee and #2 a security updates subscription fee then maybe that would make sense, but I don't think so otherwise
Yes, those costs will ultimately be embedded in product pricing and borne by the customer, but that's good. It gives vendors a financial incentive to develop more secure software and reduce their security update costs (and earn more profit). (Nothing is perfectly secure, but a culture change and following certain practices can help. Think Microsoft pre-trustworthy computing memo and Microsoft today.)
- It's unreasonable to expect people to pay the full price for minor security fixes that still need to go out
- Because security upgrades are invisible to the user, it may be harder for the customer to see their value v. new features
- The timeline of when security updates need to go out is less predictable than that of feature upgrades, resulting in unpredictable revenue and expenditure for both the vendor and the customer and the customer may not have the budget to pay for an unexpected security fix
- Customers often want to take time to consider whether it is worth paying for upgrades, whereas security fixes should be applied as soon as possible
- The vendor must invest a lot of resources in testing the security of their software even when no security upgrades are warranted
The ideal model for locally-run software, in my opinion, is to sell perpetual licenses to each major version for a one-time cost and promise security and maintenance updates for a certain period. New features can go into new major versions that users have to pay for (sometimes with discounted upgrade pricing), or, on a discretionary basis, as free updates.
This used to be the typical business model for locally-run software. Microsoft, for example, sold Windows versions for a one-time cost, promised security and some other level of updates until a certain year (and new features could be added on a discretionary basis), and provided upgrade pricing for new major versions that added new features. This kept control in users' hands, as their paid-for software could be used forever (at least until and unless external factors, like hardware incompatibilities, prevented it from working), though of course it would be very dumb to use, say, XP today on an Internet-connected machine. I am generally against subscription models for local software where there is no legitimate reliance on an outside service, and also against the trend of trying to create such a reliance for no legitimate reason ("We've added cloud sync and that's what the subscription is for. Servers cost money every month, which is why we're charging you every month." - except I can handle my own file storage and don't want your sync service).
It's only become a big thing after iOS and it's lack-of-a-filesystem and lack of inter-app data flows locked users out of their own devices.
Quite often I don't want many of the "new features". For me, bug fixes and security fixes are the main thing, followed by compatibility updates. I'm quite happy to pay for the latter when it was me that caused the issue by updating my OS/hardware in the first place. I'd quite like some amount of the former to be included in the original cost.
Manually dealing with files is a sign of poor software design for simple use cases, in my opinion. I quite like the iOS model that abstracts the idea of a filesystem away from the user because the user never cared about the file system anyways. They just had to deal with it to do whatever they really wanted to do.
Huh. For my part, I'd have trouble trusting a password manager (or browser, or OS) that claimed it _didn't_ need regular updates in order to remain secure.
It's not just security, it needs to be updated to continue to run on your devices. New versions of iOS, Android, Windows and Mac OS change things that need to be taken into account. The browser extensions must be kept up to date. There is a lot of work to do just to keep things running without adding any new features.
As far as general updates go, I agree with you, but these shouldn't need to be that frequent. I still have software from the XP era running on my computer.
I recently upgraded to one, set up each of my parents with accounts, and moved all of their passwords out the physical and digital notes that their passwords were strung across and into 1password.
This means no more iCloud password resets every time they need an app or call me for IT support. It means I can help them securely manage their financial accounts and photos as they get older. I can share with them my Netflix login. And I sleep better at night knowing they’ll be aware when one of their previously common recycled passwords is compromised.
I was annoyed when it changed to being subscription based, the price wasn't an issue I think for the value it gives the price is fair, 1Password is the only thing now keeping me on a Mac.
The issue i had with it is you don't own the software and when my credit card expired and i forgot to update it losing access to passwords even if temporarily until updating the card details left a bad taste and showed the downside of being subscription only.
It's been on my list to move away ever since. 12 months on I've still not done it, there's lot's of alternatives but 1Password have the UX and functionality just right however i know i should move as i now don't own my passwords.
1Password X works on Firefox and Chrome on Linux.
I was in the same position. Switched to Keepass and have had no issues using it on Linux and iOS (the latter as KyPass)
Comment elsewhere in this thread points out they have a Linux CLI app now as well.
We do have a CLI that runs on Linux (as well as Mac and Windows).
It's the thousand-cuts problem. And once you start on that path you can't go back, or else the tool stops working.
 which is a substantial chunk of a day's after-tax pay for many people in the UK, for example. 1/400th of their salary for a password database.
It doesn't even register -- they are tools I need for my work and I'm happy to pay yearly for them. It's worth nothing that with the exception of email (which, being on my own domain, I can always move elsewhere), I still keep usable licenses if I stop subscribing, I am not locked-in.
How would you feel about a subscription service that guaranteed updates? Essentially, upgrade pricing, but charged every month.
... But JetBrains attempted to explain why this doesn't work with the subscription model. And failed IMO, but regardless.
The only thing a subscription model is good for is it wrestes power from the consumer.
With the traditional model if they decide to stop updating the app, you wouldn’t buy the next version, and that would be your leverage. With a subscription model, they can decide to stop deivering updates, or deliver lower quality updates, and you’d be forced to pay perpetually just to keep the existing software operational.
If someone pays $40 for, say, 1Password 5, they have no incentive to upgrade. It works well enough, and there's no reason to pay again. So, 1Password is stuck supporting a legacy product (and servers / APIs for it), the user is frustrated by an old version of the software, and the company gets no money so they're at risk of folding (which would hurt both the customer and 1Password).
I agree that subscriptions can get annoying. However, if it ultimately is about the same price, it ends up working out much better for both sides. And hey, they can always stop their subscription and go somewhere else if things get bad. They don't lose their buying power completely.
That is to say that I personally (and again, this is just my opinion) don't care about any new features and would be unlikely to upgrade from version 6 on that basis. I may upgrade to ensure I will continue receiving security updates and OS and browser extension compatibility updates, but it would be nice to know how long such updates to version 7 are guaranteed for (presumably they will eventually release version 8 for a new fee and discontinue such updates to version 7).
> (and servers / APIs for it)
The users (like me) who are against subscriptions are only using local vaults (managing the storage sync ourselves) and do not care for or want the web/sync services.
I disagree. Security software (as opposed to boxed titles prior to the Internet era), subject to frequent review and that is updated regularly does offer continuing value in a steady stream of updates.
As another commenter said, the price of security is eternal vigilance.
They should be supporting security updates and this should be built into their costs. Security updates represent flaws in their product.
If the user is frustrated by an old oversion and looks to upgrade (whether to a competitor or a new version), then that makes upgrading justified, transparent, and intentional.
Their subscription model just serves to make upgrading less intentional, less transparent, and takes away power from the consumer. Also at their current pricing it’s a massive increase in cost without really deliverying much more value. You’re paying more than what it normally costs in a year, to only be able to use it for a year. It’s like forcing me to pay for their product on an installment plan, but I don’t rven get to keep using it in the end.
Whatever benefits they claim a subscription provides can also be achieved by having more frequent, smaller, incremental updates for features you can pay for.
But don't forget compatibility updates. Underlying platforms change all the time, it makes sense for users to have to pay for these updates outside a certain time period.
This is how software worked for multiple decades before subscriptions came about.
The customer could pay $5 and then cancel the subscription if they do not like the service.
With the license purchase they have to make a large commitment upfront.
I've no problem with the business model, but I'd rather keep the data to myself.
Edit: Answered my own question
> 1Password 7 from the Mac App Store will only support our hosted service, as that’s what you’re purchasing with a 1Password membership. If you install from our website, you’ll have to option to use a standalone vault synced via iCloud if you purchase a standalone license, or use our hosted service if you purchase a 1Password membership.
I still don't understand how the revenue model (subscriptions) necessitates the technical solution (cloud storage).
With 1Password 6 for Windows that is the case, but not with 1Password 7.
> I still don't understand how the revenue model (subscriptions) necessitates the technical solution (cloud storage).
It doesn't. But that is the recommended solution. You _can_ subscribe and use a standalone vault. But you're missing out on functionality that you're paying for that way.
Thank you again, I have now acquired a subscription and version 7 looks very nice indeed.
Yes, with 1Password 7 this is possible. It isn’t the recommended situation, and we don’t advertise it, but it is possible.
Making it seem like you lost access to all your passwords seems just below security issues as far as high priority bugs, in my opinion..
unlike say adobe.
In particular AgileBits is right about the missing upgrade pricing system really being a bummer. To this day Apple's decision to remove that remains one of the most perplexing decisions of anything they did with the MAS (or iOS App Store for that matter). The basic idea of paying just for marginal value added since original purchase whereas new purchasers are paying for the whole package from zero is an efficient, sensible and sustainable one that has supported the software industry well since the very beginning. Ongoing support of software costs money, particularly when Apple has made it another principle of theirs to be aggressive about pushing the platform forward vs backwards compatibility. No upgrades (or volume discounts or anything else) is still such a mind blowingly stupid decision in every respect. It's forced developers to make some tough choices unnecessarily, and IAP and subs are one way to go at it.
I agree. Many of the applications that have moved out of the app store (e.g. Dash) have also ditched sandboxing.
Going back to the situation where every application can read your whole home directory is a large regression.
(Of course, non-MAS apps can also be sandboxed, but many developers do not do it.)
I see Apple coughing up none of the costs that they create by regularly fiddling with their platforms and hardware in breaking ways, yet that is a big reason why software can’t be sensibly “bought once”. Now they’ve come up with a scheme where they not only don’t give developers discounts for maintaining software but actually take yet another cut.
Don’t judge developers too harshly.
I'm OK with the model that VMware is using, at least on the Mac.
You buy version X, you have version X. Version X gets updates for some amount of time. Eventually, a Mac OS upgrade makes version X no longer work, so you have to pay an upgrade price to upgrade to version Y. There is no subscription, but there is regular income to the company to make the updates you describe.
The only exceptions are situations where hardware and platforms change slowly or not at all. e.g. Single player video games (and even that is largely consoles), certain kinds of embedded, etc.
People are already becoming frustrated with all the subscriptions they have, though. People are “fine” with paying to maintain things like their home and car. The problem with software is that it doesn’t really “break” from use. Updating the platform and hardware around the software is what can break it. It would be like the pipes in your home are indestructible and never burst in winter, but they can explode when building codes update or the water treatment plant changes it’s equipment.
However, hiding the non-subscription feature is silly. I do not wish to add yet another subscription (especially something so crucial as my what manages my passwords; I need  it to work, no questions asked), and I would be more than happy to purchase a new license for 1Password 7.
We originally started with offering both licenses and subscription as equal options. Here is how it looked:
There was a lot of confusion with this design because people simply had no idea what to choose. It is ridiculous but we had many hundreds of customers purchasing both.
The subscription is a better option for most of our users because it takes care of so many things:
- no need to purchase separately on every platform
- no need to learn the difference between iCloud and Dropbox sync, and why sharing is not possible with iCloud option
- no need to learn how to set up a shared Dropbox folder
- no need to worry about backups when your computer or phone dies
- and more
Many of our long-time customers still use licenses and are happy with the existing setup and we want to keep them happy. This is the main reason we keep the licenses going and releasing new version for Mac and Windows support for licenses and standalone vaults.
1Password accounts seem like a very attractive target for something like Stuxnet. I just can’t bring myself to put my trust in a corporation, given the history of pivots & acquisitions and subsequent licence changes & data repurposing.
On iOS, scroll down the list, you'll see an option on the welcome screen to create a standalone vault. You're not on a subscription doing this.
Already have a vault synced to Dropbox or iCloud? Tap the requisite option on the welcome screen and it'll suck the data in from your sync source of choice. Again, no subscription required.
There are no plans to remove Dropbox support. Especially not after we spent an entirely non-trivial amount of time getting the SDK updated.
Like you, I would have happily done a paid upgrade to 1Password 7, but a subscription to access my passwords is a non-starter. And after having been made to feel like a second-class citizen for so long, they've burned any good will I had for them and I'm done buying anything from them.
Enpass is worth a look. Free on desktop, one-time fee on Mobile, sync via the cloud provider of your choice. Also available for Linux, which is what drew me to it.
Could you give me some details on what we've done to make you feel like a second-class citizen? I'm sorry if we've made you feel that way, it certainly isn't our intent but clearly we've done something that hasn't sat well with you.
Licenses aren't going away and we are definitely offering them for version 7. There are a variety of new features that both license and subscription users will see in version 7 as well.
The command line tool was made possible because our server component was written in Go and so we had a great deal of the work done as the command line tool is also written in Go. So there's a great deal of shared code there.
The original intent of the CLI was to allow administrators to automate the creation and deletion of users and vaults. They do this type of stuff all the time and having a tool accessible to them for this purpose was a goal of ours. It has the ability alter items and all that but I think for the most part it's used as an admin tool more than anything. Very little of this applies to the way the standalone vaults work.
Either way, I'd love to understand more about what we did to wrong you so I can pass that information along to the teams that need to see it.
The feeling of being a second-class citizen comes from recently purchasing a new computer and the process of getting 1password configured.
- First, the webpage. The 'Try it free', 'pricing' and 'get started' links all go to a sign-up page that makes no mention of the non-subscription option. To download the software, I had to find the little 'download' link in the footer of the page. Given that it's still possible to signup for the subscription service after downloading, I'd like to see a more prominent 'download' to both support people like me who have an existing license and people who want to install first and sign-up second.
- Second, there's the experience when first starting the app. It actually took me about 30 seconds to figure out how to connect it to my existing vault that I keep in Dropbox. The sign-up flow is so prominent. It may have been different if I'd installed my license before connecting my vault, but I keep my license in my vault, so that's a bit of a chicken-and-egg problem.
- Third, on my new computer I discovered the Station app, which seems like a cool way to separate my persistent, always open tabs from my normal browser tabs. It has 1Password integration, but uses the CLI client to accomplish that, which means I'm out of luck and stuck having to copy-paste my password every time GMail wants to reverify. Adding support for non-subscription to the CLI would mean a lot since it's used to integrate with other apps.
Alternately, if you'd like to publish developer documentation on the native message protocol used by the Chrome extension, I'm happy to write code myself. I've wanted a modern version of http://sudolikeaboss.com for a while, but reverse engineering your protocol crosses my not-worth-the-effort boundary.
None of this is major, but it's all the little things that contribute to the feeling of being second-class in the eyes of AgileBits.
Regarding your first point. I've filed this feedback to our team in charge of the 1Password.com page. I don't have much more than that right now but I generally agree with you. There are probably reasons for why we focus this a bit differently... Notably, if I had to guess, that paying through IAP (which is how they'd likely end up paying if they sign up in app) costs us a significant amount more and offers far less flexibility. Just one potential reason I think.
For the second. We've rewritten this welcome screen multiple times... turns out getting it right is incredibly difficult. I think we've gone through something like 50 different variations of this single pane now. I honestly don't have anything on in mind that I can share here.. it's both frustrating for us because we know people are confused by it, but we also aren't sure how else we can present that information that's going to be more clear. It's always a teeter totter, trade one thing for something else, but we lose something as well. I do appreciate you commenting on this though, I'll pass it along to the rest of the team as well.
Station is one we don't generally recommend using in this way... First the blog post where we talk about this general concept: https://blog.agilebits.com/2013/03/06/you-have-secrets-we-do...
Then the quote from it that matters most:
So our general stance here is, you really shouldn't enter your Master Password/Secret Key into third party apps. We can't vouch for it and you're basically giving Station full access to your data doing this. Entering it into the CLI directly is great, but.. Station is gaining access to this information which is the issue we generally have with suggesting this type of thing.
Adding support for standalone vaults to our CLI is... difficult. The 1Password.com server is written in Go. As is the CLI. We were able to make the CLI in super fast form because we could piggy back on the code we have for the server, move a couple modules over to a new project, write some glue, wah-la. The CLI also started as a tool for management of accounts... think adding users, deleting users, adding vaults, granting access, etc. Admin type stuff. Literally none of this applies to standalone vaults.
At best we could write a CLI (separately) as part of the 1Password app that is in Objective-C/Swift, since we could piggy back on existing libraries we have in 1Password for Mac/iOS. But I really don't see very many people needing this... would it be cool? Absolutely... but... I don't think there's this great demand for it.
Regarding sudolikeaboss, I think we'd ultimately like to see something like that again. But the way sudolikeaboss worked was incredibly hacky and it was bound to break because of this. We'll have to take a look at this for future updates, but I don't see sudolikeaboss coming back as a thing, perhaps we can do something internally though. There was simply no time for this for 7.0 though. But maybe it's a neat idea for 7.1 or 7.2... both of which have some already huge features planned.
So to kind of re-iterate a little bit. The CLI exists because it was super easy to glue pieces together from existing code. It's not like we set out to write this to stick it to anyone, we wrote it because we seen a demand for it by administrators who were on unix type systems and they wanted ways to admin their accounts. It gained some editing/using features as well but those came after. Interestingly the CLI talks directly to the server for this, it doesn't have a copy of data locally... it doesn't really have any idea about data formats and such.
And sudolikeaboss, while cool, wasn't an officially endorsed product of ours... that isn't an excuse for breaking it, but it also shouldn't be a huge surprise that it did break due to the way it functioned. I personally would like to see something similar in the future though.
Hope that helps some... I understand these are all important to you though and I hope my response doesn't dismiss any of that importance. I'm only trying to explain from our side so you can see thought process a little bit. You also don't have to agree with our decisions, and I'm not trying to convince you that we did the right thing. I just find understanding why we do something makes it easier to at least accept how/why something happened.
Please do let me know if you have questions though. I'll keep an eye on this for a few more days. Otherwise, please email in and mention me and I'd be happy to help get you answers.
Correct me if I'm wrong, but couldn't you re-use the plumbing that you have for the Chrome extension? The blog post was here: https://blog.agilebits.com/2017/07/19/introducing-native-mes...
That way, software could integrate with 1Password by triggering 1Password to prompt the user for the master password, choose a password entry and send that data back to the application that triggered 1Password. That way, the master password is never sent to anything that isn't 1Password. This was the workflow of sudolikeaboss. The implementation of that, however, was hacky since it used a reverse engineered websocket connection behind the scenes. It would seem that the native messaging stuff is a little cleaner and would allow third-party apps to trigger 1Password in a way that, at most, a single password would ever be exposed.
I guess the ask would be to make that native messaging protocol that the Chrome extension uses a documented and stable thing. And since the 1Password application is used by both subscribers and licensees, that can become the preferred way for 3rd parties to integrate with 1Password in a way that users know only exposes individual passwords at the single point in time when they're used rather than the entire vault, for exactly the security reasons you mentioned.
BTW...as much as I've felt frustrated by some of the decisions AgileBits has made, in the few interactions I've had with people at your company, everyone has always been the above-and-beyond type, as you've exhibited here, so thank you for the effort to engage in this discussion, likely long after others have stopped reading this thread.
There are two important things:
1. We check code signatures and compare them against what we know and expect.
2. The more we approve for this the more it feels like we're screening and supporting the ones we do approve.
We have opted to remove all browsers except those that are mainstream (Chrome, Firefox, Safari and Opera). I believe everything else has been removed. We also don't allow this to be disabled, for security reasons, as of recent versions.
sudolikeaboss would also require that we add their code signature to the app and it breaks the new rule we have on that.
If sudolikeaboss ever came back, it'd be a home grown solution internal from us. It's the only way we could make this work I think.
Security is really tough. We didn't want to start feeling like we had to screen all apps and vouch for them. It's a really slippery slope. Maybe we'll find other ways to accomplish this though. There are indeed some .. plans.. that might actually really impact this in the future! We'll have to see what comes from WWDC this year before we make next steps though.
And thanks for the kind words. I like hacker news, I hang out here and read stuff during my lunch and stuff, so it's a pleasure getting to converse with people here. :)
As a free user I've contacted their support twice and they replied within minutes.
But shamefully, as it stands, "self hosted" for Bitwarden really means "host on your server, with our server's permission"
Reference (see "Installation Id/Key"): https://help.bitwarden.com/article/install-on-premise/
The Windows version of 1Password 7 still can’t be licensed, they haven’t built that part yet. The Mac version however can be purchased, and if you plan on sticking with it I would do so now, as the price will be much higher in the near future. Right now it’s being offered at 50% off.
"Licenses will be available for $64.99 when we launch later this year, but are available now for only $39.99."
I just went through this. Install v7, open it, unlock your vault, and it'll prompt you to try a subscription, with a tiny option below to just buy a license.
Here are the license links:
Unfortunately however, 1Password 7 for Windows does not offer the WiFi Sync. There's more on that here: https://discussions.agilebits.com/discussion/87524/on-wlan-s...
Like others here, I'll probably be reevaluating my choice when it feels like it's time to upgrade. For me, some of the open source solutions are perfect as far as the underlying storage format and sync technology, but lack good browser extensions that already understand all the quirks of various sites. That's the kind of thing that a commercial product can tend to do a better job at.
Personally i wouldn't want to store my passwords with the same company that creates the (encryption)software.
And i definitely wouldn't self-host (why burden yourself with the management of data-backups/updates/etc. when iCloud is available for free...)
Their base software has an artificial limit in terms of number of users and number of 'collections', which goes contrary to the ethics of Free software.
For people like me that already rent a VPS for their mail and website the marginal cost is $0 except for the time it would take for me to perform the installation and setup.
If the system is good and stable then the "cost" of the time that I would spend installing it on my server would be close to $0 when divided over the amount of time I use the software in the future.
No it doesn’t. Free software doesn’t have to be free: Even on the GPL page it’s written that it’s even ok to sell free software. It’s only unethical if you equate OSS to software communism, but that’s another topic.
So anything that encourages the user to either use the freemium, then either dive into the code or either pay, is ethically correct. After all, you can download their AGPL, knock the limit, and redistribute. At which point you’ll be a contributor and while you’re at it, you’ll probably make a few other improvements: it means effectively free for contributors, which is awesome. See, it articulates quite well gratis, contributors and funding.
It’s only designed to make enterprises pay, which is good because they can “donate” huge sums for good software, so it funds the open-source community quite well. And it retains the qualities of OSS: You know what you install, you’re not tied to the editor if he dies, and if they stop improving the software, a contributor can take over their code and become more famous. Win-win-win.
I've not looked again recently but lastpass is the only thing I've found that fits those bills.
Seems to fit the bill a bit better. And might mean $12/year less though thats not a huge problem.
I get that these moves make people nervous, and rightfully so. But as it stands every version of 1Password in active development (not including maintenance mode):
* Can be licensed standalone.
* Supports local & Dropbox vaults.
* Was released within the last year, actively supporting those features.
The only feature they’ve actually killed off (by not baking into future clients) is WLAN sync. This is a regression for some, but personally I always found it super impractical.
I agree that how they are going about this doesn’t inspire confidence that these features will remain in the product, but to some extent it does.
While they downplay the hell out of it, 1Password 6 for Windows was a ground up rewrite that ditched local vaults and standalone licensing. Those features were reintroduced in 1Password 7 for Windows, which is a pretty big backtrack for them and requires renewed development effort.
AgileBits doesn’t always make the right decision. They develop opinionated software, like most good developers. However, just like the MAS-only decision they made with 1Password 4 and stood by for some time, eventually they do right by their customers.
1Password 7 for Windows is a great example of that. As much as they would love to go cloud only, they heard the feedback and brought back those two key features. At this point, I can’t expect much more than that.
Not in my experience.
I moved to LastPass the moment Agile Bits decided to not support its (non subscription) 1Password paying customers in having a web access to the vault.
I had bought all 1Password versions + updates (Windows, Android, Mac, iOS) which put me well above $100. One day I simply couldn't use 1Password online, which I relied on for Chrome OS use. Dropbox decided, rightfully, that the public folder shouldn't be used as a static web server, which is what 1Password used as online vaults.
There was a long discussion in Agile Bits' forums about this issue. Agile Bits argued that it wasn't its responsibility to solve this since it was a Dropbox decision and its users could still store and sync the online vault manually on their own servers. I argued that losing automatic sync rendered the feature pretty much useless.
In any case, Agile Bits could have transitioned its users to the subscription model by either giving them subscription time or by offering an alternative to the Dropbox public folder, but it decided that its customers were not worth the effort.
I had a lot of respect for Agile Bits and 1Password, but this was a crappy way to treat its customers, specially considering 1Password was not a cheap product.
LastPass is not as elegant, but I'm happy with it.
This is incorrect. The command line client is subscription-only.
It’s still available for the Mac client, but they’ve essentially said they won’t be supporting it in the future.
1Password for Windows is a full rewrite and the new codebase never had WLAN sync. We wanted to see if people really need it when we announced 1Password 7 for Windows:
I think so far we had about 90 people expressing interest in it. For a product with over 15 mln customers, that is a very low number.
I don't care about that feature... but this HN thread is the first I'd noticed that 1Password 7 for Windows actually exists and finally brings back local vault support. I care very much about that. I'd have liked to know about that the minute a public beta landed. But... I spend approximately 0 minutes a day thinking about ways I could better engage with AgileBits.
Maybe y'all could spare some minutes to figure out how to better engage with me, a customer who gave you some money 3+ years ago and has hardly heard a peep from you since.
1) We often don’t even have contact details for customers (e.x. App Store purchases)
2) When we do have such contact details they may have only been given for the purpose of completing a transaction, and did not agree to receive a newsletter or ongoing communications
3) Even when none of the above is a barrier it is very time intensive to send a newsletter. Not only does it require a fair bit of time to craft but the volume of inflows to our customer support team after sending a newsletter are huge.
I understand and agree with your position that putting the onus of keeping up on what is happening at AgileBits on the customer is no solution, but we do have to balance the above considerations. We’ll continue to look for ways we can do better.
Blog and newsletter are the only options we have to communicate with our customers. I agree that it is not enough and not everyone receives this information.
If you have an idea how we can make it better, please let me know!
Also makes it easy for the family to share hulu, netflix, whatnot.
Also, the switch to the "1password cloud", instead of the already freely available iCloud/Google Cloud/Dropbox etc, just seems like a move to make people believe their expensive subscription are justified.
There was absolutely no demand for a "1password cloud".
This entire push to subscription-hell makes me sick...
(i've had 1Password paid versions, OSX & iOS, for like 7 years btw.)
Vault sharing is simply impossible with iCloud. Sharing with Dropbox requires manual set up of shared folders.
I like that I don't need a Dropbox, Google Drive, iCloud, OneDrive, etc. subscription for 1Password to work. It's convenient.
If you only want to use iCloud then you might be served better with a license.
* Must simpler setup for sharing
* Permissions (read-only vaults, etc)
* Secret Key that is used in addition to the master password to better protect data stored in the cloud
* Account recovery (can be done by the family organizer for other family members if they forget their password or lose the secret key)
* Travel mode
* Automatic backups
* Individual item history
* Multifactor Authentication (TOTP)
* Mac, Windows, Android, and iOS apps included
* Support for Linix and Chromebooks with the new 1Password X extension.
In addition to that, sync is faster and more reliable. There is no worries about Dropbox/iCloud throttling when you set up a new device, etc.
1Password Teams and Business have additional features that build on top of that.
I would be more forgiving if the subscription was for value-added features, like dynamic syncing, or remote encrypted storage. But it ain't.
That’s a key component of a 1Password subscription, they host your vaults and handle annoying details like access control, etc.
This trend of subscription-ifying is horrifying. It's turning users into digital sharecroppers, for a guaranteed line of money. And 'easy-to-import, hard-to-export' is the modus operandi for these companies.
Sure, I'll take the karma hit. I already have with the prior post here. Evidently, people seem on the most part OK with allowing their personal data be trapped behind subscription paywalls... Well, they're OK with it until they're not.
EDIT: Lets make this crystal-clear what my complaint is:
No Pay, Forget to Pay, can't afford == FUCKED.
Long story short, they hold your data hostage for the "New and Improved Business Plan".
Your data is yours. Even if you cancel your subscription and your account is frozen, you can still sign in to
1Password.com or in the apps to view and export your data.
We may argue about it but the most expensive solutions are still the most consumer-friendly.
But the push to the cloud versions gives me headache. I don’t want to sync using their cloud - I actually sync using a WiFi server. While it’s (still) possible to obtain the standalone versions, it’s difficult to find them. And I expect that in a few years, they’ll be gone completely.
I am looking into Bitwarden at the moment as a self-hosted alternative but I haven’t decided yet.
This part was super confusing to me until I dug deeper when a friend upgraded.
So the primary impact of switching from standalone license to subscription, if you're planning on using 1Password for a while, is that instead of paying a larger chunk of money every so often when they drop a new major version, you move to paying a flat couple bucks a month or larger chunk per year.
> As it stands, though, how you purchase 1Password is intrinsically tied to where you store your vaults and how you sync them
I understand why they're subscription-only for the mac app store, as a way around its insane lack of pricing flexibility. Makes sense, fully support, etc. But they seem to be continually pushing the non-cloud options further and further away from visibility :|
Subscriptions will only support cloud sync, not local.
If you have a subscription you can create standalone vaults outside of your subscription and sync those using iCloud, Dropbox or WLAN sync if you wish.
This behaves the same in version 7 as it did in version 6.
I understand the attraction, from a software development standpoint it's much easier to make everything work well when you control the server and client software together.
Especially in a world where they successfully convince everybody to pay a monthly subscription, the effect of losing every user who wants local vaults would be an immediate visible blow to their revenue stream.
Their goal in moving to subscription services seems less driven by simplicity and more with making that revenue stream more predictable. But whoever runs the marketing side of the house decided the best way to pitch the change was by saying how great the cloud hosting was, and looking around at these comments I hope they realize their error.
Assuming that's correct (since the blog post still strikes me as vague), the answer is clear in their reply: memberships are exclusively cloud, standalone licenses are exclusively local backups / sync.
I have no idea why they’ve decided to handle what they’ve called out elsewhere in this thread as an “advanced feature” that won’t be going away by lying about the feature not existing.
It seems so weird because their subscriptions work exactly how I’d want them to work, but all their public statements actively prevent people like me from knowing that.
It's completely ridiculous. And it's burning trust, in a fairly inherently distrustful crowd like you get when you're in the security / crypto field.
If you purchase a subscription you can create standalone vaults and sync them to Dropbox, iCloud, WLAN or Folder just as if you had purchased a license. You'll have both an account (which has vaults in it) and standalone local vaults that can be synced as above.
This is how it behaves in version 6 and nothing has changed with this in version 7.
So if you'd rather have a subscription AND just use standalone vaults you're welcome to do that.
Not however that this may not be true for Android or Windows. I'd have to double check with those teams as to how they do it but at least with regard to Apple platforms this is a viable option if you so choose.
I've brought this topic up internally and hope that we can all be on the same page. My suspicion is that someone from a non-Apple side of the company is answering these. It's tough because our Windows and Android apps are still trying to play catchup with Mac and iOS, so they may not do things that Mac and iOS do.
I do apologize for the confusion though. That said though you can take my answer and trust it. If you have questions though please reach out to our support and mention me specifically (Kyle) and they'll get you in touch with me.
At least on Android it's fairly easy to make a new IME and just use my background dropbox syncer, so I have a backup plan if needed.
However if you have an active subscription to 1Password.com it will unlock the Pro features for that single standalone vault. So it behaves similarly to how 1Password for iOS does in this regard. The difference is that 1Password for iOS supports multiple vaults.
Hope that helps!
The move to their own "cloud" as the primary sync system pretty much ensures other sync methods will never get properly fixed. I wouldn't have recommended 1Pw to people looking for non-cloud sync in the past, and now I definitely wouldn't.
That said, I refuse to use cloud-stored browser-accessed password managers, and it's looking more and more like they're pushing for that to be the only option. Not there yet, but oh boy are they pushing it down into the deepest corners of the website.
> That said, I refuse to use cloud-stored browser-accessed password managers
There seems to be a disconnect here?
Desktop app: I can stop updating, firewall the app, use offline, airgap a computer, I have many options for reducing my attack surface.
Website: I have literally no way of locking down a version, possible-but-I-haven't-seen-it to be notified of changes (but likely not block them), and it would be rather trivial for the site to ship new JS that simply uploads your password once entered.
Not that I think you are. I assume you'll approach that with the same level of care as you've given your apps (which has been fantastic). But I do think that you're a gigantic payout if someone successfully breaks in. Why should I throw my eggs into such a large, internet-connected basket?
For comparison, injecting a malicious update into the apps to do the equivalent of a trivial, invisible JS change means: 1) getting a change into the binary (maybe they brought their own tho), 2) breaking into your app-signing system which is hopefully among your most-secure locations, 3) distributing the app to both customers and employees with a visible update notification, and 4) not getting caught before I download it. For each app. Websites are far, far easier to take control of.
: I'm not aware of any server-side security-oriented frontend-web stack which would mitigate this in the slightest. I hope there is though! I'd love to read up on it if anyone knows of one.
It is finicky! There are multiple components outside of 1Password control when you are using Dropbox, iCloud, or WiFi sync.
We do our best to find, troubleshoot, workaround these issues. We have built an entire Troubleshooting and Diagnostics utility just for that:
For the majority of users sync with third-party services works well. However, there cases when it gets finicky.
I don't use any third-party services. I use what 1Pw calls "Folder" sync, as it's the only non-cloud method available. 1Pw on Mac #1 saves a binary file to disk, and 1Pw on Mac #2 loads that file from disk. There's no components here out of 1Pw's control. Sometimes, 1Pw simply doesn't write the file on Mac #1, as I can tell by the modification timestamp.
I ran 1PasswordTroubleshooting.app, and sent in the 400KB report it generated. The response I got from tech support mentioned nothing about what might have been found in that file (or what they expected to find, which could prevent data from getting from the application to the filesystem). They simply gave the usual spiel about restarting/upgrading.
One thing that is not clear to me is what happens with the subscription license if you go a long time without internet access. With the standalone license, it checks the validity of the license when I enter it, and then I'm good as far as I've been able to tell forever more.
If I take a laptop with a 1Password subscription, fully validated and synced, and spend 6 months with no internet access, will 1Password continue working?
Remember, 1Password is often used for more than just internet passwords, so wanting to use it with no internet access is not unreasonable.
I've been using this for years across multiple devices and O/S. A real lifesaver.
Yes. Obviously it won’t sync with your other devices until you restore connectivity.
They mentioned somewhere on their site (I don't remember exactly where...it might have been in an answer to a question on the forums) that one of the points of 1Password 7 is to bring the standalone versions up to parity with the subscription version.
Right now, standalone and subscription are essentially different products, with all new feature work going into the subscription product. With 1Password 7, they become essentially one product with different licensing options.
It sure didn't sound like they plan to get rid of standalone.
We always try to implement the new features for both standalone and subscription customers, when it is possible. There are features that are based on the server doing the heavy lifting (permissions, travel mode, account recovery, backups, item history) and they are not available in the standalone mode.
But it has nice benefits as well, they have a Chrome/Firefox extension (1Password X) that goes with their cloud that works on Linux. Understandably, it would be harder for them to offer this on top of Dropbox or Wifi sync.
Also, syncing is never easy.
Try building a password manager that doesn’t sync and let me know how sales go. :)
You are correct in that the web browser is a very hostile environment. We're working to minimize what tasks need a web browser, and have already got it such that the entire sign-up flow can be completed in-app at least on iOS.
Well... 1Password arguably doesn't sync (until the cloud stuff). It stores files on disk, dropbox syncs it behind the scenes. Given my backup size vs how often I change it: I honestly wouldn't care if it were one blob that were uploaded / downloaded at once for every change, rather than all the small pieces it does now (I assume this is to speed up sync (by a ton)? It's also a major source of sync conflicts that lose data, since dropbox will store both copies on conflict (minus bugs), so it's a horse apiece).
So it works pretty well, apparently. See also KeePass* and many other local-only password managers which people sync via scripts / dropbox / etc. They're doing fine, though 1P is dramatically better than the competition and I'm plenty happy paying for it.
We do not make two different versions of the app.