1Password 8 dropping Standalone (local) vaults

Started 5 months ago | Discussions
OP wklee Veteran Member • Posts: 9,787
1Password Subscription Storage

For Individual and Family subscription, 1Password allows 1GB of storage per account. Family of 5 members = 5GB. Business subscription have up 5GB of storage per team member and a free Family account that is redeemable.

https://support.1password.com/files/

There is no restriction on document type as I as I know. It is possible to use the phone’s camera as a scanner so the 1GB could diminish quickly.

I haven’t looked at Tags closely. I recall 1Password was working to support nested Tags but I cannot remember whether or not nested Tags was implemented. On a Mac Smart Tags should work. Not tried this.

-- hide signature --

Never buy version 1.0 of anything.
Don't it always seem to go
That you don't know what you've got
Till it's gone
They paved paradise
And put up a parking lot
Joni Mitchell's Big Yellow Taxi

robgendreau Veteran Member • Posts: 9,128
Re: 1Password 8 dropping Standalone (local) vaults

lightandaprayer wrote:

LarryRC wrote:

LarryRC wrote:

wklee wrote:

lightandaprayer wrote:

wklee wrote:

Because 1Password 6 and 7 accepted both local vaults and subscription, I was using both for some time. Hard to switch to anything else (back to local vaults and lose functionality), It is still sad to see local vaults go.

Don't you get the most important functionality syncing 1Password via Dropbox or iCloud? The other stuff isn't really necessary to me. . .

I just had a thought: If the vault is only in the Cloud, what happens when your Internet connection is down and you need to access?

1Password Standalone with Dropbox doesn't support the TOTP/MFA features that 1Password Membership supports if I recall correctly, Subscription has a backup to their own cloud. No local backups, IIRC.

1Password subscription lost the support of Folders and instead relies on Tags.

What are TOTP/MFA features?

Ps what is the advantage of my vault being in the cloud? If i sync with iCloud then the vault is in the cloud. Thanks.

Beyond the ability to sync your data among all of your devices, I do not see an advantage of not having a local copy of your vault. I consider a local vault to be a "backup" of the Cloud vault. Hopefully 1Password stores customer data on multiple servers at different geographic locations for better data security. But I still want to have physical control over my data.

Earlier I asked what happens if your Internet is down and you need to access the data but I haven't received an answer yet. . .

Local cache. So if you say entered a new password on your desktop and it was in the cloud, but you only opened it on your phone with no internet connection, then yeah, that new password couldn't synch. But when my internet it out I can still access passwords. As with Keychain, etc. They are cached on each device.

I suppose you could just export a file and store that locally, since you could always import it if need be.

Correct me if I am wrong. . . I think that if you don't have the optional iCloud "optimization" enabled and you have sufficient storage on your Mac, you should have a copy of your Vault on your Mac.

I have recently been trying to fully grok how iCloud works and I admit that it has been something of a struggle. . . I have yet to experience the Ah Ha! moment where everything makes perfect sense, so I am still working at it. LOL

Not sure how to help with that. But in reality it's not a whole lot different than your email. There are things on a server, that has industrial strength backup, and then synch down to a client on your Mac.

lightandaprayer Veteran Member • Posts: 4,747
Re: 1Password 8 dropping Standalone (local) vaults

robgendreau wrote:

lightandaprayer wrote:

Beyond the ability to sync your data among all of your devices, I do not see an advantage of not having a local copy of your vault. I consider a local vault to be a "backup" of the Cloud vault. Hopefully 1Password stores customer data on multiple servers at different geographic locations for better data security. But I still want to have physical control over my data.

Earlier I asked what happens if your Internet is down and you need to access the data but I haven't received an answer yet. . .

Local cache. So if you say entered a new password on your desktop and it was in the cloud, but you only opened it on your phone with no internet connection, then yeah, that new password couldn't synch. But when my internet it out I can still access passwords. As with Keychain, etc. They are cached on each device.

I suppose you could just export a file and store that locally, since you could always import it if need be.

So there would be a local cache containing all the various data including PDF copies of software licenses? And that cache could be as large as the 1Password subscription account limits?

Correct me if I am wrong. . . I think that if you don't have the optional iCloud "optimization" enabled and you have sufficient storage on your Mac, you should have a copy of your Vault on your Mac.

I have recently been trying to fully grok how iCloud works and I admit that it has been something of a struggle. . . I have yet to experience the Ah Ha! moment where everything makes perfect sense, so I am still working at it. LOL

Not sure how to help with that. But in reality it's not a whole lot different than your email. There are things on a server, that has industrial strength backup, and then synch down to a client on your Mac.

I use POP email and it works differently than IMAP, but I get your point. . .

I'm afraid that I alluded to both data syncing and iCloud Drive in my previous post. And the operate somewhat differently. . .

Based on my reading in Take Control of iCloud, iCloud Drive leaves the original data on your Mac unless you have optimization enabled. In that case, when the local files have been deleted from your Mac after being uploaded, they may not be available if the Internet is down for some reason.  Since 1Password data is stored in iCloud Drive if configured to do so, that data would also be unavailable.

LarryRC Senior Member • Posts: 1,068
Re: 1Password 8 dropping Standalone (local) vaults

lightandaprayer wrote:

wklee wrote:

lightandaprayer wrote:

wklee wrote:

Because 1Password 6 and 7 accepted both local vaults and subscription, I was using both for some time. Hard to switch to anything else (back to local vaults and lose functionality), It is still sad to see local vaults go.

Don't you get the most important functionality syncing 1Password via Dropbox or iCloud? The other stuff isn't really necessary to me. . .

I just had a thought: If the vault is only in the Cloud, what happens when your Internet connection is down and you need to access?

1Password Standalone with Dropbox doesn't support the TOTP/MFA features that 1Password Membership supports if I recall correctly, Subscription has a backup to their own cloud. No local backups, IIRC.

1Password subscription lost the support of Folders and instead relies on Tags.

While I prefer Time-Based One-Time Passwords (TOTP) and Multi-Factor Authentication (MFA) for my online accounts, I don't need it when encrypted data resides on my Mac. I would accept nothing less when storing password manager data on a server.

Dropbox is designed for syncing; it is not a backup service. I currently do not sync my 1Password data. Cloud-based syncing services vary in their support for MFA and encryption. If sensitive data is being synced, the service should offer encryption and MFA for account access.

I need to learn more about that lack of folder support. . . I am a dedicated folder user; I've never adopted the use of tags.

Isn’t the vault containing 1password data encrypted to a degree i could send a copy to the best code breakers and without my password they would take years to open it?

 LarryRC's gear list:LarryRC's gear list
Sony a7R IV Sony FE 100-400mm F4.5-5.6 Sony FE 12-24mm F4 Tamron 28-75mm F2.8 III Sony FE 600mm F4
lightandaprayer Veteran Member • Posts: 4,747
Re: 1Password 8 dropping Standalone (local) vaults

LarryRC wrote: Isn’t the vault containing 1password data encrypted to a degree i could send a copy to the best code breakers and without my password they would take years to open it?

I think that is a logical assumption. . . There is information available at the 1Password website regarding its encryption protocol . While I want to go over it again more carefully, my initial impression is that it is very well done.

The other key component is creating a very strong passphrase of sufficient length and randomness to be able to foil even a super computer working 24/7 essentially forever. Fortunately, 1Password has a built-in password generator that I think may be up to the task. I have seen password generation methods that are scarcely better than plaintext when brute-force attacks are used.

I am qualifying my opinion in part because I am currently in the midst of learning how to evaluate encryption and passphrase generation methods. I may need to change my opinion as time goes on and I learn more. Math has never been my strongest subject but fortunately my wife is much more proficient at it than me.

robgendreau Veteran Member • Posts: 9,128
Re: 1Password 8 dropping Standalone (local) vaults

lightandaprayer wrote:

robgendreau wrote:

lightandaprayer wrote:

Beyond the ability to sync your data among all of your devices, I do not see an advantage of not having a local copy of your vault. I consider a local vault to be a "backup" of the Cloud vault. Hopefully 1Password stores customer data on multiple servers at different geographic locations for better data security. But I still want to have physical control over my data.

Earlier I asked what happens if your Internet is down and you need to access the data but I haven't received an answer yet. . .

Local cache. So if you say entered a new password on your desktop and it was in the cloud, but you only opened it on your phone with no internet connection, then yeah, that new password couldn't synch. But when my internet it out I can still access passwords. As with Keychain, etc. They are cached on each device.

I suppose you could just export a file and store that locally, since you could always import it if need be.

So there would be a local cache containing all the various data including PDF copies of software licenses? And that cache could be as large as the 1Password subscription account limits?

I'm not sure. I know I can access them when my wifi is off.

Correct me if I am wrong. . . I think that if you don't have the optional iCloud "optimization" enabled and you have sufficient storage on your Mac, you should have a copy of your Vault on your Mac.

I have recently been trying to fully grok how iCloud works and I admit that it has been something of a struggle. . . I have yet to experience the Ah Ha! moment where everything makes perfect sense, so I am still working at it. LOL

Not sure how to help with that. But in reality it's not a whole lot different than your email. There are things on a server, that has industrial strength backup, and then synch down to a client on your Mac.

I use POP email and it works differently than IMAP, but I get your point. . .

I'm afraid that I alluded to both data syncing and iCloud Drive in my previous post. And the operate somewhat differently. . .

Based on my reading in Take Control of iCloud, iCloud Drive leaves the original data on your Mac unless you have optimization enabled. In that case, when the local files have been deleted from your Mac after being uploaded, they may not be available if the Internet is down for some reason. Since 1Password data is stored in iCloud Drive if configured to do so, that data would also be unavailable.

I am a 1Password subscriber. Hence I don't worry about iCloud optimization for vaults. If 1Password is optimizing storage, fine. I'm not aware of that however.

OP wklee Veteran Member • Posts: 9,787
Hackers

This story is from 6 years ago. Kevin Roose asked a hacker to get to his secrets and they did. A key logger could have been put in Roose’s device.

https://1password.community/discussion/59712/hackers-video-and-curious-what-agilebits-thinks

Here's a text version of the hack. Embedded links are dead.

https://splinternews.com/i-dared-two-expert-hackers-to-destroy-my-life-heres-wh-1793854995

This 6 year old link is now dead. There're mirrors of the video.

http://fusion.net/video/271750/real-future-episode-8-hack-attack/

https://www.csoonline.com/article/3038790/cautionary-tale-what-happens-after-daring-elite-hackers-to-hack-you.html

https://1password.community/discussion/87162/i-stole-your-1password-keychain

i was reading about the Pegasus malware. Scary.

-- hide signature --

Never buy version 1.0 of anything.
Don't it always seem to go
That you don't know what you've got
Till it's gone
They paved paradise
And put up a parking lot
Joni Mitchell's Big Yellow Taxi

lightandaprayer Veteran Member • Posts: 4,747
Re: 1Password 8 dropping Standalone (local) vaults

robgendreau wrote:

lightandaprayer wrote:So there would be a local cache containing all the various data including PDF copies of software licenses? And that cache could be as large as the 1Password subscription account limits?

I'm not sure. I know I can access them when my wifi is off.

Based on my reading in Take Control of iCloud, iCloud Drive leaves the original data on your Mac unless you have optimization enabled. In that case, when the local files have been deleted from your Mac after being uploaded, they may not be available if the Internet is down for some reason. Since 1Password data is stored in iCloud Drive if configured to do so, that data would also be unavailable.

I am a 1Password subscriber. Hence I don't worry about iCloud optimization for vaults. If 1Password is optimizing storage, fine. I'm not aware of that however.

I simply leave iCloud optimization disabled.  When I was syncing 1Password I used Dropbox but after a couple of years I ran into a problem; the details I cannot recall.  It was at that point I quit syncing 1Password because I only use it on one Mac these days.

I'm going to see what I can find out about 1Password Cloud storage and how it works when I have some free time.

lightandaprayer Veteran Member • Posts: 4,747
Re: Hackers

wklee wrote:

i was reading about the Pegasus malware. Scary.

Yes, the implications of the NSO software are scary. . . But average people like myself are not the targets of Pegasus, so I am not concerned about it. When you consider the resources required for its development and implementation, it seems very unlikely that we will ever face a similar hack, unless the code was somehow released into the wild, where it can be adopted for use by hackers.

Regarding encryption and password generators use by password managers, etc. it is something used by millions of average folks, so the security of the protocols are very important to us.

Here is a story about Kaspsersky's password manager and how the use of a very weak Pseudo Random Number Generator protocol meant that passwords it generated can be quickly cracked:

Kaspersky Password Manager: All your passwords are belong to us

Here is some background information about PRNG:

Pseudo Random Number Generator (PRNG)

Finally, this is a discussion on its official forum about how 1Password does PRNG. The thread dates from 2014 and it should be considered to be a "draft" of the formal documentation, as some things may have changed since then.

I am going to dig into this subject to find more recent information; I just haven't had time to do so yet. . . If anyone has a link to recent info regarding 1Password security measures, I hope you will post it here.

How Random Are The Generated Passwords?

Gesture Veteran Member • Posts: 9,037
Re: 1Password Subscription Storage

Don't understand.  Isn't it more secure of the "vault" is only stored locally on one's computer?

LarryRC Senior Member • Posts: 1,068
Re: 1Password Subscription Storage

Gesture wrote:

Don't understand. Isn't it more secure of the "vault" is only stored locally on one's computer?

I agree.

 LarryRC's gear list:LarryRC's gear list
Sony a7R IV Sony FE 100-400mm F4.5-5.6 Sony FE 12-24mm F4 Tamron 28-75mm F2.8 III Sony FE 600mm F4
robgendreau Veteran Member • Posts: 9,128
Re: 1Password Subscription Storage

Gesture wrote:

Don't understand. Isn't it more secure of the "vault" is only stored locally on one's computer?

Not sure, do you mean the vault itself?

Security is based on at least a couple things; one is encryption. If strong, you could leave your computer out on the sidewalk at a hacker convention and the data in the vault would still be secure because it's encrypted. And note that people leave laptops in public places all the time, so I'm only being slightly glib.

And so it matters who has access to your device, and that that be by theft, negligence, or internet access.

A vault in the cloud has the same exact issues. But odds are the servers are in secured premises and unlikely to be left on buses. And again, encrypted. And they probably have a better firewall than you do at home.

And security also means backup; you also want that data accessible. If your machine dies, can you access passwords you need? combinations to locks? whatever else you wanted secure? The best backup would include at least offsite storage, so you'd have your vault on a drive in a vault in say your bank. But let's hope you don't need a passcode in that vault to access that vault But as you can see, you end up with a vault somewhere else. For me, the ease of access in the cloud is better than waiting until my bank opens to get at it. YMMV.

lightandaprayer Veteran Member • Posts: 4,747
Re: 1Password Subscription Storage
2

LarryRC wrote:

Gesture wrote:

Don't understand. Isn't it more secure of the "vault" is only stored locally on one's computer?

I agree.

Read about the different 1Password security measures here:

About the 1Password security model

The system looks very secure to me. . .  Just keep in mind that if you use a weak passphrase such as "123456" for your Master and Secret Keys (the latter is available if you are a subscriber) then the encryption isn't going to help very much.

Here is the latest info (as of April 2020) about the 1Password PRNG protocol:

How PBKDF2 strengthens your Master Password

Gesture Veteran Member • Posts: 9,037
Re: 1Password Subscription Storage

Thanks.

LarryRC Senior Member • Posts: 1,068
Re: 1Password Subscription Storage
2

lightandaprayer wrote:

LarryRC wrote:

Gesture wrote:

Don't understand. Isn't it more secure of the "vault" is only stored locally on one's computer?

I agree.

Read about the different 1Password security measures here:

About the 1Password security model

The system looks very secure to me. . . Just keep in mind that if you use a weak passphrase such as "123456" for your Master and Secret Keys (the latter is available if you are a subscriber) then the encryption isn't going to help very much.

Here is the latest info (as of April 2020) about the 1Password PRNG protocol:

How PBKDF2 strengthens your Master Password

So ive been using 1password since close to their founding.  I read the security features page you referenced and there were no surprises.  I have a standalone one time license.  My encrypted data “vault” is in the cloud given that i use apple cloud for backup.  When i make a change on one of my devices it ends up on all of them within minutes through the cloud.  So for me the subscription model isn’t adding anything that i want.

1password is only as secure as the most disgruntled 1password employee who might put a back door in their software.  So keeping my vault in their cloud would give that employee access to it where currently they cant get to my vault without hacking my computer or the apple cloud.

So i see the new cloud feature as less secure not more.

 LarryRC's gear list:LarryRC's gear list
Sony a7R IV Sony FE 100-400mm F4.5-5.6 Sony FE 12-24mm F4 Tamron 28-75mm F2.8 III Sony FE 600mm F4
noirdesir Forum Pro • Posts: 13,797
Re: 1Password Subscription Storage
1

LarryRC wrote:

So ive been using 1password since close to their founding. I read the security features page you referenced and there were no surprises. I have a standalone one time license. My encrypted data “vault” is in the cloud given that i use apple cloud for backup. When i make a change on one of my devices it ends up on all of them within minutes through the cloud. So for me the subscription model isn’t adding anything that i want.

1password is only as secure as the most disgruntled 1password employee who might put a back door in their software. So keeping my vault in their cloud would give that employee access to it where currently they cant get to my vault without hacking my computer or the apple cloud.

And what would stop said disgruntled 1Password employee from putting that back door into the standalone 1Password app running on your computer?

LarryRC Senior Member • Posts: 1,068
Re: 1Password Subscription Storage

noirdesir wrote:

LarryRC wrote:

So ive been using 1password since close to their founding. I read the security features page you referenced and there were no surprises. I have a standalone one time license. My encrypted data “vault” is in the cloud given that i use apple cloud for backup. When i make a change on one of my devices it ends up on all of them within minutes through the cloud. So for me the subscription model isn’t adding anything that i want.

1password is only as secure as the most disgruntled 1password employee who might put a back door in their software. So keeping my vault in their cloud would give that employee access to it where currently they cant get to my vault without hacking my computer or the apple cloud.

And what would stop said disgruntled 1Password employee from putting that back door into the standalone 1Password app running on your computer?

They would need direct access to my computer or device.

 LarryRC's gear list:LarryRC's gear list
Sony a7R IV Sony FE 100-400mm F4.5-5.6 Sony FE 12-24mm F4 Tamron 28-75mm F2.8 III Sony FE 600mm F4
KE_DP
KE_DP Veteran Member • Posts: 5,914
Re: 1Password 8 dropping Standalone (local) vaults
5

“It’s time to say goodbye to standalone licenses

Given the overwhelming popularity of 1Password memberships

I call BS. It's more like - "we decided to force everyone using our program to subscribe and start paying us every month for the rest of their life".

No thanks. The writing was on the wall however (with all this subscription scheme developing over the last few years).

I've had 1P since 2007 - if it stops working, I'll simply move on. Before 1P I was using a spreadsheet! Not as convenient as auto-fill - but it does the job and can be shared securely.  Meanwhile, OS X Keychain does a pretty good job (my needs aren't that complex) - and I'm sure it will be a long time before 1P Version 7 standalone won't run at all any more.

I switched my online vault in 1P from Dropbox to iCloud some years ago - it works well. Of note 1P7 residing on my desktop does not depend on the cloud - that's only used to synchronize the vault data with other devices like phone, laptop, tablet etc. - a full up to date set of data resides on the local HDD - so if the internet goes does I still have access.

If it comes down to it - I will quit using 1P and move on. I will not be bullied into the "pay for life" scheme. They overestimate my dependency a great deal, and only generate ill will with this move, as far as I'm concerned.

 KE_DP's gear list:KE_DP's gear list
Sony a7R IV
LarryRC Senior Member • Posts: 1,068
Re: 1Password 8 dropping Standalone (local) vaults

KE_DP wrote:

“It’s time to say goodbye to standalone licenses

Given the overwhelming popularity of 1Password memberships

I call BS. It's more like - "we decided to force everyone using our program to subscribe and start paying us every month for the rest of their life".

No thanks. The writing was on the wall however (with all this subscription scheme developing over the last few years).

I've had 1P since 2007 - if it stops working, I'll simply move on. Before 1P I was using a spreadsheet! Not as convenient as auto-fill - but it does the job and can be shared securely. Meanwhile, OS X Keychain does a pretty good job (my needs aren't that complex) - and I'm sure it will be a long time before 1P Version 7 standalone won't run at all any more.

I switched my online vault in 1P from Dropbox to iCloud some years ago - it works well. Of note 1P7 residing on my desktop does not depend on the cloud - that's only used to synchronize the vault data with other devices like phone, laptop, tablet etc. - a full up to date set of data resides on the local HDD - so if the internet goes does I still have access.

If it comes down to it - I will quit using 1P and move on. I will not be bullied into the "pay for life" scheme. They overestimate my dependency a great deal, and only generate ill will with this move, as far as I'm concerned.

I agree.

 LarryRC's gear list:LarryRC's gear list
Sony a7R IV Sony FE 100-400mm F4.5-5.6 Sony FE 12-24mm F4 Tamron 28-75mm F2.8 III Sony FE 600mm F4
Gesture Veteran Member • Posts: 9,037
Re: 1Password 8 dropping Standalone (local) vaults

One nice feature of OSX-creating multiple password secured disk images.

Keyboard shortcuts:
FForum MMy threads