1Password 8 will be electron, subscription only, and no longer support local vaults

I’ve also used 1PW since nearly its inception.

I have no concerns with great ui or app speed. My only concern would be with possible security issues in running chromeos on a mac. Electron apps may end up having a greater surface of attack than native apps due to their nature.

I say this as for me my future use of 1PW is purely about data security.

Local vaults is the key issue for me. Loss of my passwords would be disastrous. There is simply no way I’m going to store my most sensitive, important data on Agilebit’s servers. For that matter on no-one’s server. This data is just too important.

The rest is purely academic for me.

We all have to make those kind of decisions. Cvedetails.com is a good source of info on computer vulnerabilities.

I too worry about having critical data not stored locally. However, unless I misunderstand how 1PW works, aren’t there local caches? I note that 1PW seems to have my information even if I do not have internet connectivity. However, I don’t have any idea how frequently that data is updated.

One option if you wanted to continue to use 1PW is to do a regular export (perhaps put on your task list for once/month or once/week) to a csv or tab-delimited file, or 1PW interchange format, or iCloud format, which seem to be the options. Encrypt that file and store it locally, and while it would be a pain to recover if 1PW went away, you would have access to your data. I don’t see this as a terrible option. Frankly, given that I have over 1,300 items in my 1PW main vault, if I were to migrate to another app, I would probably start fresh and enter things from exported 1PW data as they were needed. I don’t have the time to go through my vault now and clean out the cruft.

On another note: I am still on 1PW 7 on my computer (my wife is on version 8 on her computer and it’s working just fine). I asked 1PW if any updates were available and there were not. Is 1PW 7 not going to push an upgrade to 8?

1 Like

Yes, otherwise it wouldn’t work when offline.

It appears to be updated almost instantly. I added 2FE to an existing Login with my iPhone yesterday. In the time it took to log into 1PW on my Mac the Login had been updated.

I used to print a PDF of all my login info and, as you suggested, store it locally in an encrypted file. Now I export a CSV. Rather than do it on a schedule I do it whenever I make additions or changes. And I have always kept a duplicate of any files stored in 1PW as a backup.

I don’t think they have said if/when 1PW v8 will be pushed to existing users. Right now they are saying “come and get it”.

1 Like

My reason for wanting local vaults is not because I want it for offline use, but I have massive concerns about my data being online. I do not want my password data on someone else’s server. There are all kinds of security, jurisdiction boundaries, rogue employees, hacker attacks and other concerns this raises.

@svsmailus: Yes, I totally understand that. That is part of why I use SynologyDrive with my Synology rather than a commercial service like Dropbox.

However, IF we assume that 1PW is honest in that only your master password can be used to decrypt the data stored on the 1PW servers, then provided you have an adequate master password, I would expect your online data to be safe.

There are certainly legal issues, eg what if a law enforcement agency had the authority where you live to force you to reveal your master password to be used to decrypt your data? But presumably they would also seize your computer at home and make the same demand?

1 Like

Would totally agree, just depends on which side of the “if” you stand. :grin: I don’t trust Agilebits enough to take the plunge.

2 Likes

I came very close to not upgradeing. I’ve used 1Password since it was in Beta. I like it.

But I really wanted a local vault. I came very close to just using the Keychain, and a hand-written notebook, but finally went ahead and upgraded. The upgrade process was not great in terms of picking up my data. Some logins did not make it up to Agile’s servers, so I was very glad I had an exported list.

The app itself is not terrible. I am still disconcerted by the appearance.

1Password’s regional zones aren’t on the level of say, Amazon Web Services, but they do have a dedicated EU zone that scopes both data storage/transfer and employee access (reminder that it’s impossible for employees to see your passwords; this is just about accessing account metadata, names of invited members, etc.)

US-based also is firewalled from the EU, if you’re afraid of GDPR or whatever…

@svsmailus: Fair enough. I have “enough” confidence in 1PW, at least for the time being. Hopefully I am not misplacing my trust.

1 Like

Many thanks, but that doesn’t seem to provide safe jurisdiction for UK users as we are not part of the EU.