Security Experts Wary as 1Password Subscriptions Push Users to Cloud-Based Vaults

Wednesday July 12, 2017 4:14 AM PDT by Tim Hardwick
Password manager app 1Password caused consternation in some quarters of the security community over the weekend when it emerged that the service's new subscription-based model will push users to adopt a cloud-based password storage system over locally stored password vaults.

Previously, 1Password was offered as a one-time license purchase that enabled users to store their passwords in an encrypted local vault, which security researchers say is more secure than keeping user data in a remote server because hackers are forced to break into a specific device.

Going forward, the service will push customers to monthly subscription plans that serve up remotely stored password vaults through the 1Password.com website. This allows users to access their passwords from any computer by logging into their account, but as noted Motherboard, the change has not been universally welcomed.


1Password responded to criticism on Twitter by saying that it had no plans to remove support for locally stored vaults for users who had purchased the app, but that it was advocating subscription-based memberships because "we feel it's the best way to use 1Password".

"We want our customers to get the best. Some people won't agree with that (which is fine!) so we'll work with them to get set up how they want, but for 99.9 percent of people, 1Password.com is absolutely the way to go," Connor Hicks, an engineer at 1Password, told Motherboard.

1Password's new cloud-based option costs $2.99 per month (or $4.99 for an account for up to five people). However, 1Password developer AgileBits reiterated it had no immediate plans to remove support for local/Dropbox/iCloud vaults, and that it was open to speaking with customers to "help them determine if a one-time license is really what's best for them".

Tag: 1Password
387 comments


Top Rated Comments

(View all)
Avatar
glowplug
24 months ago
reaching for the holy grail of a subscription model. the demise of so many great software products/companies.
Rating: 52 Votes
Avatar
X--X
24 months ago
What a betrayal, what a deeply saddening disappointment.
Rating: 32 Votes
Avatar
miknos
24 months ago
Another company that's trying to get people to pay many times for the same product.

I gladly pay subscription for something like Netflix, Hulu, Apple Music... things that CONSTANTLY come up with new content. I can't say the same for (almost) all apps.
Rating: 30 Votes
Avatar
X--X
24 months ago

Perhaps I am missing something here, but what is the criticism actually based on? It seems that AgileBits denies sunsetting either local storage or one-time purchases.


They are b.s.ing - all they are saying is you can keep using your current license.

There will be no new version with local vaults, there will be no offical way of purchasing a license (for new users) and the windows version already does not include a way to even create a local vault.

The way they want to go is clear, they are just trying to lull people into silence.

It's disgusting, I have to say it in those strong words.
Rating: 29 Votes
Avatar
PilotWoo
24 months ago
They are already making it harder for you to buy the app and store data locally. The option is hard to find (for most users) and all the defaults point you to a subscription and cloud hosted data.

Give is 6 months or so and their next press release will be "our subscription model is so successful, we are ending support for local vaults". Mark my words.
Rating: 25 Votes
Avatar
PilotWoo
24 months ago

They won't survive if they don't take the high road. LastPass is $1/mo. We don't want it at that price, either.


Couldn't agree more. I don't mind them charging me a fee for upgrading between major versions, but my password data is staying local and isn't going in the cloud. That press release is just a large flag saying "come and hack us".
Rating: 25 Votes
Avatar
X--X
24 months ago

this addresses a major limitation that I have with the current version where I can not access my passwords if I misplace my phone.


B.S.

I have 1Password on my Mac Pro, my MacbookPro and my iPhone and they all sync via local network and are always up to date AND it's stored LOCALLY (encrypted 1P-Vault and additional encryption via Apple FileVault).

That's why I loved 1Password, it was their USP.

I would never store my passwords on someone else's computer/server.
Rating: 24 Votes
Avatar
dsburdette
24 months ago

Couldn't agree more. I don't mind them charging me a free for upgrading between major versions, but my password data is staying local and isn't going in the cloud. That press release is just a large flag saying "come and hack us".


+1. And they will get hacked. This isn't a recipe site, it's a freakin' password repository. Where would you place your hacking efforts?
Rating: 24 Votes
Avatar
drumcat
24 months ago
They won't survive if they don't take the high road. LastPass is $1/mo. We don't want it at that price, either.
Rating: 24 Votes
Avatar
glowplug
24 months ago

I expect a site maintained by established security experts to be reasonably safe.


this wins the Internet for today.
Rating: 13 Votes
[ Read All Comments ]