I've been using SimpleLogin for this which is great. I've long wanted this for 1P, but I'm kinda annoyed that it requires a $3/month subscription with Fastmail to work. The integration with Privacy.com at least had a free option.
I would consider dumping SimpleLogin for Fastmail just to take advantage of this integration, but I'm also not so sure I want to be so dependent on 1Password if further improvements are going to be in the form of paid integrations.
Fastmail costs as much as 1Password. Bummer.
Apple evaluated it and think it's safe enough for their 120k employees and Troy Hunt appears to be a fan.
If you don't trust them the whitepaper is publicly available https://1password.com/files/1Password%20for%20Teams%20White%20Paper.pdf
Why not just use 1Password, as you seem to like it more, and if they ever increase the price to the point that you can't justify it (I have never had a price increase, but I guess your one will increase if you are no longer a student) then just switch to bitwarden?
I just fired up NordVPN on my own PC, connected to United States, and the latest 1Password 7 beta (7.0.558) kept chugging along just fine! While the VPN was on, I made a change to one of my items and it immediately synced with my account—no sign of trouble at all.
See if my settings in NordVPN (v6.13.13.0) match yours and we'll go from there to try to find the root of the trouble:
CyberSec switched off
Auto connect switched off
Start NordVPN on startup switched on
Internet Kill Switch switched off
Invisibility on LAN switched off
App Kill Switch switched off
Notifications switched on
Start minimized switched off
System of measurement imperial (not that that would really matter)
In advanced settings...
Protocol UDP
Custom DNS off
Obfuscated servers off
Let me know how switching your settings to those helps!
The master password hash is combined (XOR'd) with the secret key to derive the master unlock key which is used to protect your private key. The master password hash doesn't contain any information about the secret key. Unlike other online password managers, 1Password's servers do not use your masterpassword hash to authenticate you. Instead they use the secure remote password protocol.
Hey catpies - a couple of things: first, to the extent that law enforcement can get data from us via subpoena, they would be able to get it from Apple as well. The same law applies equally to both of us. If you've been using iCloud as your sync method (or Dropbox for that matter), you've already stored your data "in the cloud," and it's just as available to law enforcement - or not available - as it is when you use a 1password.com membership.
More important is the fact that 1Password always encrypts your data before syncing it with any cloud-based server, and we always have. All encryption/decryption is performed on your local device before sync occurs, so the only thing that's stored "in the cloud" is an encrypted blob of ciphertext which is useless to law enforcement, hackers or anyone else, without the password you use to decrypt it.
But, with 1password.com accounts, because we control and operate the servers on the other end of the pipe, we were able to develop the true heart of 1password.com account's security, the Secret Key. It's a lengthy string of numerals and letters (which you do not have to remember) that is combined with your password to derive the encryption keys that actually decrypt your data. Without that Secret Key, even someone who might know your password (like a family member or co-worker) cannot decrypt your data from the 1password.com servers. In this way, using 1password.com is much more secure than iCloud, because of the Secret Key that protects your data in addition to your account password.
We have a public-facing page on our website for law enforcement detailing this fact - that we have no ability to decrypt the data we hold as we do not have and cannot obtain the encryption keys needed to decrypt any user's data.
Whether you subscribe through iTunes or the 1Password website, you still have all the exact same features (with the exception of managing your billing through the 1Password website vs. managing your billing through iTunes.) The option to pay yearly for less is available both ways too.
That being said, reasons you'd want to subscribe through iTunes:
And then some reasons you want to subscribe through 1Password directly:
I did a scan through and didn't see the answers, and you guys have a fantastic security white paper (https://1password.com/files/1Password-White-Paper.pdf) that I have only scanned, so apologies if this is answered elsewhere.
Do you roll your own implementations of encryption standards, and if so, how do you validate it?
Also, given your breadth of runtimes / platforms, how do you protect yourself from supply chain attacks? That's a lot of moving parts to be auditing every line of source.
Best Black Friday deal might be to switch to Bitwarden free. Their paid plans are less as well.
I really like 1Password and upgraded their standalone products on a regular basis, but I dislike subscription only plans.
Yep! You can pay with a gift card. $125 gift cards are currently on sale for $99, which is a pretty sweet deal if you ask me!
Individual accounts are $36/year (+ VAT outside the US), so it should cover just over three years, and of course you can mix and match with multiple gift cards to your heart's content :)
-Henry from AgileBits (makers of 1Password)
I use it for work! Just chiming in to say that if you have any questions unrelated to opinion, feel free to send us a quick message and we'd be happy to chat with you about it.
The closest thing you'll find is https://1password.com/password-generator/, as you mentioned. While I don't doubt the security of our website, yeah, not generating and saving the passwords all in one go inside an app doesn't feel right to me, either. Sounds like a good reason to make the leap to 1Password. 😉
1Password has had many independent security audits, all of which have revealed no issues that put any user data at risk of compromise.
If you need further reassurance: since all of your vault(s) data are heavily end-to-end encrypted with your secret key and master password (neither of which ever leave your devices), even if a hacker somehow broke into 1Password's servers and was able to retrieve your data, they couldn't do anything with it anyway, because to them it would just be a meaningless encrypted blob, and it would be computationally infeasible for them to try to break that encryption with even some of the strongest supercomputers we have today.
Hope that helps!
Hey /u/Morrow_84,
Glad to hear you're such a big fan of 1Password and have been sharing it with other people! That's what we strive to deliver, a product where our customers love to share it with others. 😀
​
While not quite a lifetime license, we do offer a $125 USD gift card available for $99 USD. For an individual 1Password account, this would be more than 3 years of your 1Password membership, and for a 1Password Families account, this would be 2 years covered for your $99 USD.
At 1password.com you can select Show Previously Used Passwords and/or View Item History. Under item history you can also revert to a previous version of the item. It does this without losing any of the item history. Any items you accidently delete can be recovered from the View Recently Deleted section.
I don't think you can change the permissions for the Private vault. However, if you're using 1Password Families then you can define the access rights to shared vaults as Allow Viewing, Allow Editing or both. If you're a family organiser then you can always change this setting, but its an extra hoop to jump through.
Hi there and welcome to 1Password!
We don't autofill your passwords automatically simply because it's a pretty big security problem. We always value your security above all so though it's a popular request we've never added user-input-less filling in the browser.
However, we also love simplicity and of course it's really easy to autofill your passwords! Download our extension then use the control + backslash (\) shortcut to instantly fill in your username and password. So, one quick keystroke and you're in. :)
And if you enable auto-submit (from the 1Password app, Settings > Options > Browser > Automatically sign in after filling usernames and passwords), then we'll press the Login button for you too.
Let me know how this goes and I'm here for more anytime!
- Henry from AgileBits (makers of 1Password)
Try clicking on it :) It just goes here: https://1password.com/downloads/windows/#browsers (or the link specific to your OS - I am on Windows)
Classic is not supported anymore. It is all 1Password for browsers (formerly 1Password X).
I hesitate to promise any specific timeframe, but 1Password.com has been a thing for ~6 years and in that 6 years we've never deleted any accounts because they're frozen. I'm unaware of any plans to start doing so.
Hello! 👋
1Password for Linux does not have support for local vaults. A 1Password membership is required as our Linux app relies on 1Password.com to do a lot of the heavy lifting. You can subscribe to any of our hosted regions in the US (1password.com), Germany (1password.eu), or Canada (1password.ca) and your data is yours and always accessible, even if your subscription lapses.
Now you specifically said the word will so there’s a good chance you already knew the above and are asking about the future. So let’s cover that, too. 🙂
Local vaults as they were designed on the other platforms will be very difficult to add. They were designed for use with generic file sync services and there’s so much more possible when our developers can work their magic on both sides of the network connections (server & client). So much so that 1Password for Linux assumes it will always be working with our hosted service.
The most likely path towards a modern day version of local vaults would be self-hosting of the 1Password service. We’ve seen some excitement for self-hosting from some users so there’s definitely some interest in this idea. It’s hard to gauge interest piecemeal like this, however, so I’d like to measure things more formally with a survey. To that end I’m putting together a set of questions to see who wants this feature, how it will help them, and some detailed questions to help ensure we build the right thing if and when we decide to move forward on this.
One fun tidbit is I’m planning on using 1Password Secrets Automation to store survey responses directly within one of my vaults. I thought this would be a fabulous way to ensure we protect the privacy of people’s information and their comments. It also gives me a great opportunity to geek out with our other big launch of this year. 🙂
I hope this helps. 🤗
++dave; 1Password Founder
Not yet, Apple takes a little bit longer to review app updates before making them live. If you want 7.7 quicker, you can download 1Password for Mac directly from 1Password, or just be a little patient and the update will appear on the App Store likely very soon.
1Password is a paid upgrade if you have a standalone license, which it sounds like based on your post. It's an included upgrade though if you're a subscriber. It's $5/month for a family subscription (covers 5 people). Here's what's new in version 7 for Mac (I'm assuming you're on Mac since you mention having a standalone license for version 6—which is only possible on Mac.)
You can still download 1Password 6 for Mac here if you need to roll back your father's app.
Hi there! 1Password Families would be perfect for you, and I'm happy to explain the security of it too.
In short, all your data is encrypted before it leaves your device, and we never store your Secret Key or Master Password in our servers—we even went so far as to create our own protocol (Secure Remote Password) to allow us to verify both client and server while preventing your Secret Key and Master Password from ever having to leave your device.
Your Secret Key is stored securely, encrypted by both itself and your Master Password (and like all your vaults, it uses PBKDF2 key derivation to prevent brute forcing). Your Master Password is stored (or, more accurately, isn't) in the same way. And ditto with every bit of data in your vaults. All this is designed so that even if a malicious third-party was able to gain access to our servers, your 1Password data would be safe.
Let me know if you have any more questions at all (and I'm happy to have a member of our security chime in too if you'd like super-technical explanations) and you can also learn about how security is at the core of 1Password accounts right here on our security page.
The trust model hasn't change.
If 1Password's software works the way described then they don't have the encryption keys for local vaults and they don't have the encryption keys for vaults hosted at 1password.com.
In both cases their client apps process the unencrypted data and in both cases you are trusting that their apps work as described.
iCloud and Dropbox control access to your encrypted vault with simple authentication and the HTTPS protocol. In both cases the authentication credentials are stored on their servers and passed over the HTTPS connection.
1password.com controls access to your encrypted vault with the secure remote password and HTTPS protocols. A verifier is saved on the server, but no long term secrets are passed over the HTTPS connection. The client app can confirm that it is the legitimate server and the server can confirm the user has the secret key and master password before any encrypted vault data is exchanged.
I can understand the reluctance to put your encrypted data in a 1Password "honey pot", but the whole system is designed to make this safe. All our passwords are already stored on servers in the cloud and encryption is the only thing that protects any of it. As long as you trust the software to work as described, storing data in the cloud and encrypting with keys that remain local is just as safe as storing data locally.
Just FYI: Even when 1Password offered stand alone licenses, it was impossible to have shared vaults between users. It was only once they built their own syncing service, along with introducing memberships, that it became possible to support shared vaults. For just a single user, shared vaults isn't necessarily that big of a deal, but for a company that probably has passwords or other secure information you want shared between employees—and kept up to date across each user's 1Password—shared vaults become crucial to using 1Password. (Although I obviously don't know what your company's specific use case for a password manager is.)
But if your company was still interested in adopting 1Password, and having shared vaults would be useful to them, they'd definitely want to go with either the 1Password for Teams or 1Password for Business plans.
I shared a similar view about speed not being critical when I first started at 1Password. And in many places, you are absolutely correct! But, I found that there are a few areas where performance it's critical.
1Password Business accounts can have many vaults, items and frequent changes. Because of the encryption 1Password uses, the servers have no knowledge of the contents of vaults or their items. This prevents certain optimizations that are possible in other spaces, such as filtering search results on a server before sending a minimal response to the client. It's important that 1Password scales from single users, to families, all the way to enterprises and that means handling a user's data directly on their device.
You can only purchase it from within the app downloaded from 1password.com/download.
It cannot be done from the Mac App Store.
Click 1Password from the menubar, then click License.
Hiya! I'm so glad to hear you're loving 1Password Families already—yay for slickness! If you're ready to keep on loving it (I hope you are!), you can go for a beautiful new 1Password gift card that's on sale. It's $125 of credit for $99, which brings down the price a nice bit. :)
Also, you'll have our undying love and support! Anytime you need anything, I'm right here 😉
Sure thing! Download our Windows app, then purchase that license right in the app: after adding a standalone vault, you'll be able to choose between purchasing the app with an account or a license on your next unlock. If you dismiss this window, you can choose 1Password > License and click Buy Now anytime.
We'd be totally fine with you two sharing an account :).
But...I think you'll definitely want a Family account! Selectively sharing items is awesome (your vault won't be busied by logins your wife made that she only needs, and vice versa) and the ability to recover each others' accounts can come in real handy! And, if your family expands, you'll be perfectly set up for that 😄. See more right here: https://1password.com/families/
That’s correct! While the Firefox browser does not support the needed accessibility framework yet, the new Firefox Focus browser does and allows for filling using 1Password now.
https://play.google.com/store/apps/details?id=org.mozilla.focus
Hey there! Most likely it was an old email/password combo of yours compromised in a data breach that happened a while ago. For example, if you had an Adobe account prior to their data breach in 2013, a third-party could be using that password as bait to try to get you to pay.
Most likely, this doesn't require any action from you, but there are a few things you can do:
>No more local vault?
Not in 8, no. It will be going fully to 1password.com. While it may be annoying for some, 1Password found that 97% of people use Cloud vs local, so it makes no sense to spend dev time on that.
https://1password.com/giftcards/
Yes, you can buy a gift card and apply it to your current subscription. When your next billing date happens, it will automatically pull from the gift card balance until that is depleted, and then return to charging whatever card you have on file.
You can also buy the $125 worth of credit gift card, which is on (seemingly perpetual) sale for $99. Saves you some money on the subscription cost.
1Password is made by a growing team of over 110 of us, and we work really hard every day to keep your data safe and your 1Password experience fast and smooth. We've got friendly support happy to help, completely native apps for every supported platform, reliable cloud syncing, and a foundation of strong security and privacy.
In short, we're working tirelessly to make an awesome customer-friendly product designed to improve your life just a little bit, and I think the price we ask is more than reasonable for that :)
If 1Password is a bit out of your price range, feel free to shoot a note to our friendly sales team at [email protected]
and the team will see what they can do to help you!
Hey! I'm sorry to hear you're disappointed in our offering for Thanksgiving. We want to spread the 1Password love and share with as many people as possible, and this was the best way we could do so. If you're interested in a sale for an already-existing account, our gift cards always remain an option - I purchased one myself, actually!
https://1password.com/giftcards/
And just because it's a Families accounts that we are allowing our users to give out doesn't mean that can't be given to an individual - an individual person can always have a Families account and downgrade to an individual one.
I hope you have a happy Thanksgiving, and as always let us know if there's anything we can help with. :)
-Michael
1Password 7 for Mac brings major improvements for this already: when you're in an app (say Slack), opening Mini with a click or a keyboard shortcut automatically brings up relevant logins (like your Slack login); then drag and drop your username/password/OTP and you're all set. We're always looking for ways to improve this in the future and I'll pass on your suggestion :)
You can upgrade to 1Password 7 with a new license: download the new app and choose the "Need a License?" option on first launch. Let me know if I can help more with that!
Damn that's pretty disappointing...do you know how much the stand alone costs? I've looked through their website but I can't seem to find anything about it. Every article/blog post I find directs me to this page and I only see information on the subscriptions.
Yep! Some interesting things have been happening with the Safari Extension lately—we did some testing in 1Password 7 betas with the new Safari App Extension (rather than a standard browser extension) but that didn't work out as well as we'd hoped, so we switched back to a regular browser extension there for now.
Sorry that's causing some weirdness—deleting the extension from Safari and downloading it again from 1password.com/browsers should fix it right up!
Also, do let me know if you have any feedback from trying out 1Password 7, I'd love to hear it. :)
Forgive my asking, but why wouldn't you want 1Password synced across all your devices?
In your current setup, your data is totally secure in 1Password, but you're of course risking data loss by not syncing.
For that extra peace of mind from seamless syncing and automatic backups (plus a whole lot more), you can start a 1Password account right here: https://1password.com/sign-up/. There's a month-long free trial and you don't need to add a credit card!
Learn more about how security and privacy are at the core of 1Password: https://1password.com/security/.
Let me know if you have any more questions and I'd love to answer them!
-Henry from AgileBits (makers of 1Password)
We really want you with us at 1Password! 💜
It's easy to switch, and I think you'll love 1Password a lot :). Sign up on 1password.com and learn how to migrate your data in from LastPass!
- Henry from AgileBits (makers of 1Password)
It was but it wasn’t because it was in the cloud. It’s cool I’m not going to convince you. Good luck with whatever you choose.
Not to worry, I can help you delete that old account so you can create a brand new one under the same email address! Shoot me an email from the address your account's under and I'll get you all sorted. :)
>The one thing I love about Dashlane is that on Chrome desktop it will autofill my 2FA codes. Is this possible with 1Password?
This is totally possible with 1Password! If you're on the fence about giving us a shot, take in mind that your first 14-days is on-the-house, so there's no need to worry about committing to something that you may not like. Though, I have a feeling you'll feel right at home with us. 😊
1Password backsup your database every day and every device you use to access 1Password keeps a local copy of your database. You can export your database from your local copy at any time and you don't need 1password.com to be online to do this.
I have tried exporting to a 1Password format, but I didn't find a way to sync this with my database and it didn't protect from the extreme case of 1Password disappearing. So I export my database to CSV once in a while and import this into Keepass.
You can’t… yet. TL;DR: It’s coming, and soon(?)
The 1Password X extension by virtue of being a browser extension, doesn’t have direct access to hardware like TouchID, not in the same way the desktop 1Password app can.
However for a while, the beta versions of 1Password X and the Desktop app communicated with each other so they could have shared locked/unlocked states (meaning: when you unlock 1Password Desktop with your fingerprint, the browser extension unlocks too. And if you try to unlock the browser extension, it’ll ask the desktop app to unlock allowing you to use TouchID.)
That integration was removed from the betas because the developers were switching to a different implementation (and didn’t want to maintain two separate implementations for beta users.)
As recently as a month ago in a forum thread one of the developers said:
> We’re slowly but surely making progress and I’m greatly looking forward to the return of this feature. I can’t share any specifics just yet but I can say that I’ve been reviewing merge requests that are getting us closer to this goal.
I say “soon(?)” because the developers aren’t making any promises—as rightly they shouldn’t, I’d rather they take the time to be right, not quick.
However, if you really don't want to wait, 1Password has two different browser extensions. You're using 1Password X, but if you switch to the companion app extension, it has a slightly different user experience (slightly worse than 1Password X), but it does rely on the desktop app, and already has shared locked/unlocked state with the desktop app.
Wether you pay for the membership through 1Password directly or pay through Apple’s App Store, you still get access to all the 1Password apps on every platform. The only difference for you, the customer, is where you manage your billing.
That being said, reasons you'd want to subscribe through iTunes:
You have iTunes gift cards you want to use (and you can occasionally get iTunes gift cards as part of discount offers like Target and Best Buy are having right now.)
You'd rather manage subscriptions through iTunes
And then some reasons you’d want to keep subscribing through 1Password website directly:
You end up supporting the 1Password team more, since they don't lose a 30% (or 15% after a year) cut of the subscriptions to Apple
You can buy a $125 gift card for $99 and apply it to your own account, which essentially gets you a 20.8% discount on the subscription cost
1Password accounts are secured with the Secret Key, which counteracts the additional risks of syncing your vault; your Secret Key and Master Password are never sent to or stored by us, so as long as you keep them safe on your end, 1Password accounts are very safe. All data that leaves your device is encrypted by those two keys only you know!
For more on the security of 1Password accounts, including results from independent third-party audits and our in-depth White Paper, see our security homepage: https://1password.com/security/
Yep, your 1Password membership will be prorated when you upgrade from an individual account to a family account. And if you have a gift card applied to your account before you upgrade, it will apply as a credit to the difference that is charged. Any remainder after the charge will be applied as a credit to any following charges.
Also, if you plan on sticking with 1Password for at least a couple years, you can buy a $125 gift card for $99 and apply it to your account (after switching to 1Password billing), which is essentially gets you a 20% discount on the subscription: https://1password.com/giftcards/
You could always consider paying with gift cards, if you're open to paying that much at a time. 🙂$125 of account credit for 1Password.com is on sale for $99 currently! That would cover you for multiple years, nab you a discount, and help the situation of a lost/stolen credit card number!
For anyone interested, this is from 1password's security white paper: https://1password.com/files/1Password%20for%20Teams%20White%20Paper.pdf
Thank you for the feedback! I know U2F is in the back of our minds for the future but I can't say anything definitively.
Right now, the combination of the Master Password and Secret Key keep your data secure from threats on-device and off. You can read more about how we keep your data secure with those all-important keys (along with important factors like PBKDF2 key derivation to prevent brute-forcing and our Secure Remote Password protocol to authenticate server and device without your the Master Password or Secret Key leaving your device) on 1password.com/security. Also, we implemented TOTP 2FA earlier this year as an added layer of security for those who need it!
If you have any other questions about 1Password, let me know :)
Oh, we think we're pretty reliable! We're now SOC2 certified for security and availability (more here) and I'd be happy to talk about how we make it all happen. :)
And for sure! PM me your details (which license you have, how you're set up now) and I'd be happy to help you get started with an account 😉
We don't have automatic migration at the moment. If you'd like to switch, you'll have to start a new 1Password.eu account (signup link) and then move your data in the app.
You can also shoot us an email to have any more time you've paid on your .com account converted to a credit on your new .eu account. I can't help directly with .eu accounts as I'm in the US :)
Nope. Mac, Windows, and iOS are all separate purchases. You're definitely going to want to sign up for a 1Password account instead, to probably end up saving money over time and get all these lovely extra features!
Hey there! I'm glad you haven't had to check in—that subscription is an optional upgrade that brings some nice improvements, like seamless syncing to all your devices, all the pro apps for all your devices at one price, web access to your data, extra security with your Secret Key, and the shiny new app-independent extension 1Password X.
I'd definitely recommend an account for everyone (it's by far the easiest, most secure, and most all-around delightful)—and if subscriptions aren't your thing you can pre-pay with a gift card—but you're of course welcome to keep using your existing 1Password license with your existing standalone vault however long you'd like (or upgrade manually to 1Password 7 for Mac or Windows with a license instead).
It's going to be $65 per platform for 1Password 7, but we've got an introductory sale right now for $50. Download the app from our website and you'll have the option to purchase that license.
I'd seriously recommend you sign up for a 1Password account instead. Here's why.
A license is absolutely not lifetime, just for this version of 1Password.
There are two main differences:
Standalone licenses: If you're interested in purchasing a standalone license for 1Password 7 for Mac instead of using your shiny 1Password account, you'll need our website version (download it here).
Autosubmit script: Our website version also includes a script for auto-submitting logins after filling them with the 1Password extension (effectively pressing the "Log in" button for you an saving you an additional step). For the Mac App Store version, this is not bundled, but can be installed separately.
Other than that, they're the very same 1Password!
Hi there! 1Password.com accounts are billed in USD, so the conversion rate and fees associated with that are determined by your card/bank. If you'd prefer to be billed in Euros, you can check out a 1Password.eu account (server in Frankfurt, Germany, instead of Virginia in the US): https://1password.com/sign-up/eu/
Let me know if you have any more questions, and I'm here to help anytime. :)
- Henry from AgileBits (makers of 1Password)
Just want to put in my 2 cents (sorry I keep butting in). The AgileBits stance on autofill was one of the things that showed me 1Password was security-focused and that security focus is one reason* I purchased 1Password instead of its competitors 😊 If, if, the option is made available to turn on autofill (and imho it should not), please ensure it defaults to 'off'.
*Another was the stance on Privacy. "You're our customer, not our product." Love 💝 that statement.
Oh hey, I just remembered another 1Password feature that might solve your problem! "Go and Fill".
Basically, if you use the browser plugin , you can click the 1Password logins, instead of your browser bookmark. 1Password will go to the site, fill the info, and even login for you all in one click!
Here's a video showing what I mean: https://youtu.be/JQzbn4SCiZg?t=100
Edit: fixed YouTube timestamp (I think). If not, skip to 1min 40s for "Go and Fill".
Oh, gotchta: that's 1Password 6 for Windows, which doesn't support standalone vaults. The forthcoming 1Password 7 will support standalone vaults once again by popular request, but for now you'll need to either make an account or use 1Password 4, which is available for download on our downloads page.
Actually, this is exactly what the secret key does for our 1Password.com subscription customers! It's a second, ridiculously hard password to crack, and it's always protecting your data while it's in the cloud, along with your Master Password :).
It's safely stored only on your device, so you can decrypt your vault with only your Master Password in the 1Password app!
Learn more about how we protect your data right here: https://1password.com/security/
- Henry from AgileBits (makers of 1Password)
I managed to convert my entire 1Password vault over to KeePass format by switching off iCloud sync in 1Password 7, which gives you access to the .opvault file (as opposed to the .1pux format). You can then import that into KeePassXC.
I use a competing password manager on Linux, but I have to say this is truly an impressive port. I'm only going for at least "source visible" software when it comes to security though.
Have you considered moving towards a model like the one Threema took, where the source code is visible, but the commercial interest is still viable?
https://threema.ch/en/open-source
I don't mind paying money for software -- I ultimately get paid because other people do so. I just don't love when I can't see/change the source of something so critical to my day to day as a password manager.
I fifth Bitwarden. It's also open-source, meaning independent (ie. not paid by Bitwarden) security researchers can review the source code for vulnerabilities, and Bitwarden even offers bounties for bugs. Here's their 2021 Audit Report.
It is possible with 1Password Gift Cards (Shopify store): https://1password.com/giftcards/
We use Stripe everywhere else and I am not sure if Stripe supports crypto today.
Hello.
This does not make sense as https://1password.com/downloads/mac/ mentions desktop macOS 1password includes safari extension so most of people will not install the other MacOS safari extension separately. So it makes sense to use MacOS desktop for all features including generating masked email address.
Seriously why MacOS safari user needs to have TWO extension.
Yes, this is normal and doesn't create a security vulnerability. They mean that it will not be stored unencrypted alongside your encrypted data.
It is used when you login to 1password.com and can be useful if you forget you master password and still have access to a device via fingerprint, TouchID, etc.
You'll have to use Bitwarden to export a .CSV file: https://bitwarden.com/help/article/export-your-data/
And then in 1Password, import that .CSV file: https://support.1password.com/import-1password-com/
And be sure to properly delete that .CSV file from your computer, since it'll contain all of your passwords in plain text.
As for seeing only the relevant password, I don't believe 1Password has that capability (and I know I've seen 1Password staff say that in this subreddit before.) If your 1Password login entry for site1.mydevdomain.com
has the full subdomain stored as the URL (not just the root domain), then when you visit site1.mydevdomain.com
that entry should appear first in the list.
However, there's a couple of built-in exceptions to that rule, where different unrelated websites are hosted different subdomains of the same domains, like <code>herokuapp.com</code> or <code>wordpress.com</code>. (That's an intentional feature to prevent accidental phishing.)
I have a similar situation (although instead of subdomains, it's subdirectories on a reverse proxy server.) It'd be really nice if 1Password support a "hidden" tag that forced subdomain/subdirectory URL matching on an entry, just like the "hidden" 2FA tag. (Although adding that support would probably mean re-writing a huge chunk of the autofill code to have a second, stricter type of matching? And what percentage, likely very small, use multiple subdomain developing sites?)
I went through the same. Tried almost every decent password manager out there. Good or bad, it is hard to say no to 1Password even though there are things I don't like about the interface, pricing etc. Bitter love!
Recently I came across PadLoc, which looks fancy but have not tested it fully.
Your syncing to 1password.com isn't working? That definitely seems like something they should resolve! I also have a paid subscription and my syncing works quite reliably (barring a few bugs that popped up in 1p7 and were resolved).
There's a good breakdown of what 1Password accounts offer right here. Password AutoFill isn't one of those things. But with that being said, there's a great deal that you're missing out on by sticking with iCloud for syncing. Feel free to try a 1Password account for free for two weeks (automatically) and see if you like it. We're pretty confident that you will.
1Password is independently certified to SOC2, which you can read more about on their blog. You can request a copy of this report by contacting 1Password directly.
Effectively, an independent auditor has confirmed, among other things, that 1Password handle your data in the way they describe, and 1Password are absolutely explicit that they cannot access your password data.
1Password also publish all of their independent audits and security reports, so you don't simply have to take 1Password's own word for it. There are eight different independent bodies on that page, all of whom have produced audits of 1Password's security model. Obviously, you still have to trust that the companies doing the audits are competent and trustworthy, and aren't colluding with each other, but a bit of research into each of these firms will reveal they are legitimate, and their reports are fairly detailed. Plus, of course, 1Password's own reputation within the industry is very strong.
Check out the above links to the auditors reports; they should hopefully give you the peace of mind you're after.
Hey /u/ghsNICK 👋
1Password from the Mac App Store version does not accept standalone licenses, hence why it wasn't working for you. Make sure you're downloading 1Password from our website if you're using a license. 😊
It sounds like you're using 1PasswordX, which is the extension that works strictly within the browser. If you download the Windows desktop version, you should use the companion extension instead of 1PasswordX, available at https://1password.com/downloads/windows/#browsers under the header "Or download the companion extension".
This extension + the desktop version allows you to set parameters for the generated password right when it's being generated in the browser. When generating a password, you'll have to use the shortcut CTRL + ALT + \ to bring up the mini 1Password menu, then click the generator and set your parameters. Then you can copy the password and paste it in the password field. It'll prompt you to save the password in 1Password after you click submit or continue.
Hope that helps!
When you have time you can check below security whitepaper.
https://1password.com/files/1Password-White-Paper.pdf
1Password didn‘t get hacked before, and even if they get hacked, hacker won’t have access to your data.
Absolutely - should be straightforward to get setup.
EDIT: Looks like you get 30 days free - so you can test you vault setup and see it for yourself before committing.
Desktop app required doesn't really require much development at all because it gets everything it needs from the desktop app. Additionally, X doesn't support vaults that aren't in a 1Password.com account so the desktop connecting extension will remain for the foreseeable future.
Just following up here to confirm that /u/tmakaro is absolutely correct!
A local copy of your data is always stored on your device for those times when you aren't able to connect to 1Password.com 😁
Good advice here, u/prthorsenjr. If the list of vaults in 1Password on each of your devices matches the list of vaults you see on 1Password.com when you Sign in
, it means the standalone vault is just sitting idle in your Dropbox account, unused. If there are any discrepancies though between those lists, you want to make sure you're not missing any items in those vaults on 1Password.com, as u/randybruder said.
Ah, thanks for the screenshot. I wasn't aware custom icons didn't copy over, and since custom templates are only a feature for 1Password.com, they can't be copied into a standalone vault. I'm really sorry about that.
I understand that this is frustrating, but it's not about "lock-in"—from a security standpoint and user experience, we want to see our users take advantage of 1Password.com, not move back to older standalone vaults, so our development focus is on that direction. I will pass along your feedback that moving back shouldn't be as hard as it is, though.
Apple employees do get 'NFR' (Not For Retail) copies of software, however we had 1Password for at least a decade, so it wasn't this. I left 7 years ago so I can't comment about now, however as I read the article 2-3 years ago, they were using 1Password.com or had arranged for a self hosted version of 1Password internally.
My understanding is that AgileBits have allowed several companies to do internal security audits of the code and the servers.
Hi there!
If your data is synced with Dropbox, then it's no longer only local — it's in the cloud at that point. While your data is of course always encrypted end-to-end no matter how you sync, a 1Password account is the most secure way to sync your data, thanks to the Secret Key design.
https://1password.com/security/
The Secret Key has 128 bits of entropy, which means that if your (encrypted) data were ever stolen, it would essentially be mathematically impossible for it to ever be cracked, contrasted with storing your data elsewhere, where all that protects the data is your Master Password.
Only 1Password memberships offer 2FA, because otherwise there's no server to authorize against. 2FA adds a layer of authentication, proving that you are who you say you are and allowing/disallowing the download of your data, but it doesn't impact the encryption of your data.
Let me know if you have follow-up questions to this, but hopefully you're in a better place now with this and the help the rest of the community has given so far. :)
I use both the watch app, iOS app, and Mac app, so I guess this is not a problem for me.
But why the hell would you need a desktop app to export passwords? For god sake, we live in an age where most people are mobile only. Further one, the developers are getting so much more money now with the subscription, and they seem to afford almost 200 developers (https://1password.com/company/). Shouldn’t at least one of these be able to insert an export button in the mobile apps?
Yes, but almost impossible to find on their website. You have to install 1PW7 first, then purchase a license from within the app.
From their website:
Download 1Password 7 and install it. When you open the app for the first time, click "Subscribe Today" to sign up for a 1Password membership. Or, to purchase a standalone license, click “Need a license? We have those too.”
Hi there, a great question! As /u/aurora-_ mentioned, we are offering standalone licenses for 1Password 7 for Mac and Windows. You can download 1Password 7 from 1password.com/downloads and you'll see the option for a 1Password account or license from there.
I mentioned 1Password accounts there, and that's because I'd definitely recommend you try one out, at least for the trial period (after which you can always switch back). More on the benefits of 1Password accounts here. In short, you get all the latest 1Password apps, including every future update; more seamless and secure syncing between all of them; the latest features like 1Password X, secure document storage, and web access to your storage; and the 1Password Families option for simple sharing with your family members. Let me know if that sounds interesting and I'm happy to help you out more!
Great question! The short answer is client-side—you're downloading the JS and resources for 1Password X right from the Chrome Web Store and only your data comes separately, from the server (and as encrypted as always). That's why 1Password X continues to work great offline, and why every small tweak and design change requires an update.
(Note: I'm reasonably sure this is correct but it's Sunday evening here so I can't check with our developers. I'll ping one of them tomorrow so we can know for sure!)
This approach is in contrast to our web client, which is served over HTTPS and relies on the integrity of the TLS connection it's delivered with. More on that in pages 52-54 of our White Paper.
> In extension to this question
Hehe, I see what you did there :D
For you, the customer, it's essentially the same.
Whether you subscribe through iTunes or the 1Password website, you still have all the exact same features (with the exception of managing your billing through the 1Password website vs. managing your billing through iTunes.) It's also the exact same prices.
That being said, reasons you'd want to subscribe through iTunes:
And then some reasons you want to subscribe through 1Password website directly:
Hey there! No promos to speak of, but if you're planning to be with 1Password for a long while (which I hope you do!), then you might consider getting our discounted gift card:
https://1password.com/giftcards/
Otherwise you could look to our Turkey Day thread and maybe some kind soul can gift you a year free, and you could copy your data into the new account.
Is there anything with Autofill on Android I can help with? I know in some apps it's bad because the apps need to better support Autofill, but if there's anything I can help with generally I'd love to!
Sounds good! It's never a problem if you want to know more though :)
Speaking of which, if you're interested, you can always have a look at our in-depth and quite nerdy security white paper, which covers much of what we've implemented to keep your data safe!
Roger that, you're welcome! I'm guessing he's worried about security then, and if so, 1Password Families would actually be perfect for him.
You can have him take a peek at how 1Password keeps your data secure as well as our super in-depth nerdy security white paper: https://1password.com/teams/white-paper/
> the 1Password goodness
I love that!
Yes it's absolutely possible! You'll want 1Password Families—by default, you'll each get your own Private vaults along with a Shared vault both of you can view and add to, so it sounds perfect for you!
You did set a Master Password, and you're required to remember it (it's super important that you do!).
If you did forget the Master Password but still have access to your vault via Touch ID, you can create a 1Password account (with a Master Password you'll remember—and be sure to print out the Emergency Kit when prompted, write in your new Master Password, and keep it in a safe place), then add the account to the app on your old iPhone and follow our guide here to migrate all your data into that new account.
Then, sign into the account on your new phone, and let me know how it goes!
Yay great!
A Revolut card is basically just a Visa/MasterCard credit card, correct? You can try to add it as a payment method and it should work. In case it doesn't work there, hopefully using it to purchase a 1Password gift card would! If all else fails, you can use PayPal to purchase a gift card.
Let me know how that goes, sorry I don't have a definitive answer on Revolut.
It's available now on MAS! It's a separate app download—check out the Featured page to download it, and then delete your old 1Password app.
If you'll be using it standalone/licensed, however, you'll want to download it from our website instead: 1password.com/downloads
A 1Password account simply provides the best experience, especially for new customers who don't want to deal with sync issues with iCloud/Dropbox/WLAN sync. That absolutely does not mean they're going to be screwed when purchasing a license, just maybe missing out a bit.
And I'll always be here to help y'all save money: I'd always recommend an annual subscription or gift card because you'll save money over time!
Totally understand, I feel you on that one! If you'd prefer not to pay subscription-style, you can purchase a 1Password.com gift card—$99 gets you $125 worth, and that's good for three years of 1Password.
If you'd still prefer to go the licensed route, while you'll miss out on those benefits of an account, it's totally still an option! With that $50 license, you can use 1Password 7 on your Mac forever—you won't receive a free upgrade to 1Password 8 but you'll of course be able to keep using v7. Along with the license, you'd also want to purchase the Pro Features on your iPhone (while a 1Password account includes them for free, a license does not).
Let me know if you have any more questions, I'm always more than happy to help :)