Forum Discussion
First Impressions
Downloaded the latest beta today- all in all runs pretty smooth. Definitely need to bring back the Categories in the left pane similar to version 7. The drop-down to access the categories is just not a good user experience. RAM and CPU usage are good so far though; I was a little worried after seeing some memory leak problems posted.
I'd also like to put in a couple of requests for local vaults, an option to go to 1Password.com from within the app, and a setting to easily access a password generator both within the app and the browser.
Also I may be missing it, but is there no functionality to delete a vault within the app?
1Password Version: 8.2.2-5.NIGHTLY
Extension Version: Chrome Beta
OS Version: Windows 10 Pro
13 Replies
From a security standpoint, it doesn't matter what the company does or does not want, they must assume that the employee has an independent copy of every credential and therefore all passwords/credentials/2FA codes/etc must be revoked or rotated.
You cannot rely on a remote wipe being effective, even if you have positive confirmation from the device that it was completed. From a security standpoint the only safe position is to assume the user has a backup, because they just might.
"Might have a backup somewhere" isn't a good disaster recovery plan, but from a security standpoint "might" is functionally identical to "Absolutely has multiple backup copies", so we may as well get the benefits of a local backup in a disaster recovery scenario.
if this is your personal data then every business account comes with a free 1Password Family account for every employee and the company has no control over them
... But as the family administrator, I do, so the exact same issues exists.
roustem1Password Team
Except, it turns out, if your account is suspended in which case all your devices delete their data the next time you login, and you can be left with no local copy of anything. Synchronization is not backup.
For business accounts, the company would probably prefer to not have the data remaining on the employee devices if the person was suspended?
Also, if this is your personal data then every business account comes with a free 1Password Family account for every employee and the company has no control over them.
1P_Ben@zootooz
Thanks so much for the kind words! 🥰
Ben
- 1P_Ben
I’m aware of that, but when disaster planning you assume the worst, not an idealized best-case disaster.
Understood. I just wanted to make sure others wouldn't come here and potentially get the false impression that if they stop paying all their data is going to be deleted.
We need more than an export, it needs to be a completely automated backup that exists before people realize they need it because by then, it is already too late.
I will be happy to pass that feedback along to the team.
Ben
Regarding categories in the left pane vs. below search box. The left pane version has the advantage of saving clicks.
In 1PW 7 I had to move the mouse and click in order to select a category. In 1PW 8 I have to move the mouse, click to open the dropdown list, move the mouse again and click the category. Furthermore I loose focus inbetween because the position of the category to click is onlyrevealed after the dropdown opened in contrast to being permanentaly visible in the left side pane.It is also worth noting that "suspended" in this context is not what results in the event your subscription lapses
I’m aware of that, but when disaster planning you assume the worst, not an idealized best-case disaster.
We need more than an export, it needs to be a completely automated backup that exists before people realize they need it because by then, it is already too late.
- 1P_Ben
Fair criticism, and thanks for pointing it out. I've commented about the direction we're heading on this, here [Specifically in response to a Linux customer but the concepts are applicable on all desktop platforms]. The tl;dr is that we plan to offer an encrypted export format (
.1pex) that would be suitable for backups. As it stands, you can back up the encrypted database that 1Password uses to cache your data for offline access, and it is likely you'd be able to restore from this in an event like the one you've described.It is also worth noting that "suspended" in this context is not what results in the event your subscription lapses. Suspension only happens as the result of an administrator on your membership (which is not applicable to individual memberships) goes into the web app and clicks 'suspend' next to your name. In the event your subscription lapses you retain read-only access to your data.
I hope that helps!
Ben
then you have four copies of your database: one we maintain*, and one on each device. Just in case that's helpful to know!
Except, it turns out, if your account is suspended in which case all your devices delete their data the next time you login, and you can be left with no local copy of anything. Synchronization is not backup.
Previous versions allowed me to create a local backup, this is back in 1Password vaults which aren't synchronized, but why can't I have a local backup of synchronized vaults? I want to take responsibility for my own data. I have encrypted snapshots going back years for most of the important things in my life.
There is a lot I love about 1Password, the product, the company and the staff, but having to maintain a second password manager with my genuinely critical things (access to email) just to have some degree of ability to recover is a lot of unnecessary overhead.
I wouldn't want to use a service where there was only one copy of my data, and that copy was in the cloud and not on my device.
Given that the cloud can remove the data from my local device, this is effectively what you are doing.
