Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Former Member
4 years agoStandalone vaults in 1Password 8
Are standalone vaults supported in 1Password 8?
Can you import standalone vaults from 1Password 7 without signing up for the online service?
Can you create new standalone vaults in 1Password 8?
1Password Version: 8
Extension Version: Not Provided
OS Version: Windows 11 x64
- Former Member
After the compromise of another cloud based password vault service & the compromise of Authy...I wouldn't recommend cloud based vaults. Furthermore, we would have to rely on the trust of the company to hope it doesn't have a backdoor...which is a serious privacy issue when the vault is located on their cloud servers & not on a home computer. This shouldn't be an issue provided the company is too small to attract the attention of influential government, or large & dedicated to privacy that they would play the cat & mouse game with government hired hackers. Personally, I'd rather keep it on my own system where I can have multiple layers of encryption to protect what I encrypt. This will unfortunately keep me on 1password 7 until the foreseeable future.
- Former Member
Are standalone vaults supported in 1Password 8?
No.
Can you import standalone vaults from 1Password 7 without signing up for the online service?
No.
Can you create new standalone vaults in 1Password 8?
No.
Standalone vaults and usage without a 1Password membership are not supported. This is AB's official answer.
- 1P_Ben
1Password Team
Hi @Rayven01
1Password 8 is built to work with our 1Password membership service. It cannot work with standalone vaults. If you haven't upgraded to membership yet I'd highly encourage you to reach out to our migration specialists at
support+tradein@1password.com
. They can help, and they're even offering a pretty special deal at the moment. 🙏🏻Ben
- Former Member
I don't trust any online service as a repository for my passwords, which are literally the keys to my online castle, and thus invaluable. If it's online, it has a good chance of eventually being hacked (see LastPass). 1Password was initially developed and hyped specifically as a harbour against this problem with offline vaults. I'm very disappointed that you've decided to abandon your original backers this way. I realize and support your option to seek subscriptions for revenue and ease of updating, and would even happily pay for a subscription if necessary to keep up to date as long as offline vaults were still supported.
- Former Member
Have you read their white paper? It is quite good. All of my secrets and the secrets of my company are in 1Password, and I sleep fine at night having read it.
- PeterG_1P
1Password Team
Hi @Rayven01, thanks for your comments here. We understand that this is a reasonable concern, and have gone to great lengths to address it. I should note as well that much of the security architecture we use to keep information safe has been in place well before 1Password 8 - and that the majority of users are already using this subscription service.
While members of our security team can speak in detail to some of the more technical aspects of this, here are a few of the safeguards we use for subscription accounts, which provide a greater level of security than you can find just about anywhere:
The Secret Key - This is explained more fully in our security white paper, as @soshiito mentioned here, but the short explanation is that if someone were to guess or bruteforce your account password, that still wouldn't be enough to get your data. The Secret Key provides a serious safeguard against this, and the mathematical complexity that it puts in an attacker's path is essentially insurmountable with current attack methods and hardware.
Strong privacy and secrecy policies - We don't have access to much information about 1Password users, because we don't want to. This is because we're a privacy-conscious bunch around here, but it also means that, in the event of a hack (and we haven't had one yet!) any information we don't have access to is also information an attacker can't turn against you. And, as has always been the case, your data is encrypted and decrypted locally, on your device. Without the password and secret key that only you have - even we don't have those - it is incredibly difficult for a hacker to do anything with your encrypted data.
Following that, we also threat-model against internal attacks, including even the possibility of a malicious database administrator. You can find more about this in the security paper as well.
We put our trust in encryption rather than authentication. This is because, in short, "Encryption means that 1Password does not face the kinds of threats a largely authentication-based system would face, and we have used an authentication mechanism that defends against many of the threats faced by many other systems." You can read more about this, if you're interested, in our short guide here: https://support.1password.com/authentication-encryption/
We also undergo security audits and pen tests, which you can find here: https://support.1password.com/security-assessments/
In short, we have made 1Password as secure as possible, keep the ability to unlock your data out of our own hands, collect nothing besides what's needed to run the service, and continually test our own security for weaknesses.
While of course you are ultimately the final judge of what's best for your situation, I hope this provides some helpful context for how we do things.
- Former Member
Oooooo ouch.
I was wondering why my 1Password app was prompting me for a 50% upgrade offer, so came here to figure it out, and now I know why.
No local vaults is a huge bummer. Not sure what to make of it yet... still kind of shell shocked.
EDIT:
Eh... I just read the post by dteare and also went back and read a bunch of blog posts about the 1Password app rewrite.
Honestly, from a business perspective, it makes perfect sense for Agile Bits to focus entirely on the online subscription service. If 97% of your customers are using the online service it really doesn't make sense to put development effort into the local vault feature. So I can respect the decision, even though it means I likely will have to move on.
Oh well, it's been a good run. For now, I'll continue to use 1Password 7 as long as it continues to function. I've used 1Password since 2007-ish and overall it has been the best password manager on the market—so I see no need to switch as long as v7 continues to function. Dreading the day when it will not, but will cross that bridge when I get there.
- Former Member
Thanks for the information, it was helpful in making my decision. Considering the lack of quality alternatives that support private vaults or have demonstrably better online security, it seems I have no acceptable choice but to trust your security implementation.
I've signed up and converted my account. I see there is a second "personal" vault which contains the secret key. I assume this is a standalone vault only present on the initial PC I signed up on and not synced anywhere else?
- PeterG_1P
1Password Team
Hi @Rayven01, I'm glad this was helpful! We will of course continue to do everything we can to both make 1Password extremely secure, as well as be deserving of your trust. We certainly don't take the responsibility lightly.
Congrats on your new account - this personal vault you mentioned is the default vault that's created with every new subscription account. We name it personal to distinguish it from other vaults you might create later. Usually when people create additional vaults, it's for some more specific purpose, or to share items with others. We thought it was important to have one place marked personal that is clearly your own, visibly denoting that all the items contained there are for you.
This vault is not a standalone - it's contained within the same encrypted database as your other vaults,* and syncs between your devices via our 1Password.com service.
(That database is locked and unlocked locally, on your device, and it lives in the %localappdata%\1Password\data directory, if you're curious.)
Here's an example of the practical implications of this. 👍 Let's say that you have just set up your new 1Password account on a desktop computer. Great! Now, if you want to access that same 1Password data on a mobile phone as well, all you have to do is install the app on your mobile phone, and sign in with your Account Password and Secret Key.
When you sign into the app on a new device for the first time, it generates a local copy of your database on that device, and all the items you're used to seeing will be present there. You don't have to choose to sync a specific file in a specific directory - just signing into the app is enough. The service takes care of the rest.
Whew. That went longer than expected. I hope this is helpful, and am looking forward to hearing about your experiences with the app from here!
- Former Member
I’m disappointed the standalone vault option has been removed , but I do trust 1Password to hold my scrambled encrypted jibberish on their servers . Over 100,000 businesses use 1Password .
Since it’s Zero knowledge encryption and many security protections are in place I’ll continue to use 1pw