Why force a 1Password account to get the latest version of the app?

Hello @mikeman7! 👋

We've decided to move away from standalone vaults because we ran up against the limits of local vaults and what they could support technologically and we introduced 1Password.com to push what 1Password can do forward. 1Password account vaults are more secure than older standalone vaults and they allow us to support advanced features such a two-factor authentication, a more secure encryption data format and authentication process, family sharing, secure item sharing, item history, and more.

The most important one is security. By definition, all of my most confidential information (passwords to all of my online accounts) are stored in 1password. I am willing to store that in encrypted form in my personal iCloud account (which is already very well secured, and only I have access to it) for the benefit of being able to sync across my devices, however why would I (anybody?) want to move all of that private information onto your servers?

That's a good question. Unlike older standalone vaults that are only protected using your password, your 1Password account data is protected and encrypted using a secret that is derived from both your account password and your Secret Key. A regular user's password is usually about 40 bits of entropy (a measure of how strong a password is) because passwords need to be memorized, this puts a ceiling on the security of your standalone vault. On the other hand, the Secret Key (which does not have to be memorized) has 128 bits of entropy which makes it impossible to guess or crack using today's technology.

This makes using a 1Password account vault much more secure than using an older standalone vault. And in addition to the above, you're also able to further secure your 1Password account using two-factor authentication, something that you can't do with standalone vaults.

I really recommend taking the time to read through our Security Design white paper, we've exhaustively documented the technologies and strategies that we use to make it impossible for someone to access your 1Password account data if they don't have your account password and Secret Key. And we go pretty deep into the technical details of the cryptography and security practices that we use.

So - onto my question: how can I use 1Password 8 without having to subscribe to a 1Password account?

1Password 8 only supports 1Password accounts. Our founder Dave wrote a great post here explaining our decision to go all in on 1Password accounts here: The future of local/standalone vaults — 1Password Support Community

-Dave