For those using very strong Master Passwords, the Secret Key strengthens it even further. The Secret Key (a 128-bit randomly generated key) is going to protect that data because even if the attacker could guess the weak Master Password, the addition of the Secret Key requires that they guess both together, making the weak Master Password not nearly as weak. Say our servers are compromised and you used a weak Master Password. Say a user uses a terribly weak Master Password, this would be relatively trivial to guess if someone had your encrypted data. You can't just guess the Master Password and then the Secret Key or vice versa, you have to have both of them correct. If someone were to gain access to our servers they'd have to guess both your Secret Key and Master Password together (they're combined together, again simplifying, see our white paper for the full technicals here). With 1Password membership accounts you have both a Master Password and the Secret Key. Assuming an attacker gains access to your local vault they'd have to guess your Master Password. Lets compare to our standalone vaults since it's a comparison with only us and keeps things simple. Knowing this we set out to find ways to protect against these issues. And we knew, that historically, users used terribly weak passwords. When we designed 1Password's online service we knew that our servers would be a big target if it were storing a lot of user data. But I think it's important to know what it does and why. I'm going to simplify this greatly simply because I don't want to end up in the weeds here. I'm sure eventually they will become popular and start gauging, but for now, it's working well without having to pay a $60+ yr that 1password charges - more than the initial license fee! - and I don't need to manage that stupid vault anymore.ĭisclosure: I work for 1Password on the security team.įirst, lets discuss what the Secret Key actually does. $10/yr is reasonable to me - after 20 years I'll only be out $200, which i feel like is a more than reasonable software license fee. $10 yr get's premium service that include integrated OTP, one of my favorite features of both platforms. Another bonus is that I can now add passwords on my mobile device, which i couldn't do with my legacy license of 1password. I can now lose my dropbox account,which is a bonus, because i was only using it for the 1password vault. I recently switched to BitWarden and couldn't be happier. Something about paying a lifetime tax to store passwords just irks me. would have always been happy to pay a reasonable upgrade fee every couple of years, but of course, they went to the subscription route. I purchased the 1password app back when indeed it was a standalone license. Thank you for all the comments, both here and on our forum. We're definitely listening to all of the feedback folks have taken the time to share with us on this and are evaluating how we can best move forward. The more I've been thinking about it, the more I am coming down on the side of restoring the single standalone vault capability for those that previously purchased the Pro Features (or the full price app when it was a paid download long ago). > The Pro Features purchase has been removed from sale, but all the features that would have been unlocked have been maintained. ![]() > While it’s too late for most, I have gone back and updated our release notes to indicate that we removed this feature. Roo has added a couple of recent comments on our forum that I wanted to make sure were highlighted here as well:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |