1password is considering a self-hosted option to store vaults

They made the standalone license almost impossible to find and get, forced a subscription on users, and made the password vault storage online for the subscriptions. Now this self-hosting survey comes as a surprise, and it would be of some relief if&#x2F;when it’s implemented.<p>I do wonder how the licensing and pricing will be handled though.<p>Bitwarden officially allows self-hosting for the personal use tiers, but it seems to have some license purchase requirements even for the self-hosted options (other than the free tier).<p>Is there any password management application out there that makes sharing passwords or password vaults easy but is also free? I’ve looked at KeePassXC and Bitwarden. The former isn’t easy to use for sharing and sharing permissions. The latter doesn’t offer sharing among more than two people in the free tier.

Semi-related: this survey was announced alongside 1Password 8 for Windows early access. Apparently 1Password 8 for Windows uses Electron and there was some discussion about AgileBits wanting to move to the same architecture on all platforms.<p>Does anyone know if 1Password 8 on macOS will also be an Electron app? Their Linux Electron app is pretty good and definitely much better than having no 1Password at all. However, this would be a sad ending for what started out as a great, efficient, native Mac-only application.<p>I can understand why AgileBits would make this choice. For most users, Electron is probably not a big issue, if they&#x27;d notice at all. But as someone who loves native macOS apps, it just makes me sad.

I understand that 1Password is a business and it’s their prerogative to make money.<p>In 2014 I switched to self-hosted password management with 1P and it changed my life. Today, my 1P vaults are a daily, indispensable part of computing. There are thousands of records and my overall security is dramatically higher.<p>Fast forward a few years and I heard that they had introduced a subscription.<p>Why?<p>It’s not their fault: everyone does it. But is this really a subscription service? The applications on my computer and phone have worked smashingly well for years. Is there enough of an ongoing need for development as to require a subscription? I’d rather pay a periodic upgrade fee as maintenance is required.<p>At the same time, independent and decentralized password management makes sense. I don’t want AmaGooSoft holding my passwords to everything.<p>In any event, I will continue to use older versions of password management to save on the subscription.

Bitwarden_rs and keypassxc are what dominate in this space at the moment, with bitwarden_rs being the self hosted option directly where keypass is local but usually combined with file synchronisation software like NextCloud. Both are pretty good and get the job done without having to put passwords into another companies care.

&gt; To clarify, in 1Password 7 we had two types of vaults: vaults used with the 1Password.com service and what we called &quot;local vaults&quot; or &quot;standalone vaults&quot; which were synced however you decided to, typically Dropbox or iCloud.<p>&gt; Assuming we&#x27;re talking about the same feature, then the answer is no, they are not implemented as the new releases do not have support for local&#x2F;standalone vaults and 1Password 7 will be the last version to support them. The new apps rely on the server to perform a lot of the heavy lifting so we will not be adding support for local vaults as they existed in earlier versions. ...<p>&quot;We took away a feature that let people not pay us a subscription for no reason and are now maybe gonna think about re-adding it but making it more complex to setup so nobody uses it and we&#x27;ll get more money.&quot;<p>Can anybody tell me why HIBP still supports them?

A direct link to the announcement post and the survey &#x2F; announcement signup: <a href="https:&#x2F;&#x2F;1password.community&#x2F;discussion&#x2F;comment&#x2F;604038&#x2F;#Comment_604038" rel="nofollow">https:&#x2F;&#x2F;1password.community&#x2F;discussion&#x2F;comment&#x2F;604038&#x2F;#Comme...</a><p>After hiding the standalone license this would put a lot of trust back into 1Password.

I used 1password for about ten years. Every interaction I had with the developers was pretty hostile. Even if they encouraged self-hosting and version-based upgrading instead of a SaaS, I&#x27;d still stick with a competitor. At this point I&#x27;m irrationally bothered by the fact that it&#x27;s a 100+ staff company just to make a product that&#x27;s no better than it was when they had 10 staff and is now more expensive.

Link to the relevant survey: <a href="https:&#x2F;&#x2F;survey.1password.com&#x2F;self-host&#x2F;" rel="nofollow">https:&#x2F;&#x2F;survey.1password.com&#x2F;self-host&#x2F;</a>

I&#x27;ve never understood why anyone who takes security seriously would even consider a non-self-hosted (and non-open-source) password manager, especially after the recent Apple shenanigans. If it&#x27;s not open-source and self-hosted then your security is <i>entirely</i> dependent on the good will of your provider. If they decide to screw you, they can. And it&#x27;s not just the good will of the people running your provider <i>today</i> that you have to bet on, it is the continued good will of whoever ends up running your provider tomorrow or after they get acquired. It seems like a bad bet to me in the long run.

I am still on 1Password 6 because it is the last version with the self-hosted vault.

I&#x27;ve been using the Bitwarden_RS, now Vaultwarden for a long time and love it. It&#x27;s just the backend API implementation so you still use the official Bitwarden clients and extensions.

I wonder whether they are considering this because people are leaving 1Password for Bitwarden, which has a self-hosted option…<p>Personally i would never pay for a 1Password subscription. I did buy all the standalone versions&#x2F;upgrades, since day1.

I&#x27;ve been self hosting 1Password for about a decade without any issues. There&#x27;s always been a way around the subscription stuff. I honestly don&#x27;t mind paying the subscription pricing, just didn&#x27;t like the idea of storing my passwords on their service with everyone else&#x27;s.

1password needs to admit they screwed up by trying to force their customers into migrating to their cloud product. 1password needs to provide a first class service option to customers that want nothing to do with the 1password cloud.

Savvy - for me Bitwarden&#x27;s implementation of self-hosting is the biggest gesture of mutual trust that makes it feel so solid

proper link to the post: <a href="https:&#x2F;&#x2F;1password.community&#x2F;discussion&#x2F;comment&#x2F;602482&#x2F;#Comment_602482" rel="nofollow">https:&#x2F;&#x2F;1password.community&#x2F;discussion&#x2F;comment&#x2F;602482&#x2F;#Comme...</a>

Too little, too late. I used 1Password for ten years, but I&#x27;ve switched to a different password manager and I&#x27;m happy with it.

So like what bitwarden does? So far I&#x27;ve been happy using bitwarden after 1password boiled the frog with their pricing.

Vaults, self-hosting, all these needless complications imo for what should be simple. Just give me a secure deterministic password from a website address + master pass combo.<p>That&#x27;s exactly what my project, <a href="https:&#x2F;&#x2F;app.srspass.com" rel="nofollow">https:&#x2F;&#x2F;app.srspass.com</a> aims to do.<p>Even though I have a super redundant NAS setup, I&#x27;d really hate to depend on a vault and have it all disappear due to some disaster. With SrsPass, I just remember one password, have a recovery&#x2F;backup phrase written somewhere that it gives me which adds 128-bit of entropy to each generated password and boom, that&#x27;s my password manager. Stateless, deterministic, and by using argon2id, PHC winner, on the client side it is doing what most password backends should be, but often aren&#x27;t doing, which is strong memory-hard password hashing.

I&#x27;m absolutely loving 1Password. The Kubernetes Operator is slick and painless. Syncs with 1Password and stuffs the passwords in standard Kubernetes Secrets, meaning anyone can understand what&#x27;s going on versus something like say Vault.

While I didn’t love 1Password moving to the cloud because I liked the personal license, it did allow my company to switch from lastpass to 1Password, which was a sizable improvement for password management and allows us to use 1pass’ “2fa” that would at least protect against leaked passwords. HIBP support is cool. Secrets automation seems like an interesting vault alternative. So long as 1Password doesn’t get acquired and can keep hiring and paying strong cryptography experts, I’m happy with their direction.<p>I’d ultimately prefer to host my own 1Password server at home if there was an option though, data ownership is an increasingly difficult thing to achieve.

Keepassxc on Dropbox works well for individuals.<p>Do Bitwarden or 1password add to this?<p>They seem to be for enterprise.

When I was evaluating which password manager to use I instantly favoroud 1password, but not having the possibility to self host my data was non-negotiable for me.<p>I will definitely stay up to date whether this really comes or not.

I always assumed that they didn’t have the keys to unlock my vault, so even if something was compromised it is all encrypted with no way for them to access it. What is the advantage of self hosting?

Frankly, given all the major data leaks of recent years and months, and not to mention ransomware incidents against even large, supposedly well-secured organizations, I fail to see how anyone with a modicum of security awareness could recommend or use a centralized password manager platform of any kind for their own security. People mention &quot;convenience&quot; but i&#x27;d say fuck that. Convenience is also how many seem to justify the total sell-off of their digital and financial privacy.

This would make me consider upgrading to 7&#x2F;Pro. I’ve resisted to do so because I am fundamentally opposed to the way they are centralizing the product and selling it in a subscription model, but a private vault server I could share inside a small business (or family) would be something I would buy.

Am I doing something wrong by having my passwords stored in iCloud?

You used to be able to do that when they still had licenses.

Was so happy when I moved from 1password to Bitwarden. Far more reasonable pricing and a better experience IMO.

Is the 1Password Support Community website built with something public like a SaaS or open source project? <a href="https:&#x2F;&#x2F;1password.community&#x2F;" rel="nofollow">https:&#x2F;&#x2F;1password.community&#x2F;</a>

too little too late

There are so many good open source alternatives that already offer this they probably no longer have a choice. Which password software would you want to choose, the open source one offering superior privacy or the paid one that only adopts better security when they start losing a lot of customers.