View Profile
View Forum Posts
Visit Homepage
Another option Dave forgot to mention was we could open source the entire my1Password project.
We have been thinking long and hard about the future of my1Password for the last few months. I love my1Password and the features it enables, but needing to rely on a server "in the cloud" has several important consequences, including:
- Cost and time required to create and maintain the web site. We need a robust and large enough cluster (i.e. many machines working together) to support any potential spikes in demand. Currently, as many people in this thread point out, there are many people experiencing timeout problems because we do not have a big enough cluster to handle everyone (and we're still in private Alpha!).
- The my1Password web site is a central point of failure; if it goes down all our customers lose the ability to sync and view their data online. While I'm confident we could make a robust system, I have watched Research In Motion spend millions of dollars on infrastructure and yet they still experience frequent Blackberry blackouts. This and similar stories cause me to doubt the wisdom of a centralized approach.
- Many people do not trust storing their data on any remote server, regardless of how strong the encryption is.
- Having a central location for everyone's data makes it an attractive target for criminals. Even though my1Password takes many precautions and everyone encrypts their data before sending it there, criminals may feel the potential reward is worth investing time in trying. For example, the cost of setting up a Phishing web site is so low that anyone can do it.
Of course, these issues were completely out weighed by these two killer features: the ability to sync without using MobileMe and the flexibility of being able to access your data from anywhere using a modern web browser. These features were only possible with the my1Password web service, at least that used to be true.
Now that 1Password version 2.9 is nearly ready, we have finally unveiled a new feature that allows Syncing Without MobileMe. You can give it a try to see how it works for you, but so far I have found syncing through Dropbox to be nearly instantaneous and very resilient to conflicts (the faster a change is replicated, the less likely a conflict can occur).
As for the second killer feature of accessing your data anywhere, we think we have a solution for that without requiring a server "in the cloud". The new Agile Keychain will contain a completely stand-alone web application, namely a replica of the my1Password web service, but running completely from your local hard drive. Users can then put their keychain on a USB jumpdrive or push it to their iDisk or other trusted web server and access their data from anywhere.
This second feature, just like my1Password itself, is still a work in progress. I have effectively proven the technology can work but still need to spend a few weeks to polish it and get it ready. This will be happening over the coming months.
Now that both of these killer features are no longer reliant on the my1Password web service, we are giving a great amount of consideration to shutting down the service. Of course we will leave it active for the next few months, but I think by the end of the year we will "pull the plug" so to speak.
I was originally going to post this message to allow you to vote and decide if we should keep my1Password, but as I typed the list of negatives it made me realize that this decision to close the service is a necessary one.
Still, I would love to hear everyone's feedback on this decision and how we can make the transition as easy as possible.
Last edited by Carl; 10-06-2008 at 05:31 PM.
Cheers!
Dave Teare
Co-author of 1Password
1P User Manual | 1P Sync Solutions | 1P FAQ | 1PTouch Manual | 1PTouch Synching | 1PTouch FAQ
Another option Dave forgot to mention was we could open source the entire my1Password project.
I would like to personally raise my hand in support of this suggestion. I tend to agree with all of the negatives posted by Dave. Releasing my1Password into Open Source would allow people like me, who already have web hosting, to host my own my1Password service. This pretty much mitigates most of the downsides Dave listed to the my1Password service being hosted exclusively by Agile. It would no longer be a burden to Agile to maintain a hosted solution. It would not be a central point of failure for all its users, since each user would be hosting their own my1Password instance. And it would not be an obvious target to phishing, since most of the world wouldn't even know when individual users are hosting such a service.Originally Posted by roustem
Anyway, my 2 cents. I hope you give this option serious consideration. Thanks for the great product!
Actually I completely agree with moving away from the web service for the reasons outlined by Dave among others.
Adding to what Avian00 and Roustem said, how about making the my1Password service either open-source or paid application that can be installed on your Mac and operate as your own personal repository.
This way to access my data I just go to a friends house enter in my IP address and I connect directly to my own personal version of my1Password. No issues of bogging down servers as it is only me (or if I have the family license then 3 or 4) accessing the system. This could also be used to sync your iPhone.
Of course I would make this an optional add-on service that is not required to make the main standalone app work.
Steven Carlson
"Hello my name is Steven and I am a 1Password addict..."
Proud member of the '12-Step Recovery Program for 1Password Addicts'
Developer of Auto-Corner: Used Car Dealership Management System
My concern about an application on my Mac is that it depends on my Mac being on (I use only laptops) and requires me to properly configure my router to allow incoming connections. Also, like most other Internet users, my IP address is frequently changing. This is why an open-source solution that I host on a PHP/MySQL web host is a better solution. There is really no sensible way to not expose the source code in this scenario. But this wouldn't matter so much, since it would be only an accessory to the 1Password product, and not really a complete replacement.
Besides, if you just want to access your password repository from your friend's house, all you need is to sync your Agile Keychain to Dropbox and open the .html file from any computer with Internet access.
I honestly have no objection to your argument, I just felt this could be simpler for an average user. Of course I have a static IP address ($5 extra I think a month, but worth it) and about 20 seconds in my router's config and I can forward any port. But either way I would embrace it.
Steven
Steven Carlson
"Hello my name is Steven and I am a 1Password addict..."
Proud member of the '12-Step Recovery Program for 1Password Addicts'
Developer of Auto-Corner: Used Car Dealership Management System
My main use for the My1Password service is to access my 1Password data while I'm at work on my PC.
Accessing my 1Password data on my Mac directly would be fine (both PC and Mac are on the same network in a home office); even better if I could make changes to 1Password data stored on the Mac from the PC.
Would Open Source give developers the option to build a PC based interface to 1Password data? Would be nice to have a client on both the Mac and PC that were in sync with the same data.
J
Honestly, I've wondered the same thing. It seems like they've already made that possible by creating the Agile Keychain data store. From what I can tell, it's relatively straight-forward and implemented with open standards (Open SSL). I guess the question would be if they would have any objections to somebody creating such a project. Of course, it seems like at this point there is not much stopping them from making an official Windows port.
Last edited by Avian00; 10-06-2008 at 11:01 AM.
Thanks for all the feed back everyone. We can definitely look into Open Sourcing the site before taking it offline.
The only small caveat is we would need to hide all the my1Password features in the 1Password application so as to not confuse new users. We could just use add an Advanced setting in the Preferences I suppose.
I still have a lot of work to do on the new Agile Keychain to prove it can completely replace my1Password, but assuming I'm successful I think we will aim to close down the my1Password web site by year end.
Thanks again for sharing your thoughts! Please continue to do so
Cheers!
Dave Teare
Co-author of 1Password
1P User Manual | 1P Sync Solutions | 1P FAQ | 1PTouch Manual | 1PTouch Synching | 1PTouch FAQ
Have I missed something here? How can the Agile Keychain replace being at a PC-using friend's house and being able to log onto my1Password to look up my web site passwords? If I'm at work or at home or on my laptop I don't need my1Password because I have the native Mac app. Where I really need my1Password is in an office that's not mine, or on a business trip when using someone else's computer. That was the sheer beauty of my1Password; I could use it anywhere. If I'm using a Mac which I control I don't need extraordinary measures to use my passwords, if I'm not on one of my Macs, then I absolutely need something like my1Password.
Unless I'm missing something that's obvious to everyone else, which is certainly possible, I don't see any way that the Agile Keychain can possibly replace the functionality of my1Password. my1Password has saved my bacon dozens of times, and has made 1Password finally truly usable.
I don't know any of my passwords because they're all randomly generated. my1Password has finally let me make full use of secure passwords for the sole reason that they were portable to computers where I can't run software but I can launch a browser. If you limit my use of secure passwords to only Macs where I can have software pre-installed, to me that severely limits the usability of 1Password.
I -do- understand the economic realities of hosting servers and keeping them running forever as I'm a Mac IT person in my day job. Also, I suppose I could sync my passwords to my iPhone, but doing that makes me show them on the phone and then type long, non-English nonsense strings into a browser. If I wanted to do that I could've stuck with SplashData on my Palm. The thing that's brilliant about it, and the sheer beauty of 1Password is the integration. Take that away and it's just another password wallet (at least when I'm not at home, that is).
I totally second selgart. Either on a PC, or on someone else's computer, I simply can't live without my1Password.
With Agile Keychain, maybe my1Password could use Dropbox as some kind of a web service in order to solve the server problems? (I know, this is getting desperate.. I just want to be able to access my passwords from other computers than my own mac.)
I must say that I am extremely pleased with 1Password. I have a family license and my family has been very happy with the software.
I have found myself busy of late and just attempted to sync to my1password tonight with some difficulty, which led me to this post. I assume you do not need to know the details of my experience since this project is slated to be discontinued. I was somewhat shocked to see the end of my1password in sight, but I respect you decision and honestly with your users - Thank you. I do agree there are challenges which may prevent this service from being a practical aspect to maintain and the threat of a single target for hackers is frightening. Password repository is an enticing goal. I do have a question regarding my data that is currently on my1password; am I able to remove it? After reading this post I logged back on to start deleting my information and did not see any apparent way of removing my data. Please if you could let me know how to do this or remove it for me that would be appreciated.
Keep up the good work and thanks.
I think the solution they are proposing will work on other computers just fine. Try making a copy of your Agile key chain and put in on a different computer. Open the key chain using Firefox. There's an html file in there that you can open. When you open it, it looks just like the my1password website.
You could easily place it on a USB key and take it with you. The only problem I see is remembering to update the USB key every time you add new stuff to 1password on your Mac. Ultimately, it would be nice to have some little utility or service you could use cross platform to keep various copies of the keychain in sync. Maybe that already exists.
A really cool solution would be to be able to sync the key chain over to a mobile device like the iPhone that you always carry with you anyway. Then when you get to work or another PC you could connect via USB and have access to the key chain.
When it is all said and done you'll be able to host the Agile Keychain file on your own server or other locations (iDisk, DropBox, etc.) and then open up a web browser from anywhere in the world and access it. I believe it will actually look like the 1Password interface as well.
This is both awesome and totally understandable/practical.
Perhaps if you do open source the the "current" webapp (not necessary the one you're developing for the keychain) the Weave project will embrace it?!
http://labs.mozilla.com/projects/weave/
I know they're kinda competitors but I think you'll always have a slight edge and people will always remain willing to pay for quality code/service, if it's there.
So, I already run a small, personal file share on my iMac (I leave it on all the time) at home for various reason. I could just host the key chain file on there? That would be really great.When it is all said and done you'll be able to host the Agile Keychain file on your own server or other locations (iDisk, DropBox, etc.) and then open up a web browser from anywhere in the world and access it. I believe it will actually look like the 1Password interface as well.
Here's a request. Right now, if I do an export to a web page, I can choose a small sub selection of passwords. My wife and I have a few different accounts that we share, but she doesn't really need access to all my accounts and I don't need access to all of hers. Could I export a specialized key chain file with just our shared accounts?
Hello, stumbled upon this thread somehow and registered to give my input. I've been a long time 1Password user, and I've enjoyed the app a lot. I got a invite into my1Password but decided not to use it.
I simply do not trust third parties with my passwords. Considering that I have RL credit card information and the likes in there I imagine you can understand why. No matter how many layers of security you add, one can never be 100% sure the data will not become compromised. And if it does, I'd prefer it to be my own screw up instead of someone elses.
Having said that, I'm not sure I like the idea of you open sourcing what was done so far. Is it really necessary? If the new Agile Keychain works from any browser then one could simply host that on their server and work from that? What would be the benefit of running the my1Password software instead of just the Agile Keychain? Is it more secure?
Unless you plan on further developing (or at least participating in some capacity) the my1Password code after open sourcing it I don't think it's a good idea.
Why the opposition to this? What reason could you possibly have to oppose? Would you rather they discontinue it altogether? I can name many benefits for continuing the my1Password project. Not the least of which is cross-platform read/write access to my keychain from any web-connected computer. It's fine if you don't trust them with your data. You don't have to. That's the point of releasing it as open-source. It allows users who want the benefits of this platform to use it and host it at their own risk. If you don't like/trust it, then don't use it. But that's no reason to spoil it for the people who would benefit from it. Which brings me to my original question... why do you oppose this idea?
I'm very sorry to hear that the my1password service will be shutting down soon, since this has been one of the best features of the program for me.
If and when it will be shutting down, it would be nice to know how I can delete my passwords on the server? Call me paranoid but you should let the users be able to delete their password before that.
/Johnny
There's a "Remove All Data From Server" button in the my1Password dialog box (right next to "Sync Now").
