IMHO paying for password storage solutions is the best way to get security. A robust solution will need updates, fixes, and improvements. The team building those will be paid somehow. Paying customers assure that ad networks and other nefarious actors cannot incentivize weak security practices.
Sure. We could all evangelize some esoteric command line FOSS system, but the general public NEEDS secure password management
What "security" could you possibly get from password storage with subscription and automatic updates that you can ignore the risks involved?
You are giving a centralized 3rd party identifying information about you because of the subscription, control over your passwords because of the updates and you have to believe and trust it's never going to deny you access even without payment, issue an update to steal those passwords or be hacked by someone who does the same or hacks you through it. Oh, and they can do all the surveillance capitalism business models since they have access to the websites you visit.
Banks have an absurd number of regulations, and for good reason. Are you suggesting password managers should be regulated similarly. I'm sure that "small" fee would increase very quickly
All software, but especially software in the privacy / protected data industries, requires ongoing updates. Pay once and you're done was a model built on exponential growth forever, which never really worked. So the next thing you could do is yearly paid upgrades but monthly recurring charges are honestly less broadly user-hostile -- more people _want_ to be billed small amounts monthly rather than larger amounts yearly, and it creates positive alignment with customers and businesses. Yearly paid upgrades were always messy and then degenerated into creating enough splash to entice users to upgrade, versus providing the best product that month that you are able to, whether that means investing in new features or investing in stability etc.
Now all of that aside -- the 1Password funding round was oriented around selling to businesses and the investments needed to run hard at that. It costs money to build a business that's competitive in that B2B market but businesses can provide healthier / less jumpy revenue streams, which is good for a business like 1Password.
The one time paid license is available if you’re willing to jump through hoops and contact support with the right incantations that they will understand. For mere mortals, it’s as good as non-existent because the AgileBits website and its support team go to great lengths to not reveal that there is such an option.
The standalone license hasn't been on the homepage as an option ever since the subscriptions started (and it still isn't there). If you go to the support home from the homepage and search for "standalone license" (or "standalone"), there are no results. So unless you happen to know that this option is available and spend time finding out how to get it, it's impossible to know. It is a dark pattern in the name of "not confusing users".
Just installed a fresh copy of 1Password for Mac. You’re right that it’s hidden and a dark pattern, but your previous comment on how to get it was wrong. When you launch the app, there’s a big “start my trial” button. You can make a vault, and then when you try to modify it 1Password will ask you to subscribe or purchase a license.
Also there are definitely results when you search for “standalone” in the support section, including the link I had in my comment.
Having access to that store on multiple computers and mobile devices is definitely a useful feature.
Set a super long generated password on your bank account and then need to log in on your phone? That's a pain if you're just using KeepPass on your desktop.
That said using an encrypted storage file and an existing file sync service (Dropbox, Box.net, Onedrive, GDrive) and a client that supports using such a file would solve the problem, and I think 1Password at least supports this.
I use Keepass. Like you said, I sync the encrypted storage file through an existing file sync service and use a keepass client on my phone. It's slightly clunkier than I imagine a well-built system designed for multiple devices would be, but it works fine.
I switched from Keepass to 1Password recently and couldn't be happier with the decision. I think I could have dealt with Keepass forever if it was just me - but my non technical partner needs access to the family passwords and accounts too. Using 1Password has been a huge boost in my password management because my partner just didn't want to use Keepass and so would just use her default username and password when signing up for new stuff. Now it's so easy that she's 100% on board, and I have to say that the ease of use for 1Password vs Keepass feels well worth the money.
I've tried that in the past and it's far outside the reach of most people. Getting just Dropbox going is like 150 keys, clicks, and taps from virgin to working on more than one device. Then there is Keepass(X/XC/2) which is FOSS but impenetrable.
Security is like investing, don't use what you don't understand. (At least at a high level.)
You don't want access to it across devices? Not having that is a huge pain with generated passwords.
That said, $200M seems crazy. You don't need that many employees for a password manager. How much of that is going to just end up being funneled to Google/FB via ads, as often happens with these raises.
(insert "but why?" meme)
All I want from a password manager is to securely store a list of passwords. That's it. Add in copy/paste functionality, and I'm all set.
I don't want to pay a monthly fee just to store a KB or two of data.