1Password 8 dropping Standalone (local) vaults

Started 3 months ago | Discussions thread
lightandaprayer Veteran Member • Posts: 4,639
Re: 1Password Subscription Storage

LarryRC wrote:

noirdesir wrote:

LarryRC wrote:

So ive been using 1password since close to their founding. I read the security features page you referenced and there were no surprises. I have a standalone one time license. My encrypted data “vault” is in the cloud given that i use apple cloud for backup. When i make a change on one of my devices it ends up on all of them within minutes through the cloud. So for me the subscription model isn’t adding anything that i want.

1password is only as secure as the most disgruntled 1password employee who might put a back door in their software. So keeping my vault in their cloud would give that employee access to it where currently they cant get to my vault without hacking my computer or the apple cloud.

And what would stop said disgruntled 1Password employee from putting that back door into the standalone 1Password app running on your computer?

They would need direct access to my computer or device.

I think that your fears are not logical. . . If that "disgruntled employee" can insert a backdoor into the Cloud backups, why can't they do the same when coding the 1Password application? The idea that a single disgruntled employee could make such significant changes to the code and security protocols simply does not make sense. I cannot imagine that a company whose quality of security is the primary basis for its customers trust would make it possible for one individual to have that much unsupervised access without any oversight redundancy and security-related product testing.

There are many people involved in the development and maintenance of a project as large and complex as 1Password and Cloud data storage. That means that there are many eyes viewing every aspect of their work.

You say that you have read all of the security features, so you know that 1Password uses end-to-end encryption and that only the user knows their Master Password. Account owners also have a second "Secret Key" which adds another layer of protection.

There are many eyes outside the company looking at 1Password and its various layers of security. It was a third-party that discovered the bug in Kaspsersky's PRNG protocol and eventually notified the company about the problem. No product is perfect; mistakes can and do happen during development. But your concern is probably the least likely scenario that I can think of happening.

I am under no illusion that anything I can say will disabuse you of your misguided paranoia. But I think that it needs to be answered from a viewpoint that is actually grounded in reality.

Post (hide subjects) Posted by
Keyboard shortcuts:
FForum PPrevious NNext WNext unread UUpvote SSubscribe RReply QQuote BBookmark MMy threads
Color scheme? Blue / Yellow