It absolutely blows my mind that people are okay with giving their passwords (encrypted or not, see this very breach for why that's not always enough) to a 3rd party, but are not okay reusing a password somewhere.
If 1Password ever got owned, the Internet would be severely fucked.
And to stem the potential flood a bit, I realize there are plenty of good counterargument built up over the years to try and combat this general idea, but fundamentally the concept of giving your password to someone else to manage is still a confounding idea, regardless of whatever points those arguments make.
> It absolutely blows my mind that people are okay with giving their passwords (encrypted or not, see this very breach for why that's not always enough) to a 3rd party
That sounds more like LastPass than 1Password, although I haven't looked at the new subscription offering.
Which does not change the parent post's point, that with LastPass you're still giving it to a 3rd party who could leak that information for brute forcing.
To be more direct, I'm suggesting the standalone native application may not completely correctly implement the encryption algorithms. I have no evidence of this, but the concept still concerns me.
That's not what you said. You said that if someone owned up 1Password, the whole Internet would be in trouble. But that's like saying that if someone owned up one of the OpenSSH developers, the Internet would be instantly vulnerable. A false statement.
It's a true statement, not a false one. If someone was able to release an intentionally vulnerable version of OpenSSH/1Password, people who updated would be "instantly* (your word) vulnerable.
1Password only recently added a service which syncs your vault with them. I use 1Password with a vault that exists only on my encrypted MBP. If my laptop is decrypted and my 1P vault is decrypted then yes I'm screwed. What's the alternative exactly?
A great example was the recent Opera browser sync hack. Everyone who uses it has to change ALL of their passwords everywhere. Password managers are a TERRIBLE idea, and it's kinda sad so many security researchers recommend them. Single point of failure is a really basic concept to understand.
Password reuse has been slightly overblown as a concern. Things like your Google, GitHub, TeamViewer, bank, etc. accounts should always be unique. But if someone hacks your password for the Engadget forums or something, does it matter that they can now log in to your Kotaku commenting account? REALLY? People talk about how they have hundreds of accounts and could never remember passwords for all of them, so need a password manager... but in reality, only a few of those accounts actually matter.
And you're better off leaving a piece of paper with passwords on it by your desk than using a password manager. The likelihood of a digital hack of a password manager is infinitely greater than the likelihood of someone breaking into your house to get your passwords (instead of like... just taking your TV).
The majority of cloud-based password managers perform encryption client-side. A server hack would leave the attacker with random garbage. Short of brute-forcing your master password, they're not likely to get anything.
The only real concerns here are weak crypto and backdoors. If your threat model includes backdoors planted by software vendors you trust, not using a password manager won't help you, since someone might as well just backdoor your browser and get your brain-managed passwords as you type them. I'd stay away from webapp-based password managers, as planting a backdoor is typically easier for these.
Weak crypto is a hard problem, so you'd have to do some research and check whether the format your password manager uses has been vetted by the crypto community.
Looking at the vectors that are most commonly used to hack people today, I'm certain that password managers would be a massive improvement compared to the short and re-used passwords the majority of users use today.
If 1Password ever got owned, the Internet would be severely fucked.
And to stem the potential flood a bit, I realize there are plenty of good counterargument built up over the years to try and combat this general idea, but fundamentally the concept of giving your password to someone else to manage is still a confounding idea, regardless of whatever points those arguments make.