[my_ghola]

Can you really trust the company? What about each and every one of the employees that touch the code? Can you trust their Government not to have asked them for a backdoor?

I don't think I can trust a password manager that isn't open source. Cloud or not.

[ubernostrum]

Can you trust your hosting company?

Can you trust the manufacturer of your personal devices?

Sooner or later you're trusting somebody, unless you literally smelted your own machine starting from ore and a bucket of sand, and then wrote every line of code for it, including the compiler, yourself.

Maybe you should inventory all the entities you're trusting already.

[woolvalley]

Local vaults is completely client side encrypted, so you didn't have to trust dropbox or iCloud if you used that to sync.

The only major vuln are the updates, and that would have to be a backdoor delivered to everyone, otherwise the mismatched hashes would be noticeable. The surface area is smaller with the client side encrypted version.

[rimliu]

Do you trust your client? Oh, you compiled it yourself. Do you trust your compiler? And so on and so forth.

[bwoodruff]

Data is encrypted client side with 1Password.com as well. -Ben, AgileBits

[roustem]

This is a good question.

It was really difficult in the beginning to earn the trust but 1Password is now over 13 years old and there are over 15 million users.

We started 1Password Teams project in 2015 and since then we had several external audits: https://support.1password.com/security-assessments/

We are currently in the process of completing the SOC 2 compliance audit.

We also have the highest paid bug bounty program in BugCrowd: https://bugcrowd.com/agilebits

[MichaelRenor]

Trust is earned. Many of us (myself included) feel that 1Password has earned that trust. Don’t let us down :-)