|
|
|
|
|
|
by jooize
2147 days ago
|
|
|
Hosting my encrypted data means anyone with sufficient access at any single time can copy the encrypted data and attack it or me, then or later when eventually feasible. Hosting only an executable I download and execute means the adversarial extraction of data must be contained within the executable and bypass all security from within my system. There is a window of opportunity for sending out a signal indicating the executable can not be trusted. I do trust the team of 1Password to be competent and not evil, but there are many things that can go wrong anyway. I remain disappointed that there is no way to set up nor configure a 1Password.com account without the web client. |
|
|
Very much this. I don't benefit in any way from having a copy of my sensitive data in their cloud, so as a very basic security principle, I don't want them to have it.
And that's just for my personal use. If they drop support for local vaults, I have to stop using it for work, too, because my employer prohibits password managers that store passwords in the cloud. My understanding is that these policies are specifically designed to keep us in compliance for government contracts, so I don't think they're changing.