[jl_agilebits]

Hi. I'm a features developer for 1Password. You raise a very good question (one that I used to have myself, before I started working here). I would recommend you read our security whitepaper (https://1password.com/files/1Password-White-Paper.pdf) if you want details, but the TL;DR is that we don't know your account password and our servers only store your encrypted information (which we cannot read), and communication is done over HTTPS with an additional layer of encryption via the SRP (Secure Remote Password) protocol. You also might enjoy this blog post: https://blog.1password.com/what-if-1password-gets-hacked/

[ramesh31]

>the TL;DR is that we don't know your account password and our servers only store your encrypted information (which we cannot read), and communication is done over HTTPS with an additional layer of encryption via the SRP (Secure Remote Password) protocol.

I understand that my data is safe with you guys at rest. I'm sure your security protocols are top notch. But it's all about attack surface. Things can and do go wrong on the internet all the time. Bits get flipped, certs expire, DNS cache gets poisoned, employees get phished, and MITM is an omnipresent threat. I'd just rather avoid all of that.

[Mindwipe]

I read the paper when it was published, and wasn't great then and it's definitely not great now.

[jl_agilebits]

> I read the paper when it was published, and wasn't great then and it's definitely not great now.

Would you mind elaborating on this?

[Mindwipe]

It's really simple. It just doesn't consider anything unexpected happening.

Compromised algorithms are unlikely. But not impossible. Quantum computing enabling brute force attacks is unlikely in the immediate future, but not impossible. Certificate pinning compromise during transport is not implausible for state actors.

And in those scenarios and others, having the vault stored remotely on someone else's machines is inherently less secure than not.

The assumptions made in the paper are clumsy.