1Password has a pretty good white paper explaining their security design (PDF behind the link): https://1passwordstatic.com/files/security/1password-white-p.... The parts "How Vault Items Are Secured" and "How Vaults Are Securely Shared" go into sharing passwords in a vault.
So I'm reading on pg 22. The red block. How hard is it for 1Pass --basically a mandated MITM-- to send a false request to Alice when Bob made a request?
That whitepaper is a piece of marketing text. Not saying their audit did not take place. But they are soooooo powerful in their own system that they basically have access to everything.
That whitepaper is a piece of marketing text. Not saying their audit did not take place. But they are soooooo powerful in their own system that they basically have access to everything.
BitWarden: not so much.