|
|
|
|
|
|
by smileybarry
975 days ago
|
|
|
> Your vault password was never sent to to dropbox. It was just a dumb store for an encrypted vault. The calculus changes now that the vault is online and stored by the same party you're sending the password to. You never send your password or account key to 1Password. Each side authenticates the other via cryptographic challenges and you receive the same encrypted database that 1P stores, as a dumb file host. They have a whole whitepaper on the security design of 1Password accounts: https://1passwordstatic.com/files/security/1password-white-p... Technically, the earlier OPVault format stored on Dropbox/iCloud/locally was less secure due to generating a key just from your password. |
|
|