Security in 1Password 7
In version 6, your software decrypts your data locally on the host device using the password that is entered. So, it serves to authenticate the user without the need to transmit the master password over the internet, and AgileBits servers did not need to store master passwords on their servers.
In version 7, your software sends the user's master password over the internet to be authenticated by matching it against what is stored on AgileBits' servers.
Version 7 seems substantially less secure to me because it is exposed to at least two additional attack vectors: 1) snoop/crack HTTPS transmission, and 2) data breach of AgileBits' servers.
Now, I'm open to being wrong on all of this. Please tell me what is incorrect about my above statements, and how version 7 is actually more secure.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided