I’m planning to subscribe to 1Password Families (after thinking about it for a long time), but I’m still wary of the somewhat increased security risk of the web client (as discussed in the "Crypto over HTTPS/Beware of the Leopard" part of the 1Password Security Design White Paper and elsewhere such as https://1password.community/discussion/100052/about-the-new-security-audit ).
At the end of that discussion thread it says "Over time we're supporting more features that were once available only through he web interface in the native apps as well, and we'll continue to make more progress.” With that in mind, please could I check which features are still only available through the web client?
Am I right that payment management, creating and sharing vaults, adding and removing family members, and changing the master password and/or secret key all still need to be done through the web client? Can the rest of the day-to-day tasks (including moving items into and out of shared vaults that you’ve already set up) be done in the native clients?
I’ve also seen references to "1Password in the browser” being code-signed (in contrast to the web client). Is that referring to the browser extensions made available in the Firefox Browser Add-Ons, Chrome Web Store, and Edge Add-Ons being signed? And does that code signing give "1Password in the browser" the same security against the risk of a malicious version as with the native Mac application?
I noticed that the page at https://support.1password.com/getting-started-browser/ treats Safari differently, linking to https://support.1password.com/safari/ . Does that mean that the Safari extension is different, and is it still signed?
If I’m still worried about the web client, is my best bet to use the native apps or "1Password in the browser” as much as possible, and minimise my use of the web client? Would any other measures like turning on 2FA help?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: macOS 11.4
Sync Type: Not Provided