This is why I don’t think I’d want to store my data in the cloud. Much rather keep it local.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Hello @csonni! 👋
It's never good when a service has a security incident but I am relieved that LastPass's encryption worked as it was supposed to: user's passwords and encrypted items remain safe. Beyond that I can't speak to the security that LastPass uses.
Regarding older standalone vaults and how they compare to account vaults: Your 1Password account data is protected and encrypted using a secret that is derived from both your account password and your Secret Key. A regular user's password is usually about 40 bits of entropy (a measure of how strong a password is) because passwords need to be memorized, this puts a ceiling on the security of your standalone vault. On the other hand, the Secret Key (which does not have to be memorized) has 128 bits of entropy which makes it impossible to guess or crack using today's technology.
This makes using a 1Password account vault much more secure than using an older standalone vault. And in addition to the above, you're also able to further secure your 1Password account using two-factor authentication, something that you can't do with standalone vaults.
I really recommend taking the time to read through our Security Design white paper, we've exhaustively documented the technologies and strategies that we use to make it impossible for someone to access your 1Password account data if they don't have your account password and Secret Key. And we go pretty deep into the technical details of the cryptography and security practices that we use.
Thanks for the response. I definitely want to explore this further. I love the Cloud experience.
It's my pleasure. We'll be here if you have any questions in the future. 🙂