Standalone vaults for business

System

This discussion was created from comments split from: Can I use 1Password offline only, no cloud?.

fatsailor

Any chance, given your breach, that you'll reconsider supporting standalone vaults?

https://blog.1password.com/okta-incident/

I've read Dave's blog and the incident report. I know no customer data was exposed. I know you claim that a vault can't be reversed even if compromised. But, it still raises a concern that MANY of us have of storing our credentials in the cloud. Our company can't and won't store credentials in the cloud for many reasons. We love 1password, but once 1Password7 is no longer working we'll have to find an alternative.

I'm actually impressed that you detected the incident so quickly. But had your team not had email notifications on the generation of Okta admin lists, it could have turned out differently. Finally, kudos for the transparency.

Dave_1P

Hello @fatsailor! 👋

Thanks for reaching out! I absolutely understand why you’d be concerned about how your important information is stored, and I’m happy to share some details about how 1Password keeps your data safe, even in the cloud.

All of the information stored in 1Password accounts is end-to-end encrypted, and only the person who creates an account holds the keys. When you create a 1Password account, you choose an account password. This password, combined with the Secret Key, keeps the information inside of your account safe. These details are also never shared with anyone else, including us here at 1Password.

If you’d like to, you can learn more about the 1Password security model. If you want an even deeper dive into our security design, you can review our white paper.

Let me know if you have any other questions about the security of 1Password!

-Dave