Account sync, security concern

taters
taters
Community Member
in Mac

I've been through the same confusion as others on here with the introduction of accounts. I was trying to setup sync over Lan or Dropbox, but didn't have the option. Since us account users don't have the option to do this, i assume this means our passwords are now stored on agilebits' servers? Isn't the whole appeal of 1password over lastpass that they don't store passwords on their servers? And since we can't change the sync options, shouldn't we then at least get a two factor auth option?

I'm very interested in switching to 1password from Lastpass, but i can't overlook this potential flaw. Surely if you aren't going to give us an option to sync however we like, then at least provide extra security for our data being stored on your servers. Maybe i'm overlooking something, and if so, can somebody shed some light on it?

1Password Version: 6
Extension Version: 4.5.8
OS Version: 10.11.6
Sync Type: Not Provided

Comments

  • ag_kevin
    ag_kevin

    Hi @taters,

    While it's technically possible to syncing over Dropbox by using "non-account" vaults, you lose some key advantages over syncing with our servers, including the addition encryption strength provided by the account key. Our server was specifically designed to sync your 1Password data and do so in a way that is fast and extremely secure. Also note, that we at AgileBits are not able to read data stored on our servers. It is encrypted in all cases by your Master Password and Account Key, both of which are never transmitted to AgileBits (or anywhere else). We not only encrypt your data on our servers, we encrypt it in transit, in addition to standard https encryption. Personally, I would trust the data stored on 1Password.com before Dropbox or iCloud by far.

    But please don't just take my word for it. We publish our info about our security here: https://1password.com/security/. Be sure to read the white paper linked at the bottom of that page that goes into detail how we keep your data safe, and ensuring that only you can decrypt and read it.

    If you have any questions or concerns about this, please let us know.

    Regards,
    Kevin

This discussion has been closed.