Disable webinterface for vaults

So just got the email about the new mac release and changing to subscription accounts. I currently sync via icloud on multiple devices and before I would switch to a subscription - I would want to see the option to disable web access to my vaults.

I trust the one password clients, but not necessarily all browsers / plugins that might be on my system.

Any plans for this?



1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • FrankFrank

    Team Member

    Hi @philemery - Thank you for contacting us. As of right now, there is no way to disable web access to the vaults. I appreciate your feedback and I will make sure to mention this to my team. I'll be happy to tell you a little more about how we secure your data. Our security is very open to make sure everyone knows what we're doing behind the scenes, we wrote a White Paper and published it on our website.

    There are three umbrellas of security with out new 1Password.com accounts. Before all of them is your Master Password and Account Key. In the standalone version of 1Password, everything is protected by your Master Password and all the security wizardry in the app. But in Teams, the Account Key is used to strengthen things even further. If you have a weak password, it's very unlikely someone will be able to access your data because the Account Key is a 128-bit string of characters that's generated locally when you set up your account. It never leaves your device, and we ask that you print it out to have a copy in case you need it later — you're probably not going to remember the whole thing. ;)

    It’s great to have a Master Password and Account Key protect your data, but they also need to communicate with the server to access your data, so we use three layers to protect things at rest and in transit. The first layer is based on your Master Password and Account key, which are used to derive a secret that is used to securely encrypt all of your data, both at rest and in transit between your devices and our servers. The second layer is based on the Secure Remote Password protocol. It allows your devices and our servers to make sure they are who they say they are. This provides an additional layer of protection against attack. The third and final layer is the standard TLS/SSL protocol. This layer provides a final layer of encryption and also allows your web browser to indicate that you were communicating directly with a 1Password web server. If you'd like to learn more about the security of 1Password, head to https://1password.com/security.

    Sorry for not having a better answer at the moment but thank you again for taking the time to let us know this is important to you.

    Have a great day!

  • Thanks. Having read the security pages before I wrote the question. Despite the three levels of security trust, you are still essentially trusting the browser and its plugin's not to do anything bad. Will stick with the normal version until the web access to the remove gets removed.

  • FrankFrank

    Team Member

    Hi @philemery - I'm happy you had a chance to read about our security practices. I appreciate the feedback and thank you again for sharing your request with us. Have a great day!

This discussion has been closed.