Disable storing a local cached copy of the vault

I read that the 1Password hosted solutions do not store local backups, but they do store a local cached copy of the vault for offline access. Is it possible to disable this behavior so it requires network access to access the vault? (Consider the need to regularly sign in to your personal vault on an untrusted computer, such as on a work computer.) Also, is it possible to require multi-factor authentication for every sign in, even with the desktop app (synced to the hosted solution)?

One alternative, I think, is to just use the myfamilyvault.1password.com web interface, but that is awfully less convenient than the desktop app. But just to be sure -- the web interface doesn't store your vault in localstorage or anywhere else on your local device/browser, right?


1Password Version: 6.x
Extension Version: Not Provided
OS Version: OSX
Sync Type: 1Password.com

Comments

  • JacobJacob

    Team Member
    edited October 2016

    Hi @lookingforentropy! Thanks, that's an interesting request. Lots of people have asked for more local copies of things, and a local backup. This is the first time I've heard the opposite. :lol:

    One alternative, I think, is to just use the myfamilyvault.1password.com web interface, but that is awfully less convenient than the desktop app. But just to be sure -- the web interface doesn't store your vault in localstorage or anywhere else on your local device/browser, right?

    That's correct — using 1Password.com is the current way of doing this. We don't have a completely cloud-hosted version of the app. You can sign out of the app each time you're finished with the app if you'd like to remove the data locally. The thing is, you'll need to have your Account Key each time, and that's usually saved in the app so you just need your Master Password to sign in. When you sign in from a browser, your vault isn't stored but the Account Key is. You can prevent this by clicking "This is a public or shared computer" before signing in.

    I'm not sure we'll be adding this to the apps in the future. The Account Key is something you have, but shouldn't need to remember. This would make it more difficult to sign in. I can see how it would be useful in some cases, but browser access is better for those. Let me know what you think. Hope this helps. :)

  • lookingforentropylookingforentropy
    Community Member

    Fair enough, thanks Jacob! (This idea comes from my historical usage of Lastpass, which allows you to disable any storing of your vault locally.)

  • AGAlumBAGAlumB
    1Password Alumni
    edited October 2016

    Ah, interesting. Though unlikely, it's certainly something we can consider.

    But it's important to keep a few things in mind: in order to access any data stored on a server on a given device, it has be be cached locally in some fashion, whether we're talking about a standalone app, extension, or the browser itself. So I suspect what they mean is that it isn't stored persistently. If it wasn't cached at all, it would be impossible for you to view it, after all!

    And in the case of 1Password, a key part of the security mode is that data is encrypted on your device locally. This is so that when you use 1Password, AgileBits never has access to your data. Since the data is encrypted on your device, all the server ever ends up with is an encrypted blob. And since the Account Key is created locally and your Master Password is never transmitted and only known by you, no one — including AgileBits — has the means to decrypt the data. You can read more details on how all of this works in our white paper, and don't hesitate to ask any other questions you may have. Cheers! :)

This discussion has been closed.