Concerns About Agile Putting My Passwords in the Cloud

soundog
soundog
Community Member

I'm a longtime user of 1Password, bought a license for the app on OSX, and purchased the iOS version years ago. I just read articles about your moving to a subscription model. How does that affect your installed base of users who bought the application and have been loyal customers for year. I am also concerned about you putting all of my passwords on the cloud where they will be available to hackers. As a former IT guy, I never store personal information on the cloud.

Here's an article I just read online which also points to my concerns:

"...the problem is that I have already bought a license for [1Password], like many other people. And 1Password is anything but forthcoming about the payment change and how it’ll affect existing clients in the future. What’s clear is that new users are somewhat forced to go for the cloud-based subscription version of 1Password.

The fact that 1Password will move all passwords to the cloud gives security experts reasons to be concerned.

Your passwords won’t be stored locally anymore as it’s the case now. That’s good news with a huge caveat. As unlikely as it may be for hackers to crack 1Password’s layers of encryption and steal millions of passwords, the risk is there in theory. Not to mention that it’s a lot more lucrative for hackers to try to crack open a 1Password safe containing millions of username and passwords than trying to trick each individual user into somehow giving them access to their computer.

1Password is still one service to consider for storing the keys to your online life. But if you’re worried about these upcoming changes, you’d better look for an alternative right away."


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @soundog,

    Thanks for taking the time to write in.

    Before we get too far... can please I ask: what service are you currently using to sync your 1Password data between your Mac and iOS device(s)?

    Ben

  • soundog
    soundog
    Community Member

    WLAN.

  • Thanks, @soundog.

    So first let me say that we're not just arbitrarily taking people's data and storing it somewhere that they are unaware of, like whoever wrote this article seems to imply. 1Password membership is a cloud based service, and if you sign up for it, any data you store in it will be encrypted on your device and then stored on 1Password.com. If you don't sign up for it you don't have access to 1Password.com, and none of your data is stored there.

    To reiterate something I said above: for those who do use a 1Password membership, 1Password data is encrypted locally on their devices before being sent to us. This is done using the Master Password (which they chose) and the Secret Key (which you can read about here). Neither of these are known to AgileBits, and so we cannot decrypt your data. Neither can anyone else without them. We've got an overview of our security here:

    About the 1Password security model

    And an in-depth white paper here:

    1Password Security Design White Paper

    We strongly feel that 1Password membership provides the best 1Password experience, but we're not forcing it on anyone. If you're happy with what you currently have you're welcome to continue using that for as long as it works for you.

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

This discussion has been closed.