Log In Via 1Password.Com Web Page is Safe ?

Hello

before i start i will try to write as clear as i can, as long english is not my main language i might do lot's of writing mistakes but even that i hope everyone will understand what i want to say.
i never liked or used cloud services, i am not even using ICloud even i am an apple product's users for years.
i have 1password since 2015,paid on IOS and still free version on mac. i have nothing against subscription because everyone should be paid for keeping a software live,updated and safe that requires lot's of work behind the scene and nobody is going to do it for free for years.

the only problem i have is with CLOUD service where i should put all my private and precious info,till now i only synced my devices using WI-Fi sync and everything work's great as long my files never leave my devices.

so,is possible to buy a subscription (just to unlock my 1password for mac and remove the limitations i have now with free version) but never use the cloud? i mean is there an option to not sync the devices using cloud and only sync via WiFI ? as soon i sign up all my 1password items will auto go to cloud or i will be asked if want to do this and have the option to disable it so my items never hit the cloud?

the most scaring thing for me is to put my master password in any browser. how safe is that?
i am reading lots of forum threads and lots of internet articles and i found this today which might make sense -

AgileBits says that your password never leaves your browser, and while trusting the company is reasonable, Thomas H. Ptáček noted to me via Twitter that the point is to not have to trust them. “I’m 100% behind 1Password on monthly subscriptions, so long as users I help never have to enter passwords on 1Password.com,” he tweeted. But because using 1Password.com requires entering the master password for your cloud-sync vault on a Web page, even if AgileBits says it’s never transmitted, Ptáček finds the entire system problematic. However, he notes, “I am very confident they will figure this out, by the way, and that I’ll be able to recommend 1Password in the near future.”

Source : http://tidbits.com/article/17341

hope you guys can advice me and understand what i am trying to say above.i have no problem to pay a subscription but i am not ready yet to use the cloud. of course i can buy a standalone license but is double price and maybe in the future i will use cloud too so at this moment subscription would be cheaper and more convenient for me but, again, only if there is an option to not put my info in cloud.

P.S - everyone that use 1password apps and software should understand that paying a subscription is required to keep a software up to date , a company motivated, and making 1password better,safer and adding new features with every update.
and paying 1cofee/month fur such a great software is a great deal in my opinion and nobody should complain about that.i have many one time fee software's that stopped working and not getting any updates in years.one time fee software's ,sooner or later they will die.

just my 2cents


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • rickfillionrickfillion Junior Member

    Team Member

    Hi @iphone6,

    Thanks for writing in. I think you laid out your concerns very well. Let me see if I can address them...

    so,is possible to buy a subscription (just to unlock my 1password for mac and remove the limitations i have now with free version) but never use the cloud?

    Yes. You wouldn't be the first person to do this. In order to do it, sign up for an account, and add the account to your device. On Mac and iOS, 1Password will very likely ask you if you want to migrate your data to the account. All you need to do is to say no. Should you want to migrate in the future we're here to help.

    the most scaring thing for me is to put my master password in any browser. how safe is that?

    This question is more difficult to answer, but I'll do my best. I don't want to downplay anything, because there are some valid concerns here. The problem with entering a Master Password in a browser is less about it being in a browser, and more about it being on a web page. You can think of every webpage you visit as being a tiny little app that gets downloaded to your computer. Where on your Mac you have Apple's Gatekeeper that will make sure that the 1Password app you're running is in fact from AgileBits, there is no such Gatekeeper on the web. If you trust that we're going to treat your Master Password properly in the Mac app and make sure it never leaves the device, then I would hope that you would also trust us with the Web app. If you can be guaranteed that the code that's part of the webpage is from us, then there shouldn't really be any concern (or at least no more concern than the Mac app). The problem is how to 100% guarantee that the web page is actually from us? You could look at the TLS certificates, which is what your browser does before decorating the location bar with the little lock icon. That's a good start, but it's technically not perfect.

    We've bounced around some ideas internally about how we could make this better. The biggest limiting factor is the browser itself. It would technically be possible for us to build a custom browser that is able to load the 1password.com webapp and then verify that it's in fact the app we think it is. This would make the webapp just as safe to use as our standard apps as the code would all be signed by us. This is just one idea, and we have more ideas that we want to play around with. This is very much a problem that we want to address in some way shape or form.

    I hope this helps explain things.

    Rick

  • thx for the answers and i totally understand. have one more question.
    if i sign up, add my account in the app and select to not move the data, from that moment the new logins or any items i add to 1password app are saving in my app localy or they are auto going to cloud ?

    thank you

  • BenBen AWS Team

    Team Member

    When you save an item you have the ability to specifiy which vault it is saved in. If you pick a local vault then 1Password.com isn’t involved at all.

    Ben

  • i am in.

    thank you for info.

  • LarsLars Junior Member

    Team Member

    @iphone6 You're quite welcome! On behalf of Rick and Ben, glad we were able to help - and let us know if there's anything further we can do for you. :)

This discussion has been closed.