How do you protect against zero-days or bugs?

Hi there @mb1347

I'll come to your last point first:

are you not putting users' data at risk in terms of prioritising commercial benefits?

Standalone vaults were protected only by a Master Password, which you had to be able to remember. The actual encryption key that protected the data was made stronger or weaker purely based on how strong the Master Password was.

However, 1Password accounts are more secure, because they have extra layers of security in the form of two-factor authentication to even retrieve the encrypted data, and the Secret Key which is combined with your account password to derive the Account Unlock Key which actually encrypts your data. It's important to note that even with two-factor authentication for your 1Password account turned off, the Secret Key still provides You mentioned our 1Password Security Design White Paper already – this contains more information about the actual derivation of that key, from page 34 onwards, if you're interested in the details of how that happens.

You might also find my colleague @shaywood's comments about how we secure our development environments useful in this context: https://1password.community/discussion/comment/667610/#Comment_667610

Anything that 1Password relies on to work is fully audited by our Security and Engineering teams. Any changes to 1Password which could have security implications are also pentested externally for transparency, and our pentest results are published on our 1Password Support site here: Security audits of 1Password.

You also mentioned:

1password due to the nature of 'who you are' are a massive target for attack.

This is true, but with an important caveat: 1Password is not a general-purpose cloud storage service like Dropbox, iCloud, Google Drive, OneDrive, or anything similar. We don't store your photo library, the contents of your hard drive, your emails, text messages, contacts, calendar events, bookmarks, or anything like that.

We store your 1Password data and that's all, so our access controls and encryption are hardened specifically because we know it would be tempting to hackers, rather than in spite of it. The Secret Key and two-factor authentication help serve as a deterrent – hackers will know that getting your 1Password vaults won't get them the contents, and that cracking our encryption isn't technologically feasible. It'd be much easier for hackers to go after other "softer" targets where the data held isn't encrypted, or where they may already have valid leaked credentials for victims.

It seems to me that by storing information in the cloud and (in addition) making them available via web clients your are massively increasing your attack surface. (I understand that both are not necessarily connected, and I understand that you only decrypt locally)

Realistically, this isn't any bigger of an attack surface than a cloud storage provider, all things considered. All the providers I listed before have web interfaces as well as apps, and maybe even APIs. (Please note: this isn't a comment about their security – merely a comparison of how they can be used.) Our robustness comes from our security model, rather than limiting the ways our customers can use our product. Security through obscurity isn't real security, after all.

Hopefully this addresses your concerns, but I'll be happy to answer any questions or provide more detail if you'd like. :)

— Grey

The Secret Key is the key difference here (pardon the pun).

Secret Key - What Is It And How Does It Protect Users?

Now all of them trust the strengths of their master passwords

A strong account password is important, but it isn't the only protection for your data with 1Password.

But, in the case of a nobody like me, no hacker will know where my vault is stored, and if (again a feature 1password is missing imo) you could give it a random filename / extension, would't even know which file to specifically target, IF it was stored at a location of my choice.

If a hacker is determined enough to get this far, figuring out which file is your password database would be trivial.

a bit of additional security would be good.

That is exactly what the Secret Key provides.

Tbh really honest if I did't feel 'locked in' (pain of switching) I would switch to another service that allows non centralised storage. For now I will remove all banking and other highly critical areas from the 1password vault. < I'm sharing this purely for you to understand that I am one of your customers who is not totally happy and might switch eventually. I might be in the minority of

Strictly local vaults, as they existed in the past, aren't part of the plan for the future. With that said — we've built our systems with the fact we could be breached in mind.

We don't want you to feel locked in. 1Password offers export options if for whatever reason it isn't your cup of tea. Our intention isn't to hold you in our ecosystem against your will.

How to export data from 1Password

Ben