That is not to say cloud is inherently secure. It isnt. It is just differently secure. Having a local vault that you control does not make it safer, it just makes it different.
Well, of course nothing is 100% secure in life. One day, 256 AES encryption will be broken in as easily as a paper agenda. But everything in security is about decreasing the odds that something bad happens, it's about making things harder for hackers, it's about increasing substantially the difficulty to do so, to the point that the hackers has to think about how much is it worth to spend additional material resources and time VERSUS the potential gain. That's really how security researchers ( regardless of age ! ) look at it.
When one says that one method is less secure than the other , it doesn't mean that one is 100% secure and the other is totally insecure. It might mean that one is , say , 40% more secure than the other . And security is basically about putting the odds/chance in your side, it's not a binary game.
Look at 2 step authorization, that's what it is about : spreading the potential point of failure over 2 nodes instead of one. You can even increase it to a more secure 5 step authorization, and you can still get kidnapped and tortured to give your passwords and activate your devices with your biometrics. But unless you're a very special "person of interest", that's unlikely to happen , and for a hacker that just wants to steal some of your money, not worth the trouble and risk.
If we consider that 1P software has a point of failure ( as shown by those out of date "
fear-mongering-20y old" ), and if the amount of energy/time spent to hack one person's local vault is almost the same as the one spent to hack thousands ( or hundred of thousands of 1P users ?) because all their vaults are in one server instead of thousands of servers , then the effort is absolutely worth it for organized hackers. It doesn't mean it's guaranteed to happen , but it just increased the odds substantially.
So local vaults are objectively and inherently more secure, not just different. They are "different" in the sense that they are less convenient than Agile hosted vaults. The latter is also "different" in the sense that they are more convenient but less secure ( because of what's said above). You're trading increased security ( or should I say less probabilities of a hack ) for convenience.That's worth it for some people, and not for others. It should be up to the user to make that choice, and it would have been extremely easy for Agile to make 2 versions of 1P, one with local vaults only, and one hosted by them. It's not like they are some poor lonely developper making software from his grandma's kitchen table. They just got 64 Millions$ of funding.
It's very obviously a commercial/business choice, not a rational or technological one. If you "own" your vault, you're not constantly dependent on them. If your vault is basically a monthly rented space, you're completely dependent on them , forever.
Mind you , they're not the only ones. A majority of software turned-subscription isn't justified at all by any technological or "progress" reasons, only by making your data hostage unless you pay the monthly rent forever. Very few are really justified.
