Actually no. You could use WLAN sync - wherein your vault never touches the cloud and syncs b/w your devices via your local WiFi network.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password 8 for iOS and Android Released With New Design and Features
- Thread starter MacRumors
- Start date
- Sort by reaction score
So everyone is afraid to store their encrypted passwords on 1passwords servers but ok with storing them on Dropbox? Ok.
It's a simple concept. Dropbox has no access to your master key, they just store encrypted database, and the encryption there is very strong. It would take centuries to break it if you don't use a password 6 letters long. 1 Password is different because they have both your database, and potentially your master key. You have to trust that they don't store it, and people don't want to trust them. They want solutions where security is not based on trust.
No, the bold part is a lie. The Secret Key is NEVER transmitted to 1Password. A mathematical combination or your password and Secret Key is used to encrypt and decrypt your data. That all happens on the client side, not on the server side. If that was NOT the case, all I would need is my account information and password when logging in to new device. But that is not how it works. When i log in to a new device, i have to supply my account information, password, AND the master key to access the data.
But, let's humor you for a moment and pretend that Agliesys is really storing secret keys despite all the independent audits that have been conducted. Even if they have your Secret Key, they still need you password to decrypt. Again, the encryption is based on BOTH pieces of information. In this very imaginary scenario, it is no different than you storing your data on Dropbox encrypted with password.
How do you know your choice of password store is trustworthy? Have you personal review the code? What about the code of every library used? You are 100% positive that your choice of software is not secretly transmitting your password to a rogue server in Russia?
You can block it on firewall and call it a day. If your software is not designed in a hostile way, things really are simple.
It's not a lie. You have no certainty on how the software operates. You provide them both your master key, and your passwords. From here anything can be true. They can do what thy say they do, they can do something else. You don't know.
They potentially have everything they need to decrypt everything they store
- I didn't see the +$1 per extra user on 1password or Bitwarden. Didn't know this option exist
-You are correct, sharing vault is easier than sending passwords but again not everyone has the deal you got.
-Yes 1password is more polished and nicer looking and easier to use imo.
Even if I didn’t have this deal, I probably would still have it. The secrecy key and they guest vaults are huge selling points for me.
I agree that there is a difference between cost and value.
I pay X for a product because I believe that the utility it provides is worth X amount of dollars (or more). I really don’t care how much it costs you to provide said product or service, and if you are able to offer that value at less cost to you, good for you.
It doesn’t affect me either way.
"and potentially your master key." They don't have your secret key, it's only on your device and in your emergency kit. Only you have it, they do not and therefore cannot decrypt anything in your vaults. Thats why if you lose them you are screwed.
About your Secret Key | 1Password Support
Your Secret Key keeps your 1Password account safe by adding another level of security on top of your 1Password account password.
edit: This is why it's damaging to a business when people spread fud.
Last edited:
You do NOT provide them the secret key, it's used on device along with your password to encrypt your vaults. It's clear you're just making comments without understanding how this works. Carry on...
You wanted to say "it's available to their application but they are not sending it anywhere because they said they aren't and there is no option a company would lie, or their software would get compromised". You truly don't understand why basing security on somebody's word is a bad design do you? It's like giving every employee in a bank access to all the account data, and then just asking them not to look at it, and if they said "ok we won't" then the system is somehow secure.
I think this is it for me sn 1p as well. It seems every time there is a new numbered version they push you to use it but quietly take away or add something sinister like removal of local storage or this time around sub only model. I have been a 1p Customer for years - since the $10 pay 1x days and frankly don’t have the desire to watch my password safeguarding company more closely than hackers trying to steal my stuff. I mean really guys. Dark! Goodday and goodnight.
I think, maybe, it's that Dropbox has so many different things so hackers don't know what they might find. 1Password's servers practically have a sign on them, saying "Millions of Passwords Inside. Come and Get 'Em!"
The new version is super-fast, but I don’t like the interface. It “looks” nice and sleek, but it takes longer to do everything when navigating through pop up menus and the like. The previous version may not have looked as sleek, but was far more functional for getting to what you wanted and doing what you needed.
I don’t see myself switching password managers, but I’m definitely going to take a look at this BitWarden since it keeps getting name dropped! 😂
I don’t see myself switching password managers, but I’m definitely going to take a look at this BitWarden since it keeps getting name dropped! 😂
This seems like an interesting item for this discussion, about a LastPass breach:
Now Lastpass confirms a security breach, but there's good news
Password manager LastPass has revealed that it suffered a security breach, but users should be able to breathe easily.
www.androidauthority.com
This seems like an interesting item for this discussion, about a LastPass breach:
Now Lastpass confirms a security breach, but there's good news
Password manager LastPass has revealed that it suffered a security breach, but users should be able to breathe easily.www.androidauthority.com
It actually got worse. They have all the passwords in encrypted state.
LastPass users: Your info and password vault data are now in hackers’ hands
Password manager says breach it disclosed in August was much worse than thought.
arstechnica.com
And for this very reason, I will not store my vault on 1Password's or anyone else's cloud. I don't care how secure they claim it is. Nor do I care how secure they claim their vault is. There is always a chance that they messed up something and it will be discovered eventually.It actually got worse. They have all the passwords in encrypted state.
So now it's up to users masters keys to be up the test.LastPass users: Your info and password vault data are now in hackers’ hands
Password manager says breach it disclosed in August was much worse than thought.
I am sticking with 1Password 7 until it no longer works. When that happens, I'll find another local vault password manager and use that.
Same
Using version 7 until it no longer works and if a subscription is still the only option, I will find a different password manager.
Actually, with the latest version of Apple software, the built-in keychain has become much more full featured
I've held off on all Apple OS updates. I'm still on Monterey as well as iOS 15.7.1 and iPadOS 15.7.2. I've heard a lot of problems with Ventura and 16.x.x and want nothing to do with them for now.
But you state the only thing you will use is a password manager with a local vault, so what difference does Apple's attempt make?
The Apple keychain syncs across devices as does 1password 7. 1password still has more features and ease of use than keychain.