One word: Privacy.
See, You run into problems when running something like password managers as a cloud service, and that is for two major reasons, all of which rely on one problem, which is that you've willingly given your data to them. Why is that a problem? Here you go:
- Should that company hosting that password manager service close up shop, The data you have uploaded to their service (read: your passwords) is now their data. They own it, not you. They can easily close up shop, leaving you no access to your passwords, and are free to do with that data whatever they wish. They could destroy it. They could archive it. They could - if they have the ability to open your vaults - take your credentials, and log in to your sites as you and do whatever they want, as you. You wouldn't have any say in what they do until needing to clean up what damage they may have done as you as you prove that their actions are fraudulent.
That's a nasty mess and potential consequence one gets when they sacrifice privacy for convenience.
- Should, for any reason (and I'm talking in the US here; check local municipalities for any equivalent laws) you come under any reasons for investigation, if your data (read: your passwords) were truly in your possession, your 4th Amendment rights would require the government investigating you to obtain a warrant to seize your data. However, 3rd parties are not privy or pursuant to that requirement. All that the government - let alone any Clerk of the Court - needs to do is simply obtain a subpoena. The problem with that: any and every lawyer is a Clerk of the Court. They can issue and request their own subpoena, get a judge or magistrate to sign it, and serve it, which would make those password manager services be compelled to hand over your data, with or without your knowledge or consent.
I can understand storing data that is effectively harmless in any cloud-based service because of convenience. But something as sensitive as passwords, let alone any other PCI, PHI, PII, or HIPAA-compliant data in those services? Absolutely not.
Now, Bitwarden primarily keeps your information in the cloud, but does offer you the ability to host standalone vaults, but you have to build the server to host it. Most either don't know how to, or don't want to be bothered with doing it because convenience over privacy, and that is a major concern that people overlook.
You could, but it would come at a cost. Starting with 1Password 8, you will no longer be able to keep your data in a standalone vault. All of your data has to go not only up to a subscription-based service, but must be stored on 1Password's service. No other place but theirs. 1Password 7 is the last version of 1Password that supports standalone vaults. However, you can no purchase a 1Password 7 license anymore, because they have shut down the servers provisioning those, effectively forcing everyone to go to their subscription model.
I found that out the hard way in trying to jump to 1Password 7 before 1Password 8 came out. If you don't have a license, the application leaves your vault in read-only mode, with no way to get full access to it without paying for a subscription. Even reverting back to 1Password 6 after that still left my vault in read-only mode. I ended up going full monty on my Mac and had to Time Machine restore it to get it back to where it was prior to trying to upgrade. So if you're using 1Password 6, you're stuck on it forever.. and even forever comes at a cost.
1Password 6, as it is an Intel binary, will only work on Intel Macs, or Silicon Macs as long as Rosetta 2 is supported. Once Rosetta 2 goes away, 1Password 6 will not work on the version of MacOS that does not support Rosetta 2.
Good question. You obviously will not have access to any of your data that you store there, but they also do not answer the question of what they will do with your data after you end your subscription. That has been the other issue everyone has had with 1Password with going to the model they are now using.
BL.
