I think that you do not understand the issue I am talking about.
A bank surely trust their vault, but they do not tell everyone where it is. Even if you think you have the perfect security solution, why would you weaken it by exposing it? The attitude "this is so failsafe I can brag about it" is a security risk in itself.
"My banking info transversing the internet" is not the same as millions of user passwords stored in one location. One of them are easily located in space and time, the other is not.
no, i get it - but i also think your paranoia on this particular issue is unjustified.
so, does no body know where things like the UK royal mint, fort knox, etc. are? Of course they do. Yet life goes on.
sure, deliberately exposing it when you don't need to is not the smartest idea, but
relying on the fact that no one has your password DB, or that no one knows where your banks vault is (which they do, it's not hard to work out) is not a reliable method of protection. and if you can't rely on it, you need to take other precautions.
you should be assuming the location of your bank is known, or (for your password DB) your password file is stolen and should be taking steps to ensure that when it is, you aren't screwed.
and password safe tools have done just this.
My point is that if you don't trust the encryption, then don't run a password manager at all. Because every piece of software running on your machine potentially has access to the file your password manager is storing data in.
[doublepost=1499933629][/doublepost]
Can you provide a link to the security problem? I did a quick google search and didn't find anything.
No you aren't in the same boat if dropbox went away as you would be if Agilbits went away. I can switch to another cloud or use WiFi sync and continue to use the apps.
if agileBits goes away, you export to csv, switch to keepass. so far, they haven't, they have committed to maintaining the ability for existing local sync users to do local sync.
I don't have a link to the web plugin -> 1password vulnerability, but it was about 1-2 years ago (i.e., well into the life of 1password 5 or 6 or whatever and affected all previous versions.
essentially malware running on your machine could intercept traffic between 1password and the web plugin that was sent in the clear, or something like that.
running ancient versions of security software is not a solution if you disagree with the future direction of the product. accept the direction and continue to keep up to date, or jump ship to another product. software regularly has flaws, and sticking with really old versions of software involved in keeping your passwords secure is a big risk.
at least, if you do so, be SURE to follow the change logs to ensure that you're aware of any vulnerabilities discovered that impact your version of the software.
If you're not going to keep up to date with this based on this future policy direction for new customers only, I'd recommend Keepass.
[doublepost=1499934853][/doublepost]
I don't want them to work for free but I want them to add options/features to the app we originally paid for without an subscription. One example is add MS Onedrive support to store our Vault for those with windows, Mac, & IOS devices. I don't want to pay for a dropbox account since I use OneDrive for everything already. Hell, I'll buy the app again to have that support. Instead, they want us to go with an subscription in order to have cloud syncing between windows & Mac/IOS devices. I think there was syncing w/ icloud (can't remember) but I couldn't get it to work obviously if I went with the subscription model...which I recently ended and moved to enpass.
why?
you bought the product as is. anything outside of defect repair should by rights be a paid upgrade or subscription only.
do you expect GM or Ford or whatever to upgrade the engine in your car whenever some new tech comes out, for free?
