I've been a Roboform (RF) user for what must've been 10 years. Possibly just like a lot of previous users on this forum, I decided to give 1password (OP) a try thanks to (consider him your good friend XD) Paul Moore and his review on RF, in addition to his recommendation for OP. After ignoring his advice for years, my RF subscription is finally coming to an end and I'm ready to switch.
The guy didn't get a crazy amount of attention, but from these three articles, an important take-away for me was that RF's implementation of online vault (roboform everywhere online). After logging into the account and trying to access my password there, I would need to enter master password and the decryption is carried out on server, meaning that they will have my master password no matter how they will handle that information. Paul recommends OP because it did not have an online server, I believe, at the time when he wrote the article.
However, today during my initial contact with OP, it looks like OP has evolved and now hosts its own server in addition to a new subscription structure. So I opened an account for online vault, and surely, I have to enter my MASTER PASSWORD to enter my vault?!
In summary, my concerns are:
1) Why did you choose to make users use master password as the log-in password for online vault? I avoided LastPass for this exact reason. FYI, as insecure as RF's online server is, they at least offered the option to use a different password to log into the online account, and then use master password to decrypt passcards.
2) How is your approach different from RF (and possibly LastPass) in allowing users to access their passwords online? For example, for RF, I log into my online account (again, with a credential independent of my master password, which at least gives me a sense of higher level of security), then enter my master password when I want to check out each individual passcard (and again, they admitted that they would have to decrypt server-side, which is a loop hole in security for the users, to say the least). How is your approach different from the above mentioned approach? For an almost similar user experience between OP and RF, which is to log into an online vault and look up my passwords, how or why do you not have my master password?
To be fair, I have not imported all my passcards into OP vault so I cannot see the full picture here. Please consider this post both an inquiry and an education request.
Thank you for reading!
P.S. while I'm posting this, I thought I may as well post a separate question:
3) If I go with version 6 and your subscription service, will I still be able to choose to sync over my own cloud server like Dropbox or Google Drive, or maybe OneDrive (because of censorship I experience when I'm traveling to certain countries)?
1Password Version: 6.?
Extension Version: N/A
OS Version: Win10 Version 1607
Sync Type: Vault (for now)