I'm a user currently of the cloud account model. Certainly, the 1PW cloud model ("+2SKD", as @jpgoldberg calls it) is downright awesome and probably one of the most innovative of models streamlining encryption in transit and authentication in one go. I appreciate very much the time, effort, and thought put into authentication using SRP instead of stored hashes, double encrypting inside TLS with the static SRP secret, and doing key derivation and encryption steps locally. I appreciate the usability you have created in team/families account recovery and vault sharing as well.
But our 1PW accounts are definitely central points of failure - in fact, the most destructive central points of failure that your users can have. Certainly, I'd rather an attacker have access to my bank account than my 1PW account; at least I have the legal grounding to recover from financial identity theft.
Which brings me to account administration: the web-based administration interface which we must use and for which we have no signed-code alternative. As cloud account users, the fact that we have no choice but to do all essential account-administrative tasks by browser, running js served from Cloudflare endpoints, with TLS (dissolving inside the CF reverse proxies, not even inside your own servers) being our only halfway assurance that I know that the js running is non-malicious. And we have to enter both our account key and master key into it - everything needed for a complete disaster. As @jpgoldberg says himself in "Beware of the Leopard", delivering code via browser is always a problem.
So it would seem to me that as long as someone is using the web interface on a semi-/regular basis, the rest of the awesome transit and asymmetric+symmetric+SRP key wrapping architecture you've carefully built (which I appreciate) doesn't even matter - a single large vulnerability in TLS, or a compromise in a Cloudflare endpoint, could compromise many of your users at the same time, because malicious code could then be delivered, negating everything else.
Are there plans in the works for account administration to be embedded into your signed executables. on all platforms? Because until then, it's anxiety-inducing every time I have to log into the web interface.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided