does membership include cloud-based syncing
I'm using 1Password with a standalone license, and I'm considering buying a membership instead (in combination with 1Password 7), however I still want to sync my data using Dropbox or iCloud. Can I still sync my data using Dropbox or iCloud with a membership-based license or does the membership imply that I will be using a web-based interface as a cloud-based solution by AgileBits (having my data sit on one of AgileBit's servers)?
Also, will 1Password stop receiving security upgrades any time soon?
1Password Version: 6.8.9
Extension Version: Not Provided
OS Version: 10.13.6
Sync Type: iCloud
Comments
-
You CAN use Dropbox or iCloud with a subscription, but you lose many of the benefits of the sub, and are more likely to get things wrong.
The normal thing with a sub is to use 1password.com for syncing. You usually work locally within the app though you can use a web-based interface if you want (which is sometimes useful).
0 -
I'd like to continue using iCloud instead of 1password.com because I like to compartmentalise my data for security reasons. That way, iCloud doesn't know what passwords I use (because it only has a copy of the encrypted file generated by 1Password with all my passwords). If I was using 1Password.com, then 1Password.com would know my unencrypted passwords. As far as I know, 1Password.com doesn't use end-to-end encryption. (And even if it did, I would have to trust AgileBits to implement end-to-end encryption properly.)
0 -
@runqvist: You raise a good point, but 1Password.com doesn't (and we don't either) know about what passwords you use. Just as when you use iCloud or Dropbox to sync, 1Password.com only receives and stores data after it's been encrypted locally on your device. Put another way, your 1Password data is end-to-end encrypted, so 1Password simply doesn't depend on the sync service to protect your data. 1Password is secure by design, not by chance. The Master Password would be needed to decrypt your data. And with 1Password.com you also have the added security of the 128-bit, randomly-generated Secret Key which is also used to encrypt your data. It works fundamentally the same way in either case...and you'd still have to trust us to get that right no matter what since we're the only ones making 1Password. ;) But if you're interested more in the details of how all of this works, you should definitely check out the security white paper. And we're here if you actually have any questions. Cheers! :)
0 -
No, that's not the way 1password.com works. It does not know your unencrypted passwords, encryption is done locally before sending the data. And it doesn't even know your master password and secret key. There are ways of confirming your identity without sending the passwords. But this is a complicated issue, which I will leave the AgileBits security people to explain properly. I'm not sure why you think 1password.com doesn't use end-to-end encryption.
With some other password managers, their cloud site would have unencrypted passwords.
Certainly you would have to trust AgileBits to do encryption properly, but wouldn't the same apply to any data stored in iCloud.
0 -
Or, what danco said. Much more concise. :lol:
0 -
Thank you @danco and @brenty, I didn't know that 1Password was using end-to-end encryption. I guess the web interface (where you have to enter your master password) put me off, but I didn't consider that the encryption might be happening inside my browser. In that case, buying 1Password 7 or a membership is only a matter of what's cheaper in the long run.
I'm probably still going to use iCloud because I'm a little conservative but I'm going to consider the membership. Thank you again.
0 -
@runqvist: It's a really good point, and I'm glad you mentioned it! Indeed, 1Password.com, unlike how most websites work, isn't running on a remote server; rather, it's a web app that runs locally in your browser. That's why it didn't exist sooner: the technology — especially WebCrypto — was not available to do this! So everything is done locally on your device, and your account credentials are never transmitted to us. Otherwise we'd be too terrified to offer this service. We don't want to be in a position where we could be used to get to our customers' data!
In that case, buying 1Password 7 or a membership is only a matter of what's cheaper in the long run. I'm probably still going to use iCloud because I'm a little conservative but I'm going to consider the membership. Thank you again.
Sure thing! If it helps, unless you're using only a single platform, a membership tends to be a much better deal since it includes everything. Also, much simpler and less hassle. But even for folks using, say, only iOS devices, it's still a good idea to have a 1Password.com membership since it includes automatic offsite backup for your encrypted data. That way even if all your devices are lost, stolen, or destroyed, all you need to do is sign in with your account credentials to get your important data back. Food for thought. :)
0 -
That way even if all your devices are lost, stolen, or destroyed, all you need to do is sign in with your account credentials to get your important data back.
Of course you need to have your credentials safe. The master password is something you hopefully can remember. But the secret key is a complicated meaningless string and needs to be stored somewhere. When setting up 1PW, you are advised to print out the Emergency Kit, which does include the secret key. One could also store a copy elsewhere without any significant risk.
0 -
:+1:
Ben
0
