Storing vaults on servers is a disaster waiting to happen and WLAN sync should be the priority

@Raffaello Alistair Rosselli Baslini: If the cloud service provider had not only your data but also the keys to it, you'd be right, and that would be a big problem. However, with 1Password that is simply not the case. I went over this a bit in my comments in the other discussion you started, but I'm happy for an opportunity to go into more detail here since this is very much on topic.

I really don't understand what the 1Password team is thinking. I get the convenience of having a 1Password account and server sync, I pay for it and use it too. For not particularly sensitive information only. (No credit cards, e-banking logins, email logins.)

If you had any idea how often we were asked for what we're now able to offer with the 1Password.com subscription service by various companies you'd understand why we built it. When we introduced 1Password Teams in beta last year, many people used it for their families and asked for family pricing, so the obvious next step was 1Password for Families subscriptions. I'm sure you can imagine what the next big request was at that point, by individuals who weren't living with a family, so we are now giving all three groups of people exactly what they requested. If people weren't requesting these things, we very well might have never spent the two years (and money) it took to create the new 1Password account platform, but we were asked for them many times over the years leading up to 1Password Teams, so we did. It makes it a lot easier for more people to secure their most sensitive information. More on that later.

We all know that servers get hacked all the time, and 1Password is only making itself a very juicy target by storing all these logins and credit cards.

Again, you'd be right if we were storing credit card information on our servers. Certainly we're a target anyway, but that would make us a huge target. Fortunately that's not the case.

When you use 1Password, AgileBits never has access to your data, regardless of the setup you choose. Even with the 1Password.com service, your data is encrypted on your device, so all the server ever ends up with is an encrypted blob. And since the Account Key is created locally and your Master Password is never transmitted and only known by you, no one — including AgileBits — has the means to decrypt the data. You can read more details on how all of this works in our white paper, and don't hesitate to ask any other questions you may have!

No matter how secure is a server system, a decentralized system seems much safer to me. In my opinion WLAN sync should be, by far, the priority . Instead, it's being negletted for years!

There are two factors to keep in mind here: security and convenience. First and foremost, if WLAN Server was the most popular feature in 1Password and the number one source of feature/improvement requests, it's where we'd be putting most of our effort. But the reality is that most people don't use it and don't want to. It's very much a "techy" feature since it depends so heavily on the network environment and configuring individual devices. Most folks simply don't want to manage their own networks, etc., or I suspect it would be more popular.

That kind of goes more into the "convenience" side of things, and I hear you asking, "Why are you sacrificing security?" In fact, we're not. I touched on that earlier, but I think it bears repeating: only you hold the keys to your data. So unless you're literally storing your Master Password and Account Key in the clear in web service that is compromised, this isn't a risk. We don't ever have what it takes to access your data, so even if we our servers are compromised, it isn't something that can be taken from us.

You still can't sync Mac or Windows to Mac or Windows!

You totally can, and I do all the time, just not with WLAN Server. It uses a similar model to cloud services, with a single server (the computer) and one or more clients (mobile devices); you're just running this on your own hardware. It may be that we can add support for client/server selection and the necessary logic to enable this in the WLAN Server feature in the future, but this would introduce more complexity and make it even more techy, so it's not something we'll do without a great deal of care. We nerds aren't the only ones who deserve security, after all.

iOS devices do not sync in the background.

iOS apps have very limited ability to run tasks in the background. I suspect this may continue to improve. It didn't used to be possible for them to do anything in the background. So it's something we'll continue to evaluate.

I don't even think that WLAN sync is available on 1Password 6 for Windows!

Correct. The new 1Password 6 Windows desktop app does not support WLAN Server. It's something we hope to add in the future, but I think it's more important to add support for local vaults first.

Can you please stop reserving all your developer time to proven dangerous sync methods (namely Dropbox sync and now 1Password accounts) and instead work on your only non-centralized and probably much much more secure sync system? (namely WLAN) Thanks
PS I know what you're going to reply: that your servers are very secure, that 1Password vaults are double encrypted on it and only the users can access them and decrypt them because only users have the keys. Yes, I understand. But if your servers get hacked and our vaults downloaded by some nasty entity, they have that information for good. They will possibly be able to brute-force it eventually.

Actually we've designed 1Password.com from the ground up with the assumption that it will be compromised. We read the news too of course, and with governments and international corporations getting hacked, we'd be pretty naive to think it couldn't happen to us. We put a lot of effort into it, but ultimately the server doesn't have to be secure for your data to be.

Quantum Computers are coming, after all. And even if they are not, or they are not good enough to brute force this kind of encryption, new mathematical discoveries could reveal the current encryption algorithms much less secure than we think. Or you could have put a kind of back-door in the encryption system by accident or even deliberately. (someone that works at 1Password or worked on the encryption algorithms that you used maybe could do it without others detecting it for a long while?)

Brute forcing the combined Master Password and random 128-bit Account Key is not even close to being feasible. Power requirements alone make it far out of reach. Eventually we'll migrate to even stronger encryption and hashing, long before it's necessary, and then even if someone has a dump of our data, by the time the quantum computer can get to it, it will be obsolete anyway.

Put another way, security is really hard for operating systems because they inherently want things to work so you can get stuff done. There needs to be more than one solution to the problem of making it al work. But since we're approaching this from the opposite direction with 1Password, its much easier: we simply use the strongest security feasible, because we only want a single solution to work to decrypt the data.

I apologize that I'm repeating myself so much, but I think this is really important: we don't hold the keys to your data; only you do. The US government has been trying to get companies to build backdoors into encryption, and the experts who've testified at these hearings will tell you that this isn't feasible — "magical thinking" I believe was the operative phrase. Even if it were technically possible, any backdoor weakens the security for everyone, so it would present a risk to us as well, from both the intended beneficiary of the backdoor and anyone else as well. Encryption is just math, after all. AES is 20 years old, is built on cryptographic research going back decades, and has been hammered on by everyone, because whichever "side" you're on, there's a lot to be gained by finding any flaws.

Imagine that we built a backdoor into 1Password for our own benefit or someone else's. Anyone can discover a weakness, and plenty of people are trying all the time. And since our business is built on our reputation of trust and security, if such a thing happens, we're out of business. So really we'd pretty much be guaranteeing a bad outcome for ourselves by doing that. As bad as it would be for you to have your data compromised, if you're using 1Password, it would be even worse for AgileBits, since all of our customers would (rightly) blame us.

Anyway, this is a fascinating discussion and there's a lot of stuff, so please let me know if I've missed anything or if you have any followup questions. :)