I have long been sceptical about the advisability of storing passwords in the cloud. I previously stored my 1Password vault on a USB drive with an additional layer of third-party encryption. I felt safe enough with a relatively week master password (i.e. one I stand a chance of committing to memory) because an attacker would have to physically get hold of the USB drive in addition to cracking the password. Plus I was not completely reliant on AgileBits closed-source security implementation. When I heard that 1Password 7 now supports local vaults in addition to cloud storage I immediately bought a licence. However in the course of setting up synchronisation with my Android phone I discovered some very disturbing facts about the storage implementation. In light of these, I have decided to migrate away from 1Password and request a refund of my 1Password 7 licence.
Basically, 1Password copies all your data from all your vaults (local and cloud) into a unified local database in a defined, un-changable, location on the local hard disk of the machine (easily discoverable by automated hacking tools). Even if you physically remove the local vault and lock it up in a safe, 1Password can still access the data with only the protection of the master password (I am assuming the data is still encrypted in this cache). On the other hand, if you accidentally disable the sync option on a vault (easily done as I found since the UI is opaque to put it charitably) there is no indication that the vault is no longer being updated. 1Password will happily carry on as normal, editing, creating and deleting entries as the vault gets more and more out of date. Down the line, you re-install 1Password, replace a failed hard disk or migrate to a new computer only to find that the passwords you thought were safely preserved in the vault are months out of date! Finally, all the vaults are accessed through the same master password, so (AFAIK) you cannot even use one local vault with a very strong password for your bank access codes, and one with a simpler everyday password and maybe cloud storage for accounts that are less critical.
Sorry guys, you are very nice people, but this implementation miss-step combined with the constant subtle pressure to move to the cloud/subscription model against my better judgement, has lost you at least one long-time loyal customer.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided