What is more secure, a standalone vault or subscribing to the 1Password online vault?

nomad_
nomad_
Community Member
edited June 2020 in iOS

Hi,
I use 1Password on my iPhone, it's a standalone vault syncing with Dropbox. I use syncing mostly for backup, since I do not use 1Password on my computer or any other device, yet. But now, I wonder what gives me more security in case of breaches. I hope you guys tell if it's the same level of security, even if that means I would choose not to subscribe.
Thank you.

(If there's anything wrong with my English, I apologize. Not my first language.)

Edit: I forgot to say, but I have Dropbox protected with 2FA.


1Password Version: 7.5.3
Extension Version: Not Provided
OS Version: iOS 13.4.1
Sync Type: Dropbox

Comments

  • Hi @nomad_

    We've always designed 1Password so that the security of your data does not rely on the sync service you choose to use. 1Password data has always been end-to-end encrypted, with the only end points being your devices which you enter your Master Password on. Regardless of which sync service you choose, someone who has or is able to gain access to that cannot decrypt your data without your Master Password. It is incredibly important to use a strong Master Password though, as if someone were to gain access to the sync service then all they would need is your Master Password. If that is easily guessed or cracked then that's the last line of defense gone.

    We do have an additional layer of protection when it comes to 1Password.com membership, and that is the Secret Key. You can read about what the Secret Key is and does in our guide, here:

    About your Secret Key

    In short, the Secret Key is an additional key that would be needed by someone who has or were able to gain access to our systems in order to access your data. So, yes, there is some security benefit to using 1Password.com instead of other 3rd party sync options, specifically if you were working on the assumption that any of these systems could be breached. If all data were stolen from Dropbox, and all data were stolen from 1Password.com, it would be more likely an attacker could decrypt the data stolen from Dropbox than that stolen from 1Password.com. If you use a strong Master Password, it is highly unlikely they'd be able to do so in either case.

    Ben

  • nomad_
    nomad_
    Community Member

    Thank you, Ben!

  • You're very welcome. :)

    Ben

This discussion has been closed.