AgileBits isn’t forcing 1Password data to live in the cloud

TidBITS:

I want to pick apart this story, not to criticize Motherboard or the reporter per se, but instead to explain in greater depth for existing 1Password users why this licensing shift doesn’t force them to put their passwords in the cloud. And, additionally, how AgileBits’s approach to zero-knowledge encryption in the cloud, which is similar to that employed by Apple for iCloud Keychain and LastPass for its system, may be less risky and less exposed in some ways than using Dropbox to sync vaults.

The devil is in the details, though: despite having a robust design, the implementation of AgileBits’ cloud-based system isn’t as fully transparent and audited as many researchers would like.

As usual, there is a lot of hair on fire reporting from the tech and Mac media on subjects they don’t understand and/or are too lazy to actually do any research or real reporting. Fleishman does a great job on both.



  • satcomer

    I sick of all this”Cloud” syncing because to Cloud servers are ripe for hackers or former employees to hack! Look cal Storage should ALWAYS be an option developers or no money from me!

    • Gerriljohnson

      <

      blockquote>Google is paying 97$ per hour! Work for few hours and have longer with friends & family! !pa128d: On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it !pa128: ➽➽ ➽➽;➽➽ http://GoogleFinancialJobsCash128MediaSourceGetPay$97Hour ★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★:::::!pa128l..,..

    • Encrypted data is just gibberish without the decryption key, though.

      • Janak Parekh

        … assuming encryption and decryption have been correctly implemented (which is often hard to do).

        Some users have only one computer and don’t need the sync, and users’ peace of mind of local storage* is something that developers have to carefully trade off when they change their product.

        (*The main irony in all this is that people’s computers, i.e. local storage, are often the most vulnerable to attack or data loss. They have to be updated, people have to trust all the apps they use, and they have to be rigorous about backup. There’s many reasons why these aren’t true. Heck, I’ve been in the industry for 35 years, including security research in the past, and I know what I’m doing, but I can’t say for sure today my machines are completely secure, because it’s virtually impossible to do so. And I’ve lost all the data on at least one laptop over the decades when it gave up the ghost.)

    • Ruthwnumbers

      <

      blockquote>Google is paying 97$ per hour! Work for few hours and have longer with friends & family! !pa120d: On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it !pa120d: ➽➽ ➽➽;➽➽ http://GoogleFinancialJobsCash120TopGreatGetPay$97Hour ★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★:::::!pa120l..,

    1. They’ve already forced Windows customers to store their data in the cloud, 1Password 6 for Windows will not allow the creation of a local vault.
    2. They’re not forcing you TODAY on the Mac. That’s the issue though isn’t it? They won’t commit to the support of a local vault feature moving forward, so extrapolating their behavior under Windows, the day will come (probably soon) when they do not allow the creation of a local vault under macOS either.