I want to pick apart this story, not to criticize Motherboard or the reporter per se, but instead to explain in greater depth for existing 1Password users why this licensing shift doesn’t force them to put their passwords in the cloud. And, additionally, how AgileBits’s approach to zero-knowledge encryption in the cloud, which is similar to that employed by Apple for iCloud Keychain and LastPass for its system, may be less risky and less exposed in some ways than using Dropbox to sync vaults.
The devil is in the details, though: despite having a robust design, the implementation of AgileBits’ cloud-based system isn’t as fully transparent and audited as many researchers would like.
As usual, there is a lot of hair on fire reporting from the tech and Mac media on subjects they don’t understand and/or are too lazy to actually do any research or real reporting. Fleishman does a great job on both.