Security Experts Upset at 1Password’s Push to the Cloud


Over the weekend, a number of security researchers took to Twitter to voice their anger at AgileBits’ decision to push its popular password management service 1Password to a cloud-based option.

Motherboard reports that even though the company has no immediate plans to remove local vault storage, security researchers noted 1Password is quietly shifting to a subscription-only model that stores passwords on remote servers.  Security researchers previously recommended 1Password because of its local storage feature, which some believe is more secure than keeping data in the cloud.

With local storage, malicious attackers looking to gain access to saved passwords would have to break into a specific device. Cloud storage alternatives, like, leave personal passwords vulnerable to attacks against the service itself.

AgileBits will not “remove support for local/Dropbox/iCloud vaults from the software” in the immediate future.


  • johnnygoodface

    Hopefully each of our vaults will be encrypted with their keys but also using our own master password as a second level of encryption. This way even if their database is stolen (by outsiders or employees) we should be safe, as long as our own master password is strong enough and not only 8 characters long!

    How do they currently sync our devices together? Doesn’t our data already travel thru the cloud for the sync process?

  • xeronine992

    This is my reasoning for still trusting LastPass. If their servers get compromised I’ll simply update my passwords. Anything super important either has 2FA or in some cases (eg banking) are kept only in the vault on my shoulders.