Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

1Password irks security experts in push toward cloud-based vaults

Last updated

Over the weekend, a number of security researchers recently took to Twitter to voice their displeasure at AgileBits' decision to push its popular password management service 1Password away from local credential storage to a cloud-based option.

While the company has no immediate plans to remove local vault storage, security researchers noted 1Password is quietly shifting to a subscription-only model that stores passwords on remote servers, reports Motherboard.

As part of the shift, 1Password is pushing customers to monthly subscription plans that serve up remotely stored password vaults through 1Password.com. Previously, the app and corresponding service was sold via a one-time license, which allowed users to generate and store passwords in an encrypted local vault.

Security researchers previously recommended 1Password because of its local storage feature, which some believe is more secure than keeping data in the cloud.

With local storage, nefarious actors looking to gain access to saved passwords would have to break into a specific device. Cloud storage alternatives, like 1Password.com, leave personal passwords vulnerable to attacks against the service itself, researchers argue.

Storing passwords remotely offers a number of advantages, however, including immediate access from any internet-connected device. Further, users who lose or have their smartphone or computer stolen don't need to worry about resetting locally stored credentials.

"We want our customers to get the best. Some people won't agree with that (which is fine!) so we'll work with them to get set up how they want, but for 99.9 percent of people, 1Password.com is absolutely the way to go," said 1Password engineer Connor Hicks.

Hicks said AgileBits will not "remove support for local/Dropbox/iCloud vaults from the software" in the immediate future. If a customer feels a one-time license is in their best interest, they can contact AgileBits via email and the company will "help them determine if a license is really what's best for them," Hicks said.