Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

1Password irks security experts in push toward cloud-based vaults

Last updated

Over the weekend, a number of security researchers recently took to Twitter to voice their displeasure at AgileBits' decision to push its popular password management service 1Password away from local credential storage to a cloud-based option.

While the company has no immediate plans to remove local vault storage, security researchers noted 1Password is quietly shifting to a subscription-only model that stores passwords on remote servers, reports Motherboard.

As part of the shift, 1Password is pushing customers to monthly subscription plans that serve up remotely stored password vaults through 1Password.com. Previously, the app and corresponding service was sold via a one-time license, which allowed users to generate and store passwords in an encrypted local vault.

Security researchers previously recommended 1Password because of its local storage feature, which some believe is more secure than keeping data in the cloud.

With local storage, nefarious actors looking to gain access to saved passwords would have to break into a specific device. Cloud storage alternatives, like 1Password.com, leave personal passwords vulnerable to attacks against the service itself, researchers argue.

Storing passwords remotely offers a number of advantages, however, including immediate access from any internet-connected device. Further, users who lose or have their smartphone or computer stolen don't need to worry about resetting locally stored credentials.

"We want our customers to get the best. Some people won't agree with that (which is fine!) so we'll work with them to get set up how they want, but for 99.9 percent of people, 1Password.com is absolutely the way to go," said 1Password engineer Connor Hicks.

Hicks said AgileBits will not "remove support for local/Dropbox/iCloud vaults from the software" in the immediate future. If a customer feels a one-time license is in their best interest, they can contact AgileBits via email and the company will "help them determine if a license is really what's best for them," Hicks said.



63 Comments

🕯️
asterion 17 Years · 112 comments

...the company will "help them determine if a license is really what's best for them," Hicks said.

So that's going to be completely impartial advice... Right!

macxpress 16 Years · 5915 comments

I would like to keep my own vault in my own place thank you very much. I don't want to be forced to use something just so they can make an extra buck off me and I don't want the RENT my software, especially considering I've already purchased this. I think this is more of a reoccurring revenue thing than a "this is what's best for the customer" thing. That is said just to cover their ass for this stupid continuous subscription based software thing every software company seems to love to do. Works out for the company as they get continuous revenue, but it sucks for the customer.

I really love this app and what it does...but the model they're trying to force customers to switch over to sucks and they could start losing customers (like me).

🕯️
Soli 9 Years · 9981 comments

I'm not going to use their cloud-based vault, but this is effectively no different than what we all do with iCloud or Dropbox for storing copious amounts of data that is all maintained by "one password." Hell, even my 1Password vault is now synced to iCloud and previously through Dropbox, which is all they're doing since each account has a unique key.

anome 16 Years · 1545 comments

I like 1Password. It's been a great help in managing my accounts and passwords, but if they force me to use their cloud storage for my vault, as opposed to letting me store it locally, or use a different cloud service, and pay a subscription for the privilege, then I'm not going to be happy.

I've paid for 1Password, and I've paid for upgrades to new versions when necessary. Local vault storage makes it worth paying for. I can't see any advantage to using Agile Bits storage over my own.

🎁
cpsro 14 Years · 3239 comments

AgileBits needs to add support for Resilio (nee Bittorrent) Sync stat, so users can have the best of both worlds: immediate access across all synced devices and locally controlled storage. And, yes, AgileBits' subscription model sucks.