Does 1Password8 support standalone vaults

@MarkWieczorek

The security audits that I mentioned in my previous post are one way to verify that 1Password does what it claims that it does. The audits are conducted by independent third-party organizations that are well known and respected in the industry. We open 1Password to their inspection and then we publish their findings publicly.

We also have a very high-paying bug bounty program to incentivize the community to test 1Password and to report security issues or vulnerabilities: Strengthening our investment in customer security with a $1 million bug bounty

In any case, I your servers were compromised, and the attacker was able to retrieve all my data, how would 2FA help?

You're right, 2FA wouldn't help there. That's where our dual-key architecture and cryptography comes into play. We take data security very seriously and we deliberately limit the information that we can access here on our end. As mentioned, all of your actual 1Password data is end-to-end encrypted using a private key derived from your account password and Secret Key so all that we see on our end are encrypted blobs of gibberish. If our servers were breached all that the attacker would be able to get is that encrypted gibberish, not your data.

Our Chief Technology Officer actually wrote a blog explaining how our security design protects your data even if our servers are breached: How 1Password Keeps Your Data Safe, Even In the Event of a Breach

-Dave