Home directory hosted using NFS mount in corporate environment

Hey Fooligan, thanks for your patience. We've discussed this internally and ultimately we recommend against using 1Password in such an environment.

To elaborate, let's take a step back to a higher-level view. 1Password uses a couple key ingredients to protect your data:

1. Your account password - this protects you against attackers who might gain access to your device. If they don't have the password and can't crack it, they can't get in. This is why a strong password is important.

2. Your Secret Key - this protects you against attackers elsewhere. For example, if someone tried to access your 1Password.com account and used some kind of automated password-guessing software against our servers, it actually wouldn't matter if they successfully guessed your password. That's because we only unlock your data when your password is combined with your Secret Key, and guessing the combination of these things together is incredibly difficult to do. About your Secret Key.

With this in mind, this security model is only effective while 1Password is used on a secured device. Since your 1Password files including your Secret Key are available on a network, it adds additional risk to your account. For instance, if your corporate network was subject to an attack and a malicious actor gained access to your 1Password data, they could potentially brute force your account password to view your data. Additionally, you mentioned snapshots which could potentially allow someone to restore and gain access to your data that way.

I'm not very familiar with NetApp but if it was possible to exclude the ~/.config/1Password/1password.sqlite that may help alleviate some security risk. Overall, I believe your concern was definitely warranted and we recommend against using 1Password in this type of environment.

Let me know your thoughts or if you have any further questions.

Ali