How do I prevent 1Password v7 (Mac) from uploading my vaults to the 1Password server?

@jon76

Thank you for the detailed and thoughtful reply! You mentioned the Secret Key and I wanted to take a moment to explain why the Secret Key is one of the reasons why storing your data in your 1Password account is more secure than using a third-party sync service. Unlike standalone vaults that are only protected using your password, your 1Password account data is protected and encrypted using a secret that is derived from both your account password and your Secret Key. A regular user's password is usually about 40 bits of entropy (a measure of how strong a password is) because passwords need to be memorized, this puts a ceiling on the security of your standalone vault. On the other hand, the Secret Key (which does not have to be memorized) has 128 bits of entropy which makes it impossible to guess or crack using today's technology.

You mentioned that Dropbox or iCloud protect your standalone vault with their own password but your password for those services is an example of authentication whereas the Secret Key is an example of encryption. This makes a world of difference when it comes to protecting your data since encryption protects your data using math (cryptography). You can read more about authentication vs encryption here: Authentication and encryption in the 1Password security model

Using a 1Password account to store your items also gives you access to the following features and security enhancements:

• More secure encryption data format and authentication process
• Two-factor authentication (2FA)
• Family sharing
• Secure sharing of items even with people who don't use 1Password themselves
• Item history
• Automated data backups
• Account recovery
• The ability to fill and save items using 1Password in the browser on the desktop and in Safari on iOS

It's for all of these reasons (and more!) that the next version of 1Password for Mac will only support 1Password account vaults.

Storing the vaults on the 1Password server would give an intruder full access with only my 1Password account password.

1Password account data is protected using both the Secret Key and the account password. If a malicious actor was to compromise our servers then they would still need both your Secret Key and your account password in order to transform your data from encrypted gibberish to human-readable data.

I am aware of the Secret Key but that info is stored in the browser until the user clears their browser history. If someone were to gain access to my computer then all they would need is my 1Password account password to gain access to multiple vaults

Can you clarify this a little further? If you've installed the 1Password for Mac app then an attacker with access to your Mac, and with knowledge of your password, would be able to unlock the 1Password for Mac app with your password regardless of whether you were using a standalone vault or a 1Password account.

All that being said, you can enable the creation of standalone vaults by following these steps:

1. Open and unlock 1Password for Mac.
2. Click on 1Password 7 next to the  in the menu bar.
3. Click on Preferences.
4. Click on Advanced.
5. Check "Allow creation of vaults outside of 1Password accounts".

You can then create a standalone vault by clicking File > New Vault > New Standalone Vault.

I hope that helps. 😊