Forum Discussion

Former Member's avatar
Former Member
4 years ago

Local Vault

Hi, thanks for updating the interface of 1password for windows, i have immediately subscribed after checking, great job. But unfortunately, it is impossible to open a local vault that we had on 1p...
betas
1P_Ben's avatar
1P_Ben
Icon for 1Password Team rank1Password Team
4 years ago

Hi @benwade

Thank you for your interest in 1Password 8. I understand the concern regarding the lack of standalone vaults in this version. In case it is helpful, I wanted to outline some of the important aspects of how we handle your data.

  1. 1Password always works from a local copy of your data. Data you enter is encrypted before it is saved into this local database. The database is stored on your computer, and syncs when you are online. This means you can access your data while you're offline (or in the event that we are offline).

  2. The Secret Key - This is explained more fully in our security white paper, but the short explanation is that if someone were to guess or bruteforce your account password, that still wouldn't be enough to get your data. The Secret Key provides a serious safeguard against this, and the mathematical complexity that it puts in an attacker's path is essentially insurmountable with current attack methods and hardware. It makes it such that even if someone could steal everything from our servers, they wouldn't be able to access any secrets you've stored in 1Password. This key is not available to us, either, so even in the case of a malicious employee with the highest levels of access, your data is protected.

  3. We put our trust in encryption rather than authentication. This is because, in short, "Encryption means that 1Password does not face the kinds of threats a largely authentication-based system would face, and we have used an authentication mechanism that defends against many of the threats faced by many other systems." You can read more about this, if you're interested, in our short guide here: https://support.1password.com/authentication-encryption/

  4. We undergo security audits and pen tests, which you can find here: https://support.1password.com/security-assessments/

In short, we have made 1Password as secure as possible, keep the ability to unlock your data out of our own hands, collect nothing besides what's needed to run the service, and continually have our security tested for weaknesses.

One of our founders, Dave, wrote about why we're moving away from standalone vaults and to membership exclusively, here. While of course you are ultimately the final judge of what's best (or perhaps even necessary based on policies etc) for your situation, I hope this provides some helpful context for how we're doing things now and going forward.

Ben