Forum Discussion

wernerstroe's avatar
wernerstroe
New Member
5 hours ago

Questions about security, availability, and data protection when upgrading from 1Password V7 to V8

Hello 1Password-Team,

I’m currently using 1Password version 7 and considering an upgrade to version 8.
However, I still have several open questions and concerns regarding security, cloud storage, availability, and backups.

I’d really appreciate if someone from the 1Password team could clarify these points for me.

My questions refer to version 8:

  1. Access to the cloud / possible restrictions:
    Is it theoretically possible that access to my passwords (stored in the cloud) could be denied or blocked – for example due to a policy violation, a government order, or for other reasons?
    If so, would there still be any way to access my data locally or offline in such a case?
  2. Encryption and third-party access:
    Are the data stored in the cloud fully encrypted so that not even 1Password itself can access them?
    And could a government legally compel you, as the service provider, to grant access to a specific account or provide decryption information?
  3. Failed subscription payment:
    What happens if a yearly subscription payment fails (for example, due to an expired credit card)?
    - How long will I still have access to my account?
    - Will the account eventually be suspended or deleted?
  4. Access for relatives in case of death:
    If the account holder passes away unexpectedly, but relatives have the login credentials – how long can they still access the data if no further payments are made?
  5. Emergency access:
    Will there be an official emergency access feature in version 8 that allows family members to access the vault without knowing the master password in case of an emergency?
  6. Encryption of all vault data:
    Are all stored items (including custom fields, notes, attachments, uploaded files, etc.) fully encrypted?
    In the event of a data breach like the one that affected LastPass – would my data remain completely secure with a strong master password, or is there still some residual risk?
  7. Offline access:
    Is it possible to access vault data when you don’t have an internet connection for an extended period of time?
    And is there any time limit after which an online connection becomes mandatory?
  8. Server outage:
    If the 1Password servers themselves are unavailable for an extended period, can users still access locally cached data, or would access eventually be blocked because the servers can’t be reached?
  9. Data loss in the cloud:
    Is there any theoretical possibility that data stored in the 1Password cloud could be lost (for example, due to a system error)?
    I remember that in 2023, some Google Drive users reported losing data from the cloud.
    Could something like this happen with 1Password, or are there redundancies and backups ensuring that data is 100% safe?
  10. Backups and exports:
    When creating manual backups or exports – do they include all data from the vault, including custom fields and attachments?
  11. EU region / data location:
    When selecting the EU region during registration – are the data stored exclusively on servers located in the EU, or are they also distributed to other locations such as the US or Canada?
    And can users explicitly choose the data region, or is it determined automatically when registering through the EU domain?
  12. Loss of Secret Key or Master Password:
    What options are available if a user loses their Secret Key or Master Password?
    Are there any recovery mechanisms, or would access to the data be permanently lost in that case?

 

I’d appreciate a detailed response so that I can make an informed decision about upgrading to version 8.

Thank you very much in advance!

Best regards
Werner

1password.com
vault management
windows

1 Reply

  • Tom's avatar
    Tom
    Bronze Expert
    4 hours ago

    Hi Werner,

    For legality et such you should await a confirmation from the mods, but from a community and fellow-user perspective:

    1. There are 3 clouds (.com .ca and .eu) - the company behind it is Canadian - that is as far as I'll go wrt politics. As with all clouds - they can disappear ... make a (very secure) backup every now and then.
    2. Read up on https://support.1password.com/1password-security/ and especially https://agilebits.github.io/security-design/ 
    3. You won't be able to CHANGE things in your account, it will remain read-only
    4. That's where your emergency-kit or recovery code come in https://support.1password.com/emergency-kit/ (PRINT, envelop/sign and store SECURE) and https://support.1password.com/recovery-codes/ (understand the implications
    5. See previous answer (4)
    6. See answer on 2
    7. If you don't reboot your device or lapse 'X' time (for personal accounts, business is set by business) you can set it to anything from Never (you shouldn't) to daily require password re-entry. Meanwhile you can access it via your devices biometrics. Theoretical you could do without connectivity for a while (unless on business and external authentication) but eventually it will ask you for your password.
    8. See previous answer (7)
    9. See answer on 1 - never fully trust someone else's computer - even if they would accept liability you would still be at (unrecoverable) loss
    10. Depends start at https://support.1password.com/export/ and rephrase accordingly
    11. To my understanding and previous (business, team and enterprise) discussions and agreements, yes to the first part of your question.
    12. Depends if you have either on the answer on 4 available or not. If you lost everything, you indeed did that + your data is now very secure.

    And yes you should upgrade so you also have the full/improved watchtower and all other good things :) But good on you to check all the boxes.

    As said, wait for one of the mods to (more) properly answer any questions or deliberately undiscussed items