A number of security researchers have taken to Twitter to express how irked they are that AgileBits will be pushing its password management service 1Password away from local storage to a cloud-based version.
What makes 1Password different, and more desirable for certain sectors of the hacker and security community, is that it allows users to keep all their passwords stored in a local “vault,” a password protected database that only lives inside their computers or smartphones. For some, this is better because your passwords never leave your computer, meaning that the user has complete control over their passwords—a hacker would have to go after that specific user as opposed to possibly getting them from 1Password if the service itself is hacked.
However, the service is moving away from allowing people to pay for a one-time license and an accompanying local password vault, in favor of a cloud-based system that requires a monthly subscription.
Unfortunately, @1Password is betraying their users and moving to a subscription-only service. This is unfortunate. We cannot recommend them.
— Crypto Village (@CryptoVillage) July 10, 2017
1Password was long the password app of choice for many security researchers, who had recommended the service due to its local credential storage feature, which many researchers believe is more secure than the cloud-based alternative.
Local storage would require bad guys to break into a specific device to obtain saved login/password information. Researchers argue that Cloud storage alternatives, such as the one now offered by the service, leave users’ personal info vulnerable to an attack against the service itself.
A 1Password engineer explained in a Twitter chat that the company knows “without a doubt that 1Password.com is better for usability and security,” referring to the cloud-based option, which costs $2.99 per month (or $4.99 for an account for up to five people).
“We want our customers to get the best. Some people won’t agree with that (which is fine!) so we’ll work with them to get set up how they want, but for 99.9 percent of people, 1Password.com is absolutely the way to go,” Connor Hicks, an engineer at 1Password, told me.
While 1Password would like to nudge all of its users toward the cloud-based subscription model, the company won’t be forcing its current users to make the move anytime soon. Hicks said that the company is not planning to “remove support for local/Dropbox/iCloud vaults from the software,” at least for now.