Hacker Read

bradstewart · 2019-10-31 20:15:24+00:00

The convenience outweighs the risks for the vast majority of users. My parents need something that is available on all devices, syncs automatically, and requires no maintenance.

You get a master encryption key that never leaves your device when setting up the account. Anything that touches their servers is encrypted with that key. You need that key to setup a new device (in addition to your username and master password).

reply

mnemnc | karma 46 | avg karma 2.42 · | 2021-04-14 07:19:52

They at least offer local network syncing, instead of requiring a cloud account (which is a deal breaker for me). This lets you keep your passwords in sync between your Computer (master) and mobile devices without them ever leaving your home.

All that does of course still require trust in the company, but at least not in their cloud infrastructure and, well, the internet...

reply

blfr | karma 7569 | avg karma 4.67 · | 2015-01-13 20:13:37+00:00

Security and convenience. It's tied to a Google Account which I already have and offers the same level of protection.

acdha | karma 35410 | avg karma 2.73 · | 2022-10-12 18:19:51

The flip side is that it’s incredibly easy to use, faster, and means you don’t have to worry about forgotten passwords or phishing. It’s like an order of magnitude faster than less secure MFA options, too.

killerpopiller | karma 444 | avg karma 1.96 · | 2014-07-30 20:40:08+00:00

call me naive, but I actually trust them.

..and it is the best solution for guaranteeing confidentiality and the encryption need/problem - not to need it, since there isn't a server to eavesdrop on

reply

cm2187 | karma 24483 | avg karma 3.15 · | 2015-05-21 13:23:41+00:00

It also has other merits. It is stateless (so all you need is to save the master key offline). And it doesn't rely on a third party (so no one else that you and the website you log in to knows about your relationship).

delano | karma 2609 | avg karma 2.92 · | 2011-11-07 15:43:26

Nothing is entirely secure. We're two guys with no ulterior motives that take all reasonable precautions to keep the data safe. For most people that's not only enough, it's much better than having their passwords stored in their email archives and chat logs.

lotsofpulp | karma 34330 | avg karma 1.97 · | 2022-01-28 06:45:36

And allow me to never have to spend time removing malware from my parents’ devices, or worry about someone stealing their credentials.

jason0597 | karma 1072 | avg karma 2.68 · | 2022-07-23 05:18:59

As per the comment:

> it is also nice knowing that I never have to worry about losing my device since all of my actual work is on a server I can login to using just about any other device including my phone.

reply

Andrew_nenakhov | karma 10663 | avg karma 3.44 · | 2021-12-31 11:01:19

It is best because they don't bother encrypting user data, loading it directly from its own servers.

muzani | karma 8388 | avg karma 1.47 · | 2023-04-13 19:28:25

Because they're good enough. Also they're potential keyloggers and have access to all your passwords, conversations, and searches. You already trust the OS with those; much harder for some random third party startup to do.

austerity | karma 565 | avg karma 5.14 · | 2015-01-22 21:31:54

They are very clear and upfront about it and there are many cases where their simplest offering (the one with no encryption behind edge server) is good enough.

cryptonector | karma 9732 | avg karma 1.52 · | 2023-03-19 14:24:25

They provide the security without compromising convenience (but you do need backup options).

y_molodtsov | karma 112 | avg karma 1.19 · | 2018-05-20 19:22:34+00:00

At first, they're not a monopoly, people who worry about that could easily use other open-source and probably less convenient solution. Secondly, after the subscription ends the apps simply go into read-only mode. You still have access and can export all of your passwords.

We may argue about it but the most expensive solutions are still the most consumer-friendly.

reply

bwoodruff | karma 120 | avg karma 0.83 · | 2019-07-12 19:49:21+00:00

Ben from 1Password here. This is absolutely the most important reason why it was done. There are of course business considerations as well, but cutting down on potential data loss scenarios is key.

bluelu | karma 602 | avg karma 1.82 · | 2008-05-24 11:15:34+00:00

That's true.

But I also see and advantage herein. You don't have to save the credit number and other sensitive details, so they can't be stolen on your servers.

reply

tata71 | karma 232 | avg karma 0.35 · | 2021-11-06 09:26:51

Ease of transfer, even/especially if their centralized app and server goes down.

wkat4242 | karma 10400 | avg karma 2.0 · | 2023-10-13 02:58:07

The data can easily be well encrypted while the enduser retains full control.

And if it's really just about the data it doesn't matter if the machine gets stolen if it's properly encrypted.

reply

rusk | karma 4087 | avg karma 1.67 · | 2019-11-05 13:51:14+00:00

because even with a third party, it's still much cheaper, secure, and private.

mcculley | karma 4418 | avg karma 2.39 · | 2017-04-24 10:35:18

Using multiple devices does not preclude one from using a server and end-to-end encryption.