For a whole class of potential (if unlikely) situations, it shifts from me potentially being caught up in a mass hack, response to an overly broad warrant, etc to needing be targeted specifically.
Passphrase compromised? If they're hosting, you know exactly where to go to access my passwords. If I'm hosting, I can tell you that I use 1Password and my master password and I'm still _relatively_ safe in that you don't even know where to find a copy of my password database.
Encryption broken (whether algorithm or implementation)? If they're hosting, they've now become an _extremely_ valuable target as they're holding a bunch of paid-for accounts, credit cards, banking details, personal identity documents, etc. Not necessarily super-valuable in a one-off situation, but if you could grab a million password databases at once... Which wouldn't include mine, because it's off on my own server.
Legal abuse? An overly broad warrant could vacuum up every database in their possession. Presumably the government can't open the vaults, but if they _really_ cared how sure are you? Would you be comfortable not changing all of your passwords (but can't change your identity documents...) if the NSA asked for a copy of your database? If my data's never in their possession, then I'd need to be targeted specifically with a warrant.
For something I'm using to store all of my accounts, banking details (both logins as well as account and routing numbers), personal identity documents, MFA backups, key backups, software licenses, and more... my question for you would be more "Why would I take any additional risk when I don't have to?" I'd rather not be within the same blast radius as all the other 1Password users.
Edited to add: Also, outside of the "why don't I want my data sitting beside everyone else's", more generally with regards to a hosted option is where my data goes if I have any payment problems, and availability of my data being within my control (if my server goes down, I can fix it--if they have a massive week long outage I just need to twiddle my thumbs potentially without access to... anything).
> Passphrase compromised? If they're hosting, you know exactly where to go to access my passwords. If I'm hosting, I can tell you that I use 1Password and my master password and I'm still _relatively_ safe in that you don't even know where to find a copy of my password database.
The above argument seems to turn out the same even for cloud-synced vaults.
If Dropbox suffered a massive hack, the malicious actor could take all the *.agilekeychain and *.opvault files stored there, brute force the master passwords locally, and have potentially complete control over some people's finances and online lives.
Absolutely. We can kinda diffuse that risk out though if we have these files across a bunch of different services (some use OneDrive, some use AgileBits, some use Dropbox, etc).
Would we be better off if instead of one company like Equifax having _everyone_'s information, we had a company per state?
That all said, I actually self-host my (now KeepassXC because 1Password's push to cloud) databases on my own hardware, so for me it's truly a solution.
This is exactly and precisely why I don't host with 1Password, I don't want to have the same profile as the big valuable target of everyone's else's setup. Having something custom is far better if only for the fact that you have to be targeted individually vs. as a big mass prize.
Passphrase compromised? If they're hosting, you know exactly where to go to access my passwords. If I'm hosting, I can tell you that I use 1Password and my master password and I'm still _relatively_ safe in that you don't even know where to find a copy of my password database.
Encryption broken (whether algorithm or implementation)? If they're hosting, they've now become an _extremely_ valuable target as they're holding a bunch of paid-for accounts, credit cards, banking details, personal identity documents, etc. Not necessarily super-valuable in a one-off situation, but if you could grab a million password databases at once... Which wouldn't include mine, because it's off on my own server.
Legal abuse? An overly broad warrant could vacuum up every database in their possession. Presumably the government can't open the vaults, but if they _really_ cared how sure are you? Would you be comfortable not changing all of your passwords (but can't change your identity documents...) if the NSA asked for a copy of your database? If my data's never in their possession, then I'd need to be targeted specifically with a warrant.
For something I'm using to store all of my accounts, banking details (both logins as well as account and routing numbers), personal identity documents, MFA backups, key backups, software licenses, and more... my question for you would be more "Why would I take any additional risk when I don't have to?" I'd rather not be within the same blast radius as all the other 1Password users.
Edited to add: Also, outside of the "why don't I want my data sitting beside everyone else's", more generally with regards to a hosted option is where my data goes if I have any payment problems, and availability of my data being within my control (if my server goes down, I can fix it--if they have a massive week long outage I just need to twiddle my thumbs potentially without access to... anything).