> I'm curious about how you see the attack surface increasing when using 1Password. My knowledge of how it works is that it always stores your passwords in an encrypted blob that can only be decrypted with a combination of username, "master password", and vault password. So no matter if it's in Dropbox, 1Password's servers, or your own hard drive, if anyone obtains a copy of the password file they still have to crack it before they gain access to anything.
_If_ they obtain a copy of my password file.
"My email is nucleardog@nucleardog.example, my password is abcdef12345."
If I'm using 1Password's cloud service I'm... screwed? You now have literally my entire digital life.
If I'm syncing anywhere else, you've got a much bigger task ahead of you. First you have to _find_ where my vault is stored, then you need to gain access to it.
There's an extra layer of security to the way I want to do this. An extra factor of authentication. I don't want the only thing between you and my entire life to be one set of credentials.
_If_ they obtain a copy of my password file.
"My email is nucleardog@nucleardog.example, my password is abcdef12345."
If I'm using 1Password's cloud service I'm... screwed? You now have literally my entire digital life.
If I'm syncing anywhere else, you've got a much bigger task ahead of you. First you have to _find_ where my vault is stored, then you need to gain access to it.
There's an extra layer of security to the way I want to do this. An extra factor of authentication. I don't want the only thing between you and my entire life to be one set of credentials.