Hicks also clarified that the new 1Password for Windows is “is built for1Password.com and has no licence option.” So, in practice, Windows user already are forced into the cloud. Hicks, however, said that if a user wants a one-time license she or he can email the company and 1Password will “help them determine if a license is really what’s best for them.”
In other words, 1Password really wants you to stop using its local storage version, though Hicks also added that the company is not planning to “remove support for local/Dropbox/iCloud vaults from the software,” at least for now.
Whitney Merrill, a security and privacy expert, told Motherboard in a Twitter chat that “it’s troubling that 1Password, a company that has traditionally been very loyal to its user base, could make such an impactful decision (subscription model and loss of local vault) without transparency to those users.”
This is why I spent the beginning of the year migrating away from 1Password. I can understand the appeal of a subscription-based model. Good software should be supported and this type of model can ensure that developers get the resources they need to keep making great products.
For things like TextExpander, I can see the convenience of having my text snippets available through a cloud-based solution on all of my devices. Text expansion snippets are not sensitive data, at least the way I use the product. If that information ever goes public, the damage should be negligible.
However, putting one’s entire password database in the cloud, in my opinion, no longer seems wise. For data that is so sensitive, an attacker should have to go after your endpoint, i.e., your personal devices. In this day and age, that’s just common sense.
Even if your trust AgileBits and their employees, do you trust all the governments they work with or will work with? Are you willing to suffer the consequences when they get hacked?