What I have zero interest in is increasing my attack surface solely for their bottom line.
I'm also increasingly uncomfortable with the company handling my passwords engaging in the sort of spin and dark patters we've seen from AgileBits in the past few years.
Also I see your reply has been downvoted enough to become grey. (EDIT: Looks like between starting writing this and submitting it, you're no longer in the gray from downvotes!) I imagine it's because you made a blanket claim about spin and dark patterns without any supporting evidence. I'd be curious to know what you're referring to since I don't really keep an eagle eye on this stuff, I just use their product.
The one thing I do remember in the vein of "dark patterns" is how they effectively hid the method of doing a one-time payment for 1Password where you have to manage syncing and backing up the password file yourself. Seeing as I have no reason currently to do anything but make a charitable read of that situation which has been decried more than once on HN, I'd be willing to bet they did so for the following reason: They have had many problems in the past where a customer has lost a password file because they were not a power user and did something such as keep it on one hard drive in their only computer. (reinstalled windows, hard drive died, etc.) So they wanted to make something that would prevent that from happening for the vast majority of their customers that don't really understand stuff like backups, or don't have Dropbox, or who aren't part of Apple's ecosystem and have iCloud, etc. so that their passwords will remain safe and secure. So they made their own sync service and hid the version that would do local-only files so that only the dedicated users who really want to do that would find it and use it.
OR alternatively they're a bunch of greedy people that just want to hoover up dollars from our wallets, as people love to accuse them of here. Maybe a little of column A and column B, honestly. Something something needing to ensure they have a company that stays in the black without wanting to absolutely bloat up their own software so it becomes another useless Enterprise(TM) application with each passing paid version.
Also the only affiliation I have with 1Password is I have a friend I recently learned works for them, otherwise I'm just a customer. I just got into one of my little ADHD focuses where I really wanted to reply with something long and detailed, so please don't assume I work for them or something and am defending them because of that :)
_If_ they obtain a copy of my password file.
"My email is nucleardog@nucleardog.example, my password is abcdef12345."
If I'm using 1Password's cloud service I'm... screwed? You now have literally my entire digital life.
If I'm syncing anywhere else, you've got a much bigger task ahead of you. First you have to _find_ where my vault is stored, then you need to gain access to it.
There's an extra layer of security to the way I want to do this. An extra factor of authentication. I don't want the only thing between you and my entire life to be one set of credentials.
When I keep it on an airgapped machine that's a lot harder than when it sits on 1password's internet facing servers.
Someone above outlined it nicely: If you let 1Password take care of encrypting the vault, and iCloud (for example) of storing the vault securely, then a malicious actor would have to compromise both products to get your secrets.
It's why we have a pilot and copilot on planes.
Except that they control the client that I'm entering the master password into. So either the password is sent to their servers anyway or a malicious actor could simply update the client to do so.
However the differential factor of 1Password, which was that it _didn't_ provide the storage if you didn't want it, has now gone away. Precisely why I chose 1Password when I started using it. I don't see the difference between this and any other password manager now.
There might be security or technical reasons for removing this option, but looking at how hard they've been trying to get me into a subscription during the last couple of years I just think we're on a bad case of subscription-all-the-things here.
