What will happen the day 1Password is thoroughly breached?
I see some people using this for "every" password, I shudder to think the day it will inevitably will breach, but it got me thinking would it be maybe nothing or you think it'd be even bigger disaster than I am thinking. And what about plaid, which one is going to be worse plaid or 1password?
The passwords might be encrypted. But an attacker could make a small modification to JS code, or push a bad application update to everyone.
Both website and the Apps can be compromised.
This is actually how governments broke E2E-encrypted chat systems of criminals: by taking over the central server and from there updating everyone.
1password and pretty much any other password manager around only have access to your passwords in encrypted form, so the answer is, pretty much nothing provided only you know your master password.
A lot of people are downplaying this, as if the only way that 1Password could be breached is if their raw data all gets stolen, because everything important would be encrypted. But what if their Web site instead gets modified to serve a client that exfiltrates everyone's master passwords as they log in?
As has already been said, it's not like they have a spreadsheet of each users passwords. Someone with more of a security background could explain better, but even if they were "breached", the attackers would still need each individuals password at minimum, possible still their "recovery kit" which for everyone is high entropy enough that it is not guessable with the amount of energy in the universe.
(I have all my passwords in 1password, but if there is s legit weakness I'd definitely like to know it)
Them being breached shouldn't matter. Unless their encryption is terrible, or your master password is weak, or they get SolarWinds style breach.
If you're really worried, use 2FA as much as possible and you can consider peppering your passwords.
https://en.m.wikipedia.org/wiki/Pepper_(cryptography)