AgileBits appears to take security very seriously. At the same time, they have a whitepaper published online, which describes in great detail the individual security measures they’re taking. Being affine to infosec myself, I appreciate this openness a lot; their behavior actually helps make the product more secure, not less.
Although I’m on their Families plan, I’m not a fan of their subscription model at all. Worse, they appear to not support offline usage. In my opinion, this is a huge drawback. I’d love to access my credentials when I’m offline, too.
Mind that designing a secure piece software is an extremely hard task, which costs a lot of money. Given how well AgileBits have managed to pull that off, I’d recommend for anyone to get the subscription. That said, 1Password won’t help you a bit if your system is already compromised to begin with. I’d still recommend that you sign up but make sure to also teach yourself healthy security habits along the way.
When I started using 1Password in 2010, it helped me establish healthy security habits. For example, 1Password completely eliminated the temptation of password reuse, In retrospect, this effectively saved me from data breaches in several instances.
Another example would be the way AgileBits have designed the password generator built into 1Password. This generator uses configurable password lengths; at the same time, it generates easily-memorizable passwords with still more than enough complexity and entropy that they are essentially un-guessable. (Example: while other generators would create something like `f9ekX33m.c3cr$pt`, 1Password will suggest you passwords that are more like, `butter-tackling-prioritize-railway-mew,` which quite counter-intuitively, is not only easier to memorize, but also generally more secure than the former.)
This is extremely convenient for cases where I cannot easily access my 1Password vault, for example when I’m offline, or while I’m on a customer’s network which blocks the 1password.com domain (yes, there are IT departments who actually do that). Due to easily memorizable passwords the app has generated for me, I manage to keep my most important passwords in my head even though they were generated for me.