fbpx

1Password Review

Published:
Last Updated: Jul 29, 2021

Written by

1Password is a password management tool that I’ve used since 2010 to securely store personal and business account information. 

In this review, I’ll tell you why I think 1Password is the best password manager on the market, how it compares to apps like LastPass and Dashlane, why I have both a Personal and Teams account, and everything else you need to know. 

I consider this review a follow-up to an article I originally published in 2012, in which I talk about how to choose passwords that are easy to remember

While 1Password keeps tabs on most of my (randomly generated) passwords, there are still a few that I have to remember, such as my Mac’s login credentials, my Apple ID password (because I need it often), and the master password that unlocks my encrypted 1Password vault. If you’re not sure how to choose passwords that are both memorable and very strong, check out that blog post first.

1Password

Michael Kummer

1Password Logo
Ease of use
Features
Integration with macOS and iOS
Pricing

Summary

1Password makes it easy to generate, store and use strong passwords for all of your accounts. I’ve been using 1Password for over a decade and consider it the best password manager on the market.

4.9

The Case for a Password Manager

This is the wrong way to keep track of your passwords.

The purpose of a password manager like 1Password is to securely store account credentials so you don’t have to remember them. Without the use of a good password manager, one of two things will eventually happen (sometimes these things occur at the same time):

  1. You use the same password for most or all of your accounts.
  2. You’re locked out of certain accounts because you’ve forgotten the password.

If you use the same password for most or all of your accounts, one of those accounts gets hacked, and the hacker manages to obtain your password (which can happen if the account provider stores the password in plain text rather than encrypted), then all other accounts that share this password are potentially exposed as well. 

In the example above, it doesn’t really matter how strong or secure the password was.

The problem with not remembering passwords is that it often leads to wasting time trying to figure out the correct password for a particular account. In a worst-case scenario, you can even lock yourself out of important accounts you might need immediate access to.

I see password-related issues on an almost daily basis at work, as well as among family members who haven’t yet come to understand the importance of proper password management.

The latter was actually the driving force behind the creation of this blog post. For example, every time my dad upgrades one of his Apple devices, he spends hours on the phone with Apple and other app developers trying to reset the passwords for his accounts because he doesn’t remember them. Or in his words, the “correct” passwords suddenly don’t work anymore.

The good news is that you can kick password-related issues to the curb once and for all by diligently using a good password manager, such as 1Password. 

So let’s jump right in and discover what 1Password has to offer and how it differs from some of the other password managers on the market, including LastPass and Apple’s Keychain.

1Password Review

1Password for macOS
1Password for macOS.

1Password was first launched in 2006, but I didn’t start using it until 2010. Back then, 1Password was a Mac app in its infancy. But even then, it was already an incredibly valuable tool in my toolbelt. 

In the years since, 1Password has morphed into a feature-rich application that offers broad platform support and that can easily meet the requirements of consumers, small businesses and enterprise customers alike. 

I have never used the Enterprise edition of 1Password, so this review is based on my experience as an individual as well as with 1Password’s Family and Teams editions.

Pros

  • Broad operating system and browser support.
  • Easy to use.
  • Keeps vaults synchronized across all devices.
  • Available for individuals, families, small business and enterprise firms.
  • Attractive subscription pricing.

Cons

  • Requires a subscription.

Feature Overview

1Password has all the bells and whistles you’d expect from a modern password manager, including the ability to:

  • Randomly generate passwords.
  • Securely store account credentials.
  • Categorize and tag stored entries.
  • Support multiple accounts and password vaults.
  • Share credentials with others, including family or team members.
  • Identify compromised websites, weak passwords or expired credit cards.

Additionally, 1Password offers deep integration with the most popular web browsers and operating systems.

My current list of vaults.

To better understand how 1Password works, you should know that you can store passwords in what the app calls “vaults.” A vault is a digital container, and you can have more than one of them. For example, you can have a vault for all of your personal accounts and one for your business accounts. Depending on the edition of 1Password you’re subscribed to, you can also share vaults with family or team members.

Editions

When I first downloaded 1Password, there was only a single app that was meant to be used by all individuals. 

Since then, Agile Bits (the company behind 1Password) has launched several versions (called editions) of its popular password manager in order to meet the needs of families, small teams and even large enterprise customers.

As of this writing, 1Password is available in the following editions:

  • Personal
  • Families
  • Teams
  • Business
  • Enterprise

So let’s talk about the differences between these five editions.

Personal

The classic 1Password app is meant for individuals who want to better manage their online accounts, passwords, credit card information, Social Security number and other potentially sensitive information.

Most of the experience I have with 1Password is with this edition. However, a few years ago, I upgraded to the Family edition of 1Password to make it easier to share account information with my wife and kids. 

Families

1Password family account
The dashboard of my 1Password family account.

I used to store the accounts and passwords for everyone in the family in my personal password vault. While that worked flawlessly between my wife and me, it was less than ideal when our daughter grew old enough to use a Mac and iPad for school and required access to her online accounts. 

That’s when we decided to upgrade to the 1Password Family edition, so we could create dedicated shared vaults for the kids. As part of that migration from a single-user to a family license, we also created a dedicated vault for my wife’s credentials. 

As a result, everyone in the family (except for our youngest boy, who is five years old and doesn’t care much about password management yet) has their own personal vault, in addition to a shared vault for the adults and one for the kids.

So if I want to share a password or other sensitive information with my wife or the kids, I can simply move that item from my personal to our shared vault.

Teams

1Password Teams Account
The dashboard of my 1Password Teams account.

As my media business has grown, I’ve increasingly found the need to securely share credentials (to my social media accounts, for example) with the members of my team. So instead of exchanging sensitive account information like passwords via email or iMessage, I decided to leverage the Teams Edition of 1Password.

1Password for Teams is similar to the Family edition, but it also offers the following, additional features:

  • Prevent members from accepting invitations using unauthorized email domains.
  • Slack integration.
  • Two-factor authentication using Duo.
  • Manage members using groups.
  • Share individual vault items with members (beta).
  • Automate 1Password deployment using a SCIM bridge.

I really enjoy the 1Password Teams edition because it allows me to better collaborate with my colleagues without exposing sensitive account information in plain text.

Business

I consider the Business edition of 1Password the big brother of the Teams edition. The main difference between the Teams and Business editions is that the latter offers advanced protection features, such as predefined password policies, fine-grained access control for each vault, detailed activity logging and usage reports and automated user provisioning with Active Directory, Okta and OneLogin.

While I don’t need most of that functionality, I’m actually considering upgrading to 1Password for Business because each team member gets a free Family account as well. 

Currently, I’m paying for both my Family and Team accounts, and by switching over to a business account, I could consolidate both into one and would pay roughly the same subscription fee every month. 

Enterprise

As I mentioned above, I have no experience with the Enterprise edition of 1Password.

This version provides even better support for features aimed at large corporations, including auditing and logging, automated deployments, advanced authorizations management (roles and groups) and 24/7 support.

1Password Applications

1Password used to be available for Mac only. These days, you can enjoy 1Password as long as you use one of the following operating systems or platforms:

  • macOS
  • iOS
  • Android
  • Windows
  • Linux
  • ChromeOS
  • Web

My experience with this password manager is limited to macOS, iOS and the web version. I briefly used 1Password for Windows in the past, but it’s been a while and I’m certain the Windows app has changed a lot since then.

Additionally, it’s worth noting that not all operating systems offer the same integration capabilities. For example, the Windows version of 1Password doesn’t offer support for TouchID or unlocking the app using an Apple Watch. Also, the Linux version of 1Password is still in beta. That means you can expect some bugs and missing features. 

Aside from those points, the Windows, Android and Chrome OS versions of 1Password offer pretty much the same user interface, experience and feature set as the macOS and iOS versions.

You probably know that iOS is a relatively closed operating system that doesn’t allow third-party and native apps to integrate with each other without Apple’s permission.

The good news is that Apple recently opened up and decided to offer standard interfaces (APIs) that allow third-party apps to leverage the built-in Keychain or third-party password managers. In other words, I can now have 1Password automatically fill in my username and password when signing into an application. What’s more, I can also use 1Password to randomly generate a new password and hand it over to an application during account creation.

Logging into an account on iOS with 1Password.

Apple’s decision to allow third-party password managers to integrate with applications has resulted in a dramatic improvement in overall user experience. In the past, when I downloaded a new app that asked me to create an account, I had to switch to the 1Password app to create a new login item, generate a random password, and then copy/paste the generated password into the new app’s password field. 

The same back and forth was necessary when signing into applications that always ask for my password to log in. 

These days, iOS either proposes the proper credentials (from Keychain or a third-party password manager — as you can see in the screenshot above), or you can search a supported password manager by clicking on the key icon on the top-right side of the virtual keyboard.

The same is true when authenticating on the web, as shown in the video below. I use this integration several times a day and I couldn’t imagine going to the old method that required switching back and forth between Safari (or a third-party app) and 1Password to retrieve the credentials I need.

Browser Extensions

This video demonstrates how easy it is to log in to webpages using 1Password and its browser extension.

In addition to native apps for the above-mentioned operating systems, 1Password also has dedicated apps (called extensions) for the following browsers:

  • Safari
  • Chrome
  • Firefox
  • Microsoft Edge

Those extensions enable 1Password to automatically fill in your username and password on login pages, generate new passwords for sign-up forms, or store entered credentials in your vault if they don’t exist yet (or need to be updated).

The video in section How 1Password Keeps Your Information Secure illustrates how easy it is to log in to web pages or to generate new passwords when signing up for a new account.

Note that these browser extensions are often only available for desktop (e.g., macOS), not for mobile operating systems (such as iOS). The good news is that both Safari and Chrome on iOS offer an interface that allows password manager integration without the need for dedicated extensions.

In other words, Safari and Chrome for iOS fully support 1Password when logging into web pages or when signing up for new accounts. 

Types of Data You Can Store in 1Password

An overview of the different categories 1Password has to offer.

As of this writing, I have 1,259 items stored across my various vaults and every time I create an account, I store the credentials in one of my vaults. Doing that is as easy as clicking on the 1Password extension icon next to the address bar of the browser or the key icon that’s part of the virtual keyboard on iOS. From there, you can quickly generate a new password and have it copied into the app or web page’s password field for storage in your vault.

I used to have a dummy password for test or low-value accounts but I stopped using that approach. Now, every time a webpage or an app asks me for a password, I have 1Password randomly generate one. In other words, I never reuse passwords (for the reasons I talked about at the beginning of this article).

But I also use 1Password to store much more than passwords. In fact, I use this password manager to securely store all of my sensitive information, including Social Security number, passport information, license keys for apps I’ve purchased and more.

To give you an idea of what you can store in 1Password, here’s a list of the default categories you can choose from when adding an item to your vault:

  • Logins
  • Notes
  • Credit card information
  • Identities
  • Passwords
  • Documents
  • Driver’s licenses
  • Email accounts
  • Memberships
  • Passports
  • Social Security numbers
  • Software licenses
  • Wireless routers

Most of the category names above are pretty self-explanatory, but I want to take a moment and briefly explain how I use them.

The reason why 1Password offers these different categories is because each one has specific fields that make it easier to store that particular type of information. For example, the Bank Accounts category has fields for account number, routing number or type of account (e.g., checking or saving), to name a few.

Logins

1Password - Login Fields

Logins can include all the information you need to log in to an account. Usually, that means a username, web addresses (URLs), a password and other information such as one-time passwords (OTPs) or two-factor authentication.

The cool thing about adding a URL to an item in your vault is that 1Password automatically fetches the logo (technically speaking, the favicon) of the page the login is associated with. That makes it easy to identify and find the right account. Additionally, it enables 1Password’s browser extensions to automatically suggest the correct login information for the page you’re visiting. 

I store as much information as possible for each account, including password recovery questions and answers.

Credit Cards

1Password - Credit Card Fields

This category offers pre-defined fields that make it easy to store credit card information, such as cardholder name, type (e.g., Visa), number, verification number, expiry date, etc.

Like many Americans, I have several credit cards and use most of them frequently. Despite that, I don’t remember their numbers, expiration dates and security codes. But I don’t have to, because I’ve stored all of that information in 1Password. 

The advantage this provides is that 1Password can automatically detect and populate payment forms on web pages with my credit card information. That saves time by speeding up the checkout process, and I don’t have to worry about fetching my wallet whenever I want to purchase something online. Additionally, 1Password warns me if any of the stored credit cards are nearing their expiration date.

Note that Safari has a similar feature, but it only stores your name, credit card number and expiration date — not the security code (CID). As a result, you have to remember the security codes of your credit cards to use this built-in auto-complete feature.

Identities

Text entry options for 1Password's Identity category.
Text entry options for the Identity category.

Any time you sign up for an account and try to check out through an online store, you have to provide billing and shipping information, including your name, email, physical address, phone number and other information. 1Password can help automatically populate such forms based on predefined identities. 

For example, you can store your personal and business contact information as two separate identities and then have 1Password fill in the appropriate one.

I used to manage my identities in 1Password before Apple decided to offer this capability natively. These days, I let Safari suggest my contact information based on my identity in the Contacts app.

Passwords

A brief explanation of how the “Passwords” category works.

The name of this category can be slightly misleading, as it can lead you to think that it holds all the passwords you’ve stored in the app — including the ones associated with credentials stored in the Logins category. 

However, the Passwords category only holds passwords that aren’t tied to other entries. In other words, you won’t find the passwords associated with Logins here (see above). Instead, Passwords shows you all the “loose” passwords you’ve generated (or manually) added that aren’t associated with anything else. 

Where do these “loose” passwords come from? 

Let’s say that when signing up for an online account, you have 1Password generate a password for that account using the “recipe” you’ve defined, only to find that for whatever reason, that password isn’t compatible with the system of the site or app you’re trying to join (for example, because that system doesn’t allow special characters).

In a case like this, that password would be automatically stored in the Passwords category.

This category is also used for passwords that you have manually created that aren’t tied to a specific online account. For example, when I send financial documents to my accountant, I secure them with a password, which I store here. 

Documents

This video shows how easy it is to add documents to your 1Password vault.

1Password allows you to attach documents to logins and items stored in other categories. For example, I’ve uploaded copies of my driver’s license and passports in case I need them.

All of these attachments (which 1Password calls “documents”) show up as a separate category. What’s important to understand is that the Documents category behaves differently than the Passwords category. 

As noted earlier, not all passwords show up in the Passwords category — and specifically, not the ones that are associated with other entry types. But if you select the Documents category inside the 1Password app, you’ll see all of the documents stored in your vaults, regardless of whether or not they’re associated with another entry type.

While I appreciate this birds-eye view of all the attachments/documents I have stored in 1Password, I’d love to be able to see what item (e.g., Login, Passport, etc.) a given document is associated with while browsing them in the group. Currently, when I select a document, it doesn’t show me the associated item.

Bank Accounts

Text entry options for 1Password's Bank Accounts category.
Text entry options for the Bank Accounts category.

1Password offers special fields for items categorized as bank accounts, including bank name, name on account, account type (e.g., checking or savings), routing number, account number and more. 

I’ve saved all of my bank account and investment account information in 1Password so I know where to look for it when needed. 

Additionally, I’ve used the software to store the bank account information of family members who have shared that information with me. For example, my mom lives in Austria and she wanted to make sure that we have all of her bank account information in case something ever happened to her.

Driver’s Licenses

Text entry options for the Driver's License category.
Text entry options for the Driver’s License category.

While I don’t need my driver’s license information as often as some of my passwords, I do have to provide it on a regular basis when signing up for financial accounts or for most types of government interactions. As a result, I decided to store my driver’s license information in 1Password, together with a picture of the front and back of my physical license.

Email Accounts

Text entry options for 1Password's Email Accounts category.
Text entry options for the Email Accounts category.

The email accounts category offers several predefined fields that you typically need for setting up an email account. Besides the obvious ones (e.g., username and password), you can also store such information as server address, port number, security settings (e.g., SSL or TLS) and authentication method.

I don’t use this category much anymore because I already have the necessary credentials already saved in the Logins category. That’s because all the types of email accounts I use (iCloud and Office 365) have web logins.

Additionally, Keychain (Apple’s native password manager) stores all of these credentials as well. So anytime I log in to iCloud on a new device (i.e., when I get a new iPhone), iCloud restores all of my email accounts.

That said, I still have a few email accounts of family members stored in 1Password from a time where they didn’t use 1Password and I was their password-recovery service.

Memberships

Text entry options for 1Password's Memberships category.
Text entry options for the Memberships category.

I use this category to store the Federal Employer Identification Number (FEIN) for my businesses, Global Entry information (for traveling abroad) and my library card number. 

Passports

Text entry options for the Passports category.
Text entry options for the Passports category.

I use this category to store all of our family members’ passports, even though we aren’t currently using this information as frequently as I would like. The challenge of our immediate family is that all of us have multiple citizenships and, as a result, multiple passports. 

Keeping all of that information in one place, together with pictures of the signature pages, is what 1Password is for. Additionally, I also maintain the information of passports from out-of-country family members who we occasionally purchase tickets for to visit us. 

Social Security Numbers

Text entry options for 1Password's Social Security number category.
Text entry options for the Social Security number category.

Here in the U.S., the Social Security number is arguably one of the most important numbers assigned to a person — and thus one that must be protected against loss or theft. As a result, the only place where I have copied down my family’s SSNs is in 1Password. 

While my wife and I remember our respective SSNs, we don’t remember our kids’. Being able to retrieve them quickly and securely is not only convenient, but also reduces the chances of these numbers being stolen.

Additionally, I also have the equivalent to Social Security numbers in Austria and Switzerland, and even though they’re not sensitive (i.e., they can’t be used to open accounts or borrow money in my name), I store them in 1Password as well because I only need them when I retire and I definitely won’t remember them when it’s time.

Software Licenses

Text entry options for 1Password's Software Licenses category.
Text entry options for the Software Licenses category.

I still have almost 60 items in this category, mostly from years past when subscriptions or services such as SetApp* weren’t a thing yet. As a result, most of the license information belongs to apps that either don’t exist anymore or that have switched to a subscription-based licensing model.

Still, I keep this information because sometimes having an old license key allows me to upgrade to a newer version of the software at a discount.

Wireless Routers

Text entry options for 1Password's Wireless Routers category.
Text entry options for the Wireless Routers category.

This is another category that I barely use anymore because both macOS and iOS store the passwords of all the wireless networks I’ve ever connected to.

Additionally, newer versions of Apple’s operating systems make it super easy to share Wi-Fi passwords with other Apple devices. So any time a family member or friends come to town and want to connect their Apple device to our wireless LAN, I can share the credentials with the push of a button.

Nevertheless, I store the credentials of the four WLANs I operate in our home in case I need to enter them on non-Apple devices.

Other Categories (That I Don’t Use)

Besides the above-listed categories that I’ve been using, 1Password supports additional categories that each have special fields that make it convenient to store related information. While I don’t use any of these categories, I wanted to mention them for the sake of completeness:

  • Database
  • Outdoor License
  • Secure Notes
  • Server
  • Reward Program

You can see the specific fields these categories provide in the gallery above.

Set-Up and Installation

1Password Emergency Kit
1Password Emergency Kit.

Getting started with 1Password is relatively simple. Note that the exact steps involved in installing and setting up the 1Password app may vary from operating system to operating system. But in general, here’s what you need to do:

  • Choose one strong password you can remember. This will serve as the master password that gives you access to your 1Password account.
  • Download your “emergency kit” and store it somewhere safe. This allows you to recover your account should you lose your master password.
  • Start adding account credentials to your vault.

The name “1Password” stems from the fact that all you have to remember to gain access to all of the other passwords stored in your vault is one (master) password. The master password is like the golden key that unlocks your secure vault(s).

As a result, I highly recommend you choose this password wisely.

Your master password should be strong but easy to remember at the same time. If you think that’s an oxymoron, you haven’t read my blog post about how to choose passwords that are easy to remember. So go ahead and do that before you install 1Password.

The good news is that if you use a strong master password, you don’t have to change it very often (unless you suspect it might have been compromised for some reason). I’ve used the same master password for several years. I’ve only shared it with my wife, and it’s virtually impossible to guess. As a result, I have no reason to believe that it might have been compromised.

Once you’ve chosen a master password, it’s important to download a copy of your emergency kit, which includes a randomly-generated secret encryption key that 1Password uses to secure the contents of your vault(s), and to write your master password on it. You need both that secret key and your master password to set up 1Password on a new device or when you reinstall your Mac or PC.

Since your emergency kit consists of a PDF file that includes your sign-in address, email address, secret key and an empty field for your master password, I recommend printing out the file, writing your master password on it and then storing it in a safe deposit box or another location that nobody else — except people you fully trust — have access to. 

Once you’ve completed the steps above, you can start adding all of your online accounts to your vault. I’ll share some tips and tricks on how you can do that most efficiently down below in the section “Top 10 1Password Tips.”

Advanced Features

Watchtower
The Watch Tower notifies users of web pages that support two-factor authentication.

1Password has several advanced features built in that make using its applications even more convenient and secure, including:

  • Support for one-time passwords (OTPs)
  • Tags
  • Travel Mode
  • Watch Tower

Two-Factor Authentication

1Password supports the use of two-factor authentication (2FA), such as one-time passwords, that many accounts require or recommend. What’s even better is that 1Password tells you if an app or a webpage supports 2FA, so you can enable it and thus improve the security of your account.

If you’ve never heard of or used 2FA or OTPs before, they’re a great way to prevent malicious attackers who guessed or stole your password from logging into your account. That’s because you have to provide both the account password and an automatically-generated number (the OTP), which expires after a short period of time (usually about 60 seconds), to gain access to the account.

I use OTPs with most accounts that support it, including bank accounts and even social media accounts.

This integration is a key point of distinction between 1Password and some of its competitors. For example, LastPass supports 2FA, but it’s not built into the main app; you have to download a separate authenticator app. 

Tags

In addition to categories, 1Password also supports the use of tags to make it easier to group items that span multiple categories. While I use tags a lot in combination with my blog, I haven’t had the need to tag items in 1Password.

But now that I think about it, it would probably make sense to tag items that belong to my blogging, beekeeping or supplement businesses. That way, I could easily click on a tag in the left sidebar and immediately see a list of all items that belong to the selected tag.

Travel Mode

Another exciting feature of 1Password is travel mode, which allows you to hide certain vaults from the 1Password app while traveling. That’s important if you travel to countries that are known to invade your privacy and that might force you to show them the contents of certain applications, including 1Password.

It also makes 1Password the best choice for people who work with potentially sensitive data, such as journalists and activists.

Here’s how it works: you create a special “traveling” vault and only keep items in that vault that won’t reveal any information beyond what you feel comfortable sharing with authorities (or anyone else who might force you to open it). Examples might include your passport or driver’s license information, but not sensitive banking or business information.

Watch Tower

The last advanced feature I want to cover is Watch Tower, a service that aims to give you additional insights to help maintain secure passwords.

Watch Tower maintains a database of hacked websites that might have exposed your account credentials. That gives you an opportunity to change your password or take other mitigating actions. Additionally, Watch Tower can automatically identify vulnerable, reused or weak passwords that you might want to change.

It also maintains a list of websites that offer two-factor authentication, such as one-time passwords, and tells you for which accounts you haven’t enabled that extra layer of protection for.

Last but not least, Watch Tower tells you what credit cards or memberships are expiring soon.

Pricing

1Password pricing options.
1Password pricing options.

1Password’s pricing is 100% subscription-based. What you pay per month or year depends on the type of license you choose (e.g., Personal vs. Business). The table below reflects the current pricing as of this writing.

TierMonthly Cost (Billed Annually)
Personal$2.99
Family$4.99
Teams$3.99
Business$7.99
EnterpriseAvailable on request
The pricing above is based on an annual billing cycle.

As I mentioned above, I currently have both a Teams subscription and a Family subscription. 

I think the Family plan is arguably the best value for many people because it includes a license for up to five family members and five guests — a great deal on a per-person basis.

The good news is that you can try any tier (except Enterprise) free for up to 14 days by using the link below.

Try 1Password for Free*

Additionally, if you decide to sign up for 1Password Teams or Business, you can get three months free by using this link*.

How 1Password Keeps Your Information Secure

A video demonstrating how I use 1Password when signing up for new accounts.

If you’ve never used a password manager, then you might be wondering whether it’s safe to store all of your most sensitive information, such as passwords and Social Security number, in a single online database. What if someone managed to hack into your vault and steal all of that information? Or worse, what if you permanently lock yourself out of your vault?

These are all valid questions that deserve careful consideration. I’ve been working in IT security for most of my professional life, and I’ve seen plenty of accounts get hacked and countless passwords exposed or lost. So let me give you my assessment of the pros and cons of storing sensitive information in 1Password.

First, let’s talk about key management, so that you understand how 1Password protects your data from a technical perspective (and who has access to the encryption keys).

Without going into the nitty-gritty, you should know that 1Password follows a secure-by-design principle (you can learn more about the security model of 1Password in this blog post). In a nutshell, 1Password uses 256-bit AES encryption to encrypt all of your data. 

So that you don’t have to enter a 256-bit key (called data encryption key or DEK) every time you want to unlock your password vault, 1Password encrypts your DEK with a combination of your master password and a 128-bit key encryption key (KEK). The latter is generated on your local device. That’s the reason why you have to provide both your master password and recovery key (=KEK) to access your vaults from a new device.

In addition to that, 1Password protects against brute-force attacks by using PBKDF2 for key derivation, making it harder for someone to repeatedly guess your master password.

For web-based access to your vaults, 1Password leverages Secure Remote Password (SRP) to authenticate your credentials without sending them over the Internet.

All of these measures combined ensure that nobody but you has access to your encrypted information — not even the company behind 1Password.

The one thing you can do to ensure nobody gets access to your passwords is to choose a strong master password that cannot easily be guessed and to never share your master password with anyone!

You can also enable two-factor authentication that adds an extra layer of protection, in addition to your master password and secret key. When turned on, you will have to provide a one-time password in addition to your master password and secret key when setting up 1Password on a new device. 

Additionally, the Teams, Business and Enterprise editions of 1Password can enforce two-factor authentication every 30 days, even on existing devices.

Unfortunately, two-factor authentication cannot be used to unlock vaults on existing devices. However, I don’t think anyone would enable that feature, even if it were available, because it dramatically reduces the usability of the app — unless, of course, you’re protecting government secrets.

That leads us to the second concern: what if you forget your master password and recovery key?

To mitigate that risk, it’s critically important to print out your emergency kit, write your master password on it, and store it in a safe place. If you use iOS and macOS, you can also leverage Keychain as a secondary password database. That’s what I do. Any time I log into a new webpage or app and iOS/macOS asks me if I want to store the credentials in Keychain, I say yes. That way, I have a backup copy of these credentials.

Also, keep in mind that most web pages and apps offer a “Forgot Password” feature that allows you to reset your password via a link sent to your email address or mobile phone number. In other words, you probably don’t have many accounts stored in 1Password that you couldn’t recover your password for in a worst-case scenario.

Top 10 1Password Tips

Since I’ve been working with 1Password for over a decade, I wanted to share some tips and tricks that have made my life easier, specifically as related to unlocking my vaults, adding passwords to my vaults, and retrieving passwords when I need to.

Before we go into the details, here are my top 10 tips (in no particular order) for working more efficiently with 1Password (or any password manager for that matter):

  1. Always store new account credentials in 1Password immediately.
  2. Always have 1Password randomly generate new passwords.
  3. Also store password recovery or verifications questions (i.e., in what city were you born?) in 1Password.
  4. Randomly generate the answers to such recovery questions instead of answering them truthfully.
  5. Choose a master password that is easy to type without compromising its relative complexity.
  6. Leverage FaceID, TouchID and/or your Apple Watch (if applicable) to unlock 1Password.
  7. Change the automatic vault-locking settings based on your environment. (E.g., I work from home rather than an office, so I don’t need my vault to lock every time I step away from my desk.)
  8. Define and remember a keyboard shortcut (on Mac or Windows) to quickly search for password entries.
  9. Leverage browser extensions to generate, store and populate account credentials.
  10. Keep a copy of your emergency kit in a secure location.

If you want to be successful with 1Password (or any other password manager) you have to get into the habit of using it. You have to trust that whatever password you need is securely stored on the platform. That can only be the case if you always and immediately store any new account credentials in 1Password.

When you do add new credentials, always have 1Password randomly generate the password using the longest and most complex password recipe that the account supports. 

My Password Recipe

My Password Recipe
My password recipe.

My default setting for new passwords is 20 characters or more, a mix of uppercase and lowercase characters, numbers and at least two special characters. If I see that an account doesn’t support special characters or has length limitations, I simply adjust the recipe accordingly. 

The goal is to generate a unique and complex password for each account I have. That way, if one account gets compromised, it doesn’t give hackers access to any other account. By generating random passwords, I can virtually guarantee that no hacker can guess them. As a result, the only remaining weakness I have is if the account provider stores my password in plain text — but that’s usually out of my control.

There are still many websites out there that don’t support two-factor authentication and, instead, rely on insecure and cumbersome “account recovery questions” such as “what was the name of your first boyfriend.”

I use 1Password to store "security" questions and answers.
I use 1Password to store “security” questions and answers.

I hate those questions, because they can usually be guessed by someone who knows you (or by someone who does enough research on social media). Additionally, they rely on consistent spelling and capitalization to work.

So what I do instead of answering those questions truthfully is that I generate a very long (up to 50 characters) random password for each answer and store it in 1Password. As a result, nobody can guess the answers to my recovery questions (even someone who knows me well).

Choosing a Good Master Password

Depending on how you’ve configured 1Password and how often you reboot your devices, you might be entering your master password a lot. That can get old fast, so I recommend choosing a master password that you can type quickly. 

However, being able to quickly type your password or passphrase doesn’t mean it should be easy to guess. My password is relatively complex and based on a recipe I outlined in this blog post. Additionally, I’ve enabled the ability to use FaceID on my iPhone to unlock 1Password instead of having to type the master password. 

On my MacBook Pro with TouchID, I use the fingerprint sensor in lieu of my master password and on my Mac Pro, I use my Apple Watch to unlock 1Password. 

To further reduce the need to unlock my password vaults, I’ve disabled the following settings on my iMac Pro:

  • Lock on sleep
  • Lock when screensaver is activated
  • Lock when main window is closed
  • Lock when fast user switching
  • Lock after computer is idle for [5] minutes

However, I only recommend doing so if your computer (and office) is located in a secure environment. I work from home and while my Mac locks when the screensaver kicks in, my 1Password app remains unlocked so I don’t have to enter my master password when I log back into my Mac.

Unfortunately, all of these more convenient unlocking mechanisms get temporarily disabled when you reboot your device. 

I know that’s a security feature, but I wish 1Password could somehow tie into the authentication mechanism of iOS/macOS and automatically unlock my vaults without requiring my master password.

Retrieving Credentials From the Vault

Using the keyboard shortcut opens a context-aware 1Password dialog that automatically pre-filters credentials based on the active URL or application.
Using the keyboard shortcut opens a context-aware 1Password dialog that automatically pre-filters credentials based on the active URL or application.

To retrieve passwords and other account credentials from my vaults, I usually rely on two mechanisms (instead of going through the main app). The method I use most often is the browser extension, followed by a keyboard shortcut that allows me to search my vaults and copy the password to the clipboard.

Leveraging these mechanisms is usually much quicker than going through the main app and searching for the required credentials there. 

1Password vs. Other Password Managers

Now that you know all about 1Password, let’s take a quick look at how it compares with other popular password managers. I won’t go into a lot of detail here, because each comparison could be its own blog post. But I wanted to give you at least an overview of how 1Password stacks up against the competition.

1Password vs. LastPass

Lastpass Dashboard.
The LastPass dashboard.

LastPass is owned by LogMeIn, the company behind GoToMeeting, a popular web meeting solution that I’ve been using for several years.

What’s cool about LastPass is that it offers a free version. Unfortunately, that free version is feature-limited and lacks the following capabilities:

  • Emergency access (similar to 1Password’s Emergency Kit)
  • Dark web monitoring (similar to 1Password’s WatchTower)
  • One-to-many sharing (recipients of shared items also need a LastPass account)
  • Enhanced multi-factor authentication
  • Desktop applications with auto-fill (Windows only)

Most importantly, the free version is limited to one device type, so you can’t use it on a mobile device and desktop at the same time.

However, you can easily upgrade to the Premium version of LastPass, which costs only $3 per month (just like 1Password). Doing so lifts all of the limitations I mentioned above. Additionally, LastPass offers family and business licenses.

Learn more about LastPass

I don’t have a lot of hands-on experience with LastPass, but based on what I’ve seen, it looks very similar to 1Password and it follows a similar pricing strategy. So if I wasn’t already a satisfied and loyal 1Password customer, I might give LastPass a try.

1Password vs. Keychain

macOS' built-in password manager, Keychain.
macOS’ built-in password manager, Keychain.

Keychain is a service that Apple has built into all of its operating systems. But until recently, only macOS shipped with a user interface (UI) that allowed you to manipulate the entries stored inside of your Keychain (as Apple calls the vault). These days, iOS also has a simplistic UI for viewing credentials stored in Keychain that you can access via Settings > Passwords.

While Keychain is nowhere near as feature-rich and easy-to-use as most other password managers, it does have some advantages, including:

  • Keychain automatically unlocks when you log into your device (there is no extra master password to remember).
  • You can keep your keychains synchronized across all of your Apple devices via iCloud.
  • Safari automatically stores credentials when you sign up for new accounts and automatically populates the login fields.
  • iOS and macOS use Keychain in the background to securely store security certificates and service credentials. That’s how iMessage, FaceTime and other apps “just work” instead of asking you for credentials all the time.

I consider Keypass a pretty good password manager for the web and every time Safari asks me if I want to store the login information for a new webpage in Keychain, I say “yes.” In other words, I allow both Keychain and 1Password to store my credentials. That way, I always have a backup copy in case something goes terribly wrong and I lose my entire keychain or password vaults.

Learn more about Keychain

1Password vs. Dropbox Passwords

The password manager offered by Dropbox.

Dropbox Passwords is a browser extension that’s available for Chrome, Edge, Firefox and Safari. There is also a mobile app that I haven’t tried yet.

Based on what I’ve seen from Dropbox Passwords on my Mac, it’s easy to use and it looks quite slick. In a way, it’s what Keychain for Safari should look like, in my opinion.

While Dropbox Passwords works really well with web pages, it doesn’t offer different credential categories to store credit card information, Social Security numbers and other sensitive information. That doesn’t mean you can’t store such information in Dropbox Passwords, it just means that you’re limited to using a few predefined fields, such as username, password, URL and notes — some of which might not apply or make sense.

The big advantage of Dropbox Passwords is that it’s fully integrated with the main Dropbox app, so your password vault syncs across all of your devices. Additionally, Dropbox Passwords comes free of charge if you’re on the Plus or Professional plan.

Learn more about Dropbox Passwords

1Password vs. KeyPass

The KeyPass open source password manager.
The KeyPass open-source password manager.

KeyPass was the first password manager I ever used. That was over a decade ago, and before I switched from Windows to macOS.

What’s cool about KeyPass is that it’s absolutely free, lightweight and open source. So you don’t have to pay a license fee and you can change the source code if you know what you’re doing and you’d like to add a feature.

But even if you’re not a developer, the open-source nature of KeyPass means that other developers can create plugins that extend the functionality of this password manager. 

My take on KeyPass is that if you’re technically savvy and don’t want to pay for software then it’s a great choice. I know several people who have been using KeyPass for a long time and are happy with it.

Personally, I don’t have the time to fiddle around with an app and tweak it to my liking. I want something polished that integrates well with my existing app ecosystem and processes. That’s why I’ve been using 1Password.

Download KeyPass

1Password vs. Dashlane

The Dashlane password manager.

Dashlane is another popular password manager that offers a browser extension as well as a desktop app. Dashlane has a very limited free tier and paid personal, family and business tiers.

I signed up for Dashlane so I could test it for this review, but I never got it to capture my login on netflix.com — a test that all of the other password managers passed with flying colors. 

A second test (logging into the WordPress backend of my blog) succeeded. I was a bit turned off by Dashlane not working on a site as popular as Netflix, so I ended my test cycle early. 

Assuming that Dashlane works well for most other sites, and based on what I’ve seen from the desktop app and browser extension, this password manager might be a viable choice. However, I’d definitely rank it behind 1Password and LastPass, both of which have worked flawlessly.

Learn more about Dashlane

Frequently Asked Questions

Does 1Password offer a free version?

No, unfortunately, 1Password doesn’t offer a free tier — only a 14-day trial period, which you can access via this link.

Does 1Password support two-factor authentication?

1Password supports two-factor authentication (2FA) in the form of one-time passwords (OTPs) for accounts that support it. However, 1Password doesn’t support 2FA to unlock your password vault.  

What encryption algorithm does 1Password use to keep my information secure?

1Password uses a randomly-generated AES 256-bit key to encrypt your data. That key is never sent across the network and only resides locally on the devices you use 1Password on.

How can I share credentials with family members or co-workers?

There are several ways to share account passwords with others. The most secure way is to add them as a (family/team) member or guests to specific vaults. To do that each party requires a 1Password account. The second (not so secure) option is to use the standard sharing sheet of your operating system.

While that approach seems convenient, you should know that you’ll be sending credentials in plain text. I recommend not doing that (and so does 1Password) unless you have no other choice and you’re using a secure way of transmitting the plain-text credentials (e.g., Telegram or iMessage).

Does 1Password support accounts that require one-time passwords?

Yes, 1Password fully supports one-time passwords.

Does 1Password support FaceID or TouchID?

Yes, 1Password supports all of Apple’s authentication mechanisms including FaceID, TouchID and even the Apple Watch.

Can I store documents (like PDF files and photos) in 1Password?

Yes, you can store documents in your 1Password vault, either as attachments or as individual documents that aren’t associated with an account.

Can you have a shared vault?

Yes, 1Password supports the sharing of vaults but only as part of its Family, Teams, Business and Enterprise editions. The personal edition doesn’t support vault sharing.

Why is it bad to reuse passwords?

Imagine you use the same password for all of your accounts and one of them gets hacked, thus exposing your password. Suddenly, all of the other accounts that have the same password are vulnerable as well. Using different passwords prevents this scenario, which is one of the most common sources of online security vulnerabilities.

What if I don’t remember my master password?

If you don’t remember your master password and you haven’t written it on your emergency kit as I recommended above, you have only very limited options to get back into your 1Password vaults. Check out this knowledge base article to learn what these options are. In a nutshell, you might be able to recover your password on another device that has 1Password installed or you can recover using your family or team account.

Wrap-Up

1Password is usually the first app I install on a new device because it gives me access to the more than 1,600 passwords, credentials, license keys and other sensitive information I’ve stored in its vaults. 

In other words, I wouldn’t be able to log into any other app, or add my email accounts, without the help of 1Password.

As a result, I consider 1Password a must-have app and one that has not only helped keep all of my online accounts secure, but which has also saved me countless hours that I would have spent trying to memorize, remember and type passwords.

If you’re not using a password manager yet or you’re not happy with the one you have, I highly recommend giving 1Password a shot. It’s one of the few paid apps that I’ve used for over a decade. Knowing how fast things change in the IT world, that is an eternity and speaks to the quality of 1Password and the company that stands behind it.

Now I’d like to hear from you! How do you manage your passwords and do you feel the method you use is efficient? Let me know by leaving a comment below.

Leave a Comment