If you’re searching for a password management solution that’ll allow you to sync all your passwords across different devices and unite them into a single encrypted vault, and throw in a couple of top-tier features as well, you should check out 1Password.
Besides being a password management tool, 1Password can also serve as a virtual strongbox for all your sensitive data such as credit card details, highly-sensitive personal information, and top-secret documents. It also comes with an intuitive, user-friendly dashboard and a pocket-friendly price tag to boot.
However, there are a few drawbacks with 1Password as well, like not having a freemium edition nor speedy support channels such as a telephone line or a live chat.
Website | 1password.com |
Platforms | Windows, macOS, Linux, Android, iOS |
Browser extensions | Chrome, Firefox, Safari, Brave, and Edge |
Free version | 14 day trial |
Encryption | AES 256-bit |
Support | |
Price | From $1.50/mo. |
Deal | 14-day free trial > |
Let’s start with a quick look at the pros and cons:
+ Pros
- Passwords encrypted locally
- Passwords stored in the cloud and on your devices
- AES-256 encryption and 128-bit Secret Key
- Data encrypted in transit and at rest
- Encrypted file storage
- Breach and compromise monitoring
- Supports 2FA, multi-factor authentication, and TOTP
- Complies with GDPR and Canadian privacy laws
- Emergency Kit for account recovery
- Secure password sharing for multi-user accounts
- Supports all major platforms and apps
- Advanced sync options
- Watchtower password strength checker
– Cons
- Must provide a valid email address
- Based in Canada
- May collect and share user data
- May be forced to disclose user data
- No telephone or live chat support
1Password feature summary
Here’s a short summary of the full set of 1Password features:
- Supported platforms include Windows, macOS, Linux, Android, iOS, web, and all major browsers
- Secure Password Generation and Sharing
- Secure Notes
- Form and Payment Autofill
- 2FA Support
- Travel Mode
- Password Import/Export
- Data is encrypted on your device
- Data encrypted in transit and at rest with AES-256, PBKDF2, SRP
- 1GB encrypted file storage
- Synchronizes across all your devices and browsers
- Supports alternate sync strategies
- Reports & Analysis
- Security Alerts
- Breach and Compromise Monitoring
About the company
1Password is published by AgileBits, a company based in Ontario, Canada. It launched in 2006 as a Macintosh-only program. Over the years, AgileBits has updated the program to run on all the major operating systems, browsers, and mobile devices.
Unfortunately for us, Canada, like the United States, is a member of the Five Eyes Alliance (FVEY). Countries in this international intelligence gathering alliance are not known to have the strongest privacy laws. There have also been reports that they work together to spy on each other’s citizens, thereby contravening even those protections that do exist within a given country.
These are the reasons why many privacy advocates advise against using services that are based in any of the FVEY countries.
1Password Terms of Service
I reviewed the 1Password Terms of Service (TOS), dated September 23, 2021 (the most current as of the date of this review).
I did not find any issues or concerns with the TOS.
1Password Privacy Policy
I also reviewed the 1Password Privacy Policy, dated December 7, 2021. I liked how clearly it was written and what they had to say. They need to comply with Canadian privacy laws and with the GDPR for users who live in the European Union, which could make things complicated.
Fortunately, AgileBits has designed 1Password to function with very little data from you, making it easier for them to comply while protecting your privacy.
They divide the data they collect into Service Data, Secure Data, and optional Diagnostic Data.
Service Data
Service data is the type of data AgileBits needs to make 1Password function. It’s kept confidential, and it’s normally visible to the AgileBits staff only. Service Data includes (but is not limited to):
- Server Logs
- Billing Information
- Client IP Addresses
- The Number of vaults You Have
- The Number of Items in Vaults
- Company or Family Name
- Email Addresses
- Your Profile Name
- Any Image You Upload as Part of Your Profile (Optional)
Note: If you are concerned about 1Password logging your IP address, simply use a good VPN service. This will conceal your real IP address and location.
Secure Data
Secure Data is the data you store in 1Password, such as passwords, notes, and so on. This data is encrypted/decrypted on your device. 1Password never sees your Master Password, which means they have no way to decrypt your data. What’s more, your data is encrypted using a version of the AES-256 encryption algorithm (AES-GCM-256).
In addition, 1Password employs Password-Based Key Derivation Function 2 (PBKDF2), which makes it much harder for someone to discover your password through a brute force attack. In other words, the chances of an attacker cracking the encryption on your data are virtually zero.
Depending on where you create your account, your Secure Data can be stored in one of three regions: the United States, Canada, and the European Union. This is determined by the 1Password domain you use, as shown here:
Whichever region your data lands in, remember that your Secure Data is strongly encrypted. Even if 1Password hands your Secure Data over to a government or intelligence agency, there is virtually no chance they could decrypt it (assuming the service is securely implemented with no back doors).
Diagnostic Data
As the name suggests, 1Password support may sometimes request this type of optional data to diagnose problems. The important thing here is that it never includes Secure Data, and they will never request your Master Password or Secret Key.
1Password security audits
1Password includes the results of five third-party audits on their Security Audits page. The audits were conducted between 2015 and the present day. The most recent testing included:
- An SOC2 Type 2 Audit conducted by an independent auditing firm. SOC (Service Organization Control) auditing is an independent process to ensure that a product securely manages data to protect customers’ interests and privacy. This type of audit primarily assesses how secure the product is against internal threats. LastPass likewise publishes the results of their SOC audit, although theirs was SOC3, presumably a bit tougher than SOC2 Type 2.
- Penetration testing conducted by AppSec Consulting. This type of audit aims to test how secure a product is against external threats. After performing penetration tests and conducting a security assessment, AppSec Consulting concluded that “The security controls observed in the 1Password application were found to be substantial and unusually impressive.” Bitwarden is another password manager that has completed penetration testing and published the results.
- An ongoing, private bug bounty program conducted by Bugcrowd, Inc. This testing discovered nine high-priority problems. However, according to Bugcrowd, no user secrets were at “real” risk. In addition to this, Bugcrowd confirmed that as of January 1, 2020, all high-priority submissions from this program have been resolved. Also, none of the identified issues led to a loss of confidentiality, integrity, and availability (the CIA triad).
While it would be nice to have full versions of each of these audits instead of just quotes and executive summaries, AgileBits deserves kudos for the number and variety of third-party audits they have conducted so far.
1Password apps
While 1Password started out as a Macintosh-only product, it now covers all the major operating systems and browsers.
For MacOS systems running High Sierra 10.13 or later, they provide:
- 1Password for Mac, a stand-alone MacOS app
- 1Password browser extensions for Safari, Chrome, Firefox, and Opera. You must have 1Password for Mac installed to use these extensions.
- 1Password X which provides a fuller experience and works in Chrome, Firefox, Brave, and Opera
- 1Password mini, which can fill in your data on Mac apps
For Windows 7 or later systems, they provide:
- 1Password for Windows, a stand-alone Windows app
- 1Password browser extensions for Chrome, Firefox, Microsoft Edge, Brave, and Opera
You must have 1Password for Windows installed to use these extensions. - 1Password X which provides a fuller experience and works in Chrome, Firefox, Brave, and Opera.
- 1Password mini, which can fill in your data on Windows apps
Linux and Chrome OS users can use 1Password X with Chrome or Firefox. Or you can use the 1Password Command-Line tool.
When it comes to smartphones, you can get 1Password for iOS (version 12 or later) and Android (version 5.0 Lollipop or later).
1Password hands-on testing
I installed 1Password for Windows on my test machine and added 1Password X to Chrome for this review. (Note: While Chrome is indeed a secure browser, it does not necessarily respect your privacy. But due to its popularity, I used it for this review.)
Installing 1Password
You can install 1Password for Windows by creating an account on their website. You’ll be asked to provide a valid email address and a credit card number (which you don’t need to give them right now). This will put you into your free 14-day trial.
As part of the installation process, 1Password will create your Secret Key and Emergency Kit.
AgileBits says the key is generated on your device and that they never see it. You need to enter the Secret Key whenever you sign in from a new device. Using this Secret Key in addition to your password adds an additional layer of protection to your account.
Because AgileBits doesn’t generate or know the Secret Key, you need to know it and protect it yourself. To make that easier, 1Password can create an Emergency Kit, which contains all the information you need to get into the account.
Be sure to download the kit, and store the file in a safe place. You might even want to go so far as to print it and stash a copy in your strongbox or other secure physical location.
Once you get setup, you can download the various apps from the site, and get the browser extensions or 1Password X from the relevant app store.
Adding passwords and other data to 1Password
Once you have your account set up and the 1Password apps and extensions you want are installed, you’ll want to get your passwords and other data into 1Password. 1Password may be able to do the job for you automatically. However, it all depends on where your data is now and whether or not you are using 1Password for Mac.
Importing passwords and data
This is one place where 1Password lags behind most of the competition. It has a limited set of browsers and password managers it can import from directly. That said, you may still be able to import from other sources, but it will not be as easy.
So where can we import directly from?
1Password.com and 1Password for Mac know how to import data from:
- Chrome
- Dashlane
- LastPass
- SplashID
- Roboform
1Password.com can only import the login credentials from these locations. It can’t pull in your Credit Cards, Software Licenses, or Secure Notes. Only 1Password for Mac can import that data.
If the source of your data isn’t listed here, you can try importing it using CSV files. In this case, I suggest you visit this 1Password Support page and read up on what you will need to do to get your data transferred.
If you have a lot of data to import into your next password manager, and you aren’t using a Mac, or your data is not stored in one of the 5 or so places 1Password can import from, I suggest you think carefully about whether 1Password’s import capabilities meet your needs.
Manually adding passwords and data
If you want to (or have to) enter some passwords manually, you’ll be doing it through the Desktop app as well.
Note: I’ll demonstrate the process with Login credentials, but it is basically the same process for anything you store in 1Password. The following image shows the list of data types you can store in 1Password:
Select the type of data you want to add and you’ll see a form on the right side of the 1Password window where you can enter your data.
Letting 1Password capture a password itself
This is another place where 1Password does things slightly differently. Most password managers wait for you to log into a site, then ask you if you want them to store the login credentials you used.
1Password doesn’t wait for you to log in successfully. Instead, as you can see in the following image, it offers to save your login credentials as you enter them:
When it comes to effectively saving your login credentials, no password manager is 100% perfect. Like any other password manager, 1Password sometimes won’t be able to capture the data. In such cases, you’ll just have to manually enter your credentials.
Working with your passwords
Let’s open up 1Password X now. Its icon is in the top right of the Chrome browser window. It looks something like this:
To work with a password (or other data) in 1Password X, you begin typing the name of the item you want into the Search box at the top of the window. If you would rather see a list of all the passwords you have stored here, you’ll want to do that with the Desktop app. I find this kind of clumsy, although I’m sure it wouldn’t take long to get used to it.
One nice feature of 1Password is the Watchtower. This is the company’s name for their system of checking your passwords and warning you of any problems with them. To see it, log in to 1Password.com, select a vault, then select Watchtower in the menu on the left side of the window. 1Password generates a Watchtower report, which will look something like this:
It shows you which passwords have problems, and tells you how to fix the problem. Unlike some of its competitors, 1Password won’t change your problem passwords for you (see Dashlane). However, it quickly identifies problem passwords, which you can fix with the password generator.
1Password’s password generator
1Password has a perfectly functional password generator. While it lacks some of the customization options that other products have, I like its ability to generate PIN numbers (numerals only) as well as easy to speak, type, and remember passwords like: blatant-quay-pandemic-hopper.
In 1Password X, you can click the plus sign in a circle icon, then the Password Generator icon.
Putting 1Password to work
Once you are done with all the preliminaries, you are ready to see 1Password in action. Whenever you visit a web page that 1Password has data for, it will display the 1Password icon in any of the date fields it “knows.” Click on the icon to fill all the relevant fields.
If you have more than one password for this page (for example with multiple email accounts) 1Password will display a list of available credentials. Select one of the options and 1Password will fill in the appropriate fields.
Additional 1Password features
Now that we’ve touched on 1Password’s core features, let’s talk about some of the additional features you might find interesting or even important.
Travel Mode (all plans)
Travel mode is a strong feature of 1Password. You can tell 1Password which of your vaults is safe for travel. Once you activate Travel Mode, all vaults that are not safe for travel get deleted from your device. This ensures that if your devices are inspected while you travel, that inspection will only find the data that you designated as safe.
For the complete rundown on Travel Mode, visit this 1Password support page.
Sharing passwords (Family, Team, and Business plans)
These 1Password Plans allow you to share passwords safely with other users. The number of users you can share passwords with depends on which plan you have. All the multi-person plans come with this feature.
User Management (Family, Team, and Business plans)
All multi-user plans allow you to view and manage the users who are part of your plan.
Secure file storage: 1 GB+ (all plans)
Personal, Family, and Team plans all feature 1 GB of secure file storage per user. The Business plans include at least 5 GB of secure file storage per user.
365 day item history
1Password keeps a history of all changes (even emptying the trash) you make to your account for 365 days. This makes it possible to view and restore previous versions of items.
Advanced sync options
If you don’t want to use the 1Password sync solution, there are some advanced options you can use to keep your devices synced. Solutions include using iCloud, Dropbox, a WLAN Server, or a Local Folder. Each of these options has its own quirks and requirements, so if you are interested, you can find out more here.
1Password Support
Providing high-quality customer support is expensive. Perhaps that’s the tradeoff with 1Password. You don’t get a free version of the product. Instead, you get a paid version with quality support. Trustpilot is full of 1Password reviews that praise the support AgileBits provides for their product, which is something we don’t see often.
You can contact 1Password Support by email, Twitter, or through their community forums. There is no telephone support nor live chat, but you should be able to get help through these channels quickly.
Aside from the tens of thousands of topics (with hundreds of thousands of replies) in the forums, the 1Password Support page has many articles covering numerous subjects. Put it all together, and 1Password Customer Support is definitely a strong point of the product/service.
How secure and private is 1Password?
1Password has a lot of positives. But is your data secure and private if you use 1Password?
1Password security
1Password goes above and beyond when it comes to security. As with other top password managers, your data is encrypted using the AES-256 algorithm, with keys generated from your Master Password. But 1Password includes your 128-bit Secret Key with the Master Password in the encryption, adding a lot of entropy to the process (making it much harder to crack by brute force).
What all this means in plain English is that your data is about as secure as can be when you store it in 1Password.
Note: If you are interested in the encryption and security details, check out the 1Password Security Model page.
1Password privacy
As usual, privacy is more of an issue. 1Password does collect some personal data, and they may have to share it with third parties and governments. All this is explained in the Privacy Policy we have covered above.
Since 1Password isn’t Open Source software, unlike Bitwarden, we have to take their word for it as to what data they collect and what they do with it. But as of today, I’ve seen no reason to doubt them on this.
Lastly, remember that all data stored in 1Password is heavily encrypted, above and beyond the norm. AgileBits states that they never see your Master Password, nor your Secret Key. This means that they have no way to decode your data. This ensures the privacy of your data, even if some government agency forces AgileBits to hand over your (encrypted) data files.
1Password plans and pricing
1Password has different pricing options for different types of users.
Single user and Family plans
The 1Password single user plan would cost you $3.09 per month, billed annually. That works out to $35.88 per year, after your 30-day trial.
The 1Password Family plan supports up to five family members for only $4.99 per month, billed annually ($59.88). For this price you get everything in the single user version, plus password sharing, a management console for the family, the ability to recover locked family member accounts, and more.
Got a big family? You can invite additional members to join the plan for $1 per person per month.
Team and Business plans
If you want to use 1Password at work, you have three options: the Teams, Business, and Enterprise plans.
I won’t try to list all the features and benefits of these plans. Suffice it to say that they are full-featured.
There are also Teams plans, Business plans, and Enterprise plans, which you can learn more about on the 1Password website.
See all 1Password prices here >
1Password FAQ
The short answer is yes. When we take into account the company’s track record and the wide range of security-related features it provides, we can safely say that 1Password is a password manager you can trust. Your password and other sensitive data are shielded with one of the strongest encryptions out there (256-bit AES), a “zero-knowledge” policy, and two-factor authentication (2FA).
According to the data on the official site, over 15 million users across the world are putting their trust in 1Password as we write.
While many password managers have been hacked over the years, 1Password is not one of them. It’s been a part of the security industry for over 15 years and all this time 1Password has never fallen victim to cybercriminals.
Even if 1Password gets hacked and your sensitive data stolen, there is practically no chance that cybercriminals could decrypt it. Three things are needed to decrypt your data: your account password, your Secret Key, and the encrypted data itself. You’re the only one who knows your account password, your Secret Key is generated locally during setup, and all your data is encrypted/decrypted on your device. So, even if a cybercriminal mastermind would somehow manage to steal your account password, they wouldn’t be able to get inside your vaults and grab what’s in it.
Your Secret Key is your unique combination of 34 letters and numbers, separated by dashes. It serves as an additional layer of protection on top of your account password. It’s created and stored on all devices you’ve used to sign in to your 1Password account, as well as in your Emergency Kit.
1Password review conclusion
1Password can sync your passwords and sensitive data across all your devices while carrying out the everyday tasks of a password management tool. It’s a simple-to-use, feature-rich solution with a kind and knowledgeable customer support staff and a price tag that won’t break the bank.
We are particularly pleased with 1Password’s Travel Mode which deletes vaults on your devices that are deemed to be unsafe for travel. It’s a must-have for those who travel frequently and a useful feature other password managers should implement into their solutions.
If you’re still wondering how 1Password can benefit your business, here are some of its highlights:
- Supports all major operating systems and most of the popular browsers
- Offers multiple plans covering everything from a single user to enterprise-level businesses
- Features especially strong encryption to keep your data safe and secure
- Has a competent support team that gets praised by users
- Travel Mode enables you to shield your sensitive data from intrusive border inspections
- The Watchtower feature will check the strength of your passwords and notify you about any security breaches in which your data has been compromised.
As with everything in life, there are some notable drawbacks with 1Password and they include:
- The lack of a free plan
- Different formats (desktop, mobile, browser extension) come with different capabilities, which could confuse users
- The user interface has a slight learning curve
- No telephone or live chat support
- Is based in one of the Five Eyes (FVEY) countries which is bad news for your data privacy
Even with a great deal of information, making the right decision can be difficult.
Fortunately, 1Password offers a 14-day free trial for everyone, which means you can try everything out for yourself without spending a dime. To do this, click right here.
And if you want to check some of 1Password’s competitors first, here is the full list of our password manager content:
- Bitwarden Review
- LastPass Review
- KeePass Review
- NordPass Review
- Dashlane Review
- 1Password Review
- Best Password Managers
- How to Create Strong Passwords
This 1Password review was last updated on May 26, 2024.
Quietme
1Password discloses security incident linked to Okta breach
[https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/]