1Password review: how secure is it?
-
Aurelija Tomkevičiūtė
Writer
1Password is one of the best password managers on the market for several reasons. It excels in cross-platform functionality, ease of use, good prices, and, most importantly, robust security.
It uses industry-leading encryption technology for your vault and secures each user account with a 34-character security code. Plus, the 1Password browser version allows you to move across devices and browsers securely as well as comfortably.
However, during our tests, the autofill was sluggish. And we missed the password inheritance feature, which can be found in other reputable password managers, like Keeper.
But despite a couple of downsides, we still need to help you find out how good and safe 1Password really is. Hence, we have tested, and detaily reviewed this password manager in terms of security, performance, features, and other critical aspects.
| TOP Choice | ||
| NordPass | 1Password | |
| ⭐ Rating: | ||
| 🥇 Overall rank: | #1 out of #15 | #5 out of #15 |
| 🔥 Coupons: | NordPass coupon 52% OFF | 1Password coupon 40% OFF |
| 💵 Price: | From $1.43/month | From $1.79/month |
| ✂️ Free version: | Yes | 14-day trial |
| 🔒 Encryption: | XChaCha20 | AES-256 |
| 🖥️ Platforms: | Windows, macOS, Linux, Android, iOS | Windows, macOS, Linux, Android, iOS |
| 🌐 Browser extensions: | Chrome, Edge, Firefox, Opera, and Safari | Chrome, Firefox, Edge, Brave, Safari |
| Get NordPass |
1Password review – pros and cons
Visit 1Password to learn more about the features
Is 1password safe?
1Password ensures unbreakable security for your credentials in and outside your password vault. Due to applied AES-256 encryption cipher, a Secret Key made of 34 symbols and stored on your device only, multi-factor authentication, and more robust security measures, this password manager gaurantees end-to-end protection.
- Endryption. Advanced AES-256 encryption scrambles your stored data into numerous pieces and makes it impossible to read them to anyone.
- Secret Key. 1Password’s Secret Key is a never-seen security feature before, which creates an additional protection layer from intruders. It consists of 34 mixed characters, and you are the only one who receives this 128-bit code that is impossible to decrypt.
- Authentication. Not only a secret code is protecting the vault from unauthorized accesses to your passwords. With 1Password, you can also use a U2F key-based MFA that supports YubiKey, Titan, and more.
- Master Password. Like with all reputable password managers, with 1Password, you also need to set up a unique Master Password that’s known only by you. Meaning the provider itself doesn’t store or know it at all.
- Privacy. 1Password's zero-knowledge policy leaves sensitive information unknown even to the company itself, and Secure Remote Password (SRP) protocol prevents hackers from intercepting Master Password, Secret Key, and other transmitted data.
- Audits. 1Password password manager maintains recent penetration tests by ISE and security audits by Onica, with past pentests and security assessments completed by AppSec Consulting, nVisium, and CloudNative.
- Additional security measures. The company has a private bug bounty program from Bugcrowd, with 387 unique researchers looking for bugs. Therefore, you receive a more comprehensive layer of protection.
Overall, 1Password designed every feature to make sure only you have access to the passwords, financial, and other personal information kept in your account. You get full control of your security, and multiple security features protect it from hacker’s attacks – chances of stealing the data at rest and in transit are next to zero. And to learn more details about how this password manager works, you can also check our 1Password video review.
Password generator
One of the most crucial features found in robust password managers is a password generator. Indeed, 1Password has it too, and helps you create complex passwords for any type of an account.
For your own comfort, you can customize the length of a password, choose what symbols and numbers are included in it too. At last, your password can have up to 100 characters, meaning you receive an unbreakable protection for each of your account.
Watchtower
Watchtower is a suite of security tools that comes with every 1Password membership. At a glance, Watchtower can alert you to any weaknesses in your security ecosystem, including passwords that need to be changed or strengthened, compromised logins, and security updates from websites you store credentials for.
Every vault has a Watchtower item in the left-hand column which you can use to view the status of items within the vault. Watchtower can check the security status of individual websites.
Travel Mode
Vaults also help keep your data safe when you travel. If some data is not secure across national borders, you can activate “travel mode” for family members and team members who will be traveling internationally.
Storing “travel-safe” information in separate vaults enabled for travel mode will ensure uninterrupted access to that data, while protecting non-travel-safe data by removing the vaults when you cross borders.
Every 1Password account includes Travel Mode. You can toggle it from the “My Profile” account window.
On your “My Profile” page, a “Travel Mode” button is in the lower left.
Once Travel Mode is on, you will need to specify which of your vaults are travel-safe. To identify a vault as safe to access in Travel Mode, go to your home screen and click the “Settings” icon shaped like a gear on the vault you want to set to travel mode.
Once in the settings screen for that vault, set the vault to “Safe for Travel” using the toggle button.
Privacy cards
Reliable financial protection has been in high demand for a while now. Consequently, 1Password has implemented the Privacy cards feature to its suite. With it, you can safey autofill your virtual credit cards’ information while shopping online or in any other occasion.
Each Privacy card is tied to a different merchant, meaning you would need to create a separate card for different accounts. And for each credit card you can set the limit of your spending.
On the downside, these virtual 1Password cards are only available for the US residents that are also at the age of 18 and older.
Auto-cleared Clipboard
Copying and pasting indeed saves heaps of time for each of us, whether it’s your login information or some personal information for the form. However, it can happen that you paste sensitive data to unsecure fields and leave it unprotected. To avoid dangerous consequences in this situation, 1Password offers you an Auto-cleared Clipboard feature.
By enabling this feature in your 1Password app settings, all the information that’s been copied is erased once the 90 seconds pass. This way, you avoid accidentally pasting important information to inappropriate fields.
Psst! Password sharing
While previously 1Password was known as a provider with limited password sharing possibilities, now it offers a game changer – Psst! Password sharing feature. Thanks to it, now, you can share your passwords, secure notes, and other stored information not only with other 1Password users but also with anyone that you wish.
To do this securely, 1Password generated an access key to your vault. You can even set the expiration date for the encrypted link – it can be between 1 hour to 30 days, and viewed only once.
1Password features
1Password has numerous features focused on two main things: easy data sharing, and supreme data security. While they sound like total opposites, 1Password actually does a terrific job balancing the two, making this password manager both a safe and convenient solution.
Here are the top features:
- Form filling
- Multiple Vaults
Let's talk about them in detail:
Form filling
While autofilling passwords is already a big step towards saving time and improving online privacy, 1Password’s Form filling feature takes this even further.
To ease your browsing experience even more, this password manager autofills your credit card, billing, and other personal information while shopping online, paying bills, or filling any type of a form.
Of course, to do that, first you have to add all that information to your 1Password’s encrypted vault.
Multiple Vaults
Every 1Password account is broken down into “Vaults”— essentially filing cabinets for your 1Password data items that can be used to categorize the items you store there. A vault can contain form fills, passwords, secure documents, credit card information, and more.
Vaults help 1Password users keep their digital lives organized in a secure way, but vaults are also helpful to share credentials and manage permissions. If a team member or family member is only authorized to have access to certain data and credentials, all of those credentials can be stored in one vault, with shared access to that vault and that vault alone given to the authorized individual.
Plan comparison
1Password pricing starts at $1.79 per month, billed annually. There is no free version, but you can opt-in for a free 14-day 1Password trial. This should be plenty of time to find out whether the service fits you. If you decide that it would be worth the price, here's what you get with different paid plans.
| Features | 1Password | Families | Teams | Business |
| Price | $1.79/month | $2.99/month | $19.95/month | $7.99/month |
| Guest accounts | 1 | 5 | 10/person | 20/person |
| Unlimited devices | ✔️ | ✔️ | ✔️ | ✔️ |
| Unlimited passwords | ✔️ | ✔️ | ✔️ | ✔️ |
| Two-factor authentication | ✔️ | ✔️ | ✔️ | ✔️ |
| Watchtower | ✔️ | ✔️ | ✔️ | ✔️ |
| Account recovery | ❌ | ✔️ | ✔️ | ✔️ |
| Document storage | 1 GB | 1 GB | 1 GB/person | 5 GB/person |
| Admin permission control | ❌ | ❌ | ✔️ | ✔️ |
| Activity logs and usage reports | ❌ | ❌ | ❌ | ✔️ |
Overall, the logic here is rather simple – the base 1Password account includes all the main features you'd expect from your password manager. Unlimited passwords for unlimited devices, and all of the main security perks should be enough for just about anyone.
If you want to take all these great features and multiply them for several users – the Families plan will be a perfect fit, offering nearly the same options for up to 5 people (you can add more users for $1 per person). The extra you get is the opportunity to recover an account for connected users in case you’re locked out.
Finally, the Teams and Business plans are suited for – you guessed it! – teams and businesses. With additional security features, logs, reports, and custom permissions, it'll be excellent for businesses that juggle crucial login information on a daily basis. If your company is using multiple products and interfaces requiring shared logins, this is an ideal fit.
Ease of use and setup
Setting up 1Password is quick and easy – and while there are a couple of peculiar things about using 1Password, the overall experience is streamlined and suitable for all types of users.
The process of using 1Password starts with picking a plan. Once that is out of the way, you must enter your email address and receive a six-digit authentication code to proceed to account setup. The code arrives immediately in the inbox of the email address you enter.
The first time you make it to your 1Password vault, you are asked to create your Master Password, and there’s also a pop-up with your 34-character Secret Key, which will be needed each time a device or a browser is added to your account. Both these tools are encryption keys for your entire 1Password ecosystem. But if a hacker obtains your Master Password, he has access to everything, so guard it carefully.
After you enter your master password, it's payment information time. You can write it all down there and then – or skip the process for the time being. You'll get a 14-day free trial regardless.
Once that step is done, the app prompts you to download an “emergency kit,” a one-page PDF that includes a sign-in address, a 34-digit secret key, and a QR code you can use to set up or retrieve your account.
Once you download your emergency kit, you’re in! Your 1Password account is ready to roll.
Managing 1Password Vaults
The “vault” is the basic workspace in 1Password. From the home screen, you can create a new vault from the “+ New Vault” button in the upper left hand corner. Once you hit the button, the app will prompt you to give your vault a name and an optional description.
Once you name your vault and create it, the vault will appear as a tile on the home screen, starting in the lower half of the page. As you add more vaults, more tiles will appear.
Clicking on the vault tile will take you to the main screen of that vault, which is divided into three columns—a control column on the left, a middle column for the list of items in your vault, and a larger right hand column where you will see the item details once added. It resembles a cross between a Wordpress admin panel and a Finder window.
Vaults are helpful for credential management because family-member or employee access can be partitioned by vault. If someone is only authorized to access certain information, they can be granted access only to certain vaults.
Adding entries to 1Password
Once you have your vaults defined, it is time to add some items.
You can add items using the “+ New Item” icon on the bottom of the big lefthand field of the vault. Once you click on that button, a long list of potential items appears.
Here’s where the fun starts. If you want to select a password, you can give it a title (for example, “Gmail”) and add the password, websites, labels, tags, and other information.
Once you “save” the item, it appears in the middle column, where you can select and edit it.
If you want to add a credit card, select “Credit Card” from the “+” menu, and a form appears where you can enter credit card information.
Once you save the information, your credit card appears in the middle column below the password entry you previously added.
If you highlight the star beneath the item title in the large item column, it becomes a “Favorite,” which can be filtered using the “Favorites” item in the left hand column.
Importing data to 1Password
It is possible to import data from other apps into 1Password, making it easy to transfer over files from Chrome, other 1Password accounts, or apps like LastPass, Dashlane, RoboForm, or Encryptr.
To import data, click on your member name (usually your first name) and find “Import” on the dropdown menu that appears.
Once you arrive at the import page, select the vault you want to import data to, and the app you will import from.
You will next be taken to a page where you can upload the CSV file downloaded from the app. Once you upload the CSV file, 1Password will import the data into the correct item format in the selected vault.
1Password apps
1Password can be accessed by more than just 1Password app and 1Password the browser-only version of it. This password manager also includes some other ways to access it, namely: desktop, mobile, and Apple Watch apps.
1Password desktop apps
Unfortunately, Linux users will have to use the command line instead of a nicely-designed application. Meanwhile, Windows and Mac uses will be able to enjoy a comfortable password management tool not only on their browsers but also natively on devices.
With a well-organized application, you receive all the available 1Password features. There, you will be able to complete all the same functions as in the 1Password browser version. Meaning, you have control over your currently added or future credentials, and you can access them in seconds. Not to mention the left-side menu that helps you to find your favorite credentials and other subcategories of stored information.
What's great is that both Windows and macOS versions look great, no one stays wronged. The only difference is that the Mac app is matching the OS, so new users can find their way with this password manager quickly.
1Password mobile apps
1Password offers mobile apps for the iOS and Android operating systems. The app will give you quick access to all of your passwords, letting you quickly copy and paste all the required information.
Alternatively, you can skip the middle man (yourself!) and just let the app autofill everything for you – including passwords and forms.
You may have to enable the autofill function in settings. When filling out a new form or login credentials, the activated app should prompt you with the option to save the credentials in 1Password for later recall. Your saved 1Password credentials are side-by-side with other saved credentials. You may have to search through saved in-app credentials to get to your 1Password credentials.
1Password Apple Watch app
Like all reputable password managers should, 1Password has expanded its functionality to Apple Watches. This provider’s decision offers you next level comfortability.
With it, you can easily access your bank account details, wifi passwords, secure notes, and other handy information. Even though you cant’ access documents on the Apple Watch, it’s still a great way to reach your credentials on the run.
No surprise here, but you can only add Apple Watch to 1Password’s device list through an iPhone. However, after adding it to the account, it becomes possible unlock your vault on Mac straight from the Apple Watch.
1Password browser extensions
1Password also includes a browser extension, available on all major browsers. It's a pretty powerful solution, letting you access just about any of the features available on the full product.
Once the extension is added to your browser of choice, logged in, and activated, it becomes easy to both add and access data to 1Password. For example:
- A 1Password icon will appear on browser forms. If the forms will ask for some suitable information – for example, your personal data, or passwords tied to a specific domain – you'll be able to insert that information with just one click.
-
1Password browser extension can recognize credit card fields, address fields, etc., and supply suggestions from 1Password as a dropdown, substantially speeding up your form filling.
- When entering passwords, credit card information, or form information for the first time, it will give you the option to save that data to your 1Password account, including a selection of which vault to save it to.
- Instead of having to come up with unique passwords, 1Password will give you the option of generating unique and secure passwords for you, which you can then save to your vault immediately.
-
1Password browser extension can search your vaults from your browser.
- The extension is armed to drag-and-drop data stored in 1Password to the relevant fields.
Customer support
1Password maintains an extensive FAQ and searchable user forum, which can be used to find answers to common questions. It covers most of the main issues – and offers a lot of professional troubleshooting, in form of extensive how-to guides.
For more complicated questions, 1Password maintains support channels by email, Twitter, and forum response.
It would be nice to see phone or chat support available in the event of hard-to-resolve issues. VIP support is available for business plans or higher, but for most users, a relatively fast but not instantaneous email support architecture is the best option.
1Password alternatives
1Password is one of the best options, but there are plenty of quality password managers on the market. Here are the best 1Password alternatives.
NordPass
NordPass is another product by NordVPN developers, so you know this password manager means business. It has multi-factor authentication: you can use 2FA or biometrics information to confirm your identity. That way, your credentials are safe not only with encryption but also with a second factor.
They have dedicated apps available to all major platforms. This means no matter what is your device of choice. You will be able to access your credentials cross-platform. There are some additional premium features like Data Breach monitoring, use optical character recognition to scan your documents to avoid typing in.
Read more: NordPass review
Dashlane
Dashlane is one of the oldest password managers. Over the years, they have perfected the formula, making it the superb choice for anyone who wants to step up their credentials management.
The stored information is only uploaded to their servers encrypted. No one will know what's in the cloud. No one is going through your password either, especially if you enable multi-factor authentication. You'll be able to use biometric data or hardware tokens to confirm your identity. Premium users are also getting more encrypted storage, more password slots, and a VPN.
Read more: Dashlane review
1Password review summary
If you’re looking for an easy to use and a reliable password manager, then 1Password is a great option. It strongly focuses on providing you with either instant and lasting protection. You receive features that allow you to share passwords via generated link as well as continuesly monitor your data in a security dashboard.
Not to mention all the essential security layers, such as advanced AES-256 encryption, multi-factor authentication, 34-symbol Security Key, and a passwordless login using Passkeys that’s coming in sumer, 2023.
Of course, 1Password also has gaps to fill up. For example, its autofill feature could use an improvement, and it doesn’t have a free version, which would be a great way to test the service. But, as for now, you can use a 30-day money-back guarantee and try the premium service risk-free.
Best password manager deals this week:
Other password manager reviews from Cybernews
LastPass vs 1Password: which is better?
Dashlane vs 1Password: which do we recommend?
Bitwarden vs 1Password: is there a winner?
FAQ
What is 1Password’s security model?
To protect your data in and outside the vault, 1Password uses end-to-end encryption and complies with industry-standard security controls. The information is encrypted using AES-256 cipher, and you can also use multi-factor authentication that supports security keys or biometrics.
The biggest security concern with 1Password is actually on the user side—that is, you. By trusting 1Password, you are committing all your private data to a single point of failure—your master password. If a cybercriminal gets that password, (s)he has access to everything. So guard your master password carefully!
How does 1Password work?
1Password constantly tracks data breaches and other security flaws, so you can stay fully protected. It cooperates with Bugcrowd and operates a private bug bounty program which thoroughly looks for new bugs and helps you prevent them. Also, it also checks for old, unsafe, and weak passwords in your vault.
What does 1Password’s zero-knowledge mean?
1Password’s zero-knowledge encryption indicates that the provider doesn’t hasve an acces to your encryption keys that unlock your credentials. This technique also applies to your logins required to access your 1Password vault.
Does 1Password store passwords in the cloud?
Yes, 1Password is a cloud-based password management tool. It stores your passwords, credit card information, sensitive notes, and other information in cloud. Therefore, you can securely and easily access your data on whatever device you connect to the vault.
Does 1Password encrypt URLs?
Yes, 1Password does encrypt URLs that are stored in your vault. Apart from it, it also encrypts your vault names, which increases the proctection level in case anyone gets into your 1Password account.
Has 1Password ever been breached?
No, 1Password has never been breached. However, it’s always prepared for a breach, that’s why you must use a unique Master Password to unlock your vault. And an additional Security Key – 128-bit code – which only you know, is also impossible to break.
Is 1Password worth it?
1Password is definitely worth it. Considering how safe is 1Password, even if it does not offer a free version like LastPass, for example, it provides all the must-have features you'll ever need. And for a company or a family that needs to share permissions, 1Password is the only way to go and definitely worth the money. Once you get the hang of it, you will wonder how you ever lived without it.
Comments
Your email address will not be published. Required fields are marked