1Password review: how secure is it?
1Password unifies all your passwords into an encrypted vault that you can access with—you guessed it—one password. It does more than just password management, though. 1Password can also act as a secure document vault, a hub for secure notes, and an environment to store credit card information and auto-filled form entries.
So how good and safe is this tool at its job? Read the rest of my 1Password review to find out.
|Platforms:||Windows, macOS, Linux, Android, iOS|
1Password review – pros and cons
- Browser extensions
- Supports most platforms and browsers
- Dark web monitoring
- Local storage option
- Vulnerable passwords check
- Travel mode
- Clipboard clearing settings
- 1 GB of encrypted file storage
- Two-factor authentication
- Autofill is clunky
- No free plan
- Lacks sharing capability with non-users
- No one-click password updates
- No phone or chat support for lower-level memberships
1Password has numerous features focused on two main things: easy data sharing, and supreme data security. While they sound like total opposites, 1Password actually does a terrific job balancing the two, making this password manager both a safe and convenient solution.
Here are the top features:
- Multiple vaults
- Travel mode
- 1Password X browser extension
- Watchtower security check
Let's talk about them in detail:
Every 1Password account is broken down into “Vaults”— essentially filing cabinets for your 1Password data items that can be used to categorize the items you store there. A vault can contain form fills, passwords, secure documents, credit card information, and more.
Vaults help 1Password users keep their digital lives organized in a secure way, but vaults are also helpful to share credentials and manage permissions. If a team member or family member is only authorized to have access to certain data and credentials, all of those credentials can be stored in one vault, with shared access to that vault and that vault alone given to the authorized individual.
Vaults also help keep your data safe when you travel. If some data is not secure across national borders, you can activate “travel mode” for family members and team members who will be traveling internationally.
Storing “travel-safe” information in separate vaults enabled for travel mode will ensure uninterrupted access to that data, while protecting non-travel-safe data by removing the vaults when you cross borders.
Every 1Password account includes Travel Mode. You can toggle it from the “My Profile” account window.
On your “My Profile” page, a “Travel Mode” button is in the lower left.
Once Travel Mode is on, you will need to specify which of your vaults are travel-safe. To identify a vault as safe to access in Travel Mode, go to your home screen and click the “Settings” icon shaped like a gear on the vault you want to set to travel mode.
Once in the settings screen for that vault, set the vault to “Safe for Travel” using the toggle button.
To streamline your workflow with 1Password, your browser can be armed with 1Password X. It's a full browser version of 1Password, available for Chrome, Firefox, and Microsoft Edge.
Once the extension is added to your browser of choice, logged in, and activated, it becomes easy to both add and access data to 1Password. For example:
- A 1Password icon will appear on browser forms. If the forms will ask for some suitable information – for example, your personal data, or passwords tied to a specific domain – you'll be able to insert that information with just one click.
- 1Password X can recognize credit card fields, address fields, etc., and supply suggestions from 1Password as a dropdown, substantially speeding up your form filling.
- When entering passwords, credit card information, or form information for the first time, 1Password X will give you the option to save that data to your 1Password account, including a selection of which vault to save it to.
- Instead of having to come up with unique passwords, 1Password X will give you the option of generating unique and secure passwords for you, which you can then save to your vault immediately.
- 1Password X can search your vaults from your browser.
- 1Password X can add two-factor authentication to any secure workflow governed by data in your vault.
- The extension is armed to drag-and-drop data stored in 1Password to the relevant fields.
1Password is powerful on its own, but adding 1Password X to your browser of choice makes it even more powerful and easy to use.
Watchtower is a suite of security tools that comes with every 1Password membership. At a glance, Watchtower can alert you to any weaknesses in your security ecosystem, including passwords that need to be changed or strengthened, compromised logins, and security updates from websites you store credentials for.
Every vault has a Watchtower item in the left-hand column which you can use to view the status of items within the vault. Watchtower can check the security status of individual websites.
Is 1password safe?
You shouldn’t worry about security when using 1Password: there are security measures, both technical and personal, built so you can have total peace of mind.
For one, the tool uses high-level AES 256-bit encryption to keep your data secure. Plus, each 1Password account is protected with a Secret Key – a 38-digit security code stored on your device and your device only, that's used as an additional layer of security for all of your operations. By keeping it written down in a physical location, or stored separately on external storage, you can make sure that no one gets unauthorized access to your data. This is going above and beyond – it's not a common feature on most password managers.
1Password's zero-knowledge policy leaves this and other sensitive information unknown even to the company itself, and Secure Remote Password (SRP) protocol prevents hackers from intercepting Master Password, Secret Key, and other transmitted data.
1Password is SOC 2 Type 2-certified by AICPA, indicating secure data management. The most current SOC 2 report is available on request. The company also maintains a private bug bounty program from Bugcrowd, with 387 unique researchers looking for bugs.
1Password password manager maintains recent penetration tests by ISE and security audits by Onica, with past pentests and security assessments completed by AppSec Consulting, nVisium, and CloudNative.
Overall, 1Password designed every feature to make sure only you have access to the passwords, financial, and other personal information kept in your account. You get full control of your security and multiple security levels protect it from hacker’s attacks – chances of stealing the data at rest and in transit are next to zero. To conclude, 1Password is a really safe and good password manager, especially for advanced users.
Plans and pricing
1Password pricing starts at $2.99 per month, billed annually. There is no free version, but you can opt-in for a free 14-day 1Password trial. This should be plenty of time to find out whether the service fits you. If you decide that it would be worth the price, here's what you get with the paid plans.
|Personal (1 user)||Unlimited passwords, 1GB document storage, 24/7 email support, 365-day item history, Travel Mode, 2FA||$35.88/year|
|Families (5 users)||Everything in Personal + sharing of passwords, credit cards, and secure notes, family member permission management, account recovery||$59.88/year|
|Teams||Apps, unlimited passwords, items, and shared vaults, admin and permissions control, 2FA, 24/7 email support, 1GB document storage per user, 5 guest accounts||$47.88/year|
|Business||Everything in Teams + VIP Support, 5GB document storage per user, 20 guest accounts, custom security controls, activity log, custom roles, usage reports, custom groups, Active Directory, Okta, and OneLogin provisioning||$95.88/year|
|Enterprise||Everything in Business + custom services for your enterprise||Custom|
Here are some of the core 1Password features, and how they differ on each of the main plans:
|Document storage||1 GB||1 GB||1 GB/person||5 GB/person|
|Admin permission control||❌||❌||✔️||✔️|
|Activity logs and usage reports||❌||❌||❌||✔️|
Overall, the logic here is rather simple – the base 1Password account includes all the main features you'd expect from your password manager. Unlimited passwords for unlimited devices, and all of the main security perks should be enough for just about anyone.
If you want to take all these great features and multiply them for several users – the Families plan will be a perfect fit, offering just the same options for multiple people.
Finally, the Teams and Business plans are suited for – you guessed it! – teams and businesses. With additional security features, logs, reports, and custom permissions, it'll be excellent for businesses that juggle crucial login information on a daily basis. If your company is using multiple products and interfaces requiring shared logins, this is an ideal fit.
Ease of use and setup
Setting up 1Password is quick and easy – and while there are a couple of peculiar things about using 1Password, the overall experience is streamlined and suitable for all types of users.
The process of using 1Password starts with picking a plan. Once that is out of the way, you must enter your email address and receive a six-digit authentication code to proceed to account setup. The code arrives immediately in the inbox of the email address you enter.
Once you authenticate your email address, you must enter your name and your “master password.” This is the one password you will have to remember once 1Password is your go-to password manager. It is the encryption key for your entire 1Password ecosystem. If a hacker obtains your password, he or she has access to everything, so guard it carefully.
The advantage is that if you can guard this password, a whole universe of unique passwords can be stored in your encrypted 1Password vaults.
After you enter your master password, it's payment information time. You can write it all down there and then – or skip the process for the time being. You'll get a 14-day free trial regardless.
Once that step is done, the app prompts you to download an “emergency kit,” a one-page PDF that includes a sign-in address, a 38-digit secret key, and a QR code you can use to set up or retrieve your account.
Make sure to save this emergency kit either printed out in a physical location or keep the file in external storage no one else has access to. If you store your secret 1Password information in an insecure place, it defeats the purpose and makes your whole vault vulnerable.
Once you download your emergency kit, you’re in! Your 1Password account is ready to roll.
Managing 1Password Vaults
The “vault” is the basic workspace in 1Password. From the home screen, you can create a new vault from the “+ New Vault” button in the upper left hand corner. Once you hit the button, the app will prompt you to give your vault a name and an optional description.
Once you name your vault and create it, the vault will appear as a tile on the home screen, starting in the lower half of the page. As you add more vaults, more tiles will appear.
Clicking on the vault tile will take you to the main screen of that vault, which is divided into three columns—a control column on the left, a middle column for the list of items in your vault, and a larger right hand column where you will see the item details once added. It resembles a cross between a Wordpress admin panel and a Finder window.
Vaults are helpful for credential management because family-member or employee access can be partitioned by vault. If someone is only authorized to access certain information, they can be granted access only to certain vaults.
Adding entries to 1Password
Once you have your vaults defined, it is time to add some items.
You can add items using the “+” icon on the bottom of the big lefthand field of the vault. Once you click on that button, a long list of potential items appears.
Here’s where the fun starts. If you want to select a password, you can give it a title (for example, “Gmail”) and add the password, websites, labels, tags, and other information.
Once you “save” the item, it appears in the middle column, where you can select and edit it.
If you want to add a credit card, select “Credit Card” from the “+” menu, and a form appears where you can enter credit card information.
Once you save the information, your credit card appears in the middle column below the password entry you previously added.
If you highlight the star beneath the item title in the large item column, it becomes a “Favorite,” which can be filtered using the “Favorites” item in the left hand column.
Importing data to 1Password
It is possible to import data from other apps into 1Password, making it easy to transfer over files from Chrome, other 1Password accounts, or apps like LastPass, Dashlane, RoboForm, or Encryptr.
To import data, click on your member name (usually your first name) and find “Import” on the dropdown menu that appears.
Once you arrive at the import page, select the vault you want to import data to, and the app you will import from.
You will next be taken to a page where you can upload the CSV file downloaded from the app. Once you upload the CSV file, 1Password will import the data into the correct item format in the selected vault.
1Password can be accessed by more than just 1Password app and 1Password X – the browser-only version of it. This password manager also includes some other ways to access it, namely: mobile apps and browser extensions
1Password mobile apps
1Password offers mobile apps for the iOS and Android operating systems. The app will give you quick access to all of your passwords, letting you quickly copy and paste all the required information.
Alternatively, you can skip the middle man (yourself!) and just let the app autofill everything for you – including passwords and forms.
You may have to enable the autofill function in settings. When filling out a new form or login credentials, the activated app should prompt you with the option to save the credentials in 1Password for later recall. Your saved 1Password credentials are side-by-side with other saved credentials. You may have to search through saved in-app credentials to get to your 1Password credentials.
1Password browser extensions
1Password also includes a browser extension, available on all major browsers. It's a pretty powerful solution, letting you access just about any of the features available on the full product.
However, you'll come to find that this extension is still pretty inseparable from 1Password X, the web version of the product. Often, we found ourselves clicking on a specific feature (i.e. adding a new item), only to be redirected immediately to 1Password X.
It's nothing unusual in the business, many password manager extensions work the same way. Still, with the 1Password browser extension as extensive as this, we hoped it would be more independent than it actually ended up being.
1Password maintains an extensive FAQ and searchable user forum, which can be used to find answers to common questions. It covers most of the main issues – and offers a lot of professional troubleshooting, in form of extensive how-to guides.
For more complicated questions, 1Password maintains support channels by email, Twitter, and forum response.
It would be nice to see phone or chat support available in the event of hard-to-resolve issues. VIP support is available for business plans or higher, but for most users, a relatively fast but not instantaneous email support architecture is the best option.
1Password is one of the best options, but there are plenty of quality password managers on the market. Here are the best alternatives.
NordPass is another product by NordVPN developers, so you know this password manager means business. It has multi-factor authentication: you can use 2FA or biometrics information to confirm your identity. That way, your credentials are safe not only with encryption but also with a second factor.
They have dedicated apps available to all major platforms. This means no matter what is your device of choice. You will be able to access your credentials cross-platform. There are some additional premium features like Data Breach monitoring, use optical character recognition to scan your documents to avoid typing in.
Read more: NordPass review
Dashlane is one of the oldest password managers. Over the years, they have perfected the formula, making it the superb choice for anyone who wants to step up their credentials management.
The stored information is only uploaded to their servers encrypted. No one will know what's in the cloud. No one is going through your password either, especially if you enable multi-factor authentication. You'll be able to use biometric data or hardware tokens to confirm your identity. Premium users are also getting more encrypted storage, more password slots, and a VPN.
Read more: Dashlane review
1Password review summary
1Password is a secure, reliable, and user-friendly password manager. Its main focus is the security of your data, and 1Password does a great job keeping it safe.
For example, it uses military-grade AES-256 encryption and implements the zero-knowledge policy. In addition, it gives you a Secret Key, which is a piece of code comprised of letters and numbers. The app requires it for signing into your account.
It may lack a free version and some nice-to-have features like one-click password updates, but the quality of service 1Password provides makes for it. And speaking of pricing, you may find 1Password costs very reasonable even when compared to other top-ranked password managers. That is why our experts recommend the software to anyone who wants a high-quality tool that doesn’t leave you on a budget.
I hope this 1Password review helped you make up your mind about the product. If you have any questions, though - hit the comment section!
See how 1Password compares to other password managers
LastPass vs 1Password: which is better?
Dashlane vs 1Password: which do we recommend?
Can 1Password be trusted?
1Password uses end-to-end encryption and complies with industry-standard security controls, as well as multiple public security controls. Its certifications are available upon request, and it has submitted to multiple penetration tests and security assessments. It has passed all of them with flying colors.
The biggest security concern with 1Password is actually on the user side—that is, you. By trusting 1Password, you are committing all your private data to a single point of failure—your master password. If a cybercriminal gets that password, (s)he has access to everything. So guard your master password carefully!
Is 1Password worth it?
1Password is definitely worth it. Considering how safe is 1Password, even if it does not offer a free version like LastPass, for example, it provides all the must-have features you'll ever need. And for a company or a family that needs to share permissions, 1Password is the only way to go and definitely worth the money. Once you get the hang of it, you will wonder how you ever lived without it.
Can I use my 1Password account on all my devices?
Yes, once you set up your 1Password account, you can download the correct app for the device in question—mobile app, desktop app, browser extension, etc.—and access all the data saved in your 1Password account from your mobile device.
When using a different computer, you will have to download the app or install the browser extension and log in. Once this is done, you will have access to all your 1Password data.
Do I need the desktop app?
No, you can access 1Password entirely from the web as a Cloud service (SaaS) using 1Password.com. For users who prefer the desktop app, however, it is available for MacOS, Windows, Linux, and Chrome OS.
Do I need the browser extension?
No, but using the 1Password X browser extension makes 1Password data storage and retrieval much more seamless. 1Password X is available for Chrome, Firefox, and Microsoft Edge.