Impact-Site-Verification: e7808fcc-fa63-48d2-8c06-6fae8450f738
Search
Close this search box.

1Password Review 2024[ Best Security]

1Password Review introduction:

  • 1Password Review 2024[ Best Security]
  • Getting Started With 1Password
  • Data Privacy and Security With 1Password
  • Password Generator
  • Password Sharing
  • Storage and Form Filling
  • 1Password Mobile App Experience

To be effective, a password manager needs to function seamlessly across all your devices, and 1Password excels in this regard. It offers sleek apps that allow you to manage your passwords on various platforms. Additionally, it features robust password organization tools, a data breach monitoring service, and supports multi-factor authentication. However, 1Password doesn’t offer a free version or a password inheritance feature. While it’s a strong contender in the password management space, you might lean towards Bitwarden, our Editors’ Choice, which is free, open-source, and provides top-notch password management.

How Much Does 1Password Cost?

For 1Password’s personal plan, you’ll pay $35.88 annually, which breaks down to just $2.99 per month. This plan lets you store an unlimited number of passwords and sync them across as many devices as you need. You can also share links to items in your vault with others securely. The plan includes 1GB of encrypted storage, allowing you to safely store notes, identities, and payment cards. Additionally, you’ll have access to 1Password’s Watchtower feature, which helps you identify and update old, weak, or reused passwords.

You Can Trust Our Reviews

Since 1982, PCMag has tested and rated thousands of products to help you make more informed purchasing decisions. Learn more about our editorial mission and discover how we conduct our testing.

1Password’s Families plan is priced at $59.88 per year, covering five licenses, with the option to add additional users for just $1 per month each.

While 1Password offers a 14-day trial, it doesn’t provide a permanently free version. The company does offer free tools like a web-based password generator and a separate username generator, but there’s no free 1Password app available. In contrast, competitors such as LogMeOnce, NordPass, Proton Pass, and Bitwarden all include a fully functional free tier in their offerings.

Getting Started With 1Password

1Password offers apps for Android, iOS, Linux, macOS, and Windows, along with browser extensions for Brave, Chrome, Edge, Firefox, and Safari.

To get started with 1Password, you create a strong master password that’s easy to remember but difficult for anyone else to guess. Alternatively, you can sign up using your Apple, Facebook, GitHub, Google, Microsoft, Okta, or X credentials. The first time you access your vault, 1Password will display your Secret Key—a lengthy string of 34 letters and digits, divided into seven hyphenated blocks. You’ll need this key each time you add a new device or browser extension.

To help you manage your Secret Key, 1Password provides an Emergency Kit download link. This PDF includes your account email, Secret Key, and a space to write down your master password. You should print or save this document, fill in your master password, and store it in a secure location like a fireproof lockbox, or keep it digitally in a secure place—or do both. You can download your Emergency Kit anytime from your account page on the 1Password website.

When you sign up for the Families plan, 1Password sets you up with both a Private vault and a Shared one. Vaults help you organize your passwords and credentials at the highest level. For example, you might want to create separate vaults for work and personal credentials. Once you sign in to the web vault, you can follow the prompts to start using it. If you’re switching from another password manager to 1Password, the easiest way is to import your existing passwords into your new vault. 1Password supports importing passwords from various sources, including other 1Password accounts, Dashlane, KeePass, KeePassX, LastPass, RoboForm, Thycotic Secret Server, and from Chrome, Firefox, and Safari browsers. You can also import iCloud passwords. However, this list is shorter compared to Bitwarden, which provides importing instructions and support for over 50 other password managers. If your old password manager isn’t supported, you can upload a CSV file containing your credentials to 1Password instead.

After importing your old passwords, 1Password will prompt you to download its browser extension. In the past, 1Password has been praised for its excellent tutorial that guides new users through creating credentials. However, during our latest testing, we noticed that this tutorial only appears after installing a browser extension. There was no tutorial prompt after installing the web app or the Windows version of 1Password, which seems like a missed opportunity to help new users get acquainted with the app.

Data Privacy and Security With 1Password

Before reviewing and testing a password manager, PCMag sends a list of questions to the password management company inquiring about its privacy and security practices. Here are the questions and 1Password’s responses.

Has your company ever had a security breach?

1Password has never experienced a security breach.

What unencrypted information does the password manager store in user vaults?

All 1Password vault data is protected by end-to-end encryption using AES-256-GCM symmetric keys. This encryption applies not just to usernames and passwords but also to vault names, item titles, stored URLs, notes, and more—ensuring that even if someone were to obtain encrypted vault data, they couldn’t decipher its contents.

Encryption occurs on your device using secrets known only to you. No vault data is stored in an 1Password employs a combination of two keys to safeguard your data, and neither of these keys is ever seen or held by 1Password:

  • Key #1: Your chosen account password
  • Key #2: The Secret Key—a 128-bit, machine-generated code that is mathematically impossible to crack

Without both of these keys, decrypting your data is impossible, even if someone gains access to a copy of your vault data. Additionally, credentials are never transmitted over the network. Instead, 1Password adds an extra layer of security called Secure Remote Password (SRP). This method allows 1Password to authenticate without sending keys over the network, reducing that risk. It also ensures that the 1Password app is communicating with a legitimate 1Password server, not a fraudulent one..

What is the company’s policy regarding user data collection and data sales?

In June 2023, 1Password introduced a custom, optional telemetry system designed to help improve the product while maintaining its strong commitment to user privacy. This system allows 1Password to have maximum control and protection over customer usage data. All encrypted vault data remains private and accessible only by the user. For instance, passwords or URLs stored in private or shared vaults cannot be viewed by 1Password or tracked through the telemetry system due to the nature of its security design.

The 1Password telemetry system also requires users to explicitly consent to data collection. An in-app prompt allows users to choose whether they want telemetry enabled or disabled. No data is collected until the user makes this choice, and preferences can be changed at any time. Importantly, 1Password does not sell telemetry data to third parties as part of this initiative.

How does your company protect user data?

1Password ensures user data remains secure through:

  1. 1Password’s distinct security model
  2. End-to-end encryption: All data stored in 1Password, including vault contents, vault names, and saved website URLs, is encrypted with secrets known only to the users.

How does your company respond to requests for user information from governments and law enforcement?

A representative shared a link to 1Password’s policy on law enforcement requests. In summary, 1Password collaborates with law enforcement when requests are made but cannot decrypt users’ logins, passwords, or other items stored in their vaults.

Overall, we find 1Password’s responses and policies satisfactory.

1Password’s answers align with its privacy policy. We recommend reviewing the privacy policies of all apps to understand how they collect, sell, or store user data. Assess your comfort level with data collection practices and how companies handle your data, and make informed decisions based on that information.

1Password’s Authentication and Security Features

After signing in and setting up your vault, we recommend enabling multi-factor authentication (MFA). To do this, open the web vault, click on My Profile, and select the three dots in the left menu. Then choose “Manage Two-Factor Authentication.”

1Password can autofill time-based one-time passwords (TOTPs) for services that support MFA, but it’s not advisable to use it for managing your 1Password login. As 1Password notes, using it this way is akin to “putting the key to a safe inside the safe itself.”

A 1Password personal plan subscription includes several security features such as device-level auto-locking, access to Watchtower, and the ability to revoke access from specific devices via the Settings menu. For an additional fee, subscribers can also use the Masked Emails feature. Here’s a look at some key security features:

  • Watchtower: This tool scans your logins to identify if any passwords have been involved in data breaches, or if you have reused or weak credentials. It includes MFA monitoring and expiration alerts. Watchtower will notify you which logins support MFA and remind you to set up authentication when accessing these credentials. It also alerts you if any credit cards in your vault are expired or nearing expiration.

While Watchtower offers useful alerts for password hygiene, it could benefit from enhancements. Compared to detailed reports from competitors like Dashlane and Proton Pass—which include data breach monitoring for email addresses and specifics about breached companies and exposed data—1Password’s Watchtower falls short. In our testing, the breach alerts did not appear, despite having logins for websites with known breaches in our vault.

Masked Emails

1Password and Fastmail have partnered to offer a valuable integration for 1Password subscribers. The Masked Emails feature allows users to create unique email addresses for their online logins, helping to avoid junk and spam in their main inbox. This feature is also useful for tracking which companies might be leaking, selling, or sharing your contact information. You can enable or disable masked emails directly within 1Password, though this feature requires a Fastmail membership, starting at $6 per month.

For built-in temporary email access in your password management app, consider Proton’s Email Alias feature. It’s easy to use and available with a free Proton Pass subscription.

Passkeys

1Password enables you to create and store passkeys in both your web vault and mobile device. To set up a passkey using 1Password, visit a site that supports passkeys, such as Adobe or Google. Sign in with your username and password, then configure a passkey in the account settings menu. After setting up the passkey, log out, return to the sign-in screen, and select “Sign in with passkey.” You can also create a passkey for accessing your 1Password vault. However, since not all apps and websites currently support passkey logins, we recommend continuing to create and store strong passwords for all the sites you use.

Hands On With 1Password

We tested 1Password using the Windows app, iOS app, and Google Chrome browser extension. The interface is consistent across platforms and easy to navigate.

1Password displays a circular icon in username and password fields on websites, saving each entry as you create it. Clicking the icon opens 1Password’s menu beneath the fields for easy access.

When you enter a username on a site with saved login credentials, 1Password updates the existing entry with the new password if you press the button. From the browser extension menu, you can also select identities or credit cards and generate new passwords.

For websites where you’ve saved login credentials, 1Password shows recommended credentials as soon as you click into the entry fields. You can then select the correct login to autofill the fields. We tested 1Password with both single- and multi-page logins and encountered no issues with adding or replaying credentials.

Another useful feature of 1Password’s extension is the ability to click an entry and be taken directly to the site’s login page. This feature is also available in RoboForm and many similar products.

Password Generator

With a single click, you can generate a Smart Password using 1Password, which is a robust 20-character password including numbers, letters, symbols, and mixed cases. If you prefer a longer password, select the Random Password option from the dropdown menu.

We created the unique but memorable password above using 1Password’s web-based generator. The Memorable Password option generates a password made up of English words separated by hyphens. You can create passwords up to 15 words long and choose from various separators such as spaces, periods, commas, underscores, numbers, and symbols. Additionally, you can generate a PIN up to 12 digits long.

Password Sharing

You can share your login information with anyone, including those who don’t use 1Password. To share a password or another item from your vault, click the Share button in the options menu. You can then create a link that expires after one view, one hour, one day, seven days, 14 days, or 30 days. You also decide whether the link can be accessed by anyone with the link or only specific people.

1Password does not offer a password inheritance feature, which allows transferring account access after your passing. While the Families plan allows you to designate multiple family organizers who can recover the account, this is not the same as a dedicated inheritance feature. In contrast, both Bitwarden and Keeper provide options to grant a trusted person access to your personal vault in case of emergencies.

Save 25% of First Year Subscription

Storage and Form Filling

Like Dashlane, Keeper, and most other commercial password managers, 1Password allows you to store personal information for autofilling web forms. You can create multiple identities, including personal data, address information, and various contact details. Additionally, 1Password keeps credit card information separate from these identities.

When you encounter a web form, 1Password offers to autofill your data. We tested this feature with various US government websites, and the Chrome browser extension seamlessly filled in the forms.

We also appreciate that 1Password provides 1GB of file storage. Similarly, Bitwarden offers 1GB of storage to its premium subscribers. Keeper users can opt for 10GB of storage for an annual fee of $9.99.

1Password Mobile App Experience

We tested 1Password on an iPhone 14 Pro. Both the Android and iPhone apps provide full access to all your logins and saved data. 1Password supports various login methods, including TouchID and FaceID on iOS devices, and fingerprint authentication and PIN codes on Android devices. You can also enable 1Password’s time-based one-time password (TOTP) feature on both platforms.

The mobile app home screens are intuitive and customizable. You can hide or reorder your preferred credentials and pin items for quick access. For instance, if you frequently need a credit card number from your vault, you can press and hold the field to pin the item to your home screen. Once pinned, the (hashed) credit card number will appear at the top of your screen, allowing you to copy it to your clipboard with a single tap.

1Password’s Business Options

For business users, 1Password offers the Teams Starter Pack, a new option for password management. Ideal for small business owners, this plan includes many premium features such as vault sharing and access to Watchtower, all for $19.95 per month for up to ten team members. For businesses needing software integrations and single sign-on (SSO) capabilities, the 1Password Business account is available starting at $7.99 per user per month.

1Password’s business tools emphasize secure credential sharing among team members. Each employee has their own vault and can share individual passwords with colleagues or external parties via private links. You can set link expiration times to one view, one hour, one day, seven days, 14 days, or 30 days. Unlike Dashlane and Zoho Vault, which offer single sign-on, 1Password Business supports SSO and integrates with popular platforms like Azure AD, Google Workspace, and Okta. The Teams Starter Pack lacks SSO capabilities and does not include integrations with business software like Okta or OneLogin.

Monitor your team’s password health by encouraging the use of the Watchtower feature across all business subscription levels. Administrators of 1Password Business accounts can also generate individual usage reports for employees to track their credential use.

Additionally, each business account includes a free Families account for every employee to promote good password practices. When an employee leaves the company, they can unlink their Families account and continue the subscription independently.

1Password’s Customer Support Options

We have recently started evaluating the customer support options available for password managers at various subscription levels, as well as the ease of canceling subscriptions and removing the app from your devices.

For non-business plan subscribers, 1Password does not offer phone support. Personal or Family plan users need to visit the 1Password support website, where they can ask questions through an AI-powered chatbot or send messages to the support team. If you prefer not to troubleshoot through articles or interact with a bot, you can always get support by emailing support+security@1password.com.

Is Deleting Your 1Password Account Easy?

During our testing, we found canceling a trial subscription to 1Password for Families straightforward. If you have a paid subscription and wish to cancel without losing your data, you can do so through the Billing menu. Canceling your subscription will freeze your account, preventing you from adding new passwords, filling out forms, inviting new family or team members, or editing items, though you can still view all your credentials.

Pros:

  1. Cross-Platform Syncing: Seamlessly syncs passwords and personal data across all devices, including iOS, Android, Windows, macOS, and Linux.
  2. User-Friendly Interface: Intuitive and well-organized apps make it easy to navigate and manage your credentials.
  3. Robust Security Features: Offers end-to-end encryption, multi-factor authentication, and a secure password generator.
  4. Watchtower: Monitors for compromised passwords, weak credentials, and provides alerts for expired items.
  5. Customizable Options: Allows for personalized organization with features like pinned items and multiple vaults.
  6. Sharing Capabilities: Provides secure sharing options with customizable link expiration times.
  7. 1GB of File Storage: Includes 1GB of encrypted storage for documents and other files.

Cons:

  1. No Free Tier: Lacks a permanently free version, unlike some competitors.
  2. Clunky Import Process: Importing passwords from other managers can be cumbersome.
  3. No Password Inheritance: Lacks a feature for transferring account access in the event of the user’s death.
  4. Limited Free Features: The free trial and limited features may not meet all needs without a paid subscription.
  5. Complexity for Beginners: Some advanced features may be overwhelming for new users.

This balanced overview should help potential users evaluate whether 1Password meets their needs.



Share This Article