1Password Overview April 2023
In a recent data breach, one of my less-used email accounts was compromised due to its weak password. Although a strong password is essential to your online security, not many people can memorize multiple strong passwords. Noticing this difficulty, 1Password wants to help you manage and keep all your passwords and other important information secured. To test this out, I decided to try 1Password to find out its strengths and weaknesses.
After extensive tests, I found 1Password to be a user-friendly and effective password manager. It helps you securely store, use, and manage your passwords from any device. 1Password also allows you to keep important information like credit card details, social security numbers, notes, databases, banking information, and more in a secure vault.
You can try 1Password totally risk-free using its 14-day free trial. With this, you can test all its features, have full access to the service, and efficiently manage your login credentials. Let’s dive in.
April 2023 Update! Stay secure and enjoy 25% off the first year of 1Password Families. Click here to get started.
Don’t Have Time? Here’s a 1-Minute Summary
- Advanced security features — 1Password offers military-grade AES 256-bit end-to-end encryption to protect your data from hackers. Find out about other security measures.
- Create multiple vaults — I like how 1Password made creating vaults seamless, allowing me to create different categories to save my passwords. Jump to see more of 1Password’s features.
- Watchtower security alerts — 1Password was able to notify me about weak, reused passwords and monitors for data breaches. Learn more about Watchtower.
- Travel mode — I was happy that 1Password made it easy to hide sensitive information when crossing borders, which is very useful to journalists. Find out how to activate this feature.
- Works on multiple devices — 1Password works on Windows, Mac, iOS, Android, Linux, and Chrome OS. See how you can quickly set up the apps.
- Helpful support — I contacted customer support and got my questions answered in a few minutes. Find out how to contact support.
- 14-day free trial — 1Password offers a generous 14-day free trial with access to the service’s full features. Take a look at all the available plans.
1Password Offers Military-Grade Security Features
1Password doesn’t joke around with its security measures. It employs industry-standard AES 256-bit encryption and advanced security protocols to keep your passwords and other important information safe.
I was pleased to find that the information I store in my 1Password vault is end-to-end encrypted. This means that it doesn’t know what you save in your vault. Only you have the key to decrypt the information stored. To encrypt your data, 1Password allows you to create a “Master Password” known only by you.
Additionally, 1Password ensures that even when your password is in transit, en route to the server, it is protected with Transport Layer Security (TLS) and Secure Remote Password (SRP), so that you get an extra layer of encryption. Here’s a breakdown of all its security features.
AES 256-bit Encryption
1Password ensures that my data is protected with AES 256-bit encryption, which is trusted by banks and military organizations to secure data. I didn’t have to worry that hackers or cybercriminals would steal my password.
Master Password and Secret Key Protection
1Password ensured that I got double security for my data. It required that I create a Master Password known only by me. Also, the app generated a secret key on my device during sign up. This secret key is used in combination with your master password to encrypt and decrypt your data. What I liked the most is how I was routed automatically through different layers of security checks and authentication so that my data couldn’t fall into the wrong hands.
1Password also generated an emergency kit PDF document that contained my secret key while automatically saving my secret key to the device I signed up with. This ensures that I have a backup of my secret key offline. A combination of my Master Password and a 34-character Secret Key is needed to access my data. So, even if someone has one of these (not both), it’s not sufficient to gain access to my vault.
Brute-Force Protection with PBKDF2
1Password uses a key derivation function that protects your account from brute force attacks. When you create your master password, 1Password uses an algorithm or cipher to generate a key that is used to encrypt and decrypt your data. Hackers use special computer hardware and software in a trial and error method of guessing passwords in what is called a brute force attack (also commonly called dictionary attack).
1Password uses PBKDF2 to generate keys that are resistant to dictionary attacks. Your account password and salt are passed to PBKDF2-HMAC-SHA256 with 100,000 iterations. What this means is that even hackers with sophisticated processing power (with millions of guesses) won’t be able to decrypt your encrypted data anytime soon.
Secure Input and Auto-Lock
1Password claims to secure input fields from keyloggers, but I found this wasn’t entirely true. Keyloggers are computer programs that record every keystroke made on a computer. These programs can be used to know what you type, including when you type your passwords.
On its website, 1Password claims that it “protects your data from keyloggers” and that “1Password uses secure input fields to prevent other tools from knowing what you type in it, including your Master Password.”
I tested this out myself by installing a keylogger on my Windows PC and checking if my keystrokes were being logged. Unfortunately, all my entries in the 1Password app and even my master password were recorded. I contacted 1Password about this, and the support agent claimed it was a miscommunication and that 1Password doesn’t protect already compromised devices.
I find this response concerning as the 1Password website clearly states that it protects users from keyloggers. The response made me wonder what else 1Password wasn’t straightforward with.
On the bright side, 1Password also regularly removes information saved on your clipboard. This way, if someone has access to your device, they can’t get access to the information on your clipboard. Similarly, 1Password protects you from clipboard tools that try to take advantage of your clipboard data. It deletes the information on your clipboard within 90 seconds.
To ensure that no one has unauthorized access to your vault, 1Password automatically locks you out of the app after 10 minutes of inactivity. You can even adjust the timeframe that you want this auto-lock to occur. It ranges from 1 minute to 1 hour, and ‘never’ if you’re going to deactivate the auto-lock feature completely. I set the time limit to 5 minutes, and it worked well, locking me out. You can also conveniently unlock your 1Password app with your fingerprint on Mac with Touch ID, iPad, iPhone, and Android devices.
Protects Data in Transit with TLS and SRP
1Password secures your data as it moves from your device to its server with TLS and SRP (Secure Remote Password) protocol. With this, you get an additional layer of security that protects your data (and password) from being intercepted by hackers while in transit. One other impressive thing about 1Password is that it only works with trustworthy web browsers. This way, it doesn’t hand over your data to browsers that have been tampered with.
Two-Factor Authentication (2FA)
1Password provides other essential security features. It supports websites that have Two-Factor authentication (2FA). You can use Authy or Microsoft Authenticator to enable your sign into the 1Password app. 1Password also allows you to check for websites that support 2FA and store your authentication codes in 1Password.
I was glad that 1Password needed my confirmation to fill in forms on websites. This is to evade websites that use invisible forms to steal your information. 1Password also protects you from phishing websites that build clone websites to steal your data.
I tested this by saving my login credentials to the Facebook domain, visiting Yahoo’s website, and trying to autofill the login field. 1Password didn’t fill in the login input field since no login credential tied to the Yahoo domain was saved in my vault.
Privacy — Adopts Open-Source Data Formats
1Password is designed with an obsession for privacy. Your account password and the data stored in your vault are private and end-to-end encrypted. 1Password uses two open-source data formats, OPVault and its proprietary Agile Keychain. This ensures that your data is securely synched at the server-side, and anyone can study the security architecture. These open data formats are the same type of data format used by Apple’s iCloud and Dropbox.
The company also works with “Privacy”, a third-party app that allows you to create privacy cards or virtual cards that conceal original credit card details when you shop online.
There have been several independent audits of 1Password in recent years. It has been audited by Cure53, AppSec, Bugcrowd, CloudNative, Nvisium, Onica, and Independent Security Evaluators (ISE). 1Password is SOC 2 Type 2 certified. This means that it securely manages data to protect customers’ interests and privacy. However, I would like to see 1Password become ISO 270001 certified like Keeper for better management practices of its digital vault.
Multiple Customizable Features
1Password makes password management easy. Beyond its solid encryption and security protocols, 1Password has unique features that distinguish it from the competition. This includes data storage, data sharing, and data security. Some of the exciting features that 1Password has are its customizable vaults, Watchtower, and Travel mode features.
With 1Password, you can create multiple vaults to store your data. A vault is like a database or a file folder that houses all your data items. I created and categorized multiple vaults into Private, Work, Finances, Health, and others. 1Password also has an interesting feature on the iOS app. It allowed me to create “standalone vaults” that aren’t accessible on other devices.
You can store different types of datasets in your vault. I was able to create, edit and store details such as logins, passwords, notes, medical records, social security numbers, Identity, bank account, and software licenses. I was also able to create API credentials, keep my Passport information, databases, emails, server access information, crypto private keys, and a copy of my driver’s license safe. All you have to do to add a password or any sensitive information is to click on the “New Item” button at the top-right of the desktop app.
1Password also allows you to create “Shared” vaults that only specifically authorized individuals can access. I created a shared vault for my family during my tests and gave 3 members access. I was pleased that all the information in my vault was encrypted with AES 256-bit encryption.
Watchtower is 1Password’s security alert system. It alerts you about weak passwords, reused passwords, passwords compromised in a data breach, and vulnerable passwords. It also notifies you about the expiry dates of credit cards, driver’s license, Identity cards, and Passport. This information is checked locally on your device.
Watchtower’s data breach monitor is constantly updated to keep track of recent data breaches. 1Password fetches data from haveibeenpwned, a website that curates a database of compromised passwords from past data breaches. Although Watchtower didn’t flag any of my previously compromised passwords, the haveibeenpwned website picked it up.
1Password’s Travel Mode is designed to help people hide sensitive information while crossing borders. It is useful for journalists, researchers, political refugees, and people who want to keep sensitive information private.
Travel mode automatically hides all vaults in your 1Password account, except those you mark as safe for travel. You can only activate Travel Mode from your 1password web account. To test it, I logged in to my account, navigated to my profile, and toggled on the travel icon under “Travel Mode”.
With multiple easily customizable features that keep my passwords safe, 1Password worked seamlessly for me. My only concern was that there was no way for me to recover my master password on the Personal account if I forgot it. 1Password expects you to print out the “Emergency Kit” document that is generated once you create an account. It contains your secret key, sign-in address, email address, and a space to write down your account password with a pen.
If you have a Family, Teams, or Business account, 1Password allows the account owner or any admin who can still sign in to help you generate a password reset link. This link is sent to your email, allowing you to create a new password to regain access to your 1Password account.
Overall, 1Password makes password management seamless. It’s really simple to use the apps, import passwords, keep logins safe, and share passwords with other users. My favorite feature of 1Password is its travel mode that lets me hide sensitive data and vaults when traveling.
Ease of Use10.0
Simple Installation and Setup
It was easy to install and start using 1Password. After signing up for the free trial, I created my master password and logged into my 1Password account. Once I logged in, my dashboard displayed a user-friendly interface showing the vault, and a welcome note that helped me set up the app seamlessly. It took less than 5 minutes to sign up, download the app, and start using it.
It took less than a minute to import data into my 1Password account. 1Password only allows importing CSV files. So after exporting my passwords saved on Chrome browser, I navigated to my user account of 1Password’s web platform and imported my passwords. 1Password also allows you to import data from other password managers like Dashline, iCloud Passwords, KeePassX, Thycotic Secret Server, RoboForm, and other 1Password accounts.
1Password works with popular devices and has cross-platform support. I tested it on my Windows PC, Android, and iOS devices. 1Password also works with macOS, ChromeOS, Linux (Ubuntu, Debian, Linux Mint, Fedora, CentOS, RHEL, openSUSE distributions), and command line. It has a browser extension for all the popular browsers like Chrome, Firefox, Edge, and Safari, which connects automatically to 1Password X, the web version of the software.
If you’re on the go and need to keep or use a password quickly, 1Password’s Android and iOS apps come in handy. Once I downloaded the app to my phone, I only had to scan the QR code in my Emergency Kit and enter my master password to get started. The iOS app asked that I activate Face ID login access. The Android app worked seamlessly, too. After signing in, I could navigate through the features and add and edit the information in my vault.
Both apps are easy to use and intuitive, with features categorized into 4 menus — Favorites, Categories, Tags, and Settings. The Categories menu displays the logins, passwords, and other items stored in your vault. Settings tabs allow you to make changes to the app, create new vaults, enable security options, and more.
Setting Up 1Password on Windows
1. Sign up for the free trial on the 1Password website.
2. Download your Emergency Kit file for safekeeping.
3. Log in to 1Password’s website with your master password.
4. Download the app from your dashboard or the main page’s footer.
5. Install the app and launch it.
6. Enter your master password in the login field to access your account.
7. Click on “New Item” to add your passwords and other details.
Overall, 1Password is a simple-to-use app that allows you to save, manage, and secure your passwords. I liked how the apps were intuitive and displayed all the features of the service in an easily navigable interface. I didn’t experience any app crashes or delays logging in to the apps.
1Password only has a few support options. It features a well-detailed knowledge base with numerous articles and FAQs. This includes step-by-step how-to guides for all the supported devices and other troubleshooting tips.
If you need direct answers from a support agent, 1Password does offer fast email support. I sent a couple of questions to the support email, and I got a response in less than 10 minutes. The answer detailed all my concerns and suggested a way for me to resolve the issue if it occurs.
Additionally, you can also get your questions answered via 1Password’s community forum. The forum has over 250k questions with about 100+ replies daily. I posted a question and someone responded in less than 4 hours. There’s also the option to get help via the Twitter handle. The responses were equally prompt and helpful. However, I expected to see live chat or phone support, but I couldn’t find these options.
April 2023 Update! Stay secure and enjoy 25% off the first year of 1Password Families. Click here to get started.
1Password offers great value for its service. It has 4 plans — Personal, Families, Teams, and Enterprise, billed annually. Except for the Enterprise plan, all the other plans offer 1GB of data storage. You can only pay for the service with your credit/debit card or a 1Password gift card.
The Personal plan is the cheapest. It supports just 1 user account but works with unlimited devices. It allows you to create multiple vaults, unlimited passwords, use travel mode, two-factor authentication, 1GB storage, share passwords, recover deleted passwords, get 24/7 email support, and works on popular devices.
The Families plan supports 5 users with all the features in the personal plan, allowing you to add more members for an extra amount. It also supports permission control and allows any member to help another member regain access to their account if they are locked out of their account. 1Password also offers 20% off to new customers who sign up for the family plan so it might be worth opting for this plan if you haven’t signed up to 1Password before.
The Teams plan has all the features of the Personal and Families plan along with Duo integration for business-wide multi-factor authentication, 1GB of storage per user. The Business plan has all the features of the previous plans, VIP support, 5GB of storage per user, 20 guest accounts, activity logs, usage reports, custom roles, and custom groups.
Although 1Password doesn’t have a free plan, it offers a no-risk 14-day free trial to help you get acquainted with the service. You do need to enter your credit card details to sign up, although you won’t be charged until your 14-day trial is over.
Things to note regarding 1Password’s pricing:
- If you’re in a country that adds sales tax, you will have that tax added to your overall fee at the end of your trial period
- 1Password only offers annual billing
Overall, 1Password has attractive plans with great value for money. I recommend using the free trial to test all the plans to find the best one for you.