For most people, a password manager must be available on all of their devices to be useful. 1Password apps recognizes that reality and offers apps for Windows, macOS, Android, and
iOS. Its 1Password X extension for Chrome, Edge, and Firefox extends its reach
to any platform that supports those browsers. However, while 1Password has
gotten easier to use, the distinction between all of its apps and extension is confusing. 1Password also lacks a true password inheritance feature, has lackluster import options, and limits password sharing to family plans.
1Password Pricing and Plans
Pricing for password managers varies more than many other categories of
security software. Zoho Vault’s Standard plan costs about $11 per
year, Dashlane costs $59.99 per year, and most of the rest fall somewhere in
between. For 1Password’s standard edition, you pay $3.99 per month. If you pay
for a year at a time, the monthly cost effectively goes down to $2.99 per month
($35.88 per year). Syncing is instant and automatic across an unlimited number
of devices. In addition to standard password storing and replay capabilities,
you can also create and store notes, identities, and credit card information.
The price of entry also gets you all of 1Password’s organizational (encrypted
vaults and tagging) and security (password-strength reports via Watchtower)
1Password’s family plan costs $6.99 per month, or $59.88 per year. This
tier includes five licenses (separate logins), along with the ability to share
passwords within your family. You can additional users for an extra $1 per month. Keeper Password Manager & Digital Vault has a similar family plan that features five licenses plus 10GB of secure online storage. Businesses can set up a
1Password team account, for $3.99 per user per year.
Although 1Passwords offers a generous 30-day trial, it does not have a
permanently free version. This is problematic since our top free password
managers, LastPass and MyKi, match and, in some cases, exceed 1Password’s
capabilities. For instance, LastPass syncs passwords across just as many
platforms and includes sharing capabilities at the free level. MyKi replaces
the need for a third-party authentication app and includes password strength
Getting Started and Logins
To sign up for a 1Password account, you start by entering your name and
email address. Then, you enter a verification code that 1Password sends to your
email. You don’t need to provide your credit card info upfront for a trial,
which we appreciate.
Next, you create a
strong master password. As always, this should be something that’s easy to remember, but nobody else would guess.
Before you dive into the interface, however, 1Password greets you
with a pop-up that displays your Secret Key. This massive string of 34 letters
and digits is separated by hyphens into seven blocks of varying sizes. Each
time you add a new device or browser extension, you need this key.
To help you manage your Secret Key, 1Password prepares a download link
for your Emergency Kit, a PDF containing your account email, Secret Key, and
space for you to write down your master password. Print or save the document,
fill in the master password, and stick it in your fireproof lockbox or store it
digitally in a secured location. You can download your Emergency Kit at any
time from your account page on the web.
With your account finalized, it’s time to set up 1Password’s apps for
Windows, macOS, Android, and iOS. You do need the Secret Key for each
installation, but you don’t necessarily have to type it. After installing the
app on an Android or iOS device, for example, 1Password allows you to snap a QR code that fills in
all your information except the master password. If you’re installing one of
1Password’s desktop apps, copy that QR code to the clipboard for import,
tell 1Password to find the QR code on-screen, or scan it from an image.
If your activated device gets lost or stolen, a thief would still need
your master password to access your credentials. But for total security, log into the web console, click My Profile, and deactivate the stolen
device. Now that same thief would need both your master password and Secret Key
to gain access.
1Password supports both app- and U2F key-based two-factor
authentication, which is a beneficial extra layer of security. We
wholeheartedly recommend you enable two-factor authentication, since you can
never be too cautious about protecting access to a password manager that
potentially houses credentials for vital financial, medical, and other
To enable two-factor authentication, log in to your account online,
click your name at top right, and choose My Profile > More Actions
> Turn On Two-Factor Authentication. 1Password requests your
master password at this point. Scan the displayed barcode with your
authenticator app(such as Google Authenticator or Microsoft Authenticator), enter
the resulting six-digit code, and you’re done. Now, logging in to 1Password
requires both your master password and a time-based one-time
You need to set up an app-based method before 1Password lets you set up
a U2F key, such as from YubiKey or Titan. These keys can be your second
factor on 1Password’s website or for the Android or iOS apps.
1Password’s authentication skills can autofill TOTPs for
other services that support two-factor authentication, but you shouldn’t use it
to manage your 1Password login. Doing so, as 1Password says, “would be
like putting the key to a safe inside of the safe itself.”
The easiest way to switch
from one password manager to another is to import the existing
product’s passwords. 1Password can import passwords stored from other 1Password
accounts, LastPass, Dashlane, Encryptr, and RoboForm, plus from Chrome, but that’s it for
direct import. If you’re moving from a different password manager, you must
export the data to a CSV file and format it according to the instructions in
LastPass and KeePass can import from far more competing products. To use the import feature, you must log in to your 1Password account
online. The local app can only import 1Password files exported from another
installation. The 1Password-utilities GitHub repository, which had scripts for importing from other services, is no longer maintained
We primarily tested 1Password’s experience on Android, Windows, and
Chrome (via the 1Password X extension). The apps look consistent from a design
standpoint, but aren’t the slickest we’ve seen. For example, we would like to
be able to change the app’s theme, something other password managers, including
Bitwarden, allow you to do. We did not experience any performance issues or
crashes during testing. The 1Password experience is largely the same across
platforms, but some have platform-specific options and features.
For example, 1Password supports Windows Hello unlocks. On the other
hand, 1Password’s macOS edition (and its mobile apps) enables you to use markdown formatting when composing notes. Markdown defines simple conventions
such as boldfacing words bracketed by asterisks and italicizing words bracketed
by underscores. Other features that were previously macOS-only, such as dragging
and dropping items between vaults, are now available on Windows.
There’s also the 1Password Mini app on Windows and macOS devices, which
is a minimized version of the full desktop app, albeit with less functionality.
Between the desktop apps and the web extensions, we don’t see much of a use for
this app. The 1Password X experience, which we discuss shortly, is much more intuitive.
If you want to open the mini app on Windows, click the icon in the
notification tray area or use the Ctrl+Alt+ keyboard shortcut.
On iOS and Android devices, you get full access to all your logins and
other saved data. Logins open in 1Password’s proprietary browser by default on
both mobile platforms, but you can enable autofill in other browsers. 1Password
supports alternative login options including TouchID or FaceID on iOS devices, as
well as fingerprint authentication and PIN codes for Android devices. You can use your iOS or Android device to enable 1Password’s TOTP authentication
feature, too. We like the option to choose a light or dark mode on the
Android app and hope that feature gets ported to the other platforms.
Note that there is a difference between 1Password’s companion app
extensions and the 1Password X extension for web browsers. 1Password offers
both extensions types for Chrome, Brave, Edge, and Firefox, plus the companion app
extension for Safari. However, the companion extension apps require the use of
the desktop apps, whereas 1Password X functions independently. Also, the many
keyboard shortcuts 1Password supports only work on the web with the combination
of the companion app extension and the desktop app.
If you are using 1Password with a Chrome OS or Linux-based device, you
need to use the 1Password X extension. Given that the extensions are largely
available for the same browsers, 1Password should get rid of the regular web extensions
where possible. The distinctions are confusing and I couldn’t even find the
non-X version of the extension in the Firefox or Edge Add-On stores; I
had to download it from the 1Password site.
Once you get set up with the correct app, the first thing you’ll notice
about 1Password is that it organizes everything into vaults. By default, it
sets you up with a Private vault, as well as a Shared one, if you sign up for
the family account. Think of vaults as a top-level way to organize your
passwords and credentials. For instance, you may want to create separate vaults
for your work and personal credentials and identities. Many password managers
let you organize your saved items into folders.
All the expected items such as logins,
secure notes, credit cards, identities, and passwords live within a vault. Each category gets
dedicated sections on the desktop, mobile, and web apps. If you add an item to any of those
categories, that category shows up in the side menu, too. You can also add a
lot of other items such as a driver’s license, passport, and social security
number. 1Password imposes a 1GB storage limit on individual and family accounts for uploads. These premade categories are helpful since they are customized to each
use case and allow you to add custom fields.
Instead of going the nested folder router as LastPass, Sticky Password
Premium, and a few others do, 1Password uses a tag system. It allows multiple
tags for each saved item and even nested tags. You can create these nested tags
by separating the levels with a backslash, for example, “EntertainmentMovies.”
However, while we could create and view nested categories on the Android and
desktop apps, the nested folders did not show up on the web interface. In the
above example, the full “EntertainmentMovies” category just showed up as a
top-level entry. We confirmed with our 1Password contact that nested tags are not supported on the web, but that they are on every other platform.
Notably, you can’t actually edit items from either extension
or the mini app; for that, you need to use the full desktop, mobile, or web
Capturing and Filling Passwords
1Password X displays a circular icon in any username or password entry
fields you encounter. You need to click this icon to get 1Password’s menu to
appear beneath those fields. It’s easiest to hit the Save in 1Password button
after you’ve typed in both the username and password, but 1Password is smart
enough to update an existing login entry with the password if you hit the
button after entering just the username. From 1Password’s menu, you can also
select identities or credit cards, as well as generate a new password. However,
you do not get all of 1Password’s password generation options here.
Password replay with 1Password has improved since our last review, so
long as you use the 1PasswordX extension. On sites for which you’ve saved login
credentials, 1Password shows you recommended credentials once you place your
cursor in the entry fields. Just click on the correct login to fill out the
Alternatively, if you are using the companion app extension and desktop
combo, use the Ctrl+ key combo to fill those saved credentials. Or right-click and select 1Password from the context menu to launch the mini
app and copy them from there. We recommend the first option. We tested 1Password’s
replay on both single- and two-page logins and did not find any problems with
either adding or replaying credentials.
Our 1Password contact previously pointed out that requiring user
interaction before filling passwords is a deliberate, security-related
decision. It eliminates the chance of a website snagging your credentials using invisible
RoboForm, LogMeOnce, Password Boss Premium, and most of the other
products of this type offer another handy way to use your saved logins.
Clicking the toolbar button displays a list of your saved sites, and clicking
one of them first navigates to the site and then logs in. 1Password does this
as well. You can navigate to sites from the extension’s menu or by using the
Just storing all your existing passwords in 1Password isn’t enough. You
need to find those old, weak passwords and update them to something strong and
unguessable. 1Password deliberately doesn’t attempt to automate the process of
changing passwords, for a variety of reasons. Chief among these, according to our
company contact, is the worry that a failure of automatic password updating,
perhaps due to a change in the website, could result in locking you out of your
account. Keeper’s developers avoid this automation for similar reasons, though
Keeper Password Manager & Digital Vault offers one-click filling of
standard password-change forms.
1Password does offer a password generator to help you create a strong
password when signing up for a new site or updating an existing one. However,
the experience is different on the web, Android, and Windows app. For instance,
on the web, 1Password defaults to 20-character passwords. On the desktop and
Android app, the default length is 24 characters.
We approve of long generated passwords—after all, you don’t have to remember
them. We appreciate services that generate long passwords by default. For
instance, Myki generates 30-character passwords by default.
Another difference between 1Password’s experiences are the defaults for generating passwords. On all platforms, 1Password defaults to
passwords that include capital and small letters, as well as digits. However,
the desktop app includes symbols by default, whereas the web and Android apps
do not. You can disable the use of digits and symbols if you hit a website that
doesn’t accept them, but the letters are always there. You can prevent
1Password from allowing ambiguous characters such as the digit 0 and capital
letter O too, but only when using the desktop app.
Using a random collection of characters makes a password strong,
meaning it’s extremely hard to crack. Another way to make a password strong is
to make it long. 1Password’s generator can churn out random collections of
words, separated by a hyphen, space, period, comma, or underscore. Again, the
available options differ depending on the platform. For instance, on the web,
the default is four words with no options to include a separator. On the
Windows apps, the default length is four words, but you can add or change the
separator. On the mobile app, the default length is five words, and in addition
to the separator options, you can opt to only include full words or
randomly capitalize some of the words. The main use we see for this feature is
when you must memorize the password, like the famed correct horse battery staple
example. For passwords that 1Password totally manages, stick with random
collections of characters.
Since you don’t have to remember these passwords, we suggest you let
1Password create the most diverse passwords possible, as suppressing them
shrinks the pool of possible random
passwords. We also would like 1Password to standardize the password
generation experience across platforms, since currently, the mobile app offers
the best experience from both a usability and password customization
standpoint. Changed passwords sync across platforms, so you don’t need to worry
about making changes from the mobile app.
Like Dashlane, LastPass, and most other commercial password managers,
1Password lets you store personal information for use in filling web forms. You
can create any number of identities, each of which includes personal data,
address information, and a variety of internet contact details. 1Password also
stores credit card information separately from identities.
Some fields, like name, address, and telephone, always appear. Click the red-circled minus icon in front of optional fields to remove them, if
you’re sure you’ll never use them. With the demise of AOL Instant Messenger,
there’s no point in storing an AIM screen name, for example, and few people
still use ICQ.
RoboForm Everywhere is the long-time master of form-filling and
includes uncommon options like the ability to have multiple instances of any
data field. 1Password doesn’t do that, but it does let you add custom fields.
When you navigate to a web form, most products offer to fill your
personal data. We tested 1Password’s autofill capabilities using RoboForm’s
identity filling test which lists a few dozen fields. Unfortunately, we found
that 1Password’s icon only popped up with form-filling choices some of the
time. If you get 1Password to fill details this way, you also have to approve the
filling via a browser pop-up notification.
The better solution is to click on the extension icon in the browser
toolbar, navigate to the correct identity, and click Auto-Fill. Alternatively, click Ctrl+ for a menu of available identities if you are using
the desktop and companion app extension combo. Either way, 1Password’s
form-filling capabilities work similarly to its password replay features; it
requires deliberate action.
Security and Sharing
All of 1Password’s security tools and reports live under a
dashboard called Watchtower. This feature is available on all platforms in some
form. We looked at this feature on the Windows app. Here, you see an
overview of your passwords’ strength, with results classified as excellent,
good, and terrible. 1Password also pulls out vulnerable (those that appear in a
database of exposed passwords), reused, weak, and expiring passwords. You can
also view passwords associated with compromised (known to be involved in a data
breach) or unsecured (don’t use HTTPS encryption) sites, as well as any that
support two-factor authentication but for which you haven’t enabled that
feature. 1Password also enables you to easily check your account email against
Keeper and Dashlane similarly report if any of your passwords were
possibly exposed by a data breach. Of course, although we can’t verify many of
these features by deliberately leaking account passwords, we do appreciate
Password sharing is available only in 1Password’s Family and Team
editions, and sharing is restricted to those users in your family or on your
team. You can’t share a password with just any fellow user either, the way NordPass, LastPass, and many others allow.
In addition, 1Password
does not include a mechanism for passing on your account to your heirs after
your demise, a feature called password inheritance. For family accounts, 1Password does let you designate several family organizers, so there is someone who can always recover the account, but this isn’t quite the same thing as inheritance, especially since this feature is only available on family accounts. Both LastPass’s and Keeper Password
Managers include a time-based element and automates the transfer of passwords, instead of just providing access to them.
Try Before You Buy
1Password smoothly syncs your passwords and personal data across all
your Windows, macOS, Android, and iOS devices, while handling all the expected
tasks of a password manager. The 1Password X extension brings your
passwords to any platform that supports Chrome, Edge, or Firefox. However, the
distinction between its various web extensions is confusing, sharing is not
available to standard users, and import options are very limited. If 1Password seems like it would work for you, sign up for its 30-day
trial; there’s a handy option to delete your account completely if it doesn’t
meet your needs.
Editors’ Choices Dashlane and Keeper both offer a wonderfully smooth
user experience, along with a significant collection of advanced features. For
instance, Keeper handles application passwords and Dashlane keeps receipts of
your online purchases. Both offer secure sharing and let you assign an heir to
inherit your account after your demise. LastPass and MyKi are our top choices
for free password managers, since they don’t compromise on capabilities.
|Import From Browsers||Yes|
|Fill Web Forms||Yes|
|Multiple Form-Filling Identities||Yes|
|Actionable Password Strength Report||Yes|
|Secure Password Sharing||Yes|
|Product Price Type||Direct|