- Nice user interface
- Apps for Mac, Windows, iOS and Android
- Secure authentication method for adding new devices
- Web browser extensions for most browsers
- One-time password support
- Ambiguous pricing structure
- Non-automatic password replay
- Limited import options
It’s nice to be creative and come up with a new password for each new login, but why would you waste your creativity on passwords when there is an app for that? Since 2006 Canada-based company AgileBits, developers of 1Password, has been seeking to serve this ever-growing demand for new, secure passwords generation and storage, while keeping the management of all this convenient. Since its inception, 1Password has grown from a simple password manager for Mac to a fully featured service that is available on the most popular platforms and browsers. Its two-factor identification feature and seamless synchronization across devices make this password manager a must-have for everyday use and can be had for as low as $2.99 per month. But before you take out your credit card, 1Password also offers a 30-day free trial to test the software yourself.
1Password Video Introduction
By signing up for 1Password the door is opened to a set of convenient features that will help manage and secure your digital life. It could become the one and only app to securely store all the credentials of your digital identity, since 1Password can safely hold account details for any of the following: bank accounts, databases, driver’s licenses, email accounts, memberships, national insurance numbers, outdoor licenses, passports, rewards programs, servers, wireless routers, logins, secure notes, credit cards, identities, passwords or software licenses. The software creates vaults, and it’s in these where all these different items can be stored. A family or team account enables users to share items with each other, where those in charge of the account can create vaults, share them, and manage permissions. And with the Travel Mode feature, certain vaults can be removed from specified devices so that they won’t appear.
It’s possible to import your credentials from a web browser or another, competing password manager to store your credentials in 1Password. The software can pull data from Dashlane, LastPass, SplashID, and RoboForm, but it’s also able to import a CSV file. This list is much less than LastPass’ ability to import from more than 30 competing products. Moving passwords from other apps requires a 1Password utility that is developed by an outside party, which is cumbersome to handle and, in our testing, wasn’t able to convert the CSV file we exported from Firefox to convert to 1Password’s 1PIF format.
Like every password manager, 1Password’s web browser extensions track entered account details and offer to save the data. During this step the credentials can be given a user-friendly name, one or more tags, and you have choice to pick the vault 1Password should save the new details to. It’s useful to have at least two vaults – such as Personal and Work – in order to differentiate between the two.
The basic expectation of a password manager is to recall account credentials whenever needed. Unfortunately, this isn’t quite as automated compared to competing products such as Sticky Password. When revisiting a website for which login credentials have already been saved, 1Password won’t fill the fields without your input, requiring either a click of the 1Password button in the browser, selecting the desired site from the Logins screen or using the specific keyboard shortcut on the sign-in page. The login process can only be automated if you use the app first and then hit the “Open and fill” button. That will launch your default web browser, visit the site and log you into the selected site.
The Use of the Extension for Password Auto-Fill
While the core feature of any password management software is its ability to store your password, these days that just isn’t enough. A password generator is typically added to help create unique passwords and update those old and weak ones. 1Password’s included password generator can be handily accessed via both the software itself or its browser extension, and allows for complete customization of every aspect of the newly generated password. This means everything from the password’s length (with a default of 24 characters) to a specified number of included digits or symbols can be altered to your preference, even with the added bonus of being able to choose to separate different words with punctuation. This offers a convenient way to customize your passwords so that they meet the technical specifications that differ from site to site. For example, some websites won’t accept words separated by hyphens, special characters or the like.
A unique feature of 1Password, however, is its ability to streamline logging into sites that have two-factor authentication enabled, such as Tumblr or Dropbox. When saving the login, another label dubbed as “one-time password” can be added. A helpful support document (or video) explains how this feature is activated and, once done, the next time you log in via two-factor authentication will be much quicker due to the one-time password being saved on the clipboard ready for pasting into the necessary field. It’s a very simple and useful addition, one that eliminates the need for two different tools.
Apps and Browser Extensions
Before it switched over to a subscription-based model, AgileBits made it difficult to sync stored passwords across multiple devices due to the requirement for individual licenses for every device you intended to use the software on. Now that it is possible to subscribe to 1Password, it has become much simpler and easier to sync your information across the whole spectrum of platforms, whether that’s Windows or Mac, iOS or Android. Data is automatically stored in AgileBits cloud servers, so even if you use any number of the major browsers – Safari, Firefox, Chrome, or Opera – your data will all be helpfully stored in one place regardless of which platform or browser is being used at any given time.
Those who choose to opt for an individual license rather than the subscription can instead sync the data by iCloud, Dropbox, while the privacy conscious might want to use a WLAN server so the data won’t leave your local network and, as such, remains protected. Another solution is to use a local folder on your Mac in which a copy of a local vault is kept, but the folder won’t be synced with other computers so a solution to do so will need to be figured out.
The setup process requires a few steps but is very simple and straightforward, which all begins with creating an account on 1Password’s website. Once done, 1Password will generate something they call a “Secret Key”, a string of 34 characters organized into seven blocks of different sizes. This key is needed each and every time you sign in on a new device or through a web browser, but fortunately it’s not necessary to remember because the setup wizard will provide an “Emergency Kit” that contains the key and other account data, meaning you can print it out and keep it safe. It is still necessary to memorize the master password, however, which you must create after the Secret Key is generated.
From that moment on it’s simply a case of adding the browser extensions, downloading and installing the software onto your devices (Mac, Windows, iOS or Android). Things are sped up somewhat with the mobile apps, which use a QR code to fill in your information. For a better 1Password experience it’s worth installing the browser extensions alongside the programs, since the web interface – as pleasant as it is – is inconvenient without the apps.
Security and Privacy
Since 1Password has all the features to become the one-stop security safe to store all the data of your digital life, it’s important to know what measures AgileBits developers apply to protect your data. 1Password features end-to-end encryption, which means your data is encrypted while in transit as your devices are synced. The data is protected by AES-GCM-256 authenticated encryption and, in addition, uses PBKDF2-HMAC-SHA256 for key derivation, which makes it harder for someone to repeatedly guess your master password. It’s worth mentioning that your master password is never stored within 1Password or transmitted over the network. It is instead saved in the iCloud Keychain, although obfuscated, if you choose to enable biometric authentication on a Mac or iOS device.
1Password uses Amazon Web Services (or AWS) to host 1Password for Teams. However, if you aren’t using a membership, you can protect your data by keeping it within the local network by setting up a WLAN server.
Whenever you make the switch to a password manager such as 1Password, often there will be a security check of your old passwords that you’re already using. A neat feature of 1Password is Watchtower that, when turned on, will display a complete list of all vulnerable passwords and a red vulnerability banner will prompt you to change the password.
Watchtower is part of the security audit section, which also offers a quick overview of your “password estate” and lists weak and duplicate passwords as well as denoting how old each password is. That’s a neat addition, since it is common knowledge that everyone should change their passwords from time to time.
AgileBits runs a bug bounty program offering up to $100,000 for a serious security vulnerability found in the 1Password software.
With 1Password 5, AgileBits switched its pricing structure to a subscription-based model, though it is still possible to buy an individual one-use license.
There is a big difference between the two, though. The 1Password individual membership – which costs as little as $2.99 per month or $35.88 per year – includes the option to seamlessly sync your data across all devices the software is used on. The price increases to $4.99 per month or $59.88 billed annually for 1Password Families, enabling access for up to five people with additional members being added for $1 each.
Those looking to purchase a license can buy one for Mac for $64.99 or unlock the Pro features in iOS or Android for $9.99. Updates for users who access 1Password through a paid-license model rather than through a subscription will have access to the majority of the updates to the software, but some upgrades – typically between major numbered releases – will require an additional payment.
The major drawback of this is that it isn’t a lifetime license, and the features included as part of a subscription – such as seamless syncing on all devices, web access, multi-factor authentication, account recovery and secure remote passwords – are not available to those that purchase a standalone license. Regardless of the method chosen AgileBits accepts payment via any of the major bank cards such as Visa, Mastercard and American Express.
Getting started with 1Password is simple thanks to the nice, clean user interface of both the app and your online account. If you run into an error message or don’t find an answer to your question in the support articles covering most of the topics, it’s easy to get in touch with the team. Just choose your preferred method: email, Twitter or the 1Password support forum. It doesn’t matter which solution you pick, your question will get an answer quickly since the 1Password team communicates very well and very fast. We chose the email route, and we received an answer within a few hours of sending out the message. But 1Password is also very active on Twitter, while the support page’s search field is very handy too since it uses keywords to find and list any relevant support articles and videos – making it much faster to find an answer than scrolling through a list of articles based on a number of various topics.
Since 2006, 1Password has sought to solve your password problems and its list of features is getting longer all the time. However, the move from one pricing structure to another has confused matters somewhat, since AgileBits is now pushing the subscription-based plan instead of the individual licenses and, as such, it has limited the features of the latter to only the basics.
The subscription-based model provides seamless syncing across all devices, web access and vault, and sharing of credentials, all of which are not present in the license-based equivalent. The sleek user interface, easy-to-understand controls, and built-in security features make 1Password an excellent choice, though the password replay is a solely lacking feature.