In a recent data breach, you might have got your password leaked due to its weak password. But even though a strong password is very important for one’s internet security, not many people can memorize several strong passwords. With this difficulty in mind, 1Password wants to help you manage and protect all your passwords and other important data . To test this, I decided to try out 1Password to see what its weaknesses and strengths are.
After extensive testing, I concluded that 1Password is a user-friendly and effective password manager. It helps one to save, use and manage their passwords from any device. 1Password also lets you save important information, such as credit card details, social security numbers, notes, databases, bank details and more in a secure vault.
You can test 1Password completely risk-free with its 14-day free trial. With it, you can try all its features, get full access to the service and efficiently manage your login credentials. Now we take a closer look!
1Password offers military-style features
1Password doesn’t mess around with its security measures. It uses industry standard encryption, AES-256 bit , and advanced security protocols to keep your passwords and other information safe.
It was nice to see that the information I save in my 1Password vault is end-to-end encrypted . This means that the service does not know what you save in the vault and that you are the only one who has the key to decrypt the stored information. To encrypt your data, 1Password lets you create a “master password” that only you know.
Furthermore, 1Password ensures that even when the password is transmitted to the server, it is protected with Transport Layer Security (TLS) and Secure Remote Password (SRP) , giving you an extra layer of encryption. Here is a summary of all its security features.
AES-256 bit encryption
1Password ensures users’ data is protected with AES-256 bit encryption, which banks and military organizations use to protect data. I didn’t have to worry about hackers or cybercriminals stealing my passwords.
Master password and secret key protection
1Password ensured that I got double security for my data . It required me to create a master password that only I knew. The app also generated a secure key on my device when I signed up. This secret key is used in combination with the master password to encrypt and decrypt my data. Something I really liked was that I was automatically guided through different layers of security checks and authentication, so my data wouldn’t end up in the wrong hands.
1Password also generated an emergency PDF containing my secret key, while saving said key on the device I signed up with . It ensures that I have a backup of the secret key offline. A combination of my master password and the 34-character secret key is required to access my data. So even if someone has one of these (not both), it’s not enough to access my vault.
Brute force protection with PBKDF2
1Password uses a key derivation feature that protects your account against brute force attacks. When you create your master password, 1Password uses an algorithm, or cipher, to generate a key used to encrypt and decrypt your data. Hackers then use special hardware and software to test their way to passwords, which is called a brute force attack (or dictionary attack).
However, 1Password uses PBKDF2 to generate keys that are resistant to dictionary attacks. Your account password and its “salt” (a random addition) are passed through PBKDF2-HMAC-SHA256 with 100,000 iterations. This means that even hackers with sophisticated computing power (using millions of guesses) cannot decrypt your encrypted data in the first place.
Secure input and auto-lock
1Password claims to protect input fields against keyloggers, but I found that not quite true . Keyloggers are computer programs that can record every keystroke made on the computer. These programs can be used to find out what you type, including your passwords.
On its website, 1Password claims that it “protects your data from keyloggers” and that “1Password uses secure input fields to prevent other tools from seeing what you type in them, including your master password.”
I tested this myself by installing a keylogger on my Windows PC and checking if the keystrokes were logged. Unfortunately, all my inputs were recorded in the 1Password app, including my master password. I contacted 1Password about this, and the support rep claimed it was a miscommunication, and that 1Password doesn’t protect already vulnerable devices.
I find that a troubling response, since 1Password’s website clearly claims that it protects users from keyloggers. The answer made me wonder if there are other things 1Password isn’t completely honest about.
On the bright side, however, 1Password regularly deletes information stored in one’s clipboard. Therefore, if someone gains control of your device, they cannot access the information in the clipboard . 1Password protects against clipboard tools that try to exploit the data in the clipboard by deleting the information every 90 seconds.
To ensure that no unauthorized persons gain access to the vault, the 1Password app automatically logs you out after ten minutes of inactivity . One can even adjust the time frame of this automatic lock; you can choose anything from a minute to an hour, or “never” if you want to disable the auto-lock function completely. I set the time to five minutes, and the feature worked perfectly by logging me out. You can also conveniently unlock the 1Password app with your fingerprint on Mac with Touch ID, iPad, iPhone and Android.
Protects data sent using TLS and SRP
1Password protects your data as it is sent from your device to its server using TLS and Secure Remote Password (SRP) protocols . This way, you get an additional layer of security that protects your data (and passwords) from being intercepted by hackers in transit. Another thing that impresses about 1Password is that it only works with trusted browsers. Thus, it does not hand over your data to browsers that someone has tampered with.
Two-factor authentication (2FA)
1Password also provides other important security features. It supports websites that have two-factor authentication (2FA). You can use Authy or Microsoft Authenticator to activate your login in the 1Password app. 1Password also lets you check if websites support 2FA and then store the authentication codes in 1Password.
It was nice to see that 1Password asked for my confirmation to fill out forms on websites . This is to avoid websites that use invisible forms to steal your information. 1Password also protects you against phishing attacks, which build cloned websites to steal data.
I tested this by saving my login credentials for the Facebook domain and then going to the Yahoo site, where I tried to autofill the login field. 1Password didn’t populate the login fields because there were no login credentials for the Yahoo domain saved in my vault.
Integrity – Uses open source data formats
1Password is designed with privacy in mind. Your account password and the data stored in your vault are private and end-to-end encrypted. 1Password uses two open source data formats: OPVault and proprietary Agile Keychain. It ensures that your data is securely protected on the server side and that anyone can review the security architecture. These open data formats are the same type used by Apple’s iCloud and Dropbox.
The company is also working on “Privacy” – a third-party app that lets you create privacy cards, or virtual cards that hide real credit card information when shopping online.
Several independent reviews of 1Password have been conducted in recent years . It has been reviewed by Cure53, AppSec, Bugcrowd, CloudNative, Nvisium, Onica and Independent Security Evaluators (ISE). 1Password is SOC 2 Type 2 certified. This means that it handles data in a secure manner to protect customers’ interests and privacy. However, we would have liked to see 1Password become ISO 270001 certified, just like Keeper, for better management practices for its digital vault.
Functions of 1Password
Multiple customization options
1Password makes password management easy . In addition to its strong encryption and security protocols, 1Password has unique features that set it apart from the competition. It includes data storage, data sharing and data security. Some of the exciting features that 1Password has are customizable vaults, Watchtower and travel mode.
Several vaults
With 1Password, you can create several vaults to save your data in . A selected one is like a database or file folder with all one’s data. I created and categorized multiple vaults as Personal, Work, Finance, Health and others. 1Password also has an interesting feature in the iOS app. It allowed me to create “standalone vaults” that were not available on other devices.
One can store different types of data in one’s vault. I was able to create, edit and store information such as logins, passwords, notes, medical records, social security numbers, identity details, bank account details and software licenses . I was also able to create API credentials, save passport credentials, databases, email, server access information, private crypto keys, and a copy of my driver’s license. All one needs to do to add a password or sensitive information is to click the “New item” button in the upper right corner of the desktop app.
1Password also allows you to create “shared” vaults that only authorized people can access . I created a shared vault for my family in our tests and gave three members access. It was nice to see that all the information in the vault was encrypted with AES-256 bit encryption.
WatchTower
Watchtower is 1Password’s security alert system. It warns one about weak passwords, reused passwords, passwords leaked in data breaches and vulnerable passwords . It also notifies you of credit card, driver’s license, ID card and passport expiration dates. This information is checked locally on your device.
Watchtower’s data breach monitoring is constantly updated to keep track of the latest breaches . 1Password pulls data from haveibeenpwned – a website that collects databases of leaked passwords from previous breaches. Although Watchtower didn’t flag any of my previously leaked passwords, the haveibeenpwned database did show them.
Travel mode
1Password’s Travel Mode is designed to help people hide sensitive information when crossing borders . It’s useful for journalists, researchers, political refugees, and people who simply want to keep sensitive information private.
Travel mode automatically hides all of your vaults in your 1Password account, except for those you’ve marked as safe for travel . You can only enable travel mode from your 1Password web account. To test it, I logged into my account, navigated to my profile and enabled the travel icon under “Travel Mode”.
1Password has several easily configurable features that kept my passwords secure seamlessly. My only concern is that there is no way for me to recover my master password if I forget it . 1Password expects you to print the “emergency kit” – a document that is generated when you create an account. It contains one’s secret key, login address, email address and a box to fill in one’s own password with pen.
If you have a Family, Teams, or Business account, 1Password allows the account owner or an admin to log in and create a password reset link. This link is sent to one’s email and allows one to create a new password to regain access to the 1Password account.
Overall, 1Password makes password management a seamless experience. It is very easy to use the apps, import passwords, protect login details and share passwords with other users. My favorite feature of 1Password is its travel mode, which allows me to hide sensitive data and vaults when I travel.
Easy to install and get started
It was easy to install and start using 1Password . After signing up for the free trial, I created my master password and logged into my 1Password account. Once logged in, the dashboard presented a user-friendly interface, with the vault and a welcome message that helped me get started with the app. It took less than five minutes to sign up, download the app and start using it.
It also took less than a minute to import data into my 1Password account. 1Password supports importing CSV files . So after exporting my passwords saved in the Chrome browser, I went into my user account on the 1Password web platform and imported my passwords. 1Password also lets you import data from other password managers, such as Dashline, iCloud Passwords, KeePassX, Thycotic Secret Server, RoboForm, and other 1Password accounts.
Units
1Password works with many popular devices and has cross-platform support . I tested it on my Windows PC, Android and iOS. 1Password also works on macOS, ChromeOS, Linux (distributions Ubuntu, Debian, Linux Mint, Fedora, CentOS, RHEL, openSUSE) and the command prompt. It has a browser extension for all popular browsers, such as Chrome, Firefox, Edge and Safari, which automatically connects to 1Password X – the web version of the software.
If you’re on the go and need to save or use a password quickly, 1Password’s Android and iOS apps come in handy. Once I downloaded the app to my phone, all I had to do was scan the QR code in my emergency kit and enter my master password to get started . The iOS app asked if I want to enable Face ID login. The Android app also worked seamlessly. After logging in, I was able to navigate through the features and add as well as edit the information in my vault.
Both apps are easy to use and intuitive, with features categorized into four menus: Favorites , Categories , Tags and Settings . The category menu shows usernames, passwords and other items saved in the vault. The settings tab allows one to make changes to the app, create new vaults, enable security options and more.
Support
1Password only has a few support options. It has a very detailed knowledge base with many articles and FAQs. It includes step-by-step guides for all supported devices as well as troubleshooting tips.
If you need an answer directly from a support representative, 1Password offers fast email support. I emailed support with a few questions and got a response in less than ten minutes. The answer addressed all my questions and suggested a way to solve the problems.
Pricing
1Password offers a lot of value in its services . There are four plans: Personal, Families, Teams and Business, and all are charged per year. Apart from the Business plan, all offer 1 GB of storage space. You can only pay for the service with your credit/debit card or a 1Password gift card.
1Password The Personal plan is the cheapest. It supports one user per account, but works with an unlimited number of devices. It provides access to the ability to create multiple vaults, unlimited passwords, travel mode, two-factor authentication, 1GB storage, password sharing, deleted password recovery, and 24/7 email support, and works on popular devices.
The Families plan supports five users, with all the features of the Personal plan, allowing one to add more members to an existing account. It also supports access control and allows all members to help each other regain access to the account if they get locked out.
The Teams plan has all the features of the Personal and Families plans, as well as Duo integration, for enterprise-wide multi-factor authentication and 1 GB of storage per user. The Business plan has all the features of the previous plans, VIP support, 5 GB storage per user, 20 guest accounts, activity logs, usage reports, custom roles and custom groups.
Free trial for 14 days
Although 1Password doesn’t have a free plan, it does offer a 14-day risk-free trial to let one get familiar with the service. You have to enter credit card details to sign up, but you won’t be charged until the 14-day trial is over.