For most people, a password manager must work on all your devices to be useful. 1Password recognizes that reality and gives you attractive apps to access passwords across multiple platforms. It also has excellent password organization systems, a data breach monitor, and multi-factor authentication. However, 1Password lacks a free service tier and a password inheritance system. It's a very capable app, but you may prefer our Editors' Choice winner, Bitwarden, which is free and provides high-quality, open-source password management.

How Much Does 1Password Cost?

For 1Password’s personal plan, you pay $35.88 annually (effectively $2.99 per month). This tier allows you to store an unlimited number of passwords and sync them across an unlimited number of devices. You can also share links to items in your vault with anyone. You get 1GB of encrypted storage, plus the ability to create and store notes, identities, and payment cards. You also get to use 1Password's Watchtower feature, which flags old, weak, and reused passwords so you can update them.

1Password’s Families plan costs $59.88 per year. This tier includes five licenses. You can add users for an extra $1 per month.

Although 1Password gives you a 14-day trial, it does not have a permanently free version. The company provides a free web-based password generator and a separate username generator, but a free 1Password app is not available. Competitors such as LogMeOnce, NordPass, Proton Pass, and Bitwarden all offer a fully functional free tier.

Getting Started With 1Password

1Password has Android, iOS, Linux, macOS, and Windows apps, as well as browser extensions for Brave, Chrome, Edge, Firefox, and Safari.

To start with 1Password, you create a strong master password, which should be both easy to remember and something that nobody else would guess. Alternatively, you can create a 1Password account using your Apple, Facebook, GitHub, Google, Microsoft, Okta, or X credentials instead.

The first time you open your vault, 1Password greets you with a pop-up showing your Secret Key. Hyphens separate this massive string of 34 letters and digits into seven blocks of varying sizes. Each time you add a new device or browser extension, you need this key.

To help you manage your Secret Key, 1Password prepares a download link for your Emergency Kit, a PDF containing your account email, Secret Key, and space for you to write down your master password. Print or save the document, fill in the master password, and stick it in a fireproof lockbox, store it digitally in a secured location, or both. You can download your Emergency Kit anytime from your account page on the web.

1Password sets you up with a Private vault and a Shared one if you sign up for the Families plan. Vaults are a place to organize your passwords and credentials at the highest level. For instance, you may want to create separate vaults for your work and personal credentials and identities.

After signing in to the web vault, follow the prompts to start using it. If you're switching from a different password manager to 1Password, the easiest way to do it is to import your existing passwords to your new vault. 1Password can import passwords stored from other 1Password accounts, Dashlane, KeePass, KeePassX, LastPass, RoboForm, Thycotic Secret Server, and from Chrome, Firefox, and Safari browsers. You can also import your iCloud passwords. It's a short list compared with Bitwarden, which includes importing instructions and prompts from more than 50 other commercial password managers. If your old password manager isn't on the list, you can upload a CSV file containing your credentials to 1Password instead.

If you plan to use 1Password's apps for desktop or mobile, the importing process on those platforms isn't entirely seamless. File imports have to go through the web vault, so you'll need to sign in using your browser.

After you import your old passwords, 1Password prompts you to download its browser extension. In the past, we've noted that 1Password has a top-notch tutorial that shows new users how to create new credentials. During our latest testing, we noticed the tutorial only appears after installing a browser extension. We did not see a tutorial prompt after installing the web app or 1Password for Windows, which seems like a missed opportunity to help new users get familiar with the app.

Data Privacy and Security With 1Password

Before reviewing and testing a password manager, PCMag sends a list of questions to the password management company inquiring about its privacy and security practices. Here are the questions and 1Password's responses.

Has your company ever had a security breach?

1Password has never had a security breach.

What unencrypted information does the password manager store in user vaults?

All 1Password vault data is end-to-end encrypted with AES-256-GCM symmetric keys. Encryption extends beyond just usernames and passwords to also include things like vault names, item titles, stored URLs, notes, and more – meaning someone who obtains encrypted vault data would have no way to guess what’s inside.

Encryption takes place on-device using secrets that only users have. No vault data is stored unencrypted, and 1Password team members do not have access to any of the data users store in their vaults.

What is the company's policy regarding master passwords?

1Password requires a combination of two keys—neither of which is ever seen (much less held) by 1Password:

• Key #1: Your chosen account password
• Key #2: The Secret Key–a 128-bit, machine-generated code that's mathematically infeasible to crack

Without both of these keys, your data is impossible to decrypt, thereby preventing criminals from making use of a copy of your vault data even if they do manage to gain access to it.

Credentials are never sent over the network. 1Password adds a unique additional layer of security known as Secure Remote Password (SRP). This allows 1Password to authenticate without sending keys over the network, mitigating that risk. It also guarantees that the 1Password app is communicating with a genuine 1Password server, not an impostor.

What is the company's policy regarding user data collection and data sales?

In June 2023, 1Password rolled out a custom, optional telemetry system that will help the company build a better 1Password product without compromising its commitment to protecting user privacy. This allows 1Password to have the highest degree of control and protection around its customer usage data. All encrypted vault data remains private and only accessible by the user. For example, all passwords or URLs stored in a private or shared vault cannot be seen by 1Password or measured in our telemetry system by the nature of our security design.

The 1Password telemetry system also requires users to consent to data collection, doing so by including an in-app prompt that prompts the user to choose whether they would prefer to keep telemetry on or off. Nothing gets collected until they’ve made this choice and users are able to change their preferences at any time. 1Password does not sell telemetry data to third parties as part of this initiative.

How does your company protect user data?

1Password user data is kept safe between:

1. 1Password’s differentiated security model
2. The fact that data stored in 1Password (including contents of users’ vaults, vault names, and stored website URLs) is end-to-end encrypted using secrets that only users have

How does your company respond to requests for user information from governments and law enforcement?

A representative provided a link to the company's policy regarding law enforcement requests. To summarize, 1Password cooperates with law enforcement when they make requests. The company cannot decrypt user's logins, passwords, or other saved items stored in their vaults.

Overall, we are satisfied with 1Password's answers and policies.

1Password's answers to the questions above match the company's privacy policy. We encourage you to browse the privacy policies for all apps to learn more about how companies collect, sell, or store user data. Decide how comfortable you are with data collection and how companies use your data and act accordingly.

1Password's Authentication and Security Features

After signing in and setting up your vault, we recommend enabling multi-factor authentication (MFA). You can access this menu by opening the web vault, clicking on My Profile, then selecting the three dots in the left menu. Choose Manage Two-Factor Authentication.

1Password can autofill time-based one-time passwords (TOTPs) for other services that support MFA, but you shouldn’t use it to manage your 1Password login. As 1Password says, doing so "would be like putting the key to a safe inside of the safe itself."

Security features included in a 1Password personal plan subscription are device-level auto-locking for your account, access to Watchtower features, and the ability to revoke access from specific devices from the Settings menu; and for an added fee, subscribers can use the Masked Emails feature. We explore the security feature highlights below.

Watchtower

Watchtower scans your logins to see if any appear in a data breach list and also tells you if you have reused or weak passwords. Watchtower features include MFA monitoring and item expiration alerts. Watchtower will let you know which logins support MFA for the associated website and remind you to set up authentication whenever you access the credential. Expiration alerts tell you if you have a credit card in the vault that is expired or expiring soon.

1Password's Watchtower is an area that could use some updating to make it more useful. Password hygiene alerts are a nice feature but pale in comparison with detailed reports generated by competitors like Dashlane and Proton Pass, which include data breach monitoring for users' email addresses. Proton Pass's Monitor even tells users which company exposed their data in a breach, what kind of data was exposed, and when the breach occurred.

Masked Emails

1Password and Fastmail teamed up to create a smart and valuable service integration for 1Password subscribers. Masked emails give users the option to create unique email addresses for their logins around the web. It effectively lets you avoid junk and spam emails in your real inbox. It's also helpful for figuring out which companies are leaking, selling, or sharing your contact information. You can switch masked emails on and off from within 1Password. The feature requires a Fastmail membership (starting at $6 monthly).

If you want temporary email access baked right into your password management app, check out Proton's Email Alias feature. It's pretty easy to use, and it's available as part of a free Proton Pass subscription.

Passkeys

1Password allows the creation and storage of passkeys in your web vault or a mobile device. To create a passkey using 1Password, visit a website that uses passkeys, such as Adobe or Google. Sign in using a username and password, then set up a passkey in your account settings menu. After completing the passkey setup, log out of the website, return to the sign-in screen, and choose Sign in with passkey. You can also create a passkey and use it to get into your 1Password vault. Right now, not all apps and websites are set up for passkey logins, so we encourage PCMag readers to continue creating and storing new and strong passwords for all websites they visit.

Hands On With 1Password

We tested 1Password's functionality using the Windows app, the iOS app, and the browser extension for Google Chrome. The apps are largely uniform in appearance across platforms and are easy to navigate. We like that there's a dark mode on the Windows app, but the iPhone app did not allow us to tinker with the display.

Credential Capture and Replay

1Password displays a circular icon in any username or password entry fields you encounter online, and it saves each entry as you create it. You can click the icon to get 1Password’s menu to appear beneath those fields if you need it.

1Password updates an existing login entry with the password if you press the button after entering just the username. From 1Password’s browser extension menu, you can also select identities or credit cards, as well as generate a new password.

On sites for which you've saved login credentials, 1Password shows you recommended credentials once you place your cursor in the entry fields. Just click on the correct login to fill out the fields. We tested 1Password’s replay on both single- and two-page logins and did not find any problems with either adding or replaying credentials.

Another handy feature of 1Password's extension is that you can just click on an entry to navigate directly to that site's login page. RoboForm and most of the other products of this type have this feature, too.

Password Generator

With just one click, you can create a Smart Password, which is 20 characters long, with numbers, letters, symbols, and mixed cases. If you want to make your password a little longer, choose Random Password from the dropdown menu.

We created the bizarre but memorable statement above using 1Password's web-based generator. The Memorable Password option creates a password of English words separated by hyphens. You can create passwords up to 15 words long and choose from various separators, including spaces, periods, commas, underscores, numbers, and symbols. You can also generate a PIN that is up to 12 numbers long.

Password Sharing

You can share your login information with anyone, even people who don't use 1Password. To share a password or another item from your vault, click the Share button in the options menu. You can then generate a link that expires after one view, one hour, one day, seven days, 14 days, or 30 days. You choose whether the link is available to anyone with the link or if the link is only for specific people.

1Password does not include a mechanism for passing on your account after your demise, a feature sometimes referred to as password inheritance. In the Families plan, 1Password lets you designate several family organizers, so in theory, there is someone who can always recover the account, but this isn't quite the same as an inheritance feature. Both Bitwarden and Keeper include options to give a trusted heir access to a personal vault in emergencies.

Storage and Form Filling

Like Dashlane, Keeper, and most other commercial password managers, 1Password lets you store personal information for use in filling out web forms. You can create any number of identities, including personal data, address information, and a variety of internet contact details. 1Password also stores credit card information separately from identities.

When you navigate to a web form, most products offer to fill in your data. We tested 1Password’s autofill capabilities using various US government websites, and the Chrome browser extension filled in the blank forms with ease.

We like that 1Password gives users 1GB of file storage, too. Bitwarden also gives 1GB of storage to premium subscribers. Keeper users can pay $9.99 annually for 10GB of storage.

1Password Mobile App Experience

We tested 1Password using an iPhone 14 Pro. Both the Android and iPhone apps give you full access to all your logins and other saved data. 1Password supports alternative login options, including TouchID or FaceID on iOS devices, as well as fingerprint authentication and PIN codes for Android devices. You can use your iOS or Android device to enable 1Password's time-based one-time password authentication feature, too.

The home screens for the mobile apps are user-friendly and customizable. You can hide or reorder your preferred credentials on the home screen and pin items from your vault for quick access. For example, if you need fast and frequent access to a credit card number stored in your vault, you can press and hold the field until the option to pin the item to your home screen pops up. Once pinned, the (hashed) credit card number appears at the top of your screen, and you can copy the number to your device's clipboard with just a tap.

1Password's Business Options

Business users have a new option for password management: 1Password Teams Starter Pack. Small business owners should check it out because it includes many of the features found in the premium business password manager, such as vault sharing and access to Watchtower, but for $19.95 monthly for up to ten team members. Businesses seeking integrations with other software and single sign-on capabilities can set up a 1Password Business account, which starts at $7.99 per person per month.

1Password’s business tools make sharing credentials securely between team members a priority. Each employee has access to a vault, and they can share individual passwords with other employees or outsiders using a private link. You can control access by setting the expiration to one view, one hour, one day, seven days, 14 days, or 30 days.

Like Dashlane and Zoho Vault, 1Password Business supports single sign-on. Business accounts also include integrations with popular software such as Azure AD, Google Workspace, and Okta. As mentioned above, Teams accounts do not include SSO capabilities or provisions for working with other business software like Okta or OneLogin.

You can keep track of your employees’ password health by encouraging them to use the Watchtower feature at all business subscription levels. Administrators for 1Password Business accounts can also create individual usage reports for employees to see what credentials they are using.

Each business account includes a free Families account for every employee to encourage healthy password habits. When an employee leaves the company, they can unlink the Families account and continue the subscription at their own expense.

1Password's Customer Support Options

We recently began examining the customer support options that password managers have at different subscription levels. We also look into how easy it is to cancel your subscription and remove the app from your devices.

Customer Support for Personal Accounts

1Password does not have phone support for non-business plan subscribers. Instead, Personal or Family plan users must visit the 1Password support website. There, customers can ask questions via an AI-powered chatbot or send messages to the 1Password support team. Don't want to troubleshoot via articles or banter with a bot? All subscribers can get support by emailing support+security@1password.com.

Is Deleting Your 1Password Account Easy?

In testing, we didn't have any trouble canceling our trial subscription to 1Password for Families. If you have a paid subscription and want to cancel it without deleting your data, you can do so from the Billing menu. Canceling your subscription freezes your account, so you can't add new passwords, fill in forms, invite new family or team members, or edit items, but you can still view all your credentials.

If you want to completely delete your account, visit your 1Password account page on the web, scroll to the bottom, and click Permanently Delete Account to start the process. In testing, account deletion was quick and painless. Before shutting down your account, we recommend saving your credentials as a 1Password file and a CSV file.

Verdict: 1Password Is Smooth, But Not Seamless

1Password syncs your passwords and personal data across all your devices while smoothly handling many of the tasks we expect of a password manager. It's easy to use, has well-organized apps, and is reasonably priced. That said, credential importing is a bit clunky and there's no password inheritance system for personal accounts, so we see room for improvement. Our Editors' Choice winner in the password management category is Bitwarden because it provides free password management along with helpful features.