[ad_1]
For most people, a password manager must be available on all of their devices to be useful. 1Password recognizes that reality and offers apps for Windows, macOS, Linux, Android, and iOS. It also has one of the best password organization systems and supports two-factor authentication. However, 1Password lacks a true password inheritance feature, has lackluster import options, and limits password sharing to family plans.
How Much Does 1Password Cost?
For 1Password’s standard edition, you pay $35.88 per year (effectively $2.99 per month). This tier allows you to store an unlimited number of passwords and sync them across an unlimited number of devices. You also get 1GB of encrypted storage; the ability to create and store notes, identities, and payment cards; and 1Password’s Watchtower password security toolset.
1Password’s family plan costs $59.88 per year. This tier includes five licenses, along with the ability to share passwords within your family (and with up to five guests). You can add users for an extra $1 per month. Keeper Password Manager & Digital Vault has a similar family plan that features five licenses plus 10GB of secure online storage. Businesses can set up a 1Password team account, starting at $3.99 per user per month.
For comparison, Dashlane starts at the same price of $35.88 per year, but this tier limits you to syncing with two devices and does not provide any encrypted storage. LastPass Premium is $36 per year and Sticky Password is $29.99 per year.
Although 1Passwords offers a 14-day trial, it does not have a permanently free version. This is problematic since our favorite free password managers, such as MyKi and Bitwarden, match many of 1Password’s capabilities.
Getting Started and Logins
To sign up for a 1Password account, you start by entering your name and email address. Next, you enter a verification code that 1Password sends to your email. You don’t need to provide your credit card info upfront for a trial, which we appreciate.
Next, you create a strong master password. As always, this should be something that’s easy to remember, but nobody else would guess.
Before you dive into the interface, however, 1Password greets you with a pop-up that displays your Secret Key. This massive string of 34 letters and digits is separated by hyphens into seven blocks of varying sizes. Each time you add a new device or browser extension, you need this key.
To help you manage your Secret Key, 1Password prepares a download link for your Emergency Kit, a PDF containing your account email, Secret Key, and space for you to write down your master password. Print or save the document, fill in the master password, and stick it in your fireproof lockbox or store it digitally in a secured location. You can download your Emergency Kit at any time from your account page on the web.
With your account finalized, it’s time to set up 1Password’s apps. You do need the Secret Key for each installation, but you don’t necessarily have to type it. After installing the app on an Android or iOS device, for example, 1Password allows you to snap a QR code that fills in all your information except the master password. If you’re installing one of 1Password’s desktop apps, copy that QR code to the clipboard for import, tell 1Password to find the QR code on-screen, or scan it from an image.
If your activated device gets lost or stolen, a thief would still need your master password to access your credentials. But for total security, log into the web console, click My Profile, and deactivate the stolen device. Now that same thief would need both your master password and Secret Key to gain access.
1Password supports both app- and U2F key-based two-factor authentication, which is a beneficial extra layer of security. We wholeheartedly recommend you enable two-factor authentication, since you can never be too cautious about protecting access to a password manager that potentially houses credentials for vital financial, medical, and other important services.
To enable two-factor authentication, log in to your account online, click your name at top right, and choose My Profile > More Actions > Turn On Two-Factor Authentication. 1Password requests your master password at this point. Scan the displayed barcode with your authenticator app enter the resulting six-digit code, and you’re done. Now logging in to 1Password will require both your master password and a time-based one-time password (TOTP).
You need to set up an app-based method before 1Password lets you set up a U2F key, such as from YubiKey or Titan. These keys can be your second factor on 1Password’s website or for the Android or iOS apps.
1Password can autofill TOTPs for other services that support two-factor authentication, but you shouldn’t use it to manage your 1Password login. As 1Password says, doing so “would be like putting the key to a safe inside of the safe itself.”
Importing Passwords
The easiest way to switch from one password manager to another is to import the existing product’s passwords. 1Password can import passwords stored from other 1Password accounts, LastPass, Dashlane, and RoboForm, plus from Chrome, but that’s it for direct import. If you’re moving from a different password manager, you must export the data to a CSV file and format it according to the instructions in 1Password. LastPass and KeePass can import from far more competing products.
To use the import feature, you must log in to your 1Password account online. The local app can only import 1Password files exported from another installation. The 1Password-utilities GitHub repository, which had scripts for importing from other services, is no longer maintained.
1Password’s Apps
We primarily tested 1Password’s experience on Android, Windows, and Edge. The apps look consistent from a design standpoint, but they aren’t the slickest we’ve seen. For example, we would like to be able to change the app’s theme, something other password managers, including Bitwarden, allow you to do. We did not experience any performance issues or crashes during testing, however, and the design of the new Linux app points to future improvements. The 1Password experience is largely the same across platforms, but some of the versions do have platform-specific options and features.
For example, 1Password’s Windows app supports Windows Hello unlocks. On the other hand, 1Password’s macOS edition (and its mobile apps) enables you to use markdown formatting when composing notes. Markdown defines simple conventions such as boldfacing words bracketed by asterisks and italicizing words bracketed by underscores. The macOS app also allows you to unlock your vault with your Apple Watch and supports M1 silicon, too. Other features that were previously macOS-only, such as dragging and dropping items between vaults, are now available on Windows.
1Password’s native Linux app is available for all the most popular distros. The service joins several other password managers that have native Linux apps, including Bitwarden, Enpass, and NordPass. Notably, this version of 1Password includes features not currently available on other platforms, including a new Watchtower dashboard, a sleeker design, secure file attachments, improved search tools, and more transparent sharing options.
There’s also the 1Password Mini app on Windows and macOS devices, which is a minimized version of the full desktop app, albeit with less functionality. Between the desktop apps and the web extensions, we don’t see much of a use for this mini app. If you want to open the mini app on Windows, click the icon in the notification tray area.
With the Android and iPhone apps, you get full access to all your logins and other saved data. Logins open in 1Password’s proprietary browser by default on both mobile platforms, but you can enable autofill in other browsers. 1Password supports alternative login options including TouchID or FaceID on iOS devices, as well as fingerprint authentication and PIN codes for Android devices. You can use your iOS or Android device to enable 1Password’s TOTP authentication feature, too. We like the option to choose a light or dark mode on the Android app and hope that feature gets ported to the other platforms. A recent update to the 1Password Android app incorporated new features from Android 11, including better permissions management and autofill integrations with the keyboard.
Since the time of our last review, 1Password has evolved its approach to browser extensions. In the past, 1Password offered two versions: one that was dependent on the desktop app and one, called 1Password X, that could function independently. The extension that works independently of the desktop app is now the default and no longer has the X nomenclature. The latest version of the extension supports a dark mode, allows for authentication via Windows Hello or Touch ID, and includes a more transparent password-saving experience.
You can still download the other version of the extension for your browser of choice, which 1Password refers to as the classic extensions, but we’re not sure why anyone would prefer this option.
Password Organization
Once you get set up with the correct app, the first thing you’ll notice about 1Password is that it organizes everything into vaults. By default, it sets you up with a Private vault, as well as a Shared one, if you sign up for the family account. Think of vaults as a top-level way to organize your passwords and credentials. For instance, you may want to create separate vaults for your work and personal credentials and identities. Many password managers simply let you organize your saved items into folders.
All the expected items such as logins, secure notes, credit cards, identities, and passwords live within a vault. Each category gets dedicated sections on the desktop, mobile, and web apps. If you add an item to any of those categories, that category shows up in the side menu, too. You can also add a lot of other items such as a driver’s license, passport, and social security number. 1Password imposes a 1GB storage limit on individual and family accounts for uploads. These premade categories are helpful since they are customized to each use case and allow you to add custom fields.
Instead of going the nested folder router as LastPass, Sticky Password Premium, and a few others do, 1Password uses a tag system. It allows multiple tags for each saved item and even nested tags. You can create these nested tags by separating the levels with a backslash, for example, EntertainmentMovies. However, while we could create and view nested categories on the Android and desktop apps, the nested folders did not show up on the web interface. In the above example, the full EntertainmentMovies category just showed up as a top-level entry. We confirmed with our 1Password contact that nested tags are not supported on the web, but that they are on every other platform.
Capturing and Filling Passwords
1Password displays a circular icon in any username or password entry fields you encounter on the web. You need to click this icon to get 1Password’s menu to appear beneath those fields. It’s easiest to hit the Save in 1Password button after you’ve typed in both the username and password, but 1Password is smart enough to update an existing login entry with the password if you hit the button after entering just the username. From 1Password’s browser extension menu, you can also select identities or credit cards, as well as generating a new password. However, you do not get 1Password’s password generation options here. For this you need to open the web vault or desktop app.
Password replay with 1Password has improved since our last review. On sites for which you’ve saved login credentials, 1Password shows you recommended credentials once you place your cursor in the entry fields. Just click on the correct login to fill out the fields. We tested 1Password’s replay on both single- and two-page logins and did not find any problems with either adding or replaying credentials.
Our 1Password contact previously pointed out that requiring user interaction before filling passwords is a deliberate, security-related decision. It eliminates the chance of a website snagging your credentials using invisible login forms.
Another handy feature of 1Password’s extension is that you can just click on an entry to navigate directly to that site’s login page. RoboForm, LogMeOnce, Password Boss Premium, and most of the other products of this type offer this feature, too.
Password Generator
Just storing all your existing passwords in 1Password isn’t enough. You need to find those old, weak passwords and update them to something strong and unguessable. 1Password deliberately doesn’t attempt to automate the process of changing passwords, for a variety of reasons. Chief among these, according to our company contact, is the worry that a failure of automatic password updating, perhaps due to a change in the website, could result in locking you out of your account. Keeper’s developers avoid this automation for similar reasons, though Keeper Password Manager & Digital Vault offers one-click filling of standard password-change forms.
1Password does offer a password generator to help you create a strong password when signing up for a new site or updating an existing one. However, the experience is different on the web, Android, and Windows app. For instance, on the web, 1Password defaults to 20-character passwords. On the desktop, the default length is 24 characters.
We approve of long generated passwords—after all, you don’t have to remember them. We appreciate services that generate long passwords by default. For instance, Myki generates 30-character passwords by default.
Another difference between 1Password’s experiences are the defaults for generating passwords. On all platforms, 1Password defaults to passwords that include capital and lowercase letters, as well as digits. However, the desktop app includes symbols by default, whereas the web and Android apps do not. You can disable the use of digits and symbols if you hit a website that doesn’t accept them, but the letters are always there. You can prevent 1Password from allowing ambiguous characters such as the digit 0 and capital letter O too, but only when using the desktop app.
Using a random collection of characters makes a password strong, meaning it’s extremely hard to crack. Another way to make a password strong is to make it long. 1Password’s generator can churn out random collections of words, separated by a hyphen, space, period, comma, or underscore. Again, the available options differ depending on the platform. For instance, on the web, the default is four words with no options to include a separator. On the Windows apps, the default length is four words, but you can add or change the separator. On the mobile app, the default length is five words, and in addition to the separator options, you can opt to only include full words or randomly capitalize some of the words. The main use we see for this feature is when you must memorize the password, like the famed correct horse battery staple example. For passwords that 1Password totally manages, stick with random collections of characters.
Since you don’t have to remember these passwords, we suggest you let 1Password create the most diverse passwords possible, as suppressing any character set shrinks the pool of possible random passwords. We also would like 1Password to standardize the password generation experience across platforms. Changed passwords sync across platforms, so you don’t need to worry about where you make changes.
Form-Filling Identities
Like Dashlane, LastPass, and most other commercial password managers, 1Password lets you store personal information for use in filling web forms. You can create any number of identities, each of which includes personal data, address information, and a variety of internet contact details. 1Password also stores credit card information separately from identities.
Some fields, like name, address, and telephone, always appear. Click the red-circled minus icon in front of optional fields to remove them, if you’re sure you’ll never use them. With the demise of AOL Instant Messenger, there’s no point in storing an AIM screen name, for example, and few people still use ICQ.
RoboForm Everywhere is the long-time master of form-filling and includes uncommon options like the ability to have multiple instances of any data field. 1Password doesn’t do that, but it does let you add custom fields.
When you navigate to a web form, most products offer to fill your personal data. We tested 1Password’s autofill capabilities using RoboForm’s identity filling test, which lists a few dozen fields. Unfortunately, we found that 1Password’s icon only popped up with form-filling choices some of the time. If you get 1Password to fill details this way, you also have to approve the filling via a browser pop-up notification.
The better solution is to click on the extension icon in the browser toolbar, navigate to the correct identity, and click Auto-Fill. Either way, 1Password’s form-filling capabilities work similarly to its password replay features; it requires deliberate action.
Security and Sharing
All of 1Password’s security tools and reports live under a dashboard called Watchtower. This feature is available on all platforms in some form. We looked at this feature on the Windows app. Here, you see an overview of your passwords’ strength, with results classified as excellent, good, and terrible. 1Password also pulls out vulnerable (those that appear in a database of exposed passwords), reused, weak, and expiring passwords. You can also view passwords associated with compromised (known to be involved in a data breach) or unsecured (don’t use HTTPS encryption) sites, as well as any that support two-factor authentication but for which you haven’t enabled that feature. 1Password also enables you to easily check your account email against haveibeenpwned’s database.
Keeper and Dashlane similarly report if any of your passwords were possibly exposed by a data breach. Although we can’t verify many of these features by deliberately leaking account passwords, we do appreciate their inclusion.
One recent addition to 1Password’s security offerings is an integration with Privacy, the virtual credit card service. Once you set up the connection between the two services, you can create virtual cards for any purchases and save those details in 1Password. The main benefits of a virtual card is that transactions you make with them are one step removed from your real payment details, you can add spending limits, and it’s easy to delete cards whenever you want.
Password sharing is available only in 1Password’s Family and Team editions. Sharing is restricted to those users in your family or on your team, plus five additional guests. If you need to share with more people outside your family or team, 1Password charges an additional fee.
In addition, 1Password does not include a mechanism for passing on your account to your heirs after your demise, a feature called password inheritance. For family accounts, 1Password does let you designate several family organizers, so there is someone who can always recover the account, but this isn’t quite the same thing as inheritance, especially since this feature is only available on family accounts. Both LastPass and Keeper include a time-based element and automate the transfer of passwords, instead of just providing access to them.
Put Your Passwords in a Vault
1Password smoothly syncs your passwords and personal data across all your Windows, macOS, Linux, Android, and iOS devices, while handling all the expected tasks of a password manager. We like its password organization tools, too. However, sharing is not available to standard users and import options are very limited.
Editors’ Choice winners Dashlane, LastPass, and Keeper offer a wonderfully smooth user experience, along with a significant collection of advanced features. MyKi is our top choice for free password managers because of its top-notch capabilities.
[ad_2]
Source link
