1Password Review

Our 1Password review debunks the claim it is the “world´s most-loved password manager”, discusses why it falls short of its self-proclaimed status, and compares it to other products offering better value-for-money.

The 1Password password manager was launched in 2006, and for the next ten years possibly was the “world’s most-loved password manager” due to a flexible software licensing model that gave customers the option of upgrading as new features and capabilities were released.

Unfortunately, in recent years, 1Password has replaced the licensing model with a subscription model, discontinued its free plan, and abandoned native app development in favor of Electron cross-platform app development – a move that has been detrimental to the user experience.

Consequently, many long-time customers have abandoned 1Password in favor of alternative options. In a recent poll conducted by security.org, 1Password achieved seventh place in a list of the world´s most-loved password managers – 1Password being used by only 7% of respondents.

What is 1Password?

It is probably best to start our 1Password review by explaining what 1Password is and how it works.

1Password is a vault-based password manager. This means login credentials, personal profiles, credit card details and other confidential information can be saved in a “vault” (effectively a password-protected cloud storage folder) which is accessible from any device or operating system via a series of apps and browser extensions. You can also access the vault directly via the web.

For individual users, vault-based password managers are a convenient way to store login credentials. This is because credentials sync across all your devices; and, when you visit a website or app requiring a username and password, the password manager will autofill it for you regardless of whether you are visiting the website from your home PC, office workstation, or mobile device.

Using any password manger is better than writing passwords down, storing them in a Word doc, or sharing them via email; and, for this reason, many businesses use vault-based password managers to share corporate passwords among IT teams, marketing teams, etc. Families can also share passwords securely (i.e., Netflix, Amazon, etc.) by taking advantage of a family plan.

1Password for Individuals and Families

As mentioned earlier in our 1Password review, there the free plan was recently discontinued – making Person Plan the entry point for 1Password. This plan costs $2.99 per month (billed annually) which puts it on a par cost wise with the likes of Dashlane, Keeper, and LastPass. However, for less than $1.00 per month, you could subscribe to the Bitwarden Personal Plan which is for two people and includes secure file sharing and advanced two-step login options – options 1Password lacks.

It is much the same story with the 1Password Family plan which provides a Personal plan for up to five members of the same family under one subscription (most password managers allow six members in a Family plan). At $4.99 per month per family, the cost of the Family plan is much around the industry standard – although both LastPass and Bitwarden are less expensive (for six members of the same family) and offer advanced two-step login options.

1Password for Teams and Businesses

Whereas most password managers offer a feature-limited Teams plan based on a per user subscription, 1Password offers a fixed price plan for up to ten users for $19.95 per month. The Team plan is better than the Family plan inasmuch as it includes secure file sharing, admin controls to apply RBACs, and DUO integration for advanced two-step login. Also, the plan is price-competitive once seven seats are filled; and, at maximum capacity, equates to $24.00 per seat per year.

1Password´s Business plan is extremely feature-rich and includes many capabilities you do not often find in enterprise password managers – for example, firewall rules. However, the cost of these capabilities is built into the much higher cost per seat for every user ($7.99 per user per month) – making 1Password the most expensive business password manager on the market – although you may qualify for a discount if you subscribe to a plan with five hundred or more users.

Security & HIPAA Compliance

Like most vault-based password managers, 1Password operates a zero knowledge model. This means each user´s master password acts as an encryption key. Master passwords are hashed and salted before being transmitted to 1Password´s servers, so 1Password never knows what they are. Additionally, if 1Password´s servers are hacked, the master passwords are indecipherable to a hacker. This also means that, if you forget your master password, 1Password is unable to help you recover it.

With regards to HIPAA compliance, the 1Password password manager has all the capabilities required to comply with the HIPAA Security Rule (256-bit AES encryption, automatic logoff, event logs and audit trails, etc.) but our one concern about complying with HIPAA relates to something mentioned at the beginning of our 1Password review – the Electron cross-platform app and the detrimental effect it has had on the user experience.

The issues with the Electron app are well-chronicled – especially those with the WatchTower feature responsible for driving automatic data health checks. However, what is particularly concerning is that, if workforce members do not enjoy a user-friendly experience, they will find unsecure ways to circumnavigate the password manager – potentially reverting to writing passwords on pieces of paper, storing them in plain text in a Word doc, and sharing them via email or messaging apps.

1Password Review Conclusion

If you are thinking of implementing a vault-based password manager – or changing your existing password manager for another – you could do better than 1Password. Its Individual and Family plans are overpriced when compared to the likes of Bitwarden; and although the Teams plan could represent good value-for-money, businesses need to be conscious of the ongoing issues with the Electron app that may cause security and non-compliance issues if workforce members find the password manager too inconvenient or too inconsistent to use.