1Password
An excellent choice for those seeking peace of mind, with bonus points for families and frequent travellers
Almost every platform is covered by 1Password: it has desktop apps for Windows and macOS, mobile apps for Android and iOS, and plugins for Chrome, Firefox and Edge and Brave. As the Chrome plugin replicates more or less the full feature set of the desktop app, you can use it to run and manage 1Password from Chrome OS or Linux too.
It securely stores login details, credit cards, private notes and other bits of personal information, and can insert them into web forms with a click or tap. But that’s not all: the Watchtower component warns you about any passwords that are weak or vulnerable, as well as sites that might not be secure. This is useful, although 1Password does nothing to actually help you change credentials, beyond providing a direct link to each site.
With a family subscription, you can easily share credentials with specific people; that is, you can collect items together into a shared vault and specify who can access passwords and who can change them. This works well, but it’s annoying that you can’t share credentials with users who aren’t in your family group and note that 1Password’s rivals allow you to share credentials with their more basic packages.
An individual subscription costs $36 a year, or around £26, which is less than you’ll pay for Dashlane ( see p62) or LastPass ( see p63). The family plan is $60 (around £43) per annum, which is the same as Dashlane and a whole £1.20 more than LastPass. While the price looks competitive, 1Password offers no equivalent to Dashlane’s built-in VPN, while the open-source Bitwarden ( opposite) offers cross-platform password management for free and its family offering comes in at just $40 a year, equivalent to around £28.
I found 1Password fiddly to set up: you need to provide your master password every time you install it on a new device or browser, as well as your 34-character secret key (or scan in a QR code). Importing my passwords from Chrome was a manual affair too, involving exporting a CSV file from the browser and then dragging it into 1Password.
After the initial setup, you can capture extra passwords, addresses and other personal details as you go. When you enter text into a web form, 1Password pops up a button offering to remember what you’ve typed. If you save your details, 1Password will prompt you to click to fill in your information the next time you click into the login field. It won’t fill in and submit credentials automatically, but on the desktop you can press Ctrl+\ anywhere on a site to have 1Password paste in the details.
1Password also makes it easy to create secure passwords on signing up to services: when you click into the new password field, it generates a strong, random password that you can accept with a click.
That’s all standard fare, but what’s unique to 1Password is its Travel Mode: this can protect your details from snooping authorities. Once you have enabled it from the web console, items you select will be invisible and inaccessible, so even if you’re required to surrender your phone for inspection, Travel Mode means no one can see which sites you visit or access your accounts.
“Even if you’re required to surrender your phone for inspection, Travel Mode means no one will be able to see which sites you visit”
1Password requires more manual interaction than Dashlane or LastPass, but the software is designed this way for a good reason: it’s to make certain that your personal data can’t get inserted anywhere without your knowledge, and to ensure that you can’t get locked out of accounts.
Similarly, the need to enter your secret key when registering a new device makes it effectively impossible for any intruder to guess or bruteforce their way into your account.
You can also configure 1Password to require twofactor authentication (2FA) before unlocking your stored credentials.
Your master password is never transmitted to 1Password’s servers, so if you lose it the publisher can’t help you recover it. There’s also no provision for giving someone else access to your accounts if you’re incapacitated. Instead, 1Password promotes the old-school approach of printing out your encryption details, writing down your master password and passing a copy on to a trusted friend. Nothing directly prevents them from abusing this information, but you’ll get a notification whenever your master password is used on a new device.
If you want a password manager that’s as invisible as possible, 1Password isn’t it. You’ll get on better with LastPass for a similar price, or even Bitwarden’s free offering. It also feels short on features compared to Dashlane. However, 1Password goes the extra mile to safeguard your details and you can run it on just about anything.