1Password: The Password Manager I Trust

Hello everyone,

Today, I want to introduce you to another indispensable tool in my daily life—the password manager 1Password. If you’re like me, juggling a multitude of online accounts every day, you know how important security and efficiency are when dealing with passwords. A good password should not only be complex but also unique—and who can remember all that? This is where 1Password comes into play, helping me manage my credentials securely, centrally, and conveniently. For me, it’s the most important tool when it comes to security and organization.

Table of Contents

• Why 1Password?
• My Favorite Features in 1Password
  • Browser Integration
  • SSH Agent and CLI Integration
  • Passkeys
  • TOTP
  • File Storage and Notes
  • Watchtower
  • Design and Usability
• Security Model of 1Password
  • Security Features
  • Transparency and Trust
• Nevertheless, Trust No One
• Price
• All the password managers I’ve tested are good - except for LastPass
  • Proton Pass - a promising newcomer
• Conclusion

Why 1Password?

There are now numerous password managers, but why did I choose 1Password? The answer is simple: Security, Ease of Use, and Integration. 1Password is not only secure but also extremely user-friendly. Whether it’s login data, credit card information, or secure notes—everything is neatly stored in a digital vault. And thanks to support for web apps and extensions for all common browsers like Chrome, Firefox, Edge, Safari, and Arc, I can use my passwords anytime and anywhere. The integration into my work environment is seamless.

Another highlight is the cross-platform usage. Whether on my Mac, iPhone, or even a Windows PC that I occasionally have to work on—my passwords are always available. 1Password securely synchronizes my data via the cloud so that I’m always up to date, and the synchronization process works quickly and reliably.

My Favorite Features in 1Password

The software offers numerous features, and these are my favorites:

Browser Integration

One of the main features that I particularly appreciate about 1Password is the seamless integration into my browsers. I mainly use the Arc Browser, as you know from my previous blog post, and 1Password integrates perfectly with it.

Also on my iPad and iPhone, synchronization works seamlessly and impressively fast. The integration into iOS is excellent, and saved passwords are automatically filled in directly in the browser. This smooth and intuitive user experience completely convinces me.

SSH Agent and CLI Integration

Another great feature is the 1Password Developer SSH Agent. This allows me to store SSH keys directly in 1Password and use them securely for connections. That means when I want to access a Linux server via SSH or establish SFTP connections to a firewall, I can use my private key directly from 1Password. This saves me from storing the keys on my system, which significantly increases security.

In combination with the Command Line Interface (CLI) Integration, I can conveniently execute commands without having to manually insert the key each time. This is not only practical but also ensures a consistent security structure across all my projects.

Passkeys

Additionally, 1Password was one of the first providers to support Passkeys. Whenever possible, I use Passkeys because they offer even higher security and convenience. These new cryptographic keys make authentication more secure and are, for me, a welcome advancement to replace passwords.

TOTP

1Password not only stores passwords but also TOTP codes for two-factor authentication. This is incredibly convenient because I don’t have to use an extra app like Google Authenticator. All information is stored centrally in one place, and I don’t have to switch between apps when I want to log in somewhere. The automatic input of one-time passwords works reliably in 90% of cases.

File Storage and Notes

I also use 1Password to store secure notes—sensitive information that goes beyond classic passwords. This includes, for example, IT documentation or important files that I consciously don’t want to store in a conventional cloud. I also store digital copies of important documents like my passport or driver’s license, so I have them readily available at any time without having to carry the physical originals.

Particularly practical is the ability to write notes in Markdown format, which facilitates a clear and structured presentation.

Watchtower

The Watchtower function continuously monitors my credentials and warns me of security vulnerabilities, such as weak passwords (which doesn’t happen with me) or compromised logins as a result of data breaches. It analyzes my stored information and gives me clear recommendations to optimize my security. Additionally, Watchtower informs me when a service I use offers new security features like MFA (Multi-Factor Authentication) or Passkeys. Especially with over 100 logins, Watchtower helps me keep track.

Design and Usability

Many swear by the open-source solution KeePass, and the idea behind it certainly appeals to me. However, I can’t get used to the design on macOS or iOS —that’s simply not user-friendly enough for me.

1Password convinces with a clear, tidy design in all apps and offers numerous options for structured organization of passwords. These include the use of different vaults, tags, or categories to keep an overview and sort everything according to one’s own needs.

Additionally, 1Password offers the possibility to add custom fields, which is very convenient for me when I need to store credentials that go beyond the typical combinations of username and password. Sometimes there are special security questions or additional PINs that I want to store—all of this I can easily store in 1Password and customize individually.

Security Model of 1Password

Security is the heart of 1Password. The application protects your sensitive data through a strong security model based on three pillars: end-to-end encryption, protection against external threats, and complete transparency.

Below are some details on how 1Password protects your data and your password from attacks:

• End-to-End Encryption: With end-to-end encryption, your data is decrypted exclusively on your devices—even 1Password has no access to it.
• The Master Password that you create is the key to everything and should accordingly be secure and complex. For additional security, 1Password offers the possibility to activate two-factor authentication (2FA), especially important for critical accounts.
• 256-bit AES Encryption: Your data is secured with AES-GCM-256 encrypted authentication. This encryption is extremely secure and practically unbreakable.
• Secure Random Numbers: Encryption keys and other cryptographic parameters are created with a secure pseudo-random number generator.
• PBKDF2 Key Strengthening: 1Password uses PBKDF2-HMAC-SHA256 to strengthen the account password, making it extremely difficult to guess the password through repeated attempts. Cracking a strong password could take decades.
• Secret Key: In addition to your account password, a 128-bit secret key protects your data. This is combined with your account password to encrypt the data and makes the protection even more robust.
• The Secret Key complements the password and makes access nearly impossible even with a compromised master password. It is never shared, not even with AgileBits, so only you have control over your data.
• Hierarchical Key Derivation: Each file receives its own encrypted key. Even with a compromised key, only that file would be affected, not the entire vault.

Security Features

Encryption is just the beginning. 1Password offers additional features that protect you from threats:

• Clipboard Management: 1Password can automatically remove passwords from your clipboard to prevent them from being unintentionally stored or copied.
• Code Signature Validation: Before 1Password fills in your data in the browser, it checks whether your browser has been signed by an identified developer. This protects you if your browser has been manipulated.
• Auto-Lock: 1Password automatically locks itself when you are inactive for a longer period to ensure that no one can access your data when you’re not at your desk.
• Watchtower Security Alerts: Watchtower warns you of hacked websites or data breaches and checks your credentials for vulnerabilities like weak passwords. Recommendations help you close security gaps—without compromising your privacy.
• Phishing Protection: 1Password only fills in passwords on the pages where they were saved. This prevents attackers from stealing passwords by mimicking a page.
• Biometric Security: You can also unlock 1Password with your fingerprint on Mac, iPhone, iPad, and Android devices. This makes access easier and ensures that no one can find out your password simply by watching.
• Secure Remote Password (SRP): Instead of sending your password to a server, 1Password uses the SRP protocol to authenticate your login credentials without transmitting the password over the internet.

Transparency and Trust

1Password is based on open standards that can be reviewed by security experts at any time. This openness ensures trust and constant improvement. The security model of 1Password is regularly reviewed through independent audits. These audits are conducted by recognized security firms like Cure53 and AppSec Consulting to ensure that all mechanisms meet current standards and that any potential vulnerabilities can be immediately addressed. Additionally, 1Password regularly publishes reports on these security assessments, which can be viewed on their website (see Security Assessments). This ensures complete transparency regarding the measures taken to secure your data. Transparency reports that document these audits are publicly accessible and underscore 1Password’s commitment to the highest security. Through this external review, it is ensured that 1Password offers the best possible security and is continuously developed further.

1Password works closely with external security experts to ensure that every update and new feature is checked for potential security risks before it’s released. The company also relies on a bug bounty program that incentivizes security researchers to find and report vulnerabilities so they can be proactively closed.

• Open Data Formats: 1Password uses the open-source SQLite database format, which ensures the security of the data structure.
• Proven Encryption Algorithms: The algorithms used have been reviewed by experts and are known to keep information secure.
• Privacy-Friendly Telemetry: Telemetry is optional with 1Password and only collects data with your knowledge and consent. This ensures that your privacy is maintained.
• Data Export: 1Password offers simple tools to export your data if you decide to leave the service. Supported export formats include CSV and 1PUX. The CSV format allows easy further processing of the data in other tools, while the 1PUX format provides an encrypted version of your data intended for secure transfer to other systems. This flexibility gives you the option to export your data in a way that best suits your needs. Your data belongs to you—and you have control over it at any time.

Nevertheless, Trust No One

Every security company advertises with the promise of providing a secure solution—a promise that only holds until a vulnerability is discovered and exploited. Still, no software is perfect, as it is developed by humans, and vulnerabilities can never be completely ruled out.

For this reason, I do not store all my passwords in 1Password—especially not the passphrase for my crypto wallet. I have physically secured this on steel and consciously forgo the use of a cold wallet.

For my most important accounts, I also do not store the passwords completely in 1Password. Instead, I add a few extra characters at the beginning or end, which I later remove manually. So even if someone gained access to the data in 1Password, my most important accounts would still not be directly accessible.

Price

The pricing model of 1Password is transparent and flexibly designed. It offers different plans for individuals, families, and businesses, each with monthly or annual billing. Family and team plans allow sharing vaults, while all options provide unlimited access to devices and features like end-to-end encryption. This way, every user finds an appropriate offer that meets their security requirements.

At $36 per year, 1Password offers me excellent value for money. Given the extensive features, high security standards, and continuous development, I consider this price to be exceptionally fair.

All the password managers I’ve tested are good - except for LastPass

Over the years, I’ve tried out different password managers from time to time. Not necessarily because I wanted to switch, but rather to see what the other providers are doing and what exciting new features there are. The products tested include 1Password, Proton Pass, Dashlane, NordPass, RoboForm and Bitwarden. All are solid players on the market and offer good security and interesting features. Basically, you can’t go far wrong with any of these password managers.

I used to use LastPass, but that was several years ago. Looking back, I’m very glad that I switched and I can only recommend everyone to say goodbye to LastPass. There have simply been too many security incidents in recent years - for a password manager that you entrust with your most sensitive data, this is an absolute no-go. The security of your own data should always come first, and LastPass simply couldn’t keep up.

Proton Pass - a promising newcomer

I’m currently flirting a little with Proton Pass because I really like its focus on data protection and privacy. Proton is known for its privacy-first services such as ProtonMail and ProtonVPN, and Proton Pass continues this philosophy. In contrast to 1Password, the source code of Proton Pass is open, which offers additional transparency and security.

I find the alias email feature, which is directly integrated, particularly appealing. In comparison, 1Password also offers the option of using email aliases, but this requires an additional account with Fastmail, which in turn costs money - and to be honest, I don’t feel like paying for two services when Proton Pass already includes the whole thing. Dashlane also has some interesting features, but again, I miss the seamless integration that Proton Pass offers.

Of course, it has to be said that Proton Pass is a relatively new product (July 2023), but the company Proton AG has been around for a long time. I also have a lot of accounts, and switching involves a lot of manual effort, especially when it comes to transferring passkeys. This effort still puts me off at the moment. But I’m keeping an eye on the development of Proton Pass and think it’s a very promising alternative that could well become my main password manager in the future.

Conclusion

The password manager 1Password currently perfectly meets all my requirements. I am absolutely satisfied and have had no reason to look for alternatives so far. It simplifies my everyday life and ensures that my credentials are secure and always available. In a time when we have more and more online accounts, such a tool is indispensable. 1Password combines security, convenience, and flexibility—exactly what I expect from a modern password manager. But the software continues to develop and I’m keeping a close eye on Proton Pass. We’ll see what the future will bring.

Until next time,

Yours, Joe