1Password

1Password has been around since 2005 and has built a strong reputation in the security community. It's the password manager a lot of people land on when they want something that just works without any friction, and that reputation is largely earned. The security fundamentals are sound and the design is genuinely good.

How the security works

1Password uses AES-256 encryption with a zero-knowledge model, meaning your vault is encrypted on your device before it ever reaches 1Password's servers. They have no way to read what you store. The encryption uses a dual-key model: your master password combined with a 128-bit Secret Key that's generated on your device when you set up your account. Both are required to decrypt your data. This means that even if 1Password's servers were breached, an attacker would still need your Secret Key to get any of your information.

1Password's Watchtower monitors your saved logins against known data breaches and flags weak, reused, or compromised passwords. Importantly, this check happens locally on your device. Your passwords and websites are never sent to 1Password or any third party to perform the check.

What 1Password does well

The interface is one of the best of any password manager. Setup is fast, autofill is reliable, and the apps are polished on every platform. If you ever try to get a less technical family member to use a password manager, 1Password is the one that will stick.

Travel Mode is a great feature worth pointing out. It lets you set certain vaults as "safe for travel" and temporarily remove the others from your device entirely. If you cross a border and a customs officer asks to search your phone, those vaults simply aren't there. They're restored once you're through. There are only a couple of other password managers that even have a feature that can work similar to this. None, that I am aware of, that have a specific travel mode.

The family plan covers up to five people and includes a Family Organizer role that can recover access for other members if they get locked out, without being able to see the contents of their vaults. That's a great, easy to use, feature to have if a family member gets locked out of their account.

1Password regularly commissions third-party penetration tests, holds ISO 27001, 27017, 27018, and 27701 certifications, and is SOC 2 Type 2 certified. The audit record is genuinely extensive compared to most competitors.

The closed source problem

1Password's client apps are not open source. The security model is documented in detail in a public whitepaper and the audit record is solid, but you cannot independently verify that the code does what the documentation says. With Bitwarden and Proton Pass, you can.

This isn't a deal breaker for most people. The audits provide meaningful assurance, and 1Password has a, so far, unblemished breach record. But it's a meaningful distinction that I need to point out.

Jurisdiction

1Password is made by AgileBits, a Canadian company headquartered in Toronto. Canada is a member of the Five Eyes Alliance, which is an intelligence sharing agreement with the US, UK, Australia, and New Zealand. This makes Canadian jurisdiction less favorable than others purely from a privacy standpoint. In practice, however, the zero-knowledge encryption model makes it so there's very little useful data to hand over.

Pricing

1Password does not have a free plan, but they do have a 14-day trial. After that, you'll need a subscription to keep using it. Individual plans start at around $3/month billed annually, and the family plan covers five users at around $5/month.

Who 1Password is right for

1Password is a good choice if you want a polished, well-audited password manager. It's particularly strong for families and small teams where ease of use and account recovery matter. It's real advantage is that it's the easiest to recommend to people who won't engage with the technical details and just need something extremely reliable. That's a legitimate use case, and it's not a small one.

It's not the right choice if open source matters to you, if you're trying to minimize your Five Eyes exposure, or if you're comparing it mostly on cost.