AgileBits 1Password | Tech News

For most people, a password manager that’s limited to Windows isn’t good enough. It’s important to have password access on all your devices. AgileBits 1Password has you covered, with apps for Windows, macOS, Android, and iOS, plus browser extensions for Chrome, Edge, Firefox, Opera, and Safari. A Chrome-only add-on extends the product’s reach to any platform that can run Chrome, including Linux. However, it’s not as automated as most, and it lacks high-end features such as password inheritance and automated password updates.

Pricing for password managers varies more than many other categories of security software. You can get Zoho Vault for just $12 per year, Dashlane costs $39.99 per year, and most of the rest fall somewhere in between. With 1Password, you pay $3.99 per month, which goes down to $2.99 per month ($35.88 per year) if you pay a year at a time. You can use the product on all your devices, and syncing is instant and automatic.

1Password also offers a family plan, at $5.99 per month, or $59.88 per year. This gets you five licenses, along with the ability to share passwords within your family. Keeper has a similar family plan that gets you five licenses plus 10GB of secure online storage. For business, you can set up a team account, at $3.99 per user per year.

With version 7, 1Password gets a major user interface update and a raft of new features. For example, Windows users now get the full security audit that previously showed up only on macOS, and on both platforms the audit now checks for pwned passwords and sites where you could use two-factor authentication but don’t have it enabled. I’ll point out these new features in context.

The most immediately visible user interface change is in the sidebar menu at left. Previously, its lower portion split into three tabs for Categories, Tags, and Security. Now it’s one long scrolling list, with the option to expand or collapse those same three sections. It now puts the numbers next to each category and tag in a darker oval, making them easier to see. The differences aren’t huge, but it’s clear much thought went into fine-tuning the UI.

Getting Started

– Advertisement –

Launch Chrome, Edge, Firefox, Opera, or Safari, and navigate to the 1Password website. Sorry, 1Password doesn’t support Internet Explorer. Sign up for an account and you get 30 days of premium features for free. Entering your credit card info is optional. During setup you enter your name, and you have the option to add a photo.

The next step is somewhat unusual. 1Password generates what it calls an Account Key, a massive string of 34 letters and digits, separated by hyphens into seven blocks of varying sizes. Each time you add a new device or browser extension, you need this key.

Next, you create a strong master password. As always, this should be something you can remember, but nobody else would guess. To help you manage that monster account key, the wizard creates what it calls an emergency kit. This is a PDF file containing your email address and account key, with a space to write down your master password. Print it off, fill in the master password, and stick it in your fireproof lockbox, or somewhere else secure.

With your account finalized, it’s time to set up your apps for Windows, Mac, Android, and iOS. You do need that account key for each installation, but you don’t necessarily have to type it. After installing the app on an Android or iOS device, you can use it to snap a QR code that fills in all your information except the master password. If you’re installing on a desktop device, you can copy that QR code to the clipboard for import or, new in this edition, just tell 1Password to find the QR code onscreen. You won’t often need to type in the account key.

If your activated device gets lost or stolen, the thief would still need your master password to access your credentials. But for total security, you can log into the web console, click My Profile, and deactivate the device. Now that thief would need both your master password and Account Key to gain access.

For full functionality, you also must add the 1Password extension to your browsers. The first time you open a supported browser, 1Password offers its extension. To add the Edge extension, you install it from the app store and then log in with your account information.

The easiest way to switch from one password manager to another is to import the existing product’s passwords. 1Password can import passwords stored in Chrome, and import from LastPass, Dashlane, and RoboForm, but that’s it for direct import. If you’re moving from a different password manager, you must export the data to a CSV file and format it according to the instructions in 1Password.

LastPass, by contrast, can import from over 30 competing products, and KeePass imports from almost 40. Note that to use the import feature, you must log into your 1Password account online. The local app can only import 1Password files exported from another installation.

You do have another option for importing. The 1Password Utilities collection includes community-created scripts to convert data exported from 35 other products into 1Password’s own format. However, using these scripts is definitely a hands-on proposition.

Password Capture and Replay

1Password’s browser extension watches as you enter your credentials on secure websites and offers to save what you’ve entered. In the password capture dialog, you can enter a friendly name for the login and also add one or more tags. New in this edition, you can create nested tags by separating levels with a backslash, for example, “EntertainmentDining.” By default, all passwords go into your personal password vault. If you need to keep multiple sets of passwords, perhaps personal and work collections, you can define additional vaults and choose which to use at capture time. And you can choose to view items from just one vault, or see them all at once.

Password replay with 1Password is not quite as automated as with most competing products. When you revisit a site for which you’ve saved login credentials, you press the magic keystroke Ctrl+ to fill those saved credentials. If you have more than one set of credentials, 1Password presents you with a list.

My AgileBits contact pointed out that requiring user interaction before filling passwords is a deliberate, security-related decision. It eliminates the chance of a website snagging your credentials using invisible login forms.

SecurityWatch

RoboForm, LogMeOnce, Password Boss Premium, and most of the other products of this type offer another handy way to use your saved logins. Clicking the toolbar button displays a list of your saved sites, and clicking one of them first navigates to the site and then logs in. 1Password does this as well, using a popup list of logins rather than a menu. You can scroll down the list or just start typing the name of the login you want. The list narrows to match what you’ve typed. Just click to visit and log into the desired site.

You can also press the magic key combination Ctrl+Alt+ to bring up 1Password Mini. This is an even smaller version of the main app. You can use it to view your saved data, and even enter application passwords using copy/paste.

There are always some nonstandard logins that confuse password managers. LastPass Premium, Sticky Password, Keeper, and a few others get around this problem with a manual capture feature. So does 1Password, though it’s a bit tricky to find. You first enter your credentials, then press Ctrl+. In the resulting popup, click the Settings icon at the bottom left, and choose Save New Login.

Password Generator

Just storing all your existing passwords in 1Password isn’t enough. You need to find those old, weak passwords and update them to something strong and unguessable. 1Password deliberately doesn’t attempt to automate the process of changing passwords, for a variety of reasons. Chief among these, according to my company contact, is the worry that a failure of automatic password updating, perhaps due to a change in the website, could result in locking you out of your account. Keeper’s developers avoid this automation for similar reasons, though Keeper Password Manager & Digital Vault

Windows app or the browser extension, defaults to 24 characters. I approve of long generated passwords—after all, you don’t have to remember them. Not every product reflects this fact, though. RoboForm, Trend Micro Password Manager, and Ascendo DataVault default to just eight characters; I worry that users won’t know to change this. At the other end of the spectrum, the free Myki generates 30-character passwords by default.

AgileBits 1Password Password Generator

By default, 1Password generates passwords that include capital and small letters, digits, and symbols. You can disable use of digits and symbols if you hit a website that doesn’t accept them, but the letters are always there. Also by default, 1Password doesn’t allow ambiguous characters such as the digit 0 and capital letter O. Since you don’t have to remember these passwords, I suggest you allow these characters, as suppressing them shrinks the pool of possible random passwords. Don’t worry, any changes you make to the defaults affect both the extension and the app.

Using a random collection of characters makes a password strong, meaning it’s extremely hard to crack. Another way to make a password strong is to make it long. 1Password’s generator can churn out random collections of words, separated by a hyphen, space, period, comma, or underscore. By default, it offers four-word phrases like “maxilla hound bisexual perspire” and “spake anarchy opal hysteric.” The main use I see for this feature is when you must memorize the password, like the famed “correct horse battery staple” example. For passwords that 1Password totally manages, stick with random collections of characters.

Form-Filling Identities

Like Dashlane, LastPass, and most other commercial password managers, 1Password lets you store personal information for use in filling Web forms. You can create any number of identities, each of which includes personal data, address information, and a variety of internet contact details. 1Password also stores credit card information separately from the personal identity.

Some fields, like name, address, and telephone, always appear. You can click the red-circled minus icon in front of optional fields to remove them, if you’re sure you’ll never use them. With the demise of AOL Instant Messenger there’s no point in storing an AIM screen name, for example, and few people still use ICQ.

RoboForm Everywhere

iPhone or iPad, you get full access to all your logins and other saved data. Launching a site opens it inside 1Password’s proprietary browser. To use it with Safari you must copy and paste, but the Quick Copy feature automatically copies the next field after you fill one. TouchID support is available, and FaceID for the newest devices, and you can use your iOS device to enable 1Password’s TOTP authentication feature.

Fingerprint authentication is also available in the Android version, with the added ability to set a PIN code for devices without a fingerprint reader. As on iOS, logins open in the proprietary browser by default, but you can enable autofill in other browsers using Android 8 (Oreo) or later.

1Password X

The browser extensions I’ve mentioned thus far work by communicating with the 1Password app. 1Password X is a standalone Chrome extension. That means you can use it on any platform that supports Chrome, including Linux. It encapsulates most of the app’s functionality, with a few exceptions. And it’s much improved since my last review.

Password capture and replay don’t require any special keystrokes. When you enter a username and password, 1Password X displays a popup offering to save your credentials. Like Dashlane and Keeper, it puts this offer right below the password field, which is convenient. In a similar fashion, when you revisit a page that has one or more saved logins, it displays the choices right under the login fields.

I did find that it failed to capture two-page logins like EventBrite and Amazon. However, it managed to log into them using credentials already in the system.

If 1Password X detects that you’re creating a new account, it offers a suggested password from the password generator. It defaults to 30 characters using letters and digits, but no symbols. New since my last review, you now have control over the password manager’s configuration. As with Abine Blur Premium, the password generator always includes uppercase and lowercase letters. I advise turning on use of symbols as well. The password generators in the app and in the app-reliant extensions share the same settings, but 1Password X doesn’t.

As with the app and browser extensions, it also offers memorable passphrases like baste-demijohn-myna-critter. In an unusual step, the password generator can also gin up digit-only PIN codes of any length.

AgileBits 1Password X

I thought at first that 1Password X didn’t support time-sensitive passcodes. Pressing Ctrl+V didn’t paste in the code, the way it did with the regular extensions. I found that you must click the toolbar button, select the site from the list, and click a Copy button next to the code.

In testing the previous edition, I couldn’t get it to fill form fields. This time around it placed a keyhole icon in the selected field. Clicking the icon got me an offer to save the form’s data—not what I wanted. I found that the correct action is to click the toolbar icon, choose the desired identity, and click Fill.

This is a big improvement from the previous edition. You can now configure the password generator, it fills web forms just as well as the local app, and searching on item names or tags is a snap. And the fact that you can use it on absolutely any platform that supports Chrome makes it ever so useful.

Worth a Look

You can try AgileBits 1Password for 30 days at no cost, so if it sounds interesting to you, give it a whirl. It smoothly syncs your passwords and personal data across all your Windows, macOS, Android, and iOS devices, and handles all the expected tasks of a password manager. Not only that, the 1Password X extension brings your passwords to any platform that supports Chrome. True, password replay and form filling aren’t quite as automated as in competing products, but during the trial period you’ll learn whether that limitation bothers you. Don’t want to continue? There’s a handy option to delete your account completely.

If you find that you want more than what 1Password offers, consider the products we’ve identified as Editors’ Choices in the commercial password manager arena. Dashlane and Keeper both offer a wonderfully smooth user experience, along with a significant collection of advanced features. Keeper handles application passwords, for example, and Dashlane keeps receipts of your online purchases. Both offer secure sharing, and both let you assign an heir to inherit your account after your demise. Either one can be a great choice for your password management tasks.

Prosyscom Tech News publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.

You might also like More from author