1Password Security: What They Do Right
My History with Password Managers
I've been using 1Password since the month LastPass got bought by LogMeIn in 2015; I was a paying user there for five years (they started in 2008, and I have a receipt for LastPass Premium from January 15, 2010 and a support ticket response email I got from a bug report from LastPass Co-Founder and CTO Robert Billingslea on Oct 20, 2010!). I wasn't thrilled with the acquisition and I believe my reasons have been vindicated, but I'm not here to discuss LastPass, I'm here to discuss 1Password from AgileBits, which is where I ended up. Actually my earliest 1Password receipt is from December 14, 2012 when I bought version 4.0.2, though I didn't switch to using it full-time immediately! But I've been very happy with them and their approach to security ever since. With that said, keep in mind that security is always about risk reduction, not perfection. There's no guarantee 1Password won't be compromised tomorrow, but that's not unique to them. However, what I want to do is highlight a few of the features, including security, that are the reasons I've been happy with them personally for a long time and am why I continue to use them today both at home and work.
1Password Business and Their Internal Security Expert
At work we were beta testers of 1Password Business before initial release, so I've had a long history with the personal and business products. I used to be active on the 1Password Forums, and I'm very happy they had Jeffrey Goldburg as their security guy for 13 years (he left last year, in 2024 after 13 years) because he made sure their actual algorithms and implementations were done well and securely, since implementation of even the best algorithms is usually where software security goes wrong (you know, bugs).
While Jeffrey was at AgileBits, he did a bunch of public speaking and blogging and writing, remaining involved in both their customer community as well as the security and math communities. In part because of his input but also the company culture that supported hiring him in the first place, they've consistently shown that they prioritize actual security done correctly over getting features out the door, but they also spend time and energy on the design, usability, and speed of the application. The fact that the company has paid to have an expert of this type on staff since nearly their beginning is something I've always appreciated because they're putting their money where their mouth is.
Continue reading to see my favorite features, how I've reviewed their security, and some of the other features I've found useful, from security, user, and developer standpoints.