Reviews for the real world
Wirecutter is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Learn more
Published July 22, 2020
Your guide
Thorin Klosowski
Share this review
Everyone needs a password manager, but that doesn’t mean getting started with one isn’t intimidating. 1Password has long been one of our favorite password managers, but it can be a bit baffling to use at first. And even if you’ve been using it for years, as I have, you may have never bothered to find uses for all the other little features it offers, including secure notes and documents.
Installing 1Password works differently than for most software, and its security features mean you have to take a couple more steps than usual. But once you’ve set it up, every password for every online account you have will be unique and nearly impossible to guess, making your online life more secure.
Before you do anything else, you need to create a 1Password account. 1Password isn’t free; it’s $36 a year, but it’s worth that investment if you can afford it. Some of the tips we’re including below are applicable to other password managers, such as Bitwarden, which is free, but in those cases you’ll have to poke around to find some of their different options.
When you create your account, take some time to create a good strong password. As 1Password’s name suggests, this is the only password you’ll need to remember from here on out. We have some tips for creating a strong password.
1Password gives you an Emergency Kit that includes a place to write down your password as well as your “secret key,” which you use to link your account to the 1Password applications (more on that below). Print this out and store it somewhere secure in your house, such as a fireproof safe. If you don’t have a printer, write down the secret key number and password and store that note in a secure place. As tempting as it may be to store the information online in a service like Dropbox or Google Drive, doing so would defeat the purpose of a secure emergency kit since your information is at risk if that service gets hacked.
Unlike most password managers, 1Password has both a desktop application and browser extensions. You should install both.
You now have access to 1Password both in your browser and through the desktop application.
Finally, it’s time to get 1Password running on your phone or tablet. To make the most of it, you need to take one more step beyond just installing the app.
From now on, when you need to log in to an account in a browser or app, you’ll see a password prompt pop up when you tap the login details.
Now that you’ve set up 1Password, you can start browsing. Each time you sign in to an account, take an extra couple of minutes to find the site’s “change password” page and use 1Password to make your password stronger.
As an example, here’s how this works for a Google account:
That’s it—now you have a strong, unique password that’s saved in 1Password so you don’t have to remember it. This process is tedious for the first week or so of using a password manager. But trust me, it’s worth the hassle. The process not only makes your online accounts much more secure but also saves time in the long run, as you won’t have to type out passwords as often.
Watchtower is 1Password’s password-auditing feature, and it’s worth keeping an eye on after you’ve gone through the meticulous process of strengthening all your passwords. You can find it in the sidebar of the 1Password desktop app.
Start by making sure you have no weak and reused passwords. If you didn’t change your passwords in the step above and instead added passwords for all your accounts, you may find some passwords listed here. If you do, change those passwords.
Watchtower also lists any accounts stored in 1Password that support two-factor authentication. As the name suggests, two-factor authentication sets up an online account so that logging in requires two forms of identification. In most cases, those two forms include your password and a separate code that’s generated either in an app like Authy, a physical security key, an email, or an SMS message. Take the time to set up two-factor authentication for any accounts 1Password lists in this window, and don’t forget to do the same for your 1Password account.
Even if all your passwords are strong and unique, and you’ve enabled two-factor authentication everywhere you can, Watchtower serves yet another purpose: alerting you to compromised accounts. 1Password searches for known security breaches and on Have I Been Pwned, a service that checks for account details in data breaches. If any account details show up here, change your password.
Initially, I didn’t find the tagging system in 1Password useful, instead relying on its automatically generated tags and using the search to find what I needed. But over the years I’ve found that tags have helped my workflow in a few ways.
For example, I tag anything related to work accounts as “work” and any service I’m trying as “trial.” This setup makes it easy for me to go back and delete the passwords or accounts later. I also tag anything for which I have two-factor authentication with “2FA” (you can also now head to the “two-factor authentication” portion in the sidebar and click Don’t save in 1Password for each account to add this tag). This removes the “two-factor authentication available” alert on those items in 1Password; it doesn’t affect anything, but I’ve always found the two-factor warnings a bit annoying since I prefer to use a third-party app or security key instead of 1Password’s built-in token generator.
I also tag anything that’s subscription-based with the credit card attached to that subscription. This way, when the card expires, I can easily see which services use that card so that I can update them.
Aside from passwords, I also use 1Password as a repository for any other personally identifiable information I’ve needed on the go. 1Password encrypts everything, which means it’s a much more secure place to store information than, say, a notes app or Dropbox. If you have a family plan, it’s also a great way to share certain details with family members.
I use 1Password for everything I may need to access remotely in an emergency and anything I’m not comfortable storing in cloud storage. This list includes:
I also use 1Password to store the handful of software licenses I have, plus server access details and any specific setup information I might have for apps, such as email login setup instructions. You can store any of these details in a shared vault.
Set up correctly, 1Password can be a repository of not just your passwords but your entire digital identity. With its shared vaults, it’s also a secure and simple way to share private documents with other members of your household.
Thorin Klosowski
Thorin Klosowski is the editor of privacy and security topics at Wirecutter. He has been writing about technology for over a decade, with an emphasis on learning by doing—which is to say, breaking things as often as possible to see how they work. For better or worse, he applies that same DIY approach to his reporting.
by Andrew Cunningham
Everyone should use a password manager. It’s the most important thing you can do—alongside two-factor authentication—to keep your data safe.
by Rachel Cericola
Ever get the feeling that you’re being watched? Here’s what (and who) to consider before buying a home security camera.
by Kaitlyn Wells and Thorin Klosowski
Here’s how to record abuse without being discovered, safeguard your devices, and, ultimately, protect yourself.
by Andrew Cunningham and Thorin Klosowski
Everyone should use a password manager, and after researching dozens and testing four, we recommend 1Password because it’s secure and easy to use.
Let’s be friends!
You can send us a note too.
© 2020 Wirecutter, Inc., A New York Times Company