Are you in the market for a password manager but not sure which one to choose? As someone who has been using password managers for years and has recently made the switch from LastPass after the major security breach that occurred at the end of 2022, I’d like to share my experience and insights with you.
Choosing the right password manager is crucial for your online security and productivity, and it’s not always an easy decision. With so many options available, it’s important to weigh the pros and cons of each and find the one that fits your specific needs and preferences.
So, in this article, I’ll be comparing two popular password managers, 1Password and Bitwarden, and sharing my thoughts on why I ultimately chose 1Password. I’ll give you an overview of each, their key features, pros and cons, and other things to consider.
By the end, you should have all the information you need to make an informed decision and pick the best password manager for you. Let’s get started!
Why Do You Need A Password Manager?
In today’s digital age, having strong and unique passwords is crucial to keeping your online accounts secure. However, with so many accounts to manage, it can be challenging to create and remember complex passwords for each one. This is where a password manager comes in handy.
A password manager is software that can help you keep track of all your passwords securely. It can generate unique and strong passwords for all your accounts, store them safely, and fill them in for you when you need to log in. By using a password manager, you can improve your online security and make your life a lot easier.
I also wrote an article about how to create a strong password that’s easy to remember but hard to guess, which I highly recommend reading if you haven’t already.
Now let’s get back to choosing the best password manager for you.
What to Look For in a Password Manager?
When choosing a password manager, there are several key features to consider to ensure the security of your passwords:
- History of security breaches: Research the password manager’s history of security breaches to determine the level of security the service can provide.
- Zero-knowledge: A good password manager should claim “zero knowledge,” meaning that passwords are encrypted on a user’s device before being sent to the platform server, so the password manager service cannot access your passwords.
- Online vs offline: Decide whether an online or offline password manager is best for you. Offline password managers store all of your passwords locally on your computer or device, providing more security for your passwords, while online password managers are more convenient and allow you to access your passwords from multiple devices.
- Open source password manager: Choose a password manager that is ideally open-sourced, so the code can be reviewed by the public, providing increased transparency and accountability.
- Third-party audits: Look for a service that has published available third-party audits, as this demonstrates a commitment to transparency and security.
- Extra features: Consider additional features such as a password generator and password/security strength monitor, which can enhance the security and convenience of your password management.
Like any software, 1Password has its pros and cons:
- A Large user base of over 15 million users: With so many users, it’s clear that 1Password has a loyal following.
- No known data breaches: While no software is 100% foolproof, the fact that 1Password has never experienced a known data breach is certainly reassuring.
- Transparent about third-party audits: 1Password publishes the results of its third-party audits, demonstrating a commitment to transparency and security.
- Uses industry-standard encryption and complete zero-knowledge: All passwords are encrypted before being sent to the platform server, so 1Password can’t access your passwords.
- Additional layers of security including a Security Key and Secure Remote Password (SRP): These help secure your accounts even further.
- Convenience features such as multiple vaults, secure password generator, and password autofill: These features make it easier to manage your passwords and are particularly helpful for users who have a lot of accounts to manage to improve the overall user experience.
- Integrated one-time passwords and 2FA capabilities: These features add an extra layer of security to your accounts.
- Watchtower: This is my favorite feature of all. It continually scans your accounts for vulnerabilities and notifies you if fixes are needed. Read more about it below.
- Unique “Travel Mode” feature (for paid users): This feature is a great way to protect your passwords when you’re on the go.
- Android app does not use any trackers: This is a nice touch for users who are concerned about their privacy.
- Closed-source: Since 1Password is a closed source, it’s impossible for users to review the code themselves to ensure that it’s secure.
- No free version (only a 14-day free trial): While the 14-day free trial is certainly helpful, it would be nice if there were a free version of the software available.
- Has had vulnerabilities in the past (although quickly remedied): While 1Password has never experienced a known data breach, it has had vulnerabilities in the past, but the company has always been quick to remedy these issues.
Overview of 1Password and My Personal Experience
After using 1Password for a few weeks, I was very happy with my experience. As one of the most popular password managers on the market with over 15 million users, I found 1Password to be well-designed with a focus on security and convenience.
Security Features of 1Password
1password uses industry-standard end-to-end AES 256-bit encryption and has a zero-knowledge policy, meaning that even the staff at the company can’t access your data or passwords.
Additionally, 1Password uses multiple layers of security, including a Security Key and Secure Remote Password (SRP), for authentication and to protect your data on your device and in transit.
1Password Security Key is a 34-character alphanumeric string that is very long and complex making it impossible for anyone to guess or hack. It is stored in the 1Password app and your browsers, so you don’t need to remember it or enter it every time you open your password vault, and is used in conjunction with your account password as a “double lock” on your password vault to help protect your information if something happens to your device or if someone tries to hack into 1Password’s servers or uses phishing techniques.
1Password also uses a security protocol called Secure Remote Password (SRP) to protect your credentials in transit. It uses a special mathematical formula to create an authentication key that acts like a “proof” that you know the correct password without actually revealing it. This key is then sent to the 1Password server instead of your password for authentication without revealing any sensitive information. To further protect your data, each session is encrypted with a unique key that changes every time you log in. This means that even if a hacker manages to intercept your connection and decrypt it, they won’t be able to use the same key to access your account in the future.
Convenience Features Of 1Password
In terms of convenience, with 1Password I can create multiple vaults inside my account for easy organization.
For example, I have a “personal” vault where I keep all of my personal passwords and documents, such as my passport, driver’s license, and credit card information. I also have a “work” vault where I keep all of my work-related passwords and documents. This way, I can easily switch between the two and not have to worry about accidentally sharing personal information with my colleagues or vice versa.
One of the most convenient aspects of this feature is the ability to search for passwords and documents within specific vaults. For example, if I need to find a work-related password quickly, I can search within my work vault to find it without having to sort through all of my other passwords.
Overall, creating multiple vaults in your 1Password account is a great way to stay organized and manage your passwords and documents more efficiently. It’s a feature that I really appreciate and that has helped me save time and stay on top of all my accounts and passwords.
1Password also offers a host of other convenience and security features such as a secure password generator, a password autofill function that automatically and securely enters your saved password in your trusted websites and applications, integrated one-time passwords and two-factor authentication capabilities using an authenticator app and/or security keys, as well the ability to securely store and share important documents such as copies of your passport, drivers license, and other sensitive documents.
My favorite feature of 1Password is its “Watchtower” which is a powerful monitor for your saved passwords and the websites you access that helps keep your online accounts and personal information safe. It sorts your items into seven categories based on the security problems they have, making it easy for you to identify and fix any potential issues.
One of its most important features is identifying reused and weak passwords. If you’re using the same password for multiple accounts, or if your password is easy to guess, you could be putting your personal information at risk. Watchtower can help you identify these weak passwords and prompt you to change them.
Below is a screen shot of my 1Password app showing the “Watchtower” results when I first imported my passwords into my 1Password account. While I had a “FANTASTIC” overall score for my security, it did show that I had 5 weak passwords that I needed to address. I clicked on the “Show Items” link and changed my passwords into stronger ones. You can generate a strong password easily with a click of a button using the password generator inside 1Password, but if you want to learn to to create your own strong passwords that are easy to remember, read this article.
Another useful feature is identifying compromised websites and vulnerable passwords. This means that if there has been a security breach on a website that you use, Watchtower will let you know and prompt you to change your password to protect yourself.
I ran the check on our website privacyarena.com inside the 1Password watchtower and I’m happy to report that no compromises or password breaches were identified!
Watchtower also identifies unsecured websites, which are websites that send your passwords in plain text and could be intercepted by hackers. It prompts you to use HTTPS instead, which is a secure way to enter your password.
One of my favorite features of Watchtower is identifying logins that support two-factor authentication. This is an extra layer of security that requires you to enter a code in addition to your password, making it much harder for hackers to access your accounts. Watchtower makes it easy to set up two-factor authentication for your accounts that support it.
Finally, Watchtower checks for expiring items, such as credit cards, memberships, driver’s licenses, and passports, so you can take action and renew them before they expire.
Overall, Watchtower is an incredibly useful tool that helps keep your online accounts and personal information safe. Its features are easy to use and can save you a lot of time and stress in the long run.
1Password Travel Mode
Travel mode is a feature unique to 1Password that helps you keep your personal information safe when you’re on the move.
I recently travelled on vacation and I was worried about border security agents accessing my personal documents and passwords. I was extremely relieved when I was able to activate travel mode, which removed all my sensitive passwords and documents from my account in just a few clicks.
Let me explain how it works: before travelling, I wanted to mark the vaults containing the sensitive information I would need during my trip, such as my travel credit card, copies of all our passports, and our travel itineraries, as “safe for travel”. Since these items were in different vaults that had other information I did not need to have access to on vacation, I simply created a new vault and called it “Vacation” and copied the necessary items into it. Once I had everything I needed in the new vault, I marked it as “safe for travel” and turned on travel mode.
What happened next was amazing – all the vaults and items that I had not marked as safe for travel were temporarily deleted from my account. This meant that even if border agents or other unauthorized parties got access to my phone or laptop, they wouldn’t find any sensitive information that I had left behind. And once I was safely through customs, I turned off travel mode and all my original vaults and items were restored.
I cannot emphasize enough how much peace of mind this feature gave me during my trip. It’s incredible that I was able to protect my sensitive information without having to manually delete everything before leaving, or worry about whether I had forgotten to delete something important.
1Password’s travel mode is a game-changer for anyone who values their privacy and security while travelling. However, it’s worth noting that this feature is only available for paid users. So if you travel frequently and you’re looking for a secure password manager, 1Password is definitely worth considering.
1Password is an incredibly useful and secure password manager for anyone who values their privacy. With features like Watchtower, which monitors accounts for weak passwords or unsecured websites, two-factor authentication to add extra security layers, and Travel Mode to protect your information while you’re on the move, 1Password offers a comprehensive solution that can help keep your online accounts safe. If you’re looking for a reliable way to manage all of your passwords in one place, I highly recommend giving it a try with 1Password’s 14-day free trial!
I have also tested Bitwarden for a few weeks, and I can confidently say that it is a fantastic alternative to 1Password. Bitwarden offers a free, secure, open-source password manager for the average user, as well as a Premium plan for those who need extra protection and features. Furthermore, its ability to self-host is a bonus for advanced users and organizations that need more control over their data.
Here are the pros and cons of Bitwarden:
- Bitwarden is a free and open-source password manager. Its code can be audited by anyone and it offers transparency, making it a trustworthy option for security-conscious individuals.
- Audits of its code are freely available and transparent.
- Can be used as a desktop app, browser extension, or mobile app and can be synced across multiple devices.
- Users also have the option to self-host their own Bitwarden server for full control of their data.
- Offers unlimited devices, unlimited vaults, and unlimited syncing.
- Has convenience features such as a username and password generator and password autofill.
- Bitwarden has integration with several email alias services.
- Bitwarden has trackers in its apps, but these can be disabled or opted out of. Some users may not be comfortable with the use of trackers, even though they are disclosed and can be disabled.
- While Bitwarden offers a good out-of-the-box experience, some users may prefer more customization options.
- The UI is not very user-friendly.
- Advanced features comparable to those available in 1Password are only available in Bitwarden’s paid tier, which may be a drawback for users who require those features.
One of the things I appreciate the most about Bitwarden is its emphasis on security similar to 1Password. Bitwarden offers various security features to ensure that passwords and sensitive information are secure. While some security features are only available to premium members, all users get to benefit from these features:
- AES-256 bit encryption: All data stored in Bitwarden, including passwords and sensitive information, is encrypted with AES-256 bit encryption before it is transmitted over the internet.
- Fingerprint Phrase: This is a permanent phrase made up of five random English words specific to your account. The fingerprint phrase helps identify you securely. This feature ensures that the communication between you and the Bitwarden server is encrypted and hasn’t been tampered with by someone who shouldn’t have access to your information.
- Data Breach Report: This feature alerts you if your data ends up on the dark web in known breaches.
- Two-factor authentication (2FA): Bitwarden offers 2FA as an added layer of security for user accounts. Free users can enable 2FA using an authenticator app or email-based 2FA.
- Secure password generator: Bitwarden provides a secure password generator that helps users create strong and unique passwords for their online accounts.
- Secure sharing: Free users can share passwords and other sensitive information with others securely using Bitwarden’s secure sharing feature.
Premium members have access to some more valuable security features:
- Vault health reports: Premium users have access to health reports that provides them with a detailed overview of the security of their account, including exposed, re-used, weak, and unsecured password reports, and inactive 2FA reports.
- 1GB of encrypted file storage: Premium users can store encrypted files, such as documents or photos, in their Bitwarden vault for secure access from anywhere.
- TOTP authenticator key storage: Premium users can store their TOTP authenticator keys within Bitwarden, providing an added layer of security for their 2FA codes.
Convenience Features Offered by Bitwarden:
Some of the most important convenience features of Bitwarden include:
- Cross-platform support: Bitwarden is available on a wide range of devices and platforms, including desktops, smartphones, and web browsers.
- Unlimited devices, syncing and unlimited vaults and organization.
- Autofill: Bitwarden can automatically fill in login credentials and other form data, saving users time and effort.
- Password generator: Bitwarden includes a powerful password generator that can create complex passwords for users.
- Secure notes: Bitwarden allows users to store sensitive information such as credit card details, secure notes, and other important data in a secure, encrypted format.
Some convenience features are only available to premium users, such as:
- Two-factor authentication: Bitwarden supports two-factor authentication (2FA) to add an extra layer of security to user accounts. While free plan users have access to 2FA using an authenticator app or email, premium users can also use 2FA using security keys on websites that support that.
- Storage space: Premium users have IGB storage space for their secure notes and other data.
Bitwarden Self Hosting
One feature that stands out to me in Bitwarden is the ability for users to self-host their own Bitwarden server. While I haven’t tried that personally, it means that I can have full control over my sensitive information and credentials, without having to rely on a third-party service to store and manage my data.
This feature is particularly valuable for people who have a higher threat level or those who are concerned about the security of their data. By hosting your own Bitwarden server, all handling of your credentials and sensitive information occurs locally on your device, which adds an extra layer of security. Additionally, self-hosting allows for greater customization and flexibility in managing your passwords and sensitive data.
For example, if you work in a company that deals with sensitive data or if you are a security researcher or a politician, self-hosting may be a valuable feature for you.
However, self-hosting may not be for everyone. It requires a certain level of technical knowledge and expertise to set up and manage your own server, which can be a barrier for some users. Additionally, self-hosting may not provide the same level of convenience and ease of use that comes with using a cloud-based password manager like Bitwarden’s default option.
Overall, the ability to self-host your own Bitwarden server is a valuable feature that adds an extra layer of security and customization for those who need it, but may not be necessary or feasible for all users.
Why You Should Invest in a Premium Plan
Bitwarden’s free plan is very powerful and provides a lot of value, especially for individuals who are just starting to use a password manager. I think it’s probably the best free password manager plan out there.
However, the premium plan offers additional features that can be valuable, especially for those who are looking for extra security and flexibility. These include the security features available to premium members mentioned above Here are some of the features that premium users have access to:
- 1GB of encrypted file storage: This feature allows you to store any type of file securely in your Bitwarden vault. This is especially useful for sensitive documents like contracts, tax forms, and medical records.
- Two-step login with security keys: With premium, you have access to 2FA with security keys like YubiKey and FIDO U2F. These methods use a physical device to generate a unique code that you enter after your password, which makes it virtually impossible for anyone to access your account without your physical key.
- Bitwarden Authenticator: Bitwarden Authenticator is a 2FA app that integrates directly with your Bitwarden account. With Premium, you can use this app to generate one-time codes for 2FA on any service that supports it. This is a great way to add an extra layer of security to your online accounts.
- Vault health reports: Premium users have access to health reports that provides them with a detailed overview of the security of their account, including exposed, re-used, weak, and unsecured password reports, and inactive 2FA reports.
- Priority customer support: With Premium, you have access to priority customer support. This means that if you ever have an issue or question, you can reach out to the Bitwarden team and get a response faster than with the free plan.
- Emergency access: With the Premium plan, you can designate other Bitwarden users you trust to have access to your account in case of an emergency. These users can request access to your account in the event of an emergency, allowing them to either view your vault data including stored accounts logins or to take over your account by creating a new master password depending on the level of access your grant them. This is a great feature if, for example, you’re in an accident and need someone to access your medical records or financial information.
In addition, Bitwarden is an open-source project that is supported by user contributions, so by investing in a Premium membership, you’re likely helping to support the ongoing development and maintenance of the project.
After using both 1Password and Bitwarden, I can confidently say that both password managers have strong, comparable features when it comes to security and convenience. While 1Password does not have a free plan, it offers a 14-day trial, a powerful Watchtower feature, and a unique Travel Mode that can be useful for frequent travellers. On the other hand, Bitwarden is the best free password manager available and can be upgraded to a premium plan for advanced features comparable to 1Password.
Ultimately, the choice between these two password managers depends on your particular requirements. If you’re looking for a password manager with advanced features and are willing to invest in a premium plan, 1Password might be the better option for you. However, if you’re looking for a reliable and free password manager, Bitwarden is an excellent choice.
I highly recommend trying both password managers to determine which one is the best fit for you. You can sign up for a 1Password free trial or a Bitwarden free plan and give them a feel. Regardless of which password manager you choose, having a reliable and secure way to manage your passwords is essential in today’s digital age.