After several years using the same password-manager service–and then paying for its premium version–I’ve spent the last few weeks trying an alternative.
I can credit a sales pitch that included the italicized phrase “completely free” for this departure: 1Password’s offer of a free membership to journalists, in celebration of World Press Freedom Day this May 3. But I was also overdue to spend some time in a password manager besides LastPass.
So far, I’m impressed by the elegance of the interface but a little put off by how persnickety 1Password can be to set up. You don’t just create a username and password, you also have to type in a complex and random secret key to get going.
Having read this Toronto-based firm’s documentation of how this extra step helps ensure that a successful guess of your password still won’t compromise your account, I get where they’re coming from. But I’m not sure I’d recommend it to just anybody, especially not when LastPass’s free version suffices for many casual users.
Further time with 1Password’s Mac, Windows and Android apps has revealed other things I like:
- Importing my saved passwords from LastPass was as simple as advertised (and 1Password having a documented export format should ease any possible future switch away from 1Password);
- Its Watchtower feature taps into the Have I Been Pwned data-breach index to warn you if you’re using passwords that have already leaked from other sites;
- You can unlock the Windows app using Microsoft’s Windows Hello biometric authentication (but not after a restart of the app or the PC).
This time has also surfaced one thing I don’t like: an incomplete approach to two-step verification that seems to require choosing between running an authenticator app on your smartphone or employing a weird Yubikey implementation that requires running a separate app instead of just plugging a standard USB security key. That’s no better than LastPass’s inflexible notion of two-step verification.
I’d like to see 1Password improve that and support the WebAuthn standard for security-key confirmation. But I’m prepared to give them some time, based on everything else I’ve seen so far.
Rob Pegoraro 
Pingback: Weekly output: Google’s password help, Twitter suspensions in Egypt | Rob Pegoraro
Pingback: Weekly output: password peril, mobile-hotspot help, Facebook’s Oversight Board | Rob Pegoraro
Pingback: My next Mac desktop needs one more thing… | Rob Pegoraro
Pingback: Weekly output: ATSC 3.0, password managers, AT&T TV, ShowStoppers TV, CDA 230, CES recap, 8K TV, TV tech at CES (x2) | Rob Pegoraro
Pingback: Android phone migration has gotten easier–except for Google Pay and Google Voice | Rob Pegoraro
Pingback: Google-induced mail migration malaise | Rob Pegoraro
Pingback: 1Password CEO: Our Competition Isn’t Just Apple and Google, It’s Bad Habits - TECHTELEGRAPH
Pingback: Weekly output: lunar construction, Verizon 5G goals, Twitter trust-and-safety warning, 1Password upgrade, Comcast rate hikes, Google Messages encryption | Rob Pegoraro
Pingback: Apple’s “Magic” keyboard may be inhabited by some unkind sorcery | Rob Pegoraro