I’m going to tell you a couple of useful things that I’ve figured out about 1Password, but I need to include a little preface because I’ve been pushing LastPass for more than 10 years and a lot of you use it.
PUBLIC SERVICE ANNOUNCEMENT
You don’t have to stop using LastPass. It’s safe, it works, you’re familiar with it, and you don’t enjoy unnecessary change. Stay right where you are. If you’ve been using LastPass for free on a phone and a computer, well, now it will cost $36 per year. Bummer. It’s worth it.
(Update 01/02/2023: I no longer recommend staying with LastPass after its shocking hack in 2022. Details in this article.)
All of you who were feeling nervous – do you feel more relaxed now? Focus on that calm place. Inhale the future, exhale the past. Quiet your mind. To seek is to suffer, to seek nothing is bliss. Om mani padme hum.
Unfortunately I had a little trouble finding my calm place. After my last article you probably understand why I left LastPass.
I’m pissed.
I’m angry at the modern world with its overemphasis on short-term profits. I’m angry at the venture capital and private equity firms that suck money out of nice companies and discard the husks.
I’m angry at LastPass for making a useful product worse, for unfair business practices, and for taking away the utility of a fine free product which had helped it build tremendous goodwill.
So I switched. The difficult part was making the decision to change instead of procrastinating. Once the decision is made, the rest of it is just details – choosing a program, going through the fiddly bits to migrate everything, and learning some new stuff.
How to choose your next password manager
Let’s compare the two methods of choosing your next password manager:
METHOD NUMBER 1: Do a search for “best password managers.” Read the reviews and begin to compile a checklist of the features that are important to you, along with information about pricing plans for individuals and families, security features, compatibility across devices, and anecdotes found in comments about the quality of support.
METHOD NUMBER 2: Screw that. Just pick one that turns up frequently and hope for the best, especially if it’s been recommended by a couple of people.
I might have used that second method to choose 1Password. Don’t judge me. You might do the same thing.
What you want from a password manager
This is my checklist of basic must-have features in a password manager. Your list will overlap mine but you might rank things differently or include some different items.
- More than anything else, a password manager is a notebook where I can look up passwords conveniently. Sounds obvious, eh? Not all of them are good at this part.
- I’m going to use a password manager on a couple of computers and my phone, so I want one that syncs online and works on multiple devices.
- I’ll mostly use a password manager in a browser, so auto-filling entries on websites is a pretty swell trick. At the least it needs to be convenient to copy and paste, either from a right-click menu or from the extension icon in the upper right.
- Looking up passwords on a phone is helpful. Being able to auto-fill passwords in a phone app is darned handy when it works but I have low expectations about that.
- It’s really helpful if the password manager can be unlocked by biometrics – my face or fingerprint – when the device supports that, so I don’t have to type in the master password all the time.
- Bonus features: storing credit card information and personal details to fill in online forms; family and sharing features; storing other types of information (drivers license, insurance, medical, etc.).
Security is the most important feature, of course, but it’s baked into most password managers now. LastPass invented the great trick of encrypting its password database before it is synced online so the company never has your master password and never has your passwords in a readable form. Now all the cool kids do it.
With all that in mind, I chose 1Password because loyal readers told me it was swell and Wirecutter made it the number one choice. (Do you know Wirecutter? It’s the Consumer Reports of the modern era. That will only make sense if you’re old like me. Trustworthy reviews of just about everything.)
A couple of tips about getting started with 1Password
There are plenty of step by step guides to get started with 1Password. Here’s the 1Password guide. Here’s one from Lifehacker, and one from Wirecutter. Go for it. It’s easy.
There’s one unusual step where you print out an “Emergency Kit,” a single page with an additional encryption key and a QR code. Behind the scenes, the additional encryption key adds another layer of security. For your purposes, the important part is: follow the instructions to print the Emergency Kit and store a copy of it in a safe place. Don’t blow by it. Write your master password in the blank and keep the Emergency Kit page with the other papers that you would store in a safe if you had a safe. If you forget your master password, you will be able to get back into the account if you have the Emergency Kit. You may be locked out forever if you forget the master password and you don’t have this backup. Forever, do you hear me?
Don’t forget your master password.
If you’re a LastPass user, you’ll be exporting your LastPass passwords and importing them into 1Password. Here’s a guide from 1Password. My experience was great; it was easy to follow the instructions and everything came in perfectly.
On a Windows computer, you’ll start out by installing the 1Password program, an app that runs separately with its own icon on the taskbar. It’s fast and easy to figure out. Think of it as the notebook where you can look things up.
But you’re really interested in the part that runs in your browser. You want your password manager to fill in passwords on websites. That’s where I can help you figure out one confusing bit with 1Password.
(Edit 01/01/2023: this section is out of date and no longer necessary!)
There are two Chrome extensions for 1Password. You want the one named 1Password X.
When I installed the 1Password app for Windows, I wound up with a little 1Password icon in the upper right of Chrome. I could click the icon and fill in credentials for Amazon or my bank with a click. I could right-click a password field on a website and fill in the password. It wasn’t bad but I confess it seemed a little bare.
1Password has a second Chrome extension. It’s installed separately from the Windows app. The company sometimes calls it “1Password X” or “the new extension.” You can install it from here for Chrome, Firefox, and Edge. You can also install it in “Brave,” which apparently is a browser AND a Pixar fairy tale.
The 1Password X extension pops a tile up directly below the password field – a very direct visual indicator that it’s ready to fill in the name and password. It looks like the above screenshot.
You will be typing in your master password more frequently; the 1Password X extension operates completely independently of the 1Password app. Each one – the extension and the app – has settings to change how often the master password is required.
If you use 1Password on an Android phone, turn on Autofill Previews
1Password automatically fills in credentials in apps and websites on both iPhones and Android phones. That’s the theory, anyway. Just as with LastPass, my experience is erratic at best. There are many times when the 1Password prompt just doesn’t appear. No problem! I can switch to the 1Password app, look up an app, copy the login name, switch back to the app, paste in the name, switch back to 1Password, copy the password, switch back to the app, and paste in the password.
For some reason, I’m in a pissy mood when I finish that process. I’m just shallow that way. But I don’t blame 1Password or LastPass – it’s a side effect of complicated technology that is either trying to keep us safe or just doesn’t work very well. It’s frustrating that we can’t tell which one it is.
On an Android phone (not iPhone), there is a setting that provides a visual indication when 1Password can fill in credentials – a tile that pops up just like in the above Windows screenshot. In 1Password, click on Settings / Autofill and turn on Autofill Previews. Some information will be stored decrypted, marginally reducing your security, but your passwords will still be secure and it is far more convenient to use the autofill feature.
I didn’t save any money switching away from LastPass. It took a while to become comfortable with 1Password’s layout and features but I live for that sort of fun – that’s where your mileage might vary.
Now I prefer 1Password. It runs like lightning in Chrome, which had become my LastPass bugaboo. The 1Password X extension and the Android app autofill more reliably than LastPass.
How about it – are you angry at greedy corporations? Try taking it out on LastPass. You won’t save money but you’ll feel morally superior and that counts, right?
Keeper is the best I’ve found. Yes, there is not a lot of big differences between most password managers, but Keeper has enough minor differences to really move the needle. First of all, from a security standpoint, they really do have the best-in-class security. And let’s face it, isn’t that the most important aspect? Secondly, if you’re going to pay for one, (and chances are you are if you want a fully featured solution and not just a “get by” solution), Keeper is priced to win. Third, as a small business, it really has the most features in comparison. Their breach service is bar-none the best, reporting is amazing, and the admin console is powerful yet remarkably easy. And last, customer service has been amazing. Anytime I need help I simply contact support and schedule with a representative to help me. It really couldn’t be easier.
I’ve been using Roboform for 20 years. Version 7 was a “lifetime” license that cost 20 bucks or so, but then died prematurely when v8 –at almost $20 a year– was released . I had no issues paying for v7, but I won’t pay almost the same amount yearly for v8, or the newer v9. No way. There is a free version, but, no sync across devices. Which makes the free version almost useless nowadays. Method 1 above, produced interesting results. KeePass, which is open source, seemed to come out on top. Any thoughts on KeePass? Bruce? Anyone? My main concerns are security and convenience.
Lastpass on Android has built in trackers with some being ad tech trackers: https://www.gsmarena.com/lastpass_for_android_has_seven_builtin_trackers_security_firm_warns-news-47977.php
But of course it doesn’t send any “sensitive data” and is only to “improve user experience.” /s