Getting started with a new password manager.
For a variety of reasons, I’ve moved to 1Password as my password manager.
It’s a good tool for the job, but there are a couple of important things to realize as you set it up.
I’ll walk you through the process.
Become a Patron of Ask Leo! and go ad-free!
Setting up 1Password
Create your 1Password account at 1password.com and install the browser extension. Most important of all, make certain to save the Emergency Kit offered during the creation process. You’ll need its information to access 1Password from additional or replacement computers as well as via its mobile app.
Obligatory caveats
1Password is not free. Below, I’ll show you how to set up an account with their two-week free trial. If you continue past that time, it’ll cost. (You’ll find current pricing here.) In my opinion, a good password manager is worth paying for.1
At this writing, I make no money from recommending 1Password. I have no idea if they even have an affiliate program. I might take advantage of it some day in the future (if so, I’ll update this paragraph), but my recommendation is based on the product, not my ability to make money by recommending it.
Creating an account
Visit 1Password.com, shown above, to get started.
Click on Try 1Password FREE, and on the resulting page, click on Personal & Family.
Personal makes sense for an individual, but Family makes sense as soon as you add even one more person to the mix. In addition, Family makes sharing vault entries among family members easy. My wife and I, for example, are on the family plan, so we have a shared vault for accounts we both use.
Click on Try FREE for 14 days for whichever plan you choose.
On the next page, enter your name and email address.
Your email address will be your account identifier, so make sure it’s your primary address or one you use regularly. Click Create Account. A code will be emailed to that email address to confirm it is under your control. You’ll enter it on the next screen (not shown), and then you’ll be asked to create your master password.
Honestly, I think 1Password understates the importance of this master password. This is THE “one password” used to access your vault containing all your other sign-in credentials. It’s important that it be long and strong, and that you never, ever, forget it. Without it, you lose access to your account forever.
After entering your master password, click Next. You’ll be asked to enter your billing information (not shown). This is optional (there’s a “Skip” option at the bottom), but if you’re truly considering using 1Password, I recommend you go ahead and enter it now rather than needing to remember to enter it later.
Next, you’ll be directed to download your Emergency Kit.
Your Emergency Kit is critical. Download and save it in a safe place. Here’s what it looks like:
Note the space for you to write in your password. Do so. This document is used whenever you want to access 1Password on a machine for the first time. (The QR code is a shortcut to make entering the Secret Key easier on mobile devices.)
The secret key2 is an additional level of security unique to 1Password. It further secures your vault by being a completely random and long key that is required when setting up on a new device. It acts very much like a second factor in that regard. Once you’ve accessed your account once on a given machine, you won’t need to enter the secret key again there, only your master password.
I prefer to save the Emergency Kit in digital form so I can copy/paste the secret key when I need it. Regardless of how you save it — printed paper or digital file — make sure it’s saved somewhere securely. Anyone with access to this file can access your 1Password account.
Which, in case you didn’t notice, has now been set up.
Install the browser extension
For your 1Password vault to be of best use, you’ll want to install the extension for your browser. In my case, that’s Edge, but you’ll find the 1Password extension in the browser extension stores for the major browsers.
Once installed, you need to sign in to the extension (this may look different depending on what browser you’re using).
Once you’ve signed in, the extension is ready to help you save and use sign-in credentials to and from your vault.
Saving and using credentials
When you sign in to a site for which 1Password does not have an entry, you’ll be shown an option to Save in 1Password.
Click that, and the information you’ve entered — typically username and password — will be saved to your vault.
The next time you return to that site, 1Password will notice that it has an entry and offer to enter it for you.
Click on the item and 1Password will fill in the fields it knows about — again, typically username and password — and then you can click Log in or its equivalent to sign in.
Do this
In showing 1Password account setup and its basic use, we’ve really just scratched the surface. There are many options and a variety of useful tools.
But above all, save that Emergency Kit somewhere safe. You will need it at some point.
I expect I’ll be discussing more aspects of 1Password in the future, so now’s a great time to subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Does 1Password have sub-folders or “categories” ala LastPass to separate sites into sub-sets?
They have tags, which can be used to the same effect.
I prefer an offline password manager. My choice is KeePass.
I asked Leo a question in the YouTube comments to the video corresponding to this article.
Today, I re-visited that video, hoping to see an answer to my question, but I was disappointed, because the question itself seems to have disappeared.
I’m just wondering why my question has apparently been deleted.
I’m not going to repeat the question here, because there’s a possibility that the question might be deleted here as well.
One point I would like to mention about my question is that it did mention the name of a different password manager, (but I did not attempt to include any links, because I’m well aware that that’s a “no-no,”), and I was asking Leo’s opinion of that company security procedure, which involves an unusual, (to me, at least), method of 2FA when installing on more than one device.
I would appreciate it if Leo might be inclined to explain to me why my question was deleted.
Thanks in advance.
I don’t know what happened with your comment on YouTube as I don’t work on that. But I can say that the only comments we delete from this forum are spam, off topic comments that aren’t relevant to the discussion, and profanity laced rants.
We even allow links here. Comments with links are subject to review and are removed if they seem like they might be spam.
I have no idea. YouTube comments are often a mess, and often held for moderation or deleted without my knowing about it.
I recommend you post your question here, or submit it to https://askleo.com/ask
Thank you for your reply, Leo.
My question isn’t actually about 1Password: I don’t actually need it because I use a completely different Password Manager called “Sticky Password,” which I have been using without any problems since (IIRC) 2009 or 2010.
At the time I discovered Sticky Password completely by accident, due to my having had a major falling out with moderators of the support forum of a well-known Internet Security firm, to whose software, I had been a subscriber for several years. Whilst I won’t name the firm, I will say that it is based in a rather large Slavic country, whose name begins with “R.”
I had been using the Premium version of their Internet Security Suite, which included a Password Manager, and suddenly, one of their automatic updates completely mangled my password database, (which, at that time had close to 400 entries).
I was banned from asking any question about this problem, the board admin kept deleting my posts, and finally, he actually deleted my account, so that I could no longer sign in.
Fortunately, I had received a PM from another one of the board’s users, who told me that the Password Manager that they were using was not their own, and that they were actually using an OEM version of a program called “Sticky Password,” developed by Lamantine Software, a company based in the Czech Republic.
So, I visited the Lamantine website, downloaded an installed Sticky Password, imported the database from the old password manager and got all my logins back working again. Having successfully completed this task, I registered Sticky Password with a Lifetime Licence, (at the time, very cheap), the key never expires, and I can install and use Sticky Password on as many PCs of mobile devices as I wish.
One slightly unusual thing that Sticky Password does is that to install on a new device, the user is required to use a 2FA PIN. This PIN is always sent to the user’s secondary email address, not the primary email address.
My question was simply asking Leo what was his opinion of this security procedure, compared with the 1Password method of sending the key to the user’s primary email address.
Thanks for the opportunity to ask this questions again here.
The US and Lithuanian governments have banned the use of that Russian company’s software, and Germany has advised their citizens not to use it, as a possible security breach..
https://en.wikipedia.org/wiki/Kaspersky_bans_and_allegations_of_Russian_government_ties
I changed to 1Password from Lastpass. Works great, even better than Lastpass on Safari, but it keeps locking me out so that I have to re-enter the password every couple of hours
I looked for workarounds, didn’t find anything interesting
Any hint?
Thanks
There’s a setting in options to lengthen that time (up to 8 hours I believe) or turn it off (not recommended). It’s per installation, though, and not account-wide.
I have 1 Password (about 4 months now) but have been afraid to set it up completely. I put in a couple of passwords that are just “blanks” and not important. The reason is that I was badly burned by a well-known security company (whose name begins with N). All Passwords disappeared overnight and it was from within the company site, all 184, gone. So, my question to you is where is 1 Password stored on my computer, and where SHOULD IT BE? My hackers are very quick at decrypting passwords. Even 40 digits only takes 1 day OR my computer has a rootkit or keylogger. Malwarebytes says it doesn’t. I’m really afraid of losing all my passwords again as it took 2 years to get them back to semi-normal. I still spend a couple of hours a day resetting passwords that have been changed. Right now, I have two sets of duplicate copies but typing in passwords is definitely not the most secure way to go. Thanks for your information and for any suggestions you make on this subject. (Also, the email address you have for me, below, will soon be changed, is that a problem? I don’t want to miss anything!)
To be clear, even losing passwords is not a problem. You can always use “forgot password” processes as long as your account recovery information is configured properly.
That being said, your concern is one of the reasons I so strongly recommend backing up your password vault regularly. I don’t have an article on 1Password yet, but it boils down to using the export feature to download the entire database into a .CSV file, and then storing that file somewhere secure.
Interesting. 1Password costs about the same as LastPass (paid) for a single user, but about $1.00/month more for the family plan (I didn’t check the limitations on each because I don’t need the family plan here). Maybe I’ll take your advice, Leo, and make the switch too :).
I’m not clear on the 1Password family plan vs. the individual plan. I have LastPass now and just one vault both my wife and I use, having it on our computers and phones. Can’t I do that in 1Password? Is it necessary to get the family plan? Thank you!
Not necessary. You could both just use a single vault. I happen to have family plan so that my wife and I have separate vaults, and share only what actually makes sense to share. We’re each not bothered by all the accounts that apply only to the other.
1Password.com is not very good with Opera browser. I imported the 770 entries from KeepassXC. It put them all in alphabetical order. No groups. Adding Tags works, but Drag & Drop does not work in Opera. Selecting multiple entries does not work. Ctrl+A selects all text, not entries. Delete key does not work. So I will have to Edit, Tag, Save each of the entries. That might take several hours or days.
I moved from LP to 1Password two weeks ago. I have yet to set up some of the features (sharing, etc.) but am very pleased so far. There are a few major differences in appearance like Tags vs Folders, how vaults work, etc. but the extension interface is smoother with 1Password than LP – fills out more logins more quickly than LP.
I had trouble exporting the 900 items in LP to 1Password. The support team at 1Password was very response and provided detailed work-arounds for the problems encountered. Looks like that have been flooded with folks changing to their product.
Thanks for the post.
Based on one of Leo’s earlier postings I set up Bitwarden and I love it. 1password does look great but I can strongly vouch the free Bitwarden.
Were you able to import all of your logins, safenotes, identities, bookmarks, and contacts (RoboForm terminology) from LastPass to 1Password without hands-on procedures?
For the one user I did this for, the answer’s yes, but they were not power users. I am hearing of hiccups from folks who make advanced use of secure notes, and other features. No real workaround for those so far other than manual transfer.
Can I use 1Password on 2 different browsers? Most of my accounts are set up on Chrome, but some are set up on Edge. My husband uses Edge.
Yes.
For the record, accounts are not set up “on” a browser. They’re just set up with the service you’re using and can be accessed using any browser.
Yes. That’s exactly what password managers are designed for, to be able to be used on all supported browsers, and good password managers are supported on all major browsers.