1
- Category
- Passwords · SaaS alternative
- Cost
- Paid
- Country
- Canada
- Licensing
- Proprietary
# PROS AND CONS
+ what works
- +Secret Key plus master password design means a server breach alone does not expose vaults
- +Strong third-party audit posture with annual pentests published via the Trust Center
- +Native apps on every major desktop and mobile platform, plus browser extensions and CLI
- +Built-in Fastmail Masked Email integration for per-site disposable addresses
− watch out for
- −Closed source; security claims rely on audits rather than reproducible builds
- −No free tier, only a 14-day trial
- −Account recovery hinges on the Secret Key and Emergency Kit; lose both and the vault is unrecoverable
- −Data is hosted on AgileBits-operated infrastructure, not user-controlled
# PRIVACY NOTES
Vaults are encrypted client-side with a key derived from your master password and a separately generated 128-bit Secret Key, which 1Password's servers never see. A server breach alone cannot decrypt user data without both factors. AgileBits Inc. is based in Toronto and operates under Canadian law. The company publishes annual third-party penetration test reports and SOC 2 Type 2, ISO 27001, 27017, 27018, and 27701 attestations through its Trust Center, and runs a public HackerOne bug bounty program.
# REPLACES
icloud-keychain
# TAGS
#password-manager · #e2ee · #canadian · #proprietary · #passkeys
# DOES THIS WORK FOR YOU
# NOTES FROM PEOPLE WHO TRIED IT
Comments (0)
No comments yet. Be the first.