Download this list as a PDF for safekeeping and future reference
Contents
The Basics
Password managers like 1Password are only secure if your team are actually using them, so the basics are really important. A password manager needs to automatically save your passwords, generate stronger ones, and fill them accurately everywhere you need them. When you are using a password manager for your business, it also needs to store more than passwords, like secure notes and identities, while helping to build and enforce your password policies.
| Β | 1Password |
|---|---|
| Includes apps and extensions on Mac, Windows, iOS, Android and all major browsers. | π |
| Stores anything you need to secure. Passwords, notes, identities and credit cards. | π |
Security
This is the most important section. Your choice of password manager should tick every box with confidence. Security is an ongoing task and you need to trust your choice to treat your information with the utmost respect.
| Β | 1Password |
|---|---|
| The operators of the service have no ability to see or learn what sites and services users have logins for, nor when they use those. | π |
| Data stored on the server should be impossible to crack in the event of a server compromise. | π |
| The operators of the service have no ability to see or learn user passwords. | π |
| The security of the service should have multiple layers of encryption and not rely on the secrecy of TLS or SSL. | π |
| No secrets should be transmitted during the login process. | π |
| The login process also guarantees the authenticity of the server you are logging into. | π |
| The service uses multi-factor authentication as an additional factor thatβs beneficial to its security. | π |
| The service should encourage and incentivise security researchers and undergo formal penetration testing. | π |
Distributing your team
Getting the right credentials to the right people is a key part of password management. Your password manager should have tools that scale to your business β from a vault to share with a team, to advanced sharing with groups and active directory.
| Β | 1Password |
|---|---|
| Advanced permissions for sharing. | π |
| Active Directory support for managing a large number of users. | π |
| Sharing data among users should be managed in a way that doesn’t give those who control the server the ability to set up unapproved sharing. | π |
Privacy and Compliance
The information a password manager does have should be kept to themselves not used to remarket or be sold to third parties. 1Password will never share, sell or use your details for marketing or market research.
| Β | 1Password |
|---|---|
| Service should be SOC and GDPR compliant. | π |
| Service should be designed to not acquire any user data other than the complete minimum needed to operate the service. βPrivacy by Design.β | π |
| No data or metadata is passed to third parties or used for internal advertising. | π |
The Cloud
Itβs a popular buzzword, and with that comes several questions, but remember the cloud is another server which means it needs to be secure, audited and trusted. 1Password uses Amazon Web Services which has a number of protections and is regularly security tested.
| Β | 1Password |
|---|---|
| Each session should be encrypted with a key unique to that session (independently of TLS). | π |
| Requests to the server should not be reusable if captured. | π |
| The security architecture of the system should be well-documented and open to public and expert scrutiny. | π |
| TLS, to the extent it is used as an additional layer of security, should be configured to require up-to-date and strict versions. | π |
Auditing and Reporting
Whether you are auditing your own security or reporting on the security of your team, 1Password gives you all the information you need. 1Passwordβs Watchtower is the most comprehensive suite of tools to protect and update passwords at risk. You get alerts based on weak, compromised, vulnerable and duplicate passwords in addition to other security recommendations.
1Passwordβs business reporting allows you to get feedback on your teamβs security. You can look at a team memberβs specific usage of a password, how much they use 1Password, and what they have access to. You can report on an individual or the entire team β handy for keeping an eye on security.
| Β | 1Password |
|---|---|
| Alerts when an account is compromised in a breach. | π |
| Diagnoses weak and reused passwords | π |
| Reports on team members usage of specific accounts | π |
1Password vs. the competition
Find out why 1Password is the best in the market with our password manager comparison!
Compare password managersMatt Davey
CXO (Chief Experience Optimist)
Tweet about this post