Back to blog
4 min read

3 Years with 1Password: An Honest Review

Managing 250+ credentials with a password manager - what works, what doesn't, and why I'd still recommend it.

SecuritySecrets Management

I've used 1Password for three years. Over 250 credentials - work accounts, personal services, API keys, OTP codes. Here's what I've learned.

No Secrets Here The Good, the Bad, and the In-Betw

What Works

I don't reuse passwords anymore. Every account has a unique, complex password. Most look like this:

EmFJ7*fmPswYL!K*__ecBW*sMAQ9uoTR7xgktDMeGMAqGiTn

I couldn't memorize these. I don't need to. The password manager handles it.

Autofill saves time. Browser extension fills credentials automatically. No typing, no remembering, no looking things up.

It syncs everywhere. Laptop, phone, tablet - credentials available wherever I need them. Encrypted sync, so I'm not worried about interception.

Secure notes for everything. API keys, recovery codes, license keys, secure notes with sensitive info. All in one place, all encrypted.

The Risks

Single point of failure. If someone gets my master password and secret key, they get everything. That's a real risk.

1Password mitigates this with:

  • Secret Key (34 characters) that never leaves your devices
  • MFA on the account
  • Key derivation that makes brute force impractical

But the risk exists. I use a strong master password and MFA.

Service dependency. If 1Password goes down, I can't access credentials. This has been rare - maybe a few minutes of downtime over three years. But I keep a local backup of critical passwords (encrypted) for true emergencies.

Subscription cost. It's not free. $36/year for individuals, more for families or businesses. Whether that's worth it depends on what you're protecting.

What I'd Do Differently

Emergency access sooner. 1Password has emergency access features. I set them up late. Do it early so you're not locked out if something happens.

Fewer old entries. I have credentials for accounts I closed years ago. Should clean those up.

Use tags more. Organization helps as the vault grows. I didn't use tags early enough.

The Alternative

Without a password manager, people do one of these:

  • Reuse passwords (terrible - one breach exposes everything)
  • Use simple passwords (terrible - easy to crack)
  • Write them down (better than reuse, but not great)
  • Use the browser's password manager (better, but limited features)

Dedicated password managers are purpose-built for this problem. The alternatives are worse.

Would I Recommend It?

Yes. 1Password specifically, or a similar tool like Bitwarden.

If you're managing credentials for production systems, sensitive data, or even just personal accounts with value, the cost is justified. Password reuse and weak passwords are how most accounts get compromised.

The master password is critical. Make it strong, don't reuse it anywhere else, and enable MFA on the password manager itself.

1Password pricing

Key Takeaways

  • Password managers enable unique, complex passwords for every account
  • The alternative (password reuse) is how most accounts get compromised
  • Master password is a single point of failure - make it strong and enable MFA
  • Set up emergency access before you need it
  • Worth the cost for anyone managing credentials that matter
BT

Written by Bar Tsveker

Senior CloudOps Engineer specializing in AWS, Terraform, and infrastructure automation.

About meGet in touch

Thanks for reading! Have questions or feedback?

Get in touchMore posts