(no title)
commandersaki | 13 days ago
Otherwise they have an incredibly strong security model (though it means its a bit complicated to the end user) and they support almost every form of credential TOTP, Passkey, passwords, etc.
They're also working on simplifying unlock methods such as being able to use a passkey to unlock (such as your iCloud passkey), or using your passcode/biometrics unlock double as the unlock for 1P.
It seems to have good integration into iOS as well for autofilling in apps and such.
Also, it supports custom fields where some forms on websites require some additional codes or secrets that normally don't autofill because they're not a password. 1P handles this pretty gracefully by just having a labelled text field stored as part of the login credential and it'll automatically fill that in.
They have a family pricing and it comes out cheaper once you have 2 members using it. Also sharing credentials, notes, etc. with other members is pretty straightforward.
If you just want something to start out with and you're in Apple ecosystem, consider the Apple Passwords app which is free. Having something is better than nothing.
commandersaki|13 days ago
1Password did really well, but doesn't get off scot-free as there's a vault substitution attack described in Appendix D where an attacker could substitute a vault and freshly created items in said vault by the user could be read by the attacker. I don't think in any stretch it would be easy to pull off, and I imagine to apply the fix despite simple would require a significant architecture overhaul across 1P applications, protocol, and architecture. But otherwise it does well against its rivals, and a lot of it is thanks to having a high entropy key masking the password used to unlock a vault, meaning dictionary attacks are not even possible.
[1] https://eprint.iacr.org/2026/058