How to use 1Password for digital security and organisation

Executive overview

Most people store passwords in browsers, Evernote, or Word docs — none of which are encrypted or secure. 1Password solves this with 256-bit AES encryption, keeping your data local or synced through services you control.

It stores far more than passwords: logins, credit cards, software licences, secure notes, passport details, and membership cards. The security audit and Watchtower features surface weak, duplicate, and compromised passwords in one place.

The strongest defence against account compromise is long, random, unique passwords for every site — 1Password makes this practical.

What 1Password stores

• Logins (username + password pairs) and standalone passwords
• Credit cards, software licences, passport and ID details, membership cards
• Secure notes: free-form encrypted text with file attachments — useful for contracts, VIN numbers, recurring bill details
• Custom fields on login items — ideal for storing fake security question answers

Master password strategy

• The master password is the single point of protection; everything depends on its strength
• Diceware (dice words) is the recommended approach: roll dice, look up words on a word list, string 5–6 words together
• Example structure: four random common words separated by hyphens or spaces
• Avoid names, birth dates, or anything guessable from public information
• Write it down and store it securely until memorised; 1Password cannot reset it

Security audit and Watchtower

• Security audit flags duplicate passwords, weak passwords, and aged passwords
• Watchtower alerts you when a service you use has been involved in a known breach — even if your password itself is strong
• Aim for random, unique passwords on every site; periodic rotation is secondary to uniqueness

Browser extensions and mobile

• Browser extensions autofill credentials with one click — no need to copy/paste
• iOS share-sheet extensions (available since iOS 7) removed the need to switch apps to log in
• Storing passwords in the browser is convenient but unencrypted and not recommended

Syncing options

• Local only: data stays on your machine; portable via the vault file
• Dropbox: works across Mac, Windows, iOS, Android — simplest cross-platform option
• iCloud: Apple devices only
• Wi-Fi sync: same-network devices only; computer-to-computer not supported
• 1Password for Teams (beta at time of recording): admin-managed accounts via Amazon servers; AgileBits cannot access the encrypted data

Pro tips and power features

• Lie on security questions: generate a random password as the answer and store it in a custom field alongside the question
• Keyboard shortcut Command + / opens 1Password mini in the Mac menu bar
• Switch between vaults with Command + [number]
• Multiple vaults let you separate personal and work credentials
• New vault format is OP vault (replaces the older Agile Keychain format)
• Getting started: install the browser extension and let it save logins organically — don't try to import everything at once