1Password

The Problem It Solves

The average knowledge worker has 70–100 passwords. Without a manager, they do what humans naturally do: reuse the same password across many sites, use passwords they can remember (weak ones), and store them in spreadsheets or Slack messages. Each is a security vulnerability at scale.

1Password generates strong, unique passwords for every account, stores them encrypted, and fills them automatically. You remember one password — the master password to your vault.

What 1Password Does

Beyond basic storage:

• Secure notes: encrypted text for server credentials, license keys, recovery codes, security questions
• SSH keys: 1Password stores and provides SSH keys to your terminal — no more key files scattered across machines
• TOTP: generates and fills time-based two-factor codes alongside passwords
• Watchtower: alerts when any stored credentials appear in known breach databases
• Travel mode: remove sensitive vaults from devices when crossing borders; restore with one click on the other side

Team Features

• Vaults: shared credential stores. Marketing shares a vault with social media credentials; Engineering shares a vault with server credentials. One place to manage shared access.
• Granular permissions: who can view, edit, share, or manage each vault
• Audit log: who accessed what credentials, when
• Guest access: give external contractors access to specific credentials without full team membership — revoke when the engagement ends
• Watchtower: alerts when stored credentials appear in breach databases

The Shared Credential Problem It Solves

Before 1Password, shared credentials lived in spreadsheets, Slack messages, email chains. Offboarding meant a scramble to rotate credentials across every system the person had access to.

With 1Password vaults: service accounts — the GitHub organization login, the AWS root account, the domain registrar credentials — live in organizational vaults that belong to the role, not the individual. When someone leaves, you remove their vault access. The credentials don't change. No rotation scramble, no missed accounts, no lingering access.

Practical Examples

Developer: SSH keys in 1Password, available across every machine. Service credentials committed nowhere in code. Git signing keys managed in one place.

Traveling executive: Travel mode removes sensitive vaults before entering high-risk border crossings. Emergency recovery codes stored in a secure note, accessible offline.

Operations team: Vendor portals, managed service logins, customer-site credentials in shared vaults with appropriate permissions. Contractors get guest access to what they need, nothing more.

Non-technical employee: Browser extension fills everything automatically. Watchtower proactively alerts on breached sites. Discounted family plan available — adoption improves when it's useful at home too.

Nonprofit Pricing

1Password offers significantly reduced pricing for nonprofits. For organizations managing shared credentials on tight budgets, the nonprofit pricing removes the cost objection entirely.