1Password

Password manager with free access for journalists.

Free for journalists

Strong

https://1password.com · Reviewed 2026-04-02 · Editorial assessment by Mike Schneider — based on public security research and audits

What should journalists know about 1Password?

1Password is the default recommendation for journalists, and the free journalist program makes it a no-brainer. Zero-knowledge architecture means 1Password cannot access your passwords even under legal compulsion. The Secret Key — a 34-character key unique to your device — adds a layer Bitwarden and most competitors lack: even if someone steals your master password, they cannot decrypt your vault without it. Travel Mode lets you strip sensitive vaults from your device at border crossings. The 2023 Okta incident touched 1Password's internal Okta tenant but never reached user vaults — a real-world stress test of their architecture. Bitwarden is the credible open-source alternative (and cheaper), but 1Password's UX, passkey support, and journalist program tip the balance for most newsrooms. The March 2026 price hike on consumer plans doesn't affect the journalist program.

Best for

Everyone. Password management, passkey storage, 2FA codes, secure credential sharing with colleagues, Travel Mode for border crossings.

Not for

If you need self-hosted infrastructure for compliance or airgap requirements, Bitwarden's self-host option is better. Otherwise, there is no good reason for a journalist not to use a password manager.

Security & Privacy

Encryption in transit Yes

Data is scrambled while being sent to their servers

Encryption at rest Yes

Data is scrambled when stored on their servers

Data jurisdiction Canada (AgileBits Inc. headquarters in Toronto). Data stored in region of user's choice: US, EU, Canada, or Australia.

Where servers are located — affects which governments can request your data

Security rating Strong

Zero-knowledge architecture. 1Password cannot access, read, or share your vault data. Decryption requires both your Master Password and a 34-character Secret Key that 1Password never holds. They collect minimal metadata (account info, usage analytics) but never vault contents. AES-256-bit encryption throughout.

How to protect yourself:

Use a strong, unique Master Password (not reused anywhere). Store your Secret Key printout in a physical safe. Enable 2FA on your 1Password account. Use Watchtower to identify weak/reused/breached passwords. Share credentials via 1Password vaults, never email or Slack. Enable Travel Mode before crossing borders. Be alert to phishing: 1Password will never email you from non-@1password.com domains asking you to reset your password (targeted phishing campaigns hit users in March 2025).

Zero-knowledge encryption with unique Secret Key, AES-256, SOC 2 Type 2, ISO 27001/27017/27018/27701 certified, regular pentests by Cure53 and Bishop Fox (reports on Trust Center since November 2025), regional data residency choice, passkey support across all platforms, and free for journalists. No user data has ever been compromised. The gold standard for journalist security tools.

Who Owns This

Owner AgileBits Inc. (dba 1Password), Toronto, Canada

Funding Venture-backed. $920M total raised across 3 rounds (Series A $200M in 2019, Series B $100M in 2021, Series C $620M in 2021). Last valuation $6.8B (2022). Investors include Accel, ICONIQ Growth, Tiger Global. Founded 2005, was profitable before raising VC. Hit $400M ARR in October 2025. Actively interviewing banks for IPO as of late 2024. Founders completed $100M secondary sale in October 2025.

Business model SaaS subscriptions across consumer, teams, business, and enterprise tiers. Expanding into Extended Access Management (XAM) — device trust, SaaS governance, and agentic AI credential brokering. Acquired Trelica (UK, SaaS management) in January 2025. Journalist program is goodwill/loss-leader under 1Password for Good initiative.

Known issues

October 2023: Okta support system breach gave attackers access to 1Password's internal Okta tenant. No user vault data was accessed — the incident was contained to employee-facing admin systems. 1Password detected and stopped the intrusion within days. August 2024: macOS vulnerability (CVE) allowed local attackers to hijack inter-process communication and impersonate trusted 1Password integrations (browser extension, CLI). Patched in version 8.10.38. No evidence of exploitation in the wild. August 2025: DEF CON 33 presentation by researcher Marek Tóth disclosed browser extension vulnerabilities affecting multiple password managers including 1Password. March 2025: Targeted phishing campaign impersonated 1Password Watchtower breach alerts. VC funding and IPO trajectory raise long-term questions about whether the journalist program continues indefinitely, but $400M ARR and 150K+ business customers suggest the program is a rounding error on their P&L. Consumer price hike in March 2026 signals margin pressure.

Pricing

Individual: $3.99/month (up from $2.99, March 2026 increase). Families: $5.99/month. Teams Starter Pack: $19.95/month flat for up to 10 users. Business: $7.99/user/month. Enterprise: custom pricing. All prices with annual billing.

Free Teams plan for verified journalists via 1Password for Journalists program. Apply at 1password.com/for-journalists. Freelancers without org email can apply with their work email.

This is an editorial assessment based on publicly available information as of 2026-04-02, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.

Something wrong or outdated? Report it.