Otherwise they have an incredibly strong security model (though it means its a bit complicated to the end user) and they support almost every form of credential TOTP, Passkey, passwords, etc.
They're also working on simplifying unlock methods such as being able to use a passkey to unlock (such as your iCloud passkey), or using your passcode/biometrics unlock double as the unlock for 1P.
It seems to have good integration into iOS as well for autofilling in apps and such.
Also, it supports custom fields where some forms on websites require some additional codes or secrets that normally don't autofill because they're not a password. 1P handles this pretty gracefully by just having a labelled text field stored as part of the login credential and it'll automatically fill that in.
They have a family pricing and it comes out cheaper once you have 2 members using it. Also sharing credentials, notes, etc. with other members is pretty straightforward.
If you just want something to start out with and you're in Apple ecosystem, consider the Apple Passwords app which is free. Having something is better than nothing.
1Password did really well, but doesn't get off scot-free as there's a vault substitution attack described in Appendix D where an attacker could substitute a vault and freshly created items in said vault by the user could be read by the attacker. I don't think in any stretch it would be easy to pull off, and I imagine to apply the fix despite simple would require a significant architecture overhaul across 1P applications, protocol, and architecture. But otherwise it does well against its rivals, and a lot of it is thanks to having a high entropy key masking the password used to unlock a vault, meaning dictionary attacks are not even possible.
In practice that usually means either: 1) 1Password Families (best UX/recovery/sharing, paid), or 2) Bitwarden (good balance, cheaper, can self-host if you want, but UX is a bit more fiddly).
If everyone is already all-in on Apple (or Google), the built-in Passwords/Google Password Manager are honestly hard to beat for simplicity.
Regardless of manager: enable 2FA on the manager account itself, and start migrating important accounts to passkeys where possible.
For anyone reading this who uses LastPass: Switch away!
> In their default configurations, these extensions were shown to be exposed to a DOM-based extension clickjacking technique, allowing attackers to exfiltrate user data with just a single click. LastPass version 4.146.8 (September 12, 2025), which was intended to address the issue, remains vulnerable
Or, they could shoulder surf to get a 6 digit pin to unlock the phone, then steal it, then they're in.
Seems way less secure than 'Correct Horse Battery Staple'.
It works on most browsers, both Android and iOS, and even has the option of family accounts, so everyone has their secret passwords and some shared passwords across accounts that everyone should have access to. It also comes with a free VPN for five devices with Hotspot Shield Pro.
EDIT: youtube reviews are really negative about Apple Passwords, but, those reviews all link to other (paid) password managers, so they cannot fully be trusted, since they're essentially in competition.
JSR_FDED has a parallel comment for the Apple ecosystem