If you’re running a UK business and you’re still relying on browser-saved passwords, shared spreadsheets, or the classic “sticky note on the monitor” approach, the question isn’t whether you need a password manager — it’s which one. 1Password has quietly become the go-to recommendation for security-conscious teams, and in 2026 it still leads the pack for business use. This review looks specifically at the business tiers, what sets 1Password apart from the competition, and whether the premium price tag is justified for UK teams.
Why Business Password Management Is a Different Problem
Consumer password managers solve a simple problem: remembering your own passwords. Business password management is fundamentally different. You need to control who has access to what, provision and deprovision accounts when staff join or leave, audit access logs for compliance purposes, and ensure that a single compromised device doesn’t expose your entire credential store. Most consumer-grade tools aren’t built with these requirements in mind. 1Password Business is.
For a broader look at what’s available, see our guide to the best password managers for UK businesses in 2026. This review focuses specifically on 1Password and whether it earns its place at the top of that list.
The Tiers: Teams, Business, and Enterprise
1Password offers three commercial tiers, and choosing the right one matters. The differences go beyond feature counts — they reflect genuinely different organisational needs.
1Password Teams Starter Pack
The Teams Starter Pack is a fixed-price option for up to 10 users, currently priced at around £16.99/month (billed annually). It covers the essentials: unlimited shared vaults, item sharing, the 1Password browser extension and apps, and Watchtower security monitoring. There’s no admin console with granular permissions, and SSO/SCIM provisioning isn’t available at this tier.
It’s a reasonable fit for very small businesses that want something better than a browser password store, but teams expecting to grow beyond 10 users or needing compliance-grade access controls will outgrow it quickly.
1Password Business
This is the tier most UK SMBs should be looking at. Pricing is £6.99 per user/month (billed annually), and it unlocks the features that make 1Password genuinely business-grade:
- Advanced admin controls and custom roles
- Granular access permissions at vault and collection level
- Activity log and usage reports
- SSO integration with Okta, Azure AD, and Google Workspace
- SCIM provisioning for automated user lifecycle management
- Guest accounts (up to 5 free) for external collaborators
- Travel Mode — more on this below
- Custom security policies
- Free family accounts for all team members
The free family accounts are a genuinely useful perk that’s easy to overlook. Staff who use 1Password at work are far more likely to adopt strong password hygiene at home, which in turn reduces the risk of credential reuse attacks targeting your business accounts.
1Password Enterprise
Enterprise is custom-priced (you’ll need to contact sales) and adds dedicated onboarding, a named customer success manager, custom contract terms, and SLA guarantees. It’s aimed at organisations with complex compliance requirements, large user bases, and IT teams that need bespoke configuration support. Unless you’re running a mid-to-large enterprise with a proper IT security function, Business is almost certainly the right tier.
The Security Model: Why the Secret Key Matters
Understanding 1Password’s security model is important, especially if you’re evaluating it against competitors in the wake of high-profile breaches elsewhere in the industry.
Most password managers protect your vault with a single master password. If that password is compromised — whether through phishing, a data breach at the provider’s end, or brute force — an attacker potentially has everything they need to decrypt your vault. 1Password adds a second layer: the Secret Key.
The Secret Key is a 128-bit cryptographic key that’s generated locally on your device when you first set up your account. It never leaves your device in an unencrypted form, and 1Password’s servers never have access to it. Your vault is encrypted using a combination of your master password and your Secret Key — meaning that even if 1Password’s servers were fully compromised and an attacker obtained every encrypted vault, they would still need both your master password and your Secret Key to decrypt anything.
This is a substantive architectural difference, not a marketing claim. It’s why 1Password can credibly say that a server-side breach would not expose customer data. Competitors who rely solely on master passwords cannot make the same claim. For businesses handling sensitive client data or operating under frameworks like ISO 27001, this distinction is worth understanding — see our piece on password managers and ISO 27001 compliance for more on what auditors actually look for.
The practical implication for businesses is that onboarding new devices requires the Secret Key as well as the master password. This is occasionally cited as a friction point, but it’s friction that exists for a reason, and in an enterprise context the admin console makes device management manageable.
Travel Mode: A Feature Built for International Business Travel
Travel Mode is one of 1Password’s most distinctive features, and it’s one that resonates particularly strongly with businesses whose staff travel internationally for work.
The premise is straightforward: not every vault needs to be present on your device when you cross certain borders. Some countries conduct device inspections at border control, and there are documented cases of business travellers being required to unlock devices for inspection. Travel Mode lets you flag specific vaults as “safe for travel” and hide all others — with a single toggle in the admin console or the user’s own settings.
When Travel Mode is active, the hidden vaults are completely invisible. They don’t show up in the app, and there’s no indication they exist. The only way to restore them is to disable Travel Mode, which requires authentication. If a device is inspected or seized, the inspector sees only what you’ve designated as travel-safe.
For businesses with staff who travel to regions where digital privacy cannot be assumed, this is a genuinely useful operational feature. It’s the kind of thing that earns 1Password its reputation among security professionals — thoughtful, practical, and clearly designed by people who understand real-world threat models rather than just box-ticking feature lists.
Admin Console and Access Control
The admin console in 1Password Business is well-designed and covers the access control requirements most SMBs will have. You can create custom groups, assign roles, and manage vault permissions at a granular level. Access can be scoped to specific vaults, and you can grant view-only, fill-only, or full edit access depending on the user’s role.
Collections are a particularly useful organisational tool. A collection is a group of vaults presented together, allowing you to give a team or department a curated view of only the credentials relevant to them, without exposing the full vault structure. Your marketing team sees marketing credentials; your finance team sees finance credentials. Simple, clean, and auditable.
Guest accounts allow you to share specific vaults with external collaborators — contractors, agencies, or partners — without giving them access to your broader credential store. Up to five guest accounts are included with the Business plan at no extra charge, which covers most SMBs’ external collaboration needs.
The activity log records all vault access, item creation, modification, and deletion events, with timestamps and user attribution. For businesses subject to audit requirements, this is the kind of audit trail you need to demonstrate access controls are working as intended.
SSO and SCIM Provisioning
1Password Business integrates with the three identity providers most commonly used by UK SMBs: Okta, Azure Active Directory, and Google Workspace. SSO allows staff to authenticate with their existing corporate credentials, which simplifies the user experience and ensures that leavers are automatically locked out when their identity provider account is deactivated.
SCIM (System for Cross-domain Identity Management) provisioning goes further, automating the full user lifecycle. When a new employee is added to your identity provider, they’re automatically provisioned a 1Password account with the appropriate group memberships and vault access. When they leave and their identity provider account is deprovisioned, their 1Password access is revoked automatically. For businesses that have experienced the security and administrative headache of manually managing user offboarding, this is a significant operational improvement.
It’s worth noting that SSO in 1Password doesn’t replace the Secret Key model — it extends it. The Secret Key is still generated and stored locally, maintaining the encryption architecture’s integrity even when authentication is delegated to a third-party identity provider.
Watchtower: Proactive Security Monitoring
Watchtower is 1Password’s integrated security monitoring dashboard. It continuously checks your stored credentials against known breach databases (using the Have I Been Pwned dataset), flags weak or reused passwords, identifies items with two-factor authentication available but not yet enabled, and highlights credentials for sites with known vulnerabilities.
For business administrators, Watchtower provides a team-level view: you can see which users have weak password hygiene or breach-exposed credentials without seeing the actual passwords themselves. This allows IT and security teams to take targeted action — prompting specific users to update specific credentials — rather than issuing blanket “please update your passwords” announcements that most staff ignore.
Watchtower also flags HTTPS sites where your stored URL uses HTTP, outdated SSH keys, and expiring items like SSL certificates or payment cards. It’s a comprehensive passive security layer that operates without requiring any active effort from users.
Two-Factor Authentication and Hardware Keys
1Password supports TOTP-based two-factor authentication across all tiers. Business and Enterprise administrators can enforce 2FA as a policy requirement, ensuring staff can’t opt out.
For higher-security deployments, 1Password also supports FIDO2/WebAuthn hardware security keys, including YubiKey devices. If your team is already using hardware keys or you’re considering them as part of a zero-trust security strategy, 1Password integrates cleanly. See our YubiKey 5C NFC review for a closer look at one of the most practical hardware key options for business use.
Usability and Adoption
A password manager only works if staff actually use it. 1Password’s browser extensions and mobile apps are consistently well-reviewed for usability, and the interface has become noticeably more polished over the past two years. The autofill functionality is reliable across most web applications, including the legacy internal tools that often cause problems with other password managers.
Onboarding new users is straightforward, and 1Password provides decent documentation and onboarding materials that you can share with staff. The learning curve is low for basic use, and most users reach productive adoption within a day or two. More advanced features — collections, shared vaults, Travel Mode — require a little more familiarity, but the admin console is well-organised and doesn’t require deep technical knowledge to navigate.
How Does 1Password Stack Up Against the Competition?
The comparison that comes up most often in business contexts is 1Password versus LastPass. LastPass suffered a significant breach in 2022 in which encrypted vaults were exfiltrated — a serious incident that exposed the limitations of a master-password-only encryption model. 1Password has no equivalent incident on its record, and the Secret Key architecture means that even if a similar breach were to occur, the risk profile would be meaningfully different.
Bitwarden is a credible open-source alternative with a lower price point, and it’s worth considering for cost-sensitive deployments. However, the admin controls are less polished, Travel Mode doesn’t exist, and SSO/SCIM integration requires the Enterprise tier. For UK businesses where the primary concern is security depth and operational practicality rather than cost minimisation, 1Password is the stronger choice.
For a direct side-by-side comparison, see our LastPass vs 1Password Business comparison.
Pricing Summary
- Teams Starter Pack: ~£16.99/month for up to 10 users (billed annually)
- 1Password Business: ~£6.99 per user/month (billed annually)
- 1Password Enterprise: Custom pricing — contact sales
All prices are approximate and subject to change; check the 1Password website for current GBP pricing. VAT is applicable for UK purchases.
Verdict
1Password Business is the password manager we’d recommend to most UK SMBs without significant hesitation. It combines a genuinely superior security architecture — the Secret Key model — with the operational features that businesses actually need: SSO, SCIM provisioning, granular access controls, guest accounts, audit logging, and the distinctive Travel Mode for staff who cross international borders. The Watchtower security monitoring adds a proactive layer that most competitors simply don’t match.
It’s not the cheapest option on the market. If budget is the primary constraint, Bitwarden is worth a look. But if you’re making a security-first decision, or if your business has any exposure to international travel, regulated data, or serious client confidentiality requirements, 1Password Business earns its premium. The absence of any major security incident, combined with an architecture that would limit the damage even if one occurred, is a meaningful differentiator in 2026.
The free family accounts for all team members are a quiet but genuine bonus — staff who use 1Password properly at home become better security citizens at work, and that spillover effect has real value.
Bottom line: Best-in-class for security-conscious UK businesses, particularly those with international travel, SSO requirements, or a need for auditable access controls.
