On Delisting 1Password
We've delisted 1Password. Here's why.
This will be a very quick post as this is a very straightforward change without much to say.
The New Oil no longer recommends 1Password, even as an honorable mention.
This change was made entirely based on our criteria, which you can see here:

Up until now, 1Password has met most of our criteria. The main one they haven't met is "source availability."
Despite that, the company demonstrated a strong commitment to user security through various actions in the past such as supporting passkeys, having a strong security model, and unique features such as travel mode.
However, it has recently come to my attention that 1Password's audits are not publicly available.
You must request access through their Trust Center, which is both managed by a third party and does not allow Proton email addresses. My initial request for access using an @thenewoil.org email address was denied and I was asked to justify why I wanted access.

At this point I gave up, already deciding that this barrier to entry violated the spirit of The New Oil's criteria.
It would be one thing if 1Password hid their audits behind a login-wall to avoid bots or scapers like how 404 Media does, but I strongly believe that beyond that, users shouldn't have to justify why they're interested in seeing a company's audits.
Publicly publishing audits in a readable form is a critical part of demonstrating trustworthiness and transparency. In the case of a proprietary software like 1Password, it's especially critical since outsiders are unable to verify the code for themselves.
Later, a coworker at Privacy Guides attempted to access the audits as well, going further than I did. I'm not sure what justification they provided to the SafeBase team, but they later informed me that accessing the audits required agreeing to a non-disclosure agreement.
As I said before, in the past I was willing to list 1Password has an honorable mention because of their public commitments to open source and the appearance of taking privacy and security very seriously.
However, I find these arbitrary and burdensome roadblocks surrounding access to their security audits to be - for lack of better words - cagey, shady, and borderline hostile to users.
This kind of behavior is not transparency and does not feel like they're acting in good faith. It not only fails to instill trust in me - as potential user - but actually makes me trust them less. (And yes, I have seriously considered switching to 1Password in the past, primarily due to Travel Mode and their elevated security model.)
Therefore, we will no longer be listing 1Password.
It is important to note that this is not a recommendation against 1Password. 1Password has not - to my knowledge - had any critical security incidents worth fleeing.
Likewise, if you are a 1Password user, this is not a call to move away. I personally see the appeal in many 1Password features and they do go above-and-beyond in their security architecture.
However, for the average low-threat-model person who has yet to start using a password manager (aka "The New Oil's target audience"), I will no longer be steering them toward 1Password in any capacity. I believe there are other password managers who have - for now - demonstrated a far higher commitment to transparency and earning user trust.
As always, if that landscape changes, I will update accordingly (like this).
Tech changes fast, so be sure to check out our website for all the latest recommendations, tools, services, and more.