Compare · Business Infrastructure · Brief 35

Security OS for Solo Consultants:
1Password vs Bitwarden + the Full Client Data Protection Stack.

Q: Is the free tier of Bitwarden good enough?

For basic credential management, yes. Upgrade to Bitwarden Premium ($1.65/month) for built-in TOTP codes, encrypted file attachments, and emergency access.

Q: Should I use the password manager built into Chrome or Safari?

No for professional use. Browser managers are browser-locked with no breach monitoring, no vault sharing, no Travel Mode, and no cross-platform access. 1Password or Bitwarden at $2-3/month eliminates all those gaps.

Q: Do I need a VPN at home?

No — a VPN's primary benefit is protecting traffic on public networks. At home on a private connection, it provides minimal practical benefit. Prioritise it for coffee shops, co-working, and airports.

Security is not an IT problem — it is a pricing and trust problem. You are one compromised account away from losing a client relationship that took years to build. The minimum viable stack runs under $15/month. 1Password vs Bitwarden comparison, plus VPN, encrypted file sharing, device security, and archetype configurations. Updated May 2026.

Updated: May 2026 · Pricing verified

The trust argument

Security is not an IT problem. It is a pricing and trust problem.

Most solo consultants aggregate enormous trust — access to financial models, personnel decisions, strategic plans — into a single-point-of-failure setup: one reused password, one unencrypted laptop, one shared Google Drive folder. You are one compromised account away from losing a client relationship that took years to build.

The consultant who can say "all client data is stored in AES-256 encrypted vaults, shared through end-to-end encrypted channels, and protected by hardware-backed 2FA" is communicating competence at the same level as a polished proposal or a well-structured contract. In 2026, security posture is increasingly asked about in client RFPs — especially in legal, finance, and healthcare-adjacent consulting.

The minimum viable security stack — do these five things first

Password manager — covers most attack surface for free or ~$2/month
2FA on every critical account — email, banking, password manager itself
Full-disk encryption on your device — free; takes 5 minutes to enable
Screen lock policy — ≤2 minutes; non-negotiable in shared spaces
Breach monitoring — Watchtower (1Password) or Have I Been Pwned free alerts

The password manager decision

1Password vs Bitwarden — the honest comparison.

Both are excellent. This is primarily a UX and philosophy decision, not a security decision. 1Password offers polished daily-use experience and Watchtower breach monitoring. Bitwarden offers open-source auditability and near-zero cost. The correct first action is to pick either one and start using it — not to wait until you've evaluated every option.

	1Password	Bitwarden
Open source	No (proprietary)	Yes — independently audited
Individual price	$2.99/mo (annual)	Free tier; $1.65/mo Premium
Teams pricing	$19.95/mo (Starter Pack, up to 10) — rising to $24.95/mo July 2026	$4/user/mo (Teams)
Breach monitoring	Watchtower — real-time, integrated, surfaces weak/reused/compromised passwords	Manual via Have I Been Pwned
Self-hosting	No	Yes (Enterprise)
UX quality	Best in class across all platforms	Functional, less polished
Travel Mode	Yes — remove vaults before border crossings, restore remotely	No
Built-in TOTP	Yes (Business tier)	Yes (Premium individual)

Choose 1Password if:

Polished daily UX matters to you
You want integrated breach monitoring (Watchtower)
You share vault access with a VA or team member

Choose Bitwarden if:

Open-source auditability matters philosophically
Cost is a genuine constraint ($1.65/mo vs $2.99/mo)
You need self-hosting for compliance reasons

The full security OS

Beyond passwords — the complete stack.

2FA / MFA — authenticator apps vs hardware keys

A password manager without 2FA is a car without a seatbelt. Authy (free, cloud-backed TOTP, multi-device sync) is the right starting point for most consultants. YubiKey (~$25–55 per key) is the right upgrade for regulated-vertical work or anyone who has been successfully phished. YubiKey is phishing-resistant by protocol — it verifies the origin domain, so it cannot be fooled by a fake login page the way TOTP apps can. Buy two keys (primary + backup) and register both.

VPN — when you actually need one

A VPN matters when working from public networks (coffee shops, co-working spaces, client offices, airports). For home and fixed-office use, it is a lower priority. ProtonVPN (~$4–10/mo) is the recommendation for most consultants — reliable speeds, Swiss jurisdiction, no-logs policy independently audited, 17,400+ servers, and it bundles neatly with Proton Mail and ProtonDrive. Mullvad (€5/mo, no email required, accepts cash) is the sharper privacy tool if you have unusual requirements.

Secure file sharing — beyond Google Drive

Standard Google Drive is not end-to-end encrypted. For consultants handling sensitive financial models, personnel data, or legal documents, this is a liability. Tresorit (~€8.33/user/mo) offers zero-knowledge architecture, ISO 27001 certification, granular sharing controls with expiry dates, and view-only link permissions — the professional-grade option. ProtonDrive (included in Proton plans) is the cost-effective alternative for consultants already using ProtonVPN or Proton Mail. For lower-sensitivity work, Google Drive with strong 2FA is acceptable — solve the password problem first.

Device security — the free, non-negotiable foundation

FileVault

Mac: System Settings → Privacy & Security → FileVault. Encrypts the entire drive at rest. If someone steals your laptop, they get a brick.

BitLocker

Windows 10/11 Pro: Control Panel → BitLocker Drive Encryption. Equivalent protection on Windows.

Screen lock

Set display sleep and lock screen to trigger after ≤2 minutes of inactivity. Non-negotiable for shared or public spaces.

Remote wipe

Find My (Mac/iPhone) and Find My Device (Windows/Android). Enable on every device including your phone — which often holds more client communications than your laptop.

Archetype configurations

Recommended stack by consultant type.

Generalist Consultant (strategy, marketing, operations)

1Password Individual ($2.99/mo) + Authy (free) + ProtonVPN + FileVault/BitLocker

File sharing: Google Drive (with strong 2FA on Google account; no encrypted storage needed for general business documents). Total: ~$7–13/month.

What to tell clients: "I use a dedicated password manager with breach monitoring and two-factor authentication on all client-related accounts."

Budget-Conscious / New Consultant

Bitwarden Free + Google Authenticator (free) + ProtonVPN free tier

FileVault/BitLocker enabled. Move sensitive documents to ProtonDrive free tier. Total: $0/month.

What to tell clients: "Client files are stored in encrypted storage with two-factor authentication on all accounts."

Regulated-Vertical Consultant (legal-adjacent, finance, HR, healthcare)

1Password Business ($7.99/user/mo) + YubiKey 5C NFC × 2 (~$100 one-time) + ProtonVPN + Tresorit (~€8.33/user/mo)

Auto-lock at 1 minute. Remote wipe mandatory on all devices. Total: ~$20–30/month all-in.

What to tell clients: "All client data is stored in zero-knowledge encrypted storage, shared via end-to-end encrypted channels with expiring access links, protected by hardware security keys, and monitored in real time for breach exposure."

Privacy-First / Open-Source Consultant

Bitwarden Teams ($4/user/mo) + YubiKey (FIDO2) + Mullvad (€5/mo) + ProtonDrive

Open-source stack, independently audited. Proton Mail ties the ecosystem together if not already using it. Total: ~$15–20/month.

The proposal angle

Should your security posture be in your proposal?

Yes, for regulated-vertical clients. Optional but impressive for general consulting. Add a one-paragraph "Data Security" section to your proposal template covering: password management, 2FA, encrypted storage, and breach monitoring. The consultant who proactively discloses security posture signals exactly the kind of operational maturity clients at higher price points are looking for.

Copy-paste template for your proposal

"All client data is managed using a dedicated password manager with active breach monitoring, two-factor authentication on all work accounts, and full-disk encryption on all devices. Sensitive documents are shared via end-to-end encrypted storage with access controls and expiring links."

FAQ

Frequently asked questions.

Is the free tier of Bitwarden good enough?

For basic credential management, yes — the free tier is genuinely functional. Upgrade to Bitwarden Premium ($1.65/month) to get built-in TOTP codes, encrypted file attachments, and emergency access. Both tiers are secure; the premium features are about convenience, not security level.

Should I use the password manager built into Chrome or Safari instead?

No for professional use. Browser-based password managers are tied to a single browser and offer no breach monitoring, no vault sharing with a VA or team member, no Travel Mode, and no cross-platform vault access. 1Password or Bitwarden costs $2–3/month and eliminates all of those gaps.

Do I need a VPN at home?

No — a VPN's primary benefit is protecting network traffic on public or shared networks. At home on a private connection, it provides minimal practical benefit. Prioritise it for coffee shops, co-working spaces, client offices, and airports.

What happens if I lose my YubiKey?

This is why you buy two. Register both keys on every account that supports hardware keys. Keep the backup key in a separate physical location (home vs. office, or a secure drawer). If the primary key is lost, log in with the backup and remove the lost key from all accounts.