Here we provide an overview of the ISO 27001 audit process, so companies can embark on it with a clear idea of what it entails, and how they stand to benefit.If you’re trying to prove that your organization is serious about security, ISO 27001 is the gold standard, the Black Card, the bumper sticker bragging that you’ve run a full marathon.ISO 27001 certification has such an elite reputation because it’s so difficult to attain–it sets exacting standards that must be rigorously documented and continually maintained.Despite the challenges, there are real benefits to achieving ISO 27001 compliance. In a moment where data breaches are rampant, cyber attacks are on the rise, and data privacy laws are being passed around the world, adhering to a strict security standard is your best liability insurance.Here, we’ll provide an overview of the audit process, so you can embark on it with a clear idea of what it entails and how you stand to benefit.What is ISO/IEC 27001:2013?ISO/IEC 27001 is an i

In this article, we’ll take a deep dive into osquery tables, by talking about osquery’s ‘file table’ which has some powerful abilities, along with its fair share of limitations.This article is part of an ongoing series in which we look at osquery tables and discuss what they can and cannot do. Check out our previous blog, “How To Write a New Osquery Table” for a great place to get started in the basics of osquery.In this article, we’ll be taking a slightly deeper dive into osquery tables, by talking about osquery’s file table, which has some powerful abilities, as well as its fair share of limitations.Specifically, this post will look at a cross-platform way to find files across your infrastructure.The file table in osqueryThe file table in osquery has an incredible degree of utility across many queries, and represents a fundamental cornerstone of osquery’s core capabilities.Let’s start by taking a look at its basic schema:+---------------+---------+------------------------------------

Spend less time collating security reports and investigating security issues by creating integrated, customizable dashboards with data from 1Password. The new Rapid7, Blumira, and Stellar Cyber integrations for 1Password allow you to monitor potential risks around company data or credentials stored within 1Password.With these new integrations, you can manage all your security reports in one central location by integrating your security information and event management (SIEM) with your 1Password Business account.1Password’s Events API expedites security reviewsThe global average cost of a data breach in 2024 is 4.88M USD – that’s a 10% increase from 2023. The leading cause of breaches? Stolen credentials (38%).SIEM solutions, like Rapid7, Blumira, and Stellar Cyber, help businesses identify potential security risks and provide a comprehensive view of a company’s security stack. This helps reduce the time companies spend investigating potential risks and helps expedite mitigation.Using t

Today’s social platforms are “public by default”, from Instagram and LinkedIn to Venmo and Strava.Tracy Chou is founder and CEO of Block Party, a company that builds online privacy tools, and was one of Time’s 12 Women of the Year in 2022. She says this “opt-out” reality means that most of us – despite our best intentions – are leaking personal data online and don’t even know it. Often the consequences can be surprising and unfortunate.But there are things we can do to take control. Chou talks with 1Password’s Michael “Roo” Fey on the Random But Memorable podcast about her own experiences, including harassment and stalking, that motivated her to develop privacy tools and share them with others so they could also feel safer online.Read the interview highlights below or listen to the full podcast to learn more about Chou’s journey, including her advocacy work for diversity and inclusion in tech, and her optimism that the internet can still be a force for good.Editor’s note: This intervie

Managing developer secrets in a simple and secure way is crucial. It makes your developers more efficient, prevents data breaches, and ensures everyone adheres to your organization’s policies.Together, 1Password Developer and Pulumi offer a code-driven approach to tackling secret management challenges.In this guide, we’ll show you how to use Pulumi ESC (Environments, Secrets, and Configuration) and 1Password together to have a consistent interface for working with secrets, all while following security best practices.You’ll learn how to declare your 1Password resources (vaults, secrets, and service accounts) using Pulimi IaC (Infrastructure as Code) and manage the lifecycle via automated and consistent workflows, aligning with DevOps best practices.Webinar: Managing team secrets with 1Password and Pulumi ESCWhat is Pulumi ESC?Pulumi ESC is a centralized management solution for secrets and configurations. It is offered as part of Pulumi Cloud and consolidates various secret managers unde

For companies looking to get SOC 1 or 2 compliant, it can be hard to find out where to start, so we’re providing a straightforward guide to the ins and outs of SOC audits.Chances are, if you clicked on this blog post, something like this recently happened to you:Your boss told you that your company needs to become SOC 1 and/or 2 compliant.You googled “what are SOC audits?”You quickly realized that you weren’t sure if your boss meant SOC 1 Type 2, SOC 2 Type 1, or something else altogether.Not to worry, we’re here to demystify and simplify this SEO mess and help you figure out which type of audit your organization needs.So, what the heck is a SOC audit? To put it in plain English, they are independent audits, designed by the American Institute of CPAs (AICPA), that assess how service providers manage risk. Having a SOC certification tells prospective customers that an organization has the appropriate processes and safeguards in place to operate responsibly.The difference is in what each

We’re trying to answer all the privacy questions employees might have around their company’s ability to view messages and data within Slack.Note to readers: This article was originally written in late 2022, and includes a description of the experience of requesting data exports from Slack. We’ve done our best to update information, but the experience of directly requesting data from Slack may have changed since our original experiment.So here’s the headline: Your boss can read your Slack DMs. Even if you edit them. Even if you delete them. Even if you leave the company.But even if you’re already dimly aware of that fact, you probably don’t know how the process of accessing your data works in practice.Unfortunately, you won’t learn much about that from Slack’s privacy policy. That document exceeds 5,000 words, includes 15 subsections, and primarily addresses how Slack itself manages data. (It’s pretty boilerplate stuff.)For the average employee, the most pressing concern isn’t what Slac

California’s data protection law applies not just to consumers, but to employees. And it’s finally taking effect.Some revolutions happen overnight. In 1917, it took Russian citizens a little over a week to overthrow centuries of Czarist rule. A new world was born in less time than it takes a loaf of bread to get moldy.Other revolutions are slow, incremental, and involve a lot of paperwork. Such is the case with the California Consumer Privacy Rights Act (CPRA), the first state privacy law that includes protections for employees. For this part of the law, the path to enforcement has looked a little like a game of Chutes and Ladders: big advancements followed by equally big setbacks.First, although other aspects of the law took effect in January 2023, employers were given a six month grace period to get compliant, until July 2023. Then, the California Chamber of Commerce won a trial court ruling that extended the grace period until March 2024. Then a California Court of Appeal overturned

For companies looking to get their data practices in order, the ISO 2700 standards provide a valuable starting point to use when crafting policy.The Wild West era of data privacy and cybersecurity is coming to an end. The public has soured on companies (including Big Tech) that scooped up their personal data and then failed to protect it from breaches, hacks, and their own worst impulses. And companies themselves have come to see that no industry is safe, as hackers hold hospitals for ransom and paralyze the operations of everything from airlines to casinos.If we were in a Western movie, this would be the part where the townsfolk pray for a Sheriff to show up and restore order, or at least come up with some rules that everyone can agree to follow. And at present, the most comprehensive set of rules is the ISO/IEC 27000 series of standards.What is the ISO/IEC 27000 family of standards?The ISO 27000 series is a collection of best practices for how organizations can manage information sec

1Password surveyed 600 small business cybersecurity professionals to better understand their unique challenges.We take a look at our top ten findings of how small and medium-sized businesses are managing their security, what threats they’re facing, and what can be done in the future to meet these challenges.Check out 1Password state of enterprise security report 2024: Balancing act, security and productivity in the age of AI for the full report.1. 76% of cybersecurity professionals believe small business cybersecurity isn’t up to snuffIn our recent survey, we found that 76% of small business cybersecurity professionals don’t feel that their security protections are adequate. A gap in security defenses can leave a business exposed to all sorts of cybersecurity threats. So if they know there’s a gap, why haven’t they fixed it?2. Security teams are spread thinThe main reason: They’re being pulled in too many conflicting directions – with 57% of security professionals admitting to feeling

When the medical mission is at odds with security policies, patients and clinicians suffer.Do you suffer from nosocomephobia, the intense fear of hospitals?Maybe it’s because you’re afraid of blood, disease, or fluorescent lighting, but there’s another risk to consider – your data.Hospitals and healthcare more generally are at some of the greatest risk for cyberattacks of any industry. A 2023 Ponemon Institute study found that 88% of healthcare organizations had at least one cyber attack over the past 12 months, and were specifically susceptible to ransomware and business email compromise (BEC) attacks.It’s easy to see why. Threats actors know how sensitive healthcare data is: if they release patient medical records, the provider’s reputation is ruined. And if they shut down a hospital’s operations by locking down their systems, people die. 43% of respondents in the Ponemon study said a data loss or exfiltration event impacted patient care. Of those 43%, 46% said it increased the morta

For bad actors, using synthetic voices is easy, cheap, and worryingly effective.In 1989, Mel Blanc, the originator and primary performer of Bugs Bunny, passed away. This left Warner Brothers with a major casting problem. Mel’s performance was pretty distinctive, and finding someone who could do a perfect Bugs (the wry nasal quality, the vague New York accent) seemed an impossible task.Until Jeff Bergman brought two tapes to his audition. One featured Mel Blanc voicing Bugs, while on the other Bergman did his version of the rascally rabbit. In the audition, Bergman played the two recordings and asked if anyone in the room could tell the difference. Nobody could, and Bergman got the job.Thirty years later, another gifted impressionist managed to mimic their way to a paycheck. In 2019, the CEO of a U.K. energy firm received a call from his boss ordering the urgent transfer of ​​$243,000 to a Hungarian supplier. He recognized the slight German accent and timbre of his boss’s voice, and dul

When it comes to hiding dirty money, it’s not just cryptocurrency we have to worry about, according to author, speaker, and investigative journalist Geoff White.White, who wrote the book Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World’s Deadliest Crooks, talked with 1Password’s Matt Davey on the Random But Memorable podcast about how cybercriminals are getting more and more creative in hiding their tracks.Read highlights from the interview or listen to the full podcast episode as White reveals the intricacies of money laundering networks and dives into a fascinating overview of criminal tactics to wash stolen funds, from using real-world mule networks to volunteers’ bank accounts.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.Matt Davey: Could you give a brief overview of your new book, and what inspired you to write it?Geoff Whi

We are lucky enough to be living through the golden age of podcasts. Whatever subject you’re into, you can bet there’s someone out there talking into a microphone about it, and cybersecurity is no exception.In fact, when it comes to security, IT, and digital trends, there are so many choices that it can be tough to know where to start.Luckily, we did the work for you, and we’ve come up with a list of podcast recommendations that has something for everyone. While we’re particularly proud of our own podcast, Random but Memorable (more on that later), we wanted to highlight some of our other favorite podcasts in the infosec space. Whether you’re looking for a deep dive into new tech, a juicy data breach story, or just a laugh, you’ll find something on this list worth checking out.And while reading blog articles from your favorite cybersecurity companies (ahem) will always be a good way to stay in the know, sometimes it’s nice to give your eyes a break and listen to the news.So buckle in,

Earlier this year, we introduced our initial partner rebate in conjunction with the launch of our partner program. We understand the value of partnerships and are committed to creating opportunities that enhance the success and profitability of our partners.Now, 1Password partners can earn even more through our partner program. We’re adding extra incentives to our partner rebate for the remainder of 2024, giving you more opportunities to grow and strengthen your business.Update to our competitive displacement incentiveAs of August 14th, all eligible 1Password partners will receive an additional 10% backend rebate when they help a business switch to 1Password from another password management tool. You’ll receive this extra rebate for every opportunity submitted and closed won, and paid out monthly.Plus, stackable incentivesOn top of the above 10% rebate, partners can qualify to stack other incentives. Read more about our incentives and how to get started here.What does this mean for you

Look closer before clicking that link at the top of your search results.Let’s start with a hypothetical: If I asked you to download a piece of open source software, what would you do? Chances are you’d open your browser, go to Google, and type in the name of the software.Then you’d proceed to click on the first official-looking link you saw, even if it’s an ad. After all, it doesn’t really make a difference if you click on an ad or an organic link as long as you wind up on the site you’re looking for.You won’t think too hard about clicking a Google ad because you have no reason to be suspicious of them – they’re just part of the background noise of your digital life. It’s the same reason you don’t check to make sure that gas, and not water, is coming out of the pump when you fill up your car.But that assumption of safety is exactly what cybercriminals are counting on. It’s at the heart of the latest form of malvertising, in which bad actors purchase Google ads that sit at the top of se

Enterprise browsers are built on a sensible idea, but how they work in practice can be another story.In 1968, Robert Probst, research director for office furniture company Herman Miller, released an office design called the “Action Office II.” It was the culmination of almost a decade studying the psychological core of the corporate workspace. The Action Office II would provide privacy while still fostering communication. It would encourage workers to move more freely and adapt their space to their needs. Its innovative movable walls would make workers happier, healthier, and more productive than ever!It was a daring, forward-looking plan, but below, we have a picture of what that plan looked like in the real world.SourceYup. The Action Office II is now best known for giving us the dreaded cubicle. The bane of the modern office worker. The rat maze of the rat race.The birth of the cubicle illustrates how workplace technologies often start as exciting ideas, but are then reshaped by man

1Password® Extended Access Management includes (among other things) a device trust agent.This agent serves as part of a user’s authentication process with their company’s SSO – for instance, Okta.What that means is that, with 1Password Extended Access Management, when devices are out of compliance, users can’t log into their Okta-protected cloud apps until they’ve resolved the issue.This change has several implications for IT admins and end users:End users can no longer ignore device security problems – they have to fix them in order to do their jobs.IT teams can ensure that your entire fleet gets compliant with no interventions from them, which is particularly important for urgent security issues like browser and OS patching.1Password Extended Access Management can help your team with its Zero Trust/device trust initiative since we now restrict access to sensitive resources based on device health.For now, 1Password Extended Access Management is compatible with Okta and Microsoft Entra

One of my favorite features of osquery is the delightful user experience associated with developing new virtual tables.In this guide, we will work together to implement a new high-value table from scratch that, as of this writing, currently doesn’t exist in osquery. Specifically, we will implement a bluetooth table that works on macOS.We’ll first review table design theory, including what makes a good table great and how to balance user privacy concerns with the value needed by the security team. After a bit of theory, we’ll set up an osquery development environment and code our table in Objective-C++. Finally, after some testing, we’ll walk through preparing a pull request for submission to the osquery project.My goal is that after reading this guide, you will be inspired and empowered to contribute new tables to the osquery ecosystem. Barring that excellent outcome, you should at the very least walk away with a much greater appreciation for the process.What is osquery?Osquery is a pe

If you work on a small team, designing by vibes (also known as intuition-based design) might feel like a natural and convenient way to get things done. The rules of design are understood, even if they’re often unspoken, and there’s no pesky documentation to get in the way.But as your design team grows it can be very difficult to design by intuition alone. The vibe starts to fracture, and people start to produce work that looks and feels quite different. When you don’t have a shared language to pull from, your meetings get much longer or you create a very inconsistent product experience. In some cases, both. Which is frustrating for the design team and their customers.Vibes don’t scaleTo be clear, intuition is and can be a very useful tool. But when it comes to design, intuition alone isn’t enough to make good decisions. Gut feel should be a signal, but you also need to make sure you have a repeatable approach. Otherwise it’s hard to take the decisions you made in one project and apply

With 1Password Extended Access Management, customers can now require users to secure unencrypted SSH keys on their devices by importing them into 1Password before they can access sensitive company data.Like many, you might assume that software developers have an advantage over non-technical end users when securing their devices. After all, they understand how computers work at a deep level, and reasoning about security is a significant part of software engineering.Not exactly. Software engineers have access to organizations' most sensitive systems and intellectual property, but they are also the most likely group to successfully advocate to be an exception to the security and IT team’s normal practices. Additionally, they regularly encounter, handle, and even generate sensitive credentials, making them a prime target for bad actors. In fact, in Verizon’s 2024 Data Breach Investigations Report, the top “initial action” taken by attackers in the breaches analyzed was “stolen credentials.

It’s that time of year. Back to school preparation is in full swing, from last minute shopping lists and school supplies to pick-up schedules and extracurricular activities.It’s that time of year. Back to school preparation is in full swing, from last minute shopping lists and school supplies to pick-up schedules and extracurricular activities.So far, we’ve shared tips to help you navigate back-to-school in the digital age, along with all the ways you can use 1Password to make the back-to-school season and your everyday family life a lot simpler].Now, we’re sharing a step-by-step guide to help get you and your loved ones onboarded and set up with 1Password Families so you can get a head start on the first day of school – and every other day, too.We’ve broken it down into a step-by-step process with written instructions as well as video walkthroughs. If you prefer to follow along entirely with a video, our How to get started with 1Password video will show you exactly what the process lo

Five years ago, the SwiftUI framework was revealed at WWDC19, offering developers a new way to build apps on Apple platforms.Despite the framework’s infancy, its simplicity and clarity in developing user interfaces displayed incredible potential. That’s why when we started working on 1Password 8 in early 2020, we decided to go all-in on SwiftUI for our iOS app. After all, it was being touted as the future of UI development on Apple platforms.Since then, SwiftUI has served us really well. It’s helped our team bring 1Password 8 for iOS to life and move quicker than ever in delivering new, exciting features to users. We’re having a great time with SwiftUI today but it hasn’t always been smooth sailing for everything we’ve needed to build. One of those things was our lock screen.In this post, we’ll share our team’s experience of being early SwiftUI adopters through the lens of our lock screen. We’ll cover our initial struggles that led to an initial UIKit implementation, followed by our ev

In theory, patch management should be trivially easy for a company to manage.An IT team – potentially helped by an MDM, a dedicated patch management tool or an MSP – tests and deploys patches, every endpoint gets updated at roughly the same time, and users are barely aware it’s happening at all.Most articles about patch and vulnerability management describe this idealized flow as if it represents the real world.SourceBut the situation look a little different on the ground.SourceIn reality, IT teams are constantly battling a never-ending torrent of updates and constantly falling behind; Security Navigator’s research shows that businesses still take an average of 215 days to patch a known vulnerability.In vulnerability management, the stakes for just a single error can be monumental. In a Ponemon Institute study, 42% of organizations that suffered a data breach reported it “occurred because a patch was available for a known vulnerability but not applied.”Clearly, patch management is hard

It was a scene straight out of a casino heist movie, but without George Clooney’s suavity to soften the chaos.Various systems at MGM Casinos–ranging from slot machines, to hotel key cards, to escalators–had been shut down. Guests were locked out of their rooms while hotel staff scrambled to compensate, taking food orders with pen and paper and cashing out gambling winnings from a fanny pack. One customer said, “I asked them how long this was gonna be, and they said it could be one day, it could be three weeks.”SourceMGM Resorts, proprietors of some of the most famous hotels and casinos on the Vegas strip, had been hacked. And what happens in Vegas certainly didn’t stay there this time; all of MGM Grand’s Hotels and Casino properties saw outages. Systems as far-flung as New York, Ohio, and Michigan were affected by one breach.An attack that hinged on a simple vishing call (that’s phishing over the phone) to MGM’s IT desk had snowballed into one of the most notorious ransomware attacks o

At 1Password, we’re committed to transparency about our security practices and keeping our customers safe.1Password has not been breached or compromised. This blog details vulnerabilities that have been addressed in the latest version of 1Password. These vulnerabilities can only occur when a device has been compromised, by malware for example, and a malicious actor has control over the device as a result.At DEF CON 2024, Robinhood, a 1Password customer, presented on vulnerabilities discovered by their Red Team in a prior version of 1Password. We appreciate that Robinhood’s Red Team disclosed and collaborated closely with us to address these vulnerabilities ahead of their talk.Strong security requires a collective effort from the entire technology ecosystem, and we believe that through active collaboration, the cybersecurity industry can create a more secure digital landscape for everyone.We addressed the vulnerabilities within our control with the latest updates rolled out in the 8.10.

In 2006, Joanna Rutkowska stepped on stage at the Black Hat Conference and demonstrated a hack she called the ‘Blue Pill.’In 2006, Joanna Rutkowska stepped on stage at the Black Hat Conference and demonstrated a hack she called the “Blue Pill.” She gave it this Matrix-themed name because this attack made it almost impossible for victims to realize that they were trapped in a false virtual world – or in this case, a false virtual desktop.SourceRutkowska’s attack worked by taking control of Windows Vista hypervisors, which let her command the server’s entire VDI ecosystem and access the data it protected. Still, this was just a demonstration.It wouldn’t be until 2022 that bad actors managed to pull off a “hyperjacking” attack in real life, and show exactly how devastating it can be.In the years since this demonstration, virtual desktop infrastructure (VDIs) have become popular tools, and are often recommended for large enterprises managing Bring Your Own Device (BYOD) scenarios and a rem

Few ad campaigns have ever had such a long-lasting impact as the iconic ‘I’m a Mac/I’m a PC’ commercials that ran in the mid-aughts.In those commercials, John Hodgman’s PC was the stuffy, corporate computing option – not good for anything more exciting than a spreadsheet. By contrast, Justin Long’s Mac was the laidback computer you used at home – Mac was your buddy, not your manager.The ad campaign was a smash hit for Apple, but nearly 20 years later, IT admins are still living with the fallout. Because in the years since these commercials aired, something unexpected happened. That friendly, casual Friday computer entered the workforce and loosened Microsoft’s stranglehold on the corporate network.By 2021, Macs made up roughly a quarter of all US enterprise fleets (and we can assume it’s grown significantly, since the most recent data is from before the release of the M1 Macs). This remarkable rise has meant that IT pros and sysadmins have had to learn how to manage Macs.In particular,

In May, we announced the availability of 1Password software development kits (SDKs) in beta. Those SDKs – available as open-source libraries for Javascript, Python, and Go – are now production-ready.1Password SDKs provide the easiest way to integrate 1Password into your app. They support a variety of secrets management use cases, and we’ve already seen hundreds of fantastic integrations built by the community. This includes partner integrations by Postman and Pulumi, as well as open source projects like Chezmoi and Helmfile.We built the SDKs with minimal abstraction and extendable interfaces to give you the most flexibility in how you build integrations with 1Password. We also took care to preserve 1Password’s unique security and privacy model by maintaining end-to-end encryption until the moment a secret is needed in your application.With the version 0.1.0 release, 1Password SDKs are ready to meet the scalability and stability requirements of production- and mission-critical workflows

With remote work, bring-your-own-device, and shadow IT apps becoming commonplace, the number of unsanctioned apps and untrusted devices is rapidly climbing. And cybersecurity and IT leaders have been stuck with tools that only secured access to some applications, some devices, and some people, creating an Access-Trust Gap.That’s why we pioneered a new software cybersecurity category: Extended Access Management (XAM). Extended Access Management solves the Access-Trust Gap by securing every sign-in, for every app, from every device. It’s also why we launched 1Password®️ Extended Access Management in May 2024. It’s the only product on the market that solves the Access-Trust Gap.1Password Extended Access Management has been available to Okta customers since its release. Due to the demand we’ve seen from companies of all sizes, including those who use identity providers like Microsoft Entra and Google Workspace, we’ve accelerated our product roadmap. As a result, 1Password Extended Access M

The thing about nostalgia is that it conveniently omits all the past’s imperfections.Regardless of what car dads will tell you, older isn’t always better. American muscle cars are beloved for their admittedly cool looks, but we’d rather not think about their safety features (spoiler: there weren’t many).Source: 2009 Chevy Malibu vs 1959 Bel Air Crash Test | Consumer ReportsThough we may be fond of our classic cars, the cold, hard truth is that nothing is built to last, including software.Regardless of your attachment to a piece of software — for sentimental, technical, or (most likely) monetary reasons — every app, plugin, and OS you use will one day be put out to pasture. And that may put you and your company in a precarious position because it’s dangerously easy to keep using software past its EOL date.Many organizations struggle to muster the will or the budget to get rid of EOL software, and take an “if it ain’t broke, don’t fix it” attitude. But keeping software around when it’s n

When you tell people you’re writing a piece on cybersecurity insurance, they tend to look at you with a mix of confusion and pity.Even when you interview cyber insurance professionals, they preemptively apologize for boring you.The truth is, cyber liability insurance – like any other kind of insurance – is pretty boring, right up until the point that the people who need it can’t get it. Then it becomes not only interesting, but vital. And that’s the point we’re approaching now.In the past three years, the cost of cyber liability premiums hasn’t so much skyrocketed as it has teleported. In 2021, the cost of cyber insurance increased 25.5% year-over-year, making it the fastest growing premiums of all lines of insurance. 2022 was even worse, with rates doubling in the first quarter and increasing a further 79% in Q2.As of 2024, these massive price jumps have stabilized somewhat, with increased competition in the market even leading to a decline in average premium costs – though prices sti

In life, we’ve all encountered the gaps between the idealized world and the world as it is.You’d love your favorite sports team to have a perfect season, but you’re prepared for them to lose a few games.Retailers want to sell their entire inventory, but they plan for a certain percentage of their goods to be damaged or stolen.IT and security professionals try to ensure that only the right people can access their company’s resources, but acknowledge that some data will inevitably slip through the cracks.These gaps are acceptable, until they are not.When your favorite team loses all its games, it might be time for a new coach (or to stop being a Browns fan). If a store’s merchandise keeps getting shoplifted, they need a security guard. And if a company’s sensitive data keeps being accessed by unapproved users, devices, and apps, then their security stack might not be up for the job.As you’ve probably guessed, we’re here to talk about that third example, which we call “The Access-Trust Ga

What happens when the FBI gets a backdoor into an encrypted platform?Journalist and 404 Media podcaster Joseph Cox tells the weirder-than-fiction true story about how the FBI ran its own tech company for organized crime in his book, Dark Wire: The Incredible True Story of the Largest Sting Operation Ever.Cox joined Michael “Roo” Fey, Head of User Lifecycle & Growth at 1Password, on the Random But Memorable podcast to explain all of the cloak-and-dagger action and dig into the larger question of privacy versus security.Read highlights from the interview below or listen to the full podcast episode for more fascinating tidbits like just how global organized crime is today and how a reporter goes about contacting sources in the underworld.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.Michael Fey: How have things been going since the book launch? Do you want to star

Any security professional will tell you there’s a simple way to keep data secure: encase it in concrete and toss it in the ocean.Unfortunately, while that approach will keep hackers out, it’ll also lock out legitimate users. The next best thing is to set up authentication protocols that don’t make access too easy for hackers or too tough for end users.Broadly, there are three best practices that play into that decision. You need to:Reflect current opportunities and threats. Companies have to choose authentication methods that balance (sometimes competing) needs for security and usability, which is challenging, since the right choice might be different in 2024 than it was a year ago. The state of the art constantly shifts in response to breakthroughs by both vendors and hackers - like this guy that beat a bank’s “secure” voice recognition software with a free AI tool.Choose the appropriate level of security for the user and resource. The “right” approach to authentication has to be tail

Zero Trust is having a bit of a moment.Okta’s 2023 State of Zero Trust report found that 61% of organizations globally have a defined Zero Trust initiative in place. (That’s up from only 16% of companies in 2018).Yet even as Zero Trust security reaches new heights of popularity (including via executive order), a backlash is brewing among professionals, who feel the term is being diluted past all usefulness.At security conferences, endless lines of vendors hawk products, all dubiously labeled “ZTA.” Companies crow about their Zero Trust initiatives while privately making as many exceptions as there are rules. Charlie Winckless, senior director analyst for Gartner, puts it this way: “It’s important that organizations look at the capability and not the buzzword that’s wrapped around it.”So which is it – is Zero Trust our best hope against a lawless security landscape, or is it just another disposable tech buzzword?The answer is: a little bit of both. And that begs another question: how di

1Password Business customers can now integrate with Google Identity Platform using OpenID Connect (OIDC). Doing so brings all the benefits of integrating 1Password with your IdP: streamlined access, unified security policies, and improved auditing, compliance, and reporting workflows.Why Google SSO?In short, you asked (thank you to the many 1Password Business customers who provided their input!). Single sign-on (SSO) has become a critical requirement for businesses to simplify access management for both admins and employees. When you integrate 1Password with Google Identity Platform, you make it easier for teams to securely access their passwords, payment info, and all the other business secrets they store in 1Password.Like all identity provider integrations, zero-knowledge architecture and end-to-end encryption are preserved, and decryption happens on-device. And the trusted device model ensures that if your identity provider credentials are ever compromised, attackers still wouldn’t

Diversity brings innovation. At a time when every tech company is looking for an edge, having a workforce that mirrors their heterogeneous customer base is a smart move. But how can tech and cybersecurity companies build new talent pipelines?Self-eSTEM, a non-profit that supports BIPOC (Black, Indigenous, and people of color) women and girls learning and working in STEM fields is helping to diversify the talent pool. But, as Sara Teare, one of 1Password’s founders discussed with Adamaka Ajaelo, founder and executive director of Self-eSTEM on the Random but Memorable podcast, they can’t do it alone. Tech companies need to become intentional about recruiting and developing BIPOC talent.Read the interview highlights below or listen to the full podcast episode to learn more about Self-eSTEM and strategies for BIPOC women and girls interested in cybersecurity and tech careers.It was such an interesting conversation we actually created a complete bonus episode with Adamaka Ajaelo to keep the

It’s not something we want to think about, but the reality is that we all have to face it at some point: Death. It’s an inevitable human experience that no one really wants to talk about.With so many folks finding conversations like this uncomfortable, planning is often left undone, and loved ones are left to struggle with putting the puzzle pieces together, while dealing with the emotions that come with loss.💡 Download our free guide, How to get started with digital estate planning, and prepare for your family’s future today.I grew up knowing only one grandparent, who passed away when I was 19. My father had health issues and passed away when I was 30. Prior to my life here at 1Password, I worked in long-term care, where I was witness to families dealing with the challenges of loss.All of this led to an odd conversation starter – “Box or Pot?” When the time comes, do you want to be buried or cremated? Kick starting those conversations reminds us that there are decisions to be made, a...

Microsoft Sentinel customers, get ready to streamline your security monitoring and investigation workflows with the official 1Password integration for Microsoft Sentinel.1Password for Microsoft Sentinel is an end-to-end solution allowing you to ingest 1Password Events API data directly to Microsoft Sentinel. This brings visibility to 1Password audit events, sign-in activity, and shared item usage, with the full power of Microsoft Sentinel. You can get started right away with alerts and a dynamic, customizable dashboard thanks to out-of-the-box analytics rules and workbooks.Here are the highlights:Track security events: Stay in the know with real-time alerts for successful and failed login attempts as well as account and billing changes.Monitor shared item usage: Gain insights into user adoption and usage, file uploads, and item modifications for accountability and transparency.Threat intel notifications: Proactively identify potential security threats and attacks, equipped with actiona

Since the public release of OpenAI’s ChatGPT, AI-powered browser extensions have proliferated wildly.There are hundreds of them – search for “AI” in the Chrome Web Store and you’ll get tired of scrolling long before you reach the end of the list.These browser extensions run the gamut in terms of what they promise to do: some will summarize web pages and email for you, some will help you write an essay or a product description, and still others promise to turn plaintext into functional code.The security risks posed by these AI browser extensions also run the gamut: some are straightforward malware just waiting to siphon your data, some are fly-by-night operations with copy + pasted privacy policies, and others are the AI experiments of respected and recognizable brands.We’d argue that no AI-powered browser extension is free from security risk (browser extensions in general are notoriously dangerous) but right now, most companies don’t even have policies in place to assess the types and

When workers bring their own equipment on the job, it opens the door to all kinds of trouble – just ask the NFL.In 2006, the National Football League instituted a rule change that allowed each team’s offense to use their own footballs during games, as long as those footballs met the league’s requirements. This change was made at the request of the league’s quarterbacks, who wanted more control over the equipment they use to throw touchdowns.But in 2015, the NFL’s BYOD policy led to disaster. The New England Patriots and their quarterback Tom Brady were accused of deliberately underinflating footballs below NFL standards, in a scandal known as Deflategate.Whatever you believe about the Patriots' guilt or innocence (please don’t email us), Deflategate illustrates the pitfalls that come with BYOD - how a well-meaning policy can create a culture of mistrust and end up putting the most sensitive devices in your organization at risk.In this piece, we’ll talk about whether or not BYOD policie

Tl;dr: The Shadow IT report, conducted in late 2023, shows that 47% of companies allow employees to access their resources on unmanaged devices, authenticating via credentials alone.Some context about this blog: This article pulls heavily from a Shadow IT Report, which was originally conducted by Kolide, and as such, uses Kolide’s name and branding. Now that the team at Kolide has happily joined our team at 1Password, we wanted to share the insights and information from this survey with our audience. Rather than edit the report after the fact, we’ve left it as-is, in order to preserve the integrity of the information as it was originally gathered.Corporate cybersecurity is at something of a turning point. Companies are very concerned about hacks and data breaches, and are throwing resources at their security teams.In particular, companies are investing in Zero Trust, a security framework that restricts access to sensitive resources based on a user’s identity and security posture. Accor

We’re incredibly proud to announce that 1Password has achieved ISO 27001, 27017, 27018, and 27701 certifications.While the building blocks for ISO certifications have been embedded in 1Password DNA for years, we’ll share the reason we pursued them now, what the certifications mean for us, and most importantly, what they mean for you and your organization.What are ISO/IEC certificationsThe International Organization for Standardization (ISO) is a non-governmental organization that develops international standards for establishing, implementing, and maintaining services, systems, and processes.ISO/IEC 27001:2022 is the world’s most recognized standard for information security management systems, and defines requirements for certification. Certified organizations – like 1Password – have proven they have designed controls that follow ISO best practices and principles, and can manage risks related to the security and privacy of information entrusted to them.There are additional ISO standard

The first known security incident involving a compromised device occurred during the Bronze Age, in present-day Turkey.In that case, the Trojan guards were good men, not malicious bad actors. But they made a fatal mistake when they failed to inspect the large, horse-shaped device they dragged inside the city gates.You’d think that after 3000 years, we would’ve learned. And yet today, compromised devices are one of the greatest threats to cybersecurity. Employees routinely log into their work accounts with malware-infected devices. Even more commonly, bad actors use their own devices to access sensitive data, with the help of stolen employee credentials.These debilitating hacks and data breaches are driving up cybersecurity insurance premiums and driving interest in potential solutions to secure end user devices. One such class of solutions is device trust.Device trust can also be called device health, device posture, device context, or device assurance. But “trust” is particularly usef

Accuracy is important in just about everything we do, so it’s difficult to think of a situation in which one can be too exact. But it’s not impossible.There’s good ol’ 1Password search, for instance, which is perfectly functional. It’s also overly precise and highly inflexible. When I search the term bank, my bank login is never returned because my financial institution doesn’t have the word bank in its name, and I lacked the foresight to tag every banking-related credential with the appropriate tag. Because I, like you, expected 1Password to just… know.Now it does.With the latest version of 1Password, we’ve introduced a better search experience. Now your item searches are useful and much more helpful thanks to large language models (LLM).Yep, that says LLM. And, yes, LLM is a type of artificial intelligence (AI).What follows is a deep dive into how we use it securely.Out with the oldBefore we get into how incredible the new is, I think it’s important to understand where we started.In

The back-to-school season is a hectic and overwhelming time for both students and parents alike.Along with the usual stress of pick-ups and drop-offs, schedules, extra-curriculars, and report cards, now you also have to worry about cybersecurity, school portals, hackers, and social media, too! Not to mention all the other life administration you take on, like bills, doctor’s appointments, pet care, family vacations, and more.It’s exhausting just thinking about it.Back in the day, it was just pencil cases and Trapper Keepers, but now it’s apps, online assessments, and even a bit of ChatGPT. It’s certainly a new era, and while we can’t go back to the past, it may help to start thinking about password managers like the new Trapper Keepers of the digital world.To lend a helping hand, we’ve put together a checklist of all the ways you can use a password manager like 1Password to make going back to school – and every day – a much easier and more convenient experience for you and your family.

Note: 1Password has not been compromised. This blog post provides practical tips to protect your organization from a recent string of credential-based breaches.Over the last few months, there have been a number of credential-based breaches, including the attacks on Ticketmaster, Santander Bank, and others.As details regarding this string of attacks continue to be uncovered, it is critical that organizations take precautionary measures in order to protect themselves and their customers from potentially being compromised by cybercriminals. While the details may be murky, it’s likely that cybercriminals are successfully “stuffing” stolen credentials into numerous systems and databases to see what they can unlock. This underscores the consequences of risky behavior many employees have of reusing the same email and password on multiple sites.What happened?Recently, there has been a string of high-profile attacks on large organizations. These attacks have been primarily credential-based and

The differences between 1Password and Keeper go a lot deeper than passwords.If you’re comparing 1Password and Keeper (and it seems like you are, since you’re reading this article) then it pays to be well-informed before you make a purchase.Keeper and 1Password both provide Enterprise Password Managers (EPMs), which are the foundational products of both companies. So if you’re here to compare password managers, we’ve got you covered.But, while EPMs do a lot to keep systems secure, they work better with the help of a more holistic security suite that goes beyond credential management. Fortunately, this is something that both our companies also offer. Keeper provides a lightweight Privileged Access Management (PAM) solution, while we provide 1Password Extended Access Management. (XAM).So, in the interest of giving you a complete comparison of our products, we’ll use this article to contrast Keeper and 1Password in three areas: credential management, device trust, and the impacts they have

Passkeys are a great technology that can replace passwords and any number of multi-factor authentication mechanisms. However, they have one major limitation holding them back from fully replacing passwords.While passkeys are a great sign-in method, they can’t be used to encrypt the data associated with your account. Until now, services have been stuck with passwords and other clever key handling methods to encrypt customer data.That’s no longer the case for services that you’ve chosen to protect with a passkey saved in 1Password. Starting with the latest beta versions of our browser extension and 1Password for Android, any service you log in to with a passkey – provided it’s stored in 1Password – can use that same passkey for end-to-end encryption.What does this mean?Let’s say you use an app that protects all of your notes with end-to-end encryption. That means only you have the key required to decrypt and read your notes. Historically this key would be a password. It would be used to

Security and IT professionals know that keeping a business secure is no easy task.Finding and implementing the best solutions and keeping them up-to-date can feel like a never ending cat and mouse game with unseen adversaries. But it’s no secret that one of the biggest cybersecurity risks is the employees themselves. According to Verizon’s 2024 Data Breach Investigations Report, 68% of breaches involved a human element.People are one of the main vulnerabilities that have proven challenging to secure. After all, no matter how many policies you put in place, if you can’t get your team to follow the rules, it all might all be for nought.Unless noted otherwise, all the stats included in this blog post are from the 2024 1Password State of Enterprise Security Report.The human challenge of cybersecurityVisibility has proven to be one of the biggest challenges to IT professionals in recent years. Where once employees were tied to a physical office where devices and apps used were under the IT

Since the beginning of the year, we’ve committed to enhancing your experience in ways that will help you easily accomplish whatever you set out to do when you open 1Password – especially saving, finding, and accessing your sensitive data across any of the devices you’re using.We’ve been listening to all of your feedback and working non-stop to address the experiences you told us could be faster, easier, or just simply better. This round, we’ve added improvements and new features that include finding and sharing items faster, seamless sign-in flows for 1Password, quicker logins to your online accounts, and a way to make sure you’ll never be locked out of 1Password and your data.Across all the latest versions of our 1Password apps and extensions, you can now expect a more streamlined experience that will not only save you time, but give you the peace of mind you need to manage the digital life you want.Let’s take a look at all the details of what’s new.More peace of mindRecovery codesBef

We’ve all been there. Summer starts to fly by and before you know it, it’s new supplies, textbooks, school portals, class schedules, extra-curriculars, and more. The horror!Whether you’re a parent getting the kids ready to go or you’re a kid dreading the end of the break, heading back to school (and making it through the year) can be a stressful time. Fortunately, when it comes to giving you a leg up, 1Password is in a class of its own.We’re sharing our favorite back-to-school online security tips for parents, beginners and pros alike, that will help keep your family safe, while you stay stress-free.When you take on these tips, you’ll set up both you and your kids for a simpler and easier back-to-school season every year – all while creating habits that will keep your family safer in the long term.Talk to your kids about online securityYour kids are probably pretty tech-savvy, but that doesn’t mean they’re security savvy.Around 40 percent of parents talk about online security with thei

There are moments when stars seem to align, and incredible opportunities present themselves.This is one such moment. Today, we’re proud to announce that 1Password is a global partner of the 2024 Presidents Cup in Montreal, Quebec, Canada.Why sponsor the Presidents Cup?Since our founding, a major cultural value of 1Password is putting people first. When the opportunity presented itself to work with the PGA Tour and sponsor the Presidents Cup, it was evident that we had shared values. Like 1Password, the PGA Tour focuses on giving back and supporting the local communities that host each professional golf tournament. The PGA Tour has donated more than $3.93B to local charities where events take place.That brings us to the Presidents Cup. The Presidents Cup is a global team competition between elite golfers from the United States and internationally (minus Europe). The 2024 Presidents Cup takes place in Montreal, presenting 1Password with a rare opportunity as we are a Canadian-founded com

If you want to make Google tongue-tied, search for ‘MDM for Linux.’At first glance, you’ll find a few vendors who claim to offer device management software for Linux devices (usually as an afterthought to round out their solutions for Mac and Windows). But look closer and you’ll quickly realize that none of these solutions are really MDMs, and none of them will let an IT admin provide endpoint security in the way they’re used to.The absence of an MDM for Linux is a real problem if you’re trying to get your entire fleet of devices aligned to the same standard–for instance, if you’re trying to pass a third-party compliance audit. It’s also just a black eye on your security program when you have no visibility or way to enforce policy on some of your highest-risk devices.So why isn’t there a Linux MDM? And what are you supposed to do now?Let us explain.Why Linux MDMs don’t existMDM (Mobile Device Management) solutions are the most common–and the most aggressive–form of device management. (

In baseball, it’s tempting to think that once you’re on a base, the hard part is over.But then, just when you think you’re safe (you are literally “safe”) the baseman hits you with the hidden ball trick. Your opponent appears to throw the ball away, but merely hides it and tags you in the moment you’re most vulnerable.A similar thing is happening to companies with multi-factor authentication (MFA). The goal of MFA, much like baseball, is to safely get users where they need to go (in this case, authenticated into their apps). For years, MFA has been considered the gold standard of enterprise cybersecurity. However, even when you’re doing everything right, you can be lured into a false sense of security that your opponent is happy to take advantage of.Image SourceTake Retool, for example. They experienced a data breach in August 2023 because a threat actor bypassed not one but three(!) forms of security – VPN, SSO, and Google Authenticator.By deploying phishing, vishing, and Man-In-The-M

The SSO tax is the unofficial name for the practice of software vendors significantly upcharging their customers for Single Sign-On, usually by making it part of an enterprise tier.Opponents of this practice say that charging for SSO is like buying a car and having to pay extra for the seatbelts. Meanwhile, vendors argue that SSO is more like a sunroof: a luxury feature that belongs on their high-end model.In reality, SSO is probably most analogous to a rearview camera; it initially seemed like a fancy add-on, but it’s now recognized as a security requirement that keeps everyone safer.Charging extra for a safety feature strikes plenty of people – like the creators of the SSO Wall of Shame – as unfair and irresponsible, and there’s a backlash against the SSO tax rising in tandem with credential-based hacks that SSO could have helped prevent.Still, even in the face of criticism, the practice of upcharging thousands of dollars for SSO shows no signs of slowing down. Why?That’s the questio

With the global average cost of a data breach being 4.45 million USD in 2023, businesses can’t afford to ignore the biggest cybersecurity risks.1Password surveyed 1,500 North American white-collar employees – including 500 IT security professionals to better understand today’s security landscape. The survey found that security pros are most worried about external threats like phishing or ransomware (36%) and internal threats like shadow IT (36%).In this post, we dive into the top three cybersecurity threats, how they manifest in a company, and what security professionals can do to combat these common but manageable threats. After all, what is cybersecurity for business if not the ongoing pursuit of staying one step ahead of an ever evolving security landscape?Unless noted otherwise, all the stats included in this post are from the 2024 1Password State of Enterprise Security Report.PhishingPhishing is a scam that tries to trick people into giving away sensitive information. Often appear

The Cybersecurity & Infrastructure Security Agency (CISA) has issued new guidance: require strong passwords. The new guidance highlights the critical role that strong, unique passwords play in preventing breaches – whether personally or professionally.According to CISA:Small and medium businesses are a regular target for malicious hackers, and a common entry point is stolen or weak passwords.The use of a password manager can keep your business safe.Strong, long, random passwords should be used across all of your personal and business accounts.While this guidance may seem common sense, recent research has indicated that weak passwords represent perpetual risk for organizations and individuals:61% of employees have poor password practices, like reusing passwords or neglecting to reset the IT-selected defaults (1Password State of Enterprise Security, 2024)Use of stolen credentials remains the top/most common ‘action’ in breaches last year (24%), representing 38% of all breaches recorded i

The month of June is Pride Month, which celebrates 2SLGBTQ+ folks (two-spirit, lesbian, gay, bisexual, transgender, queer plus all the other people that fall under this umbrella). It also honors the Stonewall Riots and the queer liberation protests of 1969. This year in particular marks the 55th anniversary of the Stonewall Uprising.2SLGBTQ+ issues have never been more important or talked about in North American society. So it’s important to take a moment to listen to queer voices. It’s an opportunity to recognize that while we still have room to grow, we’ve made significant progress since June 28th, 1969.A brief timeline of progressMany people consider Stonewall to have kicked off the 2SLGBTQ+ movement in the United States, though it was preceded by a decade of similar riots. However, Stonewall is considered a major turning point, with Marsha P. Johnson, Sylvia Rivera, and Stormé DeLarverie all playing major roles. June 1970 marked the first Pride Week, remembering the actions of ever

In 2016, the Large Hadron Collider in Switzerland fell prey to a vicious and devastating attack.The bad actor exploited a vulnerability that researchers at CERN had never considered – small furry animals.Yes, the Large Hadron Collider, the pinnacle of scientific achievement, was shut down by a weasel. The cunning critter infiltrated their systems (crawled into one of their tubes) and executed a targeted attack (chewed up a power cord). Research into the Higgs-Boson was delayed for weeks while they got systems back online.Image SourceNow, in 2024, CERN is more concerned about an increasingly common (and far less adorable) style of attack: ransomware. In a January blog post, their computer security team wrote that “the base question is not ‘if’ but ‘when’ CERN will be subject to a ransomware attack.”While CERN knows (better than most) that it’s impossible to protect against every threat that weasels its way into your systems, their plan to guard against ransomware gangs hinges on good ol

In 2024, we’ve committed to making 1Password more user-friendly, accessible, and intuitive, and that’s why today, we’re introducing recovery codes.We know how frustrating and stressful both remembering or forgetting passwords can be – after all, that’s the foundation of why 1Password was founded 18 years ago. Now, millions of people trust us with their sensitive information every day. Since we have that trust, we also want to give you the peace of mind and control that comes with knowing you’ll never be locked out of your account and will always have access to your critical data.With recovery codes, you can rest easy knowing you’ll always have a secure, reliable, and simple way to regain access to your 1Password account – even if you forget your account password or lose your Secret Key.What are recovery codes?A recovery code is a unique and secure code generated by an app or website as a backup to help you regain access to your account in case you forget your account password, or, in t

Eighteen years ago we made a decision that forever changed our lives: ‘1Passwd’ went live on the internet!It was a side project that was meant to take three weeks. We had built a tool to fill a need we had - saving passwords and everything else you need to submit on webpages, so they could be stored and shared securely. Along the way, we could use this tool to test how well that information was filled into the page. We did all that so we could get back to building websites and doing our other projects faster.We knew that other people might also like what we had built. But what surprised us was the passion of the community! As soon as we launched 1Passwd on MacUpdate and Version Tracker, we were welcomed with open arms, kicking off what would become an amazing journey to where we are today.Over the last 18 years, it’s been our customers who have continued to inspire and drive us forward, and to continue to make 1Password the most-loved password manager. It was a different world 18 years

Single sign-on (SSO) used to be enough. It’s not anymore.Consider these stats:34% of employees use unsanctioned apps.61% of employees have poor password practices.Credentials are the #1 way attackers gain access to systems.Let’s connect those dots. According to 1Password research, more than one-third of the apps employees use for work are unsanctioned, meaning IT and Security don’t know about them. That’s shadow IT, and because you don’t know about them, you can’t put those logins behind SSO.The same research found that most employees have poor password practices like using weak passwords, or reusing them across multiple services.Finally, credentials are still the primary method for attackers to gain access to systems.So, employees are using weak or reused passwords to log in to unmanaged and unprotected services, leaving attackers' favorite entry point – credentials – vulnerable.SSO solutions can help, of course. But reducing your attack surface means understanding what SSO protects –

It’s no easy feat for a company to maintain security and enforce standardized policies across a fleet of devices.The proliferation of endpoints and operating systems that employees use to connect to company networks makes protecting sensitive data mind-blowingly complex, especially in remote settings. These challenges often come to a head when a company is seeking a security certification like SOC 2 or ISO 27001 and realizes it can only pass an audit if it can achieve greater visibility and control over its fleet. In such situations, most companies resort to mobile device management (MDM) solutions to give their IT team centralized control over the fleet.In a nutshell, MDM solutions make devices behave in specific ways according to predefined security policies so companies can pass audits, prevent data breaches, and obey data privacy and security laws. Despite the word “mobile” in the name, MDMs often extend to the management of laptops, desktops, and tablets. There are many independen

The system that we use internally to build the code behind our browser extension was put together over half a decade ago. While we were able to iteratively grow it over time to meet our needs, it became slower and slower in the process. Let’s give it a much-needed upgrade!I joined 1Password as an intern back in early 2020. That’s a date with … some interesting memories! One of them is my recollection of how long it took to build our browser extension. At that time my 13 inch-MacBook Pro with an Intel i5 processor and 8GB RAM needed roughly 30 seconds to do a warm build of our extension (a warm build means I’ve already built the extension at least once, and I’m rebuilding it to test some changes I’ve made.) Thirty seconds wasn’t bad by any means but it was long enough to be annoying and I often wished it could be faster.Fast forward to 2024. We have many more folks working on the extension, I’m now a senior developer with a much more capable M1-equipped laptop, and our extension is a we

In 2022, the EU’s General Data Protection Regulation (GDPR), the most powerful data privacy law in a generation, was used to fine a nosy neighbor.An unnamed Spanish citizen had two home security cameras pointed toward a public road. This got attention from their city council, who filed a claim with the Spanish data protection authority (AEPD).Home security is one thing, but GDPR has some pretty strict requirements on how citizens’ data can be processed. For one thing, you have to collect only the minimum data necessary for your purpose; recording everyone who passes by your house is going a little overboard. And while the homeowner had hung up a notice about the cameras, it lacked important information, like who owned the recordings.For this, and other issues, the AEPD found the individual in violation of GDPR. They were ordered to move their cameras, hang up notices about the recorded data, and pay a fine of 1,500 euros.Since GDPR enforcement began, plenty of companies have had an uns

Our cultural upbringings shape who we are when we enter the workplace and how we navigate it throughout our careers. The values we gain and lessons we learn through our communities can ultimately become our greatest strengths in charting our own professional paths and forging deeper connections with our co-workers.In the spirit of Asian & Pacific Islander (A&PI) Heritage Month, we passed the virtual mic to five A&PI leaders at 1Password who spoke at a company-wide panel to share how their cultural roots have influenced their professional journeys.Here are some highlights:Sylvia Tu, Senior Manager, FP&AMy parents are from Vietnam and immigrated to Canada as refugees to escape a tumultuous life of war and set up a better future for their family. My dad came to Canada from Vietnam by boat with absolutely nothing on him or to his name.Through sheer strength, grit, and support of his sponsor family, he taught himself English and French, earned his Bachelor of Computer Science degree at Écol

A world with no trust wouldn’t be great, but when it comes to cybersecurity, Zero Trust is actually a good thing.To get some perspective and clarity on what a Zero Trust approach actually entails, Michael “Roo” Fey, Head of User Lifecycle & Growth at 1Password, talked with two Zero Trust experts on the Random but Memorable podcast:Dr. Chase Cunningham, the Forrester analyst who popularized the concept of Zero Trust and is the host of the Dr. Zero Trust podcast, and who is now building G2’s Cybersecurity Analyst program.Elliot Volkman, a journalist, cybersecurity brand builder, and host of the Adopting Zero Trust podcast.Read our interview highlights below or listen to the full podcast episode for strategies for how to apply Zero Trust (try it on your kids!) and why these experts say if you embrace Zero Trust, emerging threats like AI won’t keep you up at night.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the intervie

There’s one quote from the 2024 RSA conference that I can’t stop thinking about, even though it was originally uttered by Kobe Bryant. Here’s the quote:“Why do you think I’m the best in the world? Because I never get bored with the basics."That (possibly apocryphal) bit of wisdom was delivered by Etay Maor, Chief Security Strategist at Cato Networks, in a talk called “The Price is WRONG–An Analysis of Security Complexity.” Maor’s message was that as our digital infrastructure has ballooned in size and complexity, so has our attack surface, and too often, security vendors offer siloed, rather than holistic, solutions.That’s an excellent point, but the quote has broader implications for security and IT professionals, and it’s a message I saw repeated over and over at RSA. Don’t get so excited by shiny new tech that you forget about your most basic obligations. Don’t assume you can automate your way out of every problem. Don’t get bored with the basics.Of course, RSAC is a massive securit

With the recent announcement of OpenAI’s ChatGPT desktop application for macOS, users gain access to LLM workflows outside of their browser. ChatGPT’s broad adoption by employees across industries, and around the world, has put employers, compliance, and security teams into high gear as they seek to balance the gains made in productivity with the potential risks of how these tools are being used.One of the most common concerns among employers when it comes to the utilization of generative AI is the possibility of sensitive or secure company data being fed into the larger ChatGPT training model, which is then used by individuals external to the organization.In August of 2023, OpenAI announced their Enterprise offering of ChatGPT which introduced collaboration functionality, as well as security and privacy guardrails. Specifically with regards to model training they called out the following:You own and control your business data in ChatGPT Enterprise. We do not train on your business dat

Developers can now integrate their applications and services directly with 1Password using software development kits (SDKs) for Python, Javascript, and Go. The SDKs are available as open-source libraries in public beta.Why 1Password SDKs?Customers have been asking for a 1Password API so they can access their vaults and items stored in 1Password via that API. It’s a common request, and a reasonable one. The use cases are endless, and we’re builders and tinkerers by nature, too. But it presents some engineering challenges given 1Password’s unique security model.Building a traditional REST API would require 1Password to decrypt and store sensitive user data on our servers. That’s incompatible with our security model and our commitment to zero-knowledge, end-to-end encryption. Only you hold the keys to decrypt the information you store in 1Password, and we want to keep it that way.Enter the 1Password SDKs. The SDKs can be embedded within your application to decrypt data when and where it’s

On the heels of our global partner program launch earlier this year, 1Password® Enterprise Password Manager - MSP Edition is now available in beta.With this launch, managed service providers (MSPs) can protect their clients’ data and improve the security posture of their information technology systems with the industry-leading password manager trusted by more than 150,000 businesses. 1Password Enterprise Password Manager - MSP Edition includes multi-tenancy client management, streamlined billing, and integration with existing client services and apps.The broader security and solution integration challenges for MSPsAs our partners know, the increasing number of cyberattacks targeting their clients is a major concern. This puts pressure on MSPs to enhance their security measures and protect clients' data effectively.Another pain point for MSPs is the difficulty of offering multiple solutions from different security providers to their clients. Integrating technology solutions from various

Shadow IT – the use of apps or devices outside IT’s oversight – can mean that important business information is at risk of being exposed.Many organizations have rules prohibiting the use of shadow IT. But employees are still finding ways to use tools that help them complete their work more efficiently, if occasionally less securely. So what’s the secret sauce to getting users to be more mindful about security?According to Charlie Livingston, head of infrastructure and security at financial wellbeing platform Wagestream, it’s important to position IT as the go-to partner who works to make employees’ jobs easier – and more secure.Livingston recently shared with 1Password’s Michael “Roo” Fey on the Random but Memorable podcast his insights into how IT and employees can be more collaborative to manage the challenges surrounding shadow IT.Read the interview highlights below or listen to the full episode wherever you like to listen to podcasts.Editor’s note: This interview has been lightly e

Balancing security and productivity is hard. On one hand, IT and Security have an obligation to protect the company. On the other hand, employees are most productive when they can work with the tools they know and love.Between hybrid work, BYOD, and shadow IT, one thing is clear: the way we work has changed; and the way we protect that work should too. Existing access management tools were built for a bygone age when every employee was on-premises; SSO was the way into every application used in the business and every device was managed by IT; and all access happened over corporate networks. But things have rapidly changed since the start of 2020, and these days:Hybrid and remote work have become standard.Employees frequently use unsanctioned applications that they bring in to boost their productivity.Employees and contractors increasingly use their personal devices for work purposes.The tools we use today for identity and access management (IAM) are great at securing access to managed

After speaking with customers, we renamed 1Password Teams and Business private vaults to employee vaults to reduce confusion between work and personal accounts. No functionality is changing – just the name.Each 1Password Teams and Business team member has access to shared vaults and a private vault. When an item is stored in a shared vault, whoever is added to that vault has access to the items stored in it. When an item is stored in the private vault, only the team member has access to that item (unless an individual item is temporarily shared).The confusion arises when someone has access to a work account, like 1Password Business, as well as a personal account, like a 1Password Individual or Families account. If private vaults have the same name across both kinds of account, it’s easy to see how some folks end up accidentally saving personal items to their work account or vice-versa.For that reason, the existence of a private vault in both accounts takes a little explaining to new te

The Verizon Data Breach Investigations Report is to security what the Vogue September issue is to fashion: a glossy, buzzy publication that guides the industry’s conversations for an entire year.The 2024 DBIR is no exception – it’s packed with deeply-researched insights, elaborate (and sometimes inscrutable) graphs, and its usual collection of charming footnotes. This year, the authors look at some of the biggest security headlines from the past year, such as the MOVEit hack and its aftermath, and the (surprisingly muted) impact of GenAI on breaches.Still, if you’re a security professional or observer, a lot of the information in the 2024 DBIR will feel depressingly familiar. One fact in particular stands out: in 2024, the overwhelming majority of data breaches can still be traced to credential-based attacks and human error.This trend has held remarkably steady in recent years. The 2020 DBIR reported that “credential theft, social attacks (i.e. phishing and business email compromise),

We’re partnering with Postman to streamline how you securely build, test, and work with APIs.Starting today, you can access API tokens and other secrets stored in 1Password directly in your Postman workspaces and collections. The integration is available in Postman Enterprise plans with the Advanced Security Administration add-on.Postman is the leading API platform used by more than 30 million developers to build and work with APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs, faster.The team at Postman was an early partner and tester in the 1Password SDKs private beta, and built the new integration with 1Password using the 1Password Javascript SDK. Developers can use the SDKs to securely retrieve secrets stored in 1Password natively in their apps, whether integrating with an API, accessing infrastructure secrets, or building their own integrations with 1Password.How it worksFirst, create a service account using 1Passwor

1Password is proud to welcome roughly 60 interns to the team every year. Our internship program is a launching pad for Canadian students that lets them learn new skills, grow their network, and step into their careers.Curious what you could be doing as a 1Password intern? To answer that question, we first need to explain how we set up and run our internships.How 1Password internships workWe post all of our internships on our Careers page, giving you the chance to pick a team that best suits your skills and interests. If successful, you’ll be brought on for four months of fast-paced, hands-on work that moves us along our mission to build a safer, simpler digital future.As an intern, you’ll be asked to support or lead projects based on your skills and career goals. You’ll collaborate with teammates from around the world in our fully remote environment, working closely day to day with your manager and mentor.Internal growth is a priority for us. You’ll have the chance to raise your hand f

It’s a concern for families everywhere: keeping kids safe online. For parents with teenagers, there’s the added complication of trying to balance a child’s safety with their right to privacy. But is online safety just families’ problem?Policy advocate Stephen Balkam says everyone – including government, technology companies, law enforcement, and individuals – has a role to play. He thinks about these issues a lot as the founder and CEO of the Family Online Safety Institute (FOSI), a nonprofit that brings together government, industry, academia, and nonprofits to innovate around public policy, industry best practices, and digital parenting.He chatted with 1Password’s Michael “Roo” Fey on the Random but Memorable podcast about how parents should approach online safety with their kids. Balkam also discussed the emerging threats to children’s online safety, parental rights and children’s rights, and how kids can always find a workaround to get online.Want to learn more? Read the interview

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently announced that they are investigating a major breach at Sisense, a business intelligence company.1Password is not a Sisense customer nor were we impacted by the Sisense breach.As a result of the breach, it is critical that Sisense customers take action immediately to minimize the impact of any breached credentials. Here is a quick overview of what happened, and a look at what needs to be done to secure your developer secrets to protect against follow-on data breaches.What caused the Sisense breach?According to reporting by Brian Krebs, attackers gained access to Sisense’s self-hosted GitLab environment. From there, they found an unprotected token that gave them full access to the company’s Amazon S3 Buckets. Once they had full access to the company’s cloud environment, they were able to copy and exfiltrate several terabytes of customer data, including millions of access tokens, passwords, and even SSL certificate

This is the final post in a series about shadow IT. In this series, we’ve detailed how and why teams use unapproved apps and devices, and cybersecurity approaches for securely managing it. For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.We all use passwords and other secrets to access things at work. It’s the IT team’s responsibility to secure those secrets. For most departments, secrets management needs are simple: They sign in to apps and websites with passwords, or passkeys, or sometimes with multi-factor authentication.But developers have unique workflows and secrets management needs.The types of secrets developers manage every day include SSH keys, database and API keys, server credentials, and other encryption keys. These keys power authentication methods developers use every day to access systems, integrate applications, securely transfer files, and more. To complic

There’s one question our Security team hears more than any other: Is my 1Password data vulnerable if my device is compromised or infected with malware?A compromised device involves full control or visibility at the system level1, and password managers like 1Password store data that’s accessible to the system — that’s how they function. In fact, that’s how most typical apps are built.The short answer is: Yes, your secrets are vulnerable to an attacker who’s fully compromised your device, however unlikely that situation may be. And let me be clear that if you’re an everyday internet citizen who browses securely and maintains their devices, worrying about such local threats is probably unnecessary. The longer answer is nuanced, as they so often are, and presents an interesting paradox.So, let’s explore that paradox, then dig right into local threat protections in 1Password. After our deep dive, I’ll reveal the crucial non-security consideration involved in our threat-mitigation approach,

Who’s responsible for regulating technological change in a democracy?Verity Harding, a globally recognized expert in AI technology and public policy, and one of Time Magazine’s 100 most influential people in AI, thinks anyone – with any level of technological knowledge – can have a valid opinion about AI. After all, it may not be technological knowledge that helps us make the best decisions around how we want to use AI as a society.Harding, who is currently the director of the AI and geopolitics project at the Bennett Institute for Public Policy and author of the book, AI Needs You, How We Can Change AI’s Future and Save Our Own, talked with Michael “Roo” Fey, Head of User Lifecycle & Growth at 1Password on the Random but Memorable podcast about technology policy and ethics.To learn more, read the interview highlights below or listen to the full podcast episode.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the intervi

This is the third in a series of four posts about shadow IT, including how and why teams use unapproved apps and devices, and approaches for securely managing it. For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.Until recently, companies have been able to exert pretty comprehensive control over security and how people work – in an office, at a desk, with a desktop computer, and using company-provided software and servers.But the days of protecting clearly defined perimeters from the threat of cyber attacks with strong network security and unforgiving firewalls are, for most companies, gone.Today, thanks to hybrid work, the situation can be very different. Many companies have limited insight into where or how their employees are working. In the park? On a mobile device? Laptop? Using any number of apps and tools? Cybercriminals are taking advantage of the confusion.This redu

What’s good for business is often bad for security. That’s the inescapable conclusion of the 1Password State of Enterprise Security Report this year.Here’s the backdrop, and it should be familiar by now: Work has, slowly and then all of a sudden, expanded. No longer confined to the office ecosystem, work happens in coffee shops and at home and at the airport, on company-provided laptops and the shared computer in the living room, on the family iPad and the phones in our pockets.All that work leaves a residue of (often sensitive) data as it flows through managed apps like the company productivity suite and unsanctioned apps like the file-sharing service that a handful of people use, unbeknownst to IT.With the explosion in the number of apps used for work, it’s a good time for employee productivity, and artificial intelligence (AI) has entered the picture to boost output even further. But IT and security teams are struggling to keep up, especially when they’re constrained by limited reso

This is the second in a series of four posts about shadow IT, including how and why teams use unapproved apps and devices, and approaches for securely managing it. For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.High productivity levels are generally a good thing. For most organizations, the answer to the question, “Is it important for your employees to be productive?” is a resounding “Yes!” However, when employees ask to use a tool or app to boost productivity, companies may want to say “yes”, but often find themselves saying “no”.What gives? Security concerns. And they’re legit. Companies are in the midst of experiencing a brave new world called hybrid work. Gone are the days of on-premise servers, software, and devices (and employees) that were relatively straightforward to manage and secure.Now knowledge workers can get things done in coffee shops and their own living

1Password’s Go-to-Market (GTM) team is critical to achieving our mission of helping businesses, families, and individuals protect their passwords and other private information.GTM helps our company understand the real-life problems that businesses are facing and how 1Password is best equipped to solve them. It’s a fast-growing team and we’re delighted that women like Jess Plowman, Senior Sales Development Representative, and Tiphanie Futu, Sales Enablement Manager, are playing such an integral role in its success.Curious what it’s like to work in the GTM team at 1Password? Read on to learn about Jess and Tiphanie’s professional journeys, as well as their current role and day-to-day responsibilities.Jess Plowman, Senior Sales Development RepresentativeWhy did you join 1Password, and how did you end up here?Back in 2022, I was made redundant from my previous role working as a sales development representative (SDR). I shared my experience on Linkedin and 1Password reached out to see if I

This is the first in a series of four posts about shadow IT, including how and why teams use unapproved apps and devices, and approaches for securely managing it.Whether or not you’re familiar with shadow IT, know this: it’s everywhere. Fighting it is like playing a game of whac-a-mole: Try to eliminate it and it will pop up again elsewhere.So what’s IT and Security to do? A more realistic approach is to enable and secure it, so you can leverage the benefits of shadow IT without the security vulnerabilities it brings with it. Read on to find out how.For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.In this series, we’ll cover:Why shadow IT is a thingWorker burnout and its impact on shadow ITCommon security vulnerabilities in HR, finance, marketing, and developer workflowsHow IT teams can adaptUnderstanding developers’ unique secrets management needsWhat is shadow IT?Traditio

When daydreaming about the future, it’s fun to imagine faraway, fantastic, and possibly impossible scenarios. Moving sidewalks. Personal jetpacks. Unconfusing TV remotes.But to make the world a better place, we need to balance small improvements with audacious moonshots. As science fiction novelist William Gibson famously put it: “The future is already here — it’s just not evenly distributed yet.”A good illustration of that quote can be found in Estonia, where citizens have been using digital identification to vote and access public services for over a decade. Estonia is living in the not-too-distant future, waiting for the rest of us to throw away our laminated ID cards.Delivering these kinds of improvements is easier said than done. The paradox of working at a technology company is that you need to build small but innovative products and features (the future) with tried-and-true approaches (the past). Tight deadlines often discourage experimentation but, in order to stay competitive,

It’s essential during Women’s History Month to recognize the strides women have made in various fields. However, networking remains one area of career advancement and satisfaction where women often face unique challenges. From battling imposter syndrome to navigating male-dominated spaces, women encounter obstacles that can hinder their networking efforts.If you’re struggling or unsure how to grow your professional network, fear not! In this blog post, we’ll address common fears and challenges that women often face while networking, and give you some strategies to overcome them. We’ll also explain the importance of shamelessly networking and cultivating meaningful connections.Overcoming common fears and challengesNetworking takes a lot of confidence. It’s natural to feel nervous about introducing yourself to new people and building real, meaningful connections. Here are some specific fears that you might have about networking, and some tried-and-true solutions:Imposter syndromeMany wom

Joined by the popular Mac Admins podcast cast, we dive into Apple security and privacy, and how Macs are being integrated into workplaces everywhere. Find out whether an Apple product on its own keeps you secure and safe from viruses, or if you need additional security apps to protect your devices.Michael “Roo” Fey, Head of User Lifecycle & Growth at 1Password chats with Tom Bridge, Marcus Ransom, and Charles Edge – three of the rotating cast of Apple expert hosts and consultants – on the Random but Memorable podcast. To learn more, read the interview highlights below or listen to the full podcast episode.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.Michael Fey: A lot of people believe that buying an Apple product or a device keeps them secure and safe from viruses, is that true?Charles Edge: No. The first viruses were written – or the first viruses for person

We recently introduced labs, a new and pioneering space in the 1Password apps that lets customers opt in to test experimental features.For us, innovation isn’t just a buzzword – it’s a big focus for all of our teams. We are always looking for ways to evolve 1Password so we can offer a leading-edge experience in both security and convenience.As the only password manager involving our customers in the early stages of development, we are breaking new ground in creating a truly human-centric experience. With customer feedback helping us shape experimental features before we commit to bringing them to all 1Password customers, every new addition to labs is actually tailored to real-life use-cases.By testing exciting, new features through labs, but also continuing to focus on making 1Password more user-friendly and intuitive, we’ve been able to balance innovative additions to 1Password while also improving existing features and functionality of our apps.Since labs was launched, we’ve been bus

We’re thrilled to announce the availability of a partner rebate incentive for partners of 1Password. As valued members of our partner ecosystem, you play a pivotal role in our collective growth journey.With this program, we aim to deepen our partnership, drive mutual prosperity, and unlock new opportunities together.Why partner rebates matterPartner rebate programs are not just about offering financial incentives – they’re about fostering stronger relationships, driving collaborative growth, and rewarding your dedication and efforts. By participating in our rebate program, you gain access to benefits designed to amplify your success:Increased earnings potential. Earn attractive rebates on your performance by achieving sales targets, expanding market reach, and driving customer engagement.Alignment of interests. The rebate program is designed to align with your business objectives, making sure that our mutual interests are in sync and driving toward shared success.Recognition and apprec

If you think security is all about risk management, cybersecurity expert Greg van der Gaast thinks you’ve got it all wrong.Van der Gaast – chief information security officer (CISO), consultant, author, world-famous former hacker and undercover agent – talked with Michael “Roo” Fey, Head of User Lifecycle & Growth at 1Password, on the Random but Memorable podcast about why taking a different approach, especially in a world of increasing security incidents and ballooning budgets, can be a much more effective strategy to reduce both vulnerabilities and cost.What’s different in Van der Gaast’s approach? It has a lot to do with focusing on quality and process before risk. And repeatedly asking “why” to get at the root of upstream security issues. Read on for the interview highlights, or listen to the full podcast episode.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password

Android enthusiasts, your time has come. If you own a phone or tablet running Android 14 or higher, you can now save and sign in to many Android apps using passkeys.Today’s announcement builds on the passkey support we released for the desktop version of 1Password in the browser and 1Password for iOS last year. Mac, Windows, iOS, Android – no matter your platform preference, you can now go passwordless and start unlocking the web in a faster and more secure way.We’re thrilled that so many people have started using passkeys, and are delighted that Android device owners can now embrace them too.What is a passkey?Passkeys are a new kind of login credential that lets you quickly and securely log in to accounts on your desktop and mobile devices. They’re a form of passwordless authentication – so there’s no password involved – that are backed by the largest technology companies and built on open industry standards.Curious how passkeys work? Behind the scenes, the passwordless credential rel

When you work in IT, you have a lot to manage. And while everything can feel critical – keeping the computers on might not mean much if your small business experiences a data breach.According to recent reports, cyber attacks are currently disproportionately targeting small businesses.“70% of cyber attacks target small businesses” – Business InsiderWith the average global cost of a data breach being $4.45 million, many small business owners simply don’t have the capital to survive the damage caused from a cyber attack. From losing critical data, time spent trying to recover, and a loss of customer trust, it’s not surprising that 60% of small and medium-sized businesses (SMBs) that are hacked go out of business within six months.But while the stakes may be high, IT teams can protect their businesses by bumping security up their to-do list and prioritizing proactive security measures.Risks companies faceThere are many different types of cyber attacks businesses need to protect against but

1Password doesn’t just keep your personal and work-related data safe. It also helps you keep them separate – and your company’s 1Password Business accounts include free 1Password Families memberships for all team members.1Password Families is a personal account for you and up to 5 family members. It works in much the same way your business account does – but instead of being owned by the company, you own it. And instead of admins managing the account, family organizers manage it (that’s you, and anyone else you designate).Because you own the account, if you and your employer ever part ways, you can keep using your Families account by simply updating your payment method. Access won’t be interrupted, and the personal data in your account will remain yours, completely unaffected by your departure from your company.Employers never have visibility or access to anything stored in personal accounts. In fact, your company’s 1Password Business account and your 1Password Families account aren’t

Fumbling with an app when you’re already stressed? We know the struggle. Also, is it just us, or does it always happen when you’re already having a bad day?It may seem silly, but sometimes, a few extra clicks or typing can feel painful when you’re just trying to get stuff done.That’s why, in 2024, we’re focused on making 1Password smoother, simpler, and more intuitive. We’re dedicated to making sure the secure thing is always the easy thing.Throughout the year, we’ll continually improve 1Password so it can reliably work as you expect. No more struggles. We’ll keep you updated on added and improved features along the way, because every click and tap should feel effortless. The seamless experience you deserve.Improving password autofill, browser extension functionality, and more in 1PasswordSince the end of 2023, we’ve already made nearly 200 updates to 1Password. These updates focused on overall performance, reliability, and usability with the goal of simply making sure things work bett

This is the fourth and final post in a series on how to secure your hybrid workforce. For a complete overview of the topics discussed in this series, download The new perimeter: Access management in a hybrid world.In the initial post in this series, we outlined four key considerations to securing your hybrid workforce: identity, shadow IT, the security vs. productivity tradeoff, and security costs.Now that we’ve seen why identity is the right place to start, and how to secure access to both managed and unmanaged apps, let’s talk about worker productivity and cybersecurity costs.Productivity vs. security is a false tradeoffSecurity software is notoriously hard to use. Instead of making things easier for end users, security tools often introduce new frictions into workflows. Hence the perpetual dance between security and productivity.The situation also pits IT and other employees against each other. IT’s goal is to reduce their attack surface to avoid a security breach. Employees want to

Protecting remote and hybrid work requires securing both identity and devices, regardless of where employees work.At this point, it’s safe to say work has changed. But the reality is that for those yearning for employees to return to the office, hybrid and remote work is the modern “business as usual,” and there is no going back. Unsurprisingly, our new way of work has brought a slew of new security challenges that companies struggle to address.Security is inherently a people problem. And when people no longer predominantly work from a corporate office, relying on security technologies built to secure physical corporate networks, and everything plugged into them, is now creating gaping holes in company defenses.At 1Password, we’ve always put people front and center of security, striving to create products that are easy to use and make employees more productive. By making the productive way to work the secure way to work, we help companies enlist their employees to be a part of their pe

Last week was a hackathon week at 1Password. We take time twice a year to pause our normal day-to-day tasks and focus on exploration and learning. These hackathons are a great opportunity to work with different folks, exercise some different muscles, and have a great deal of fun in the process. I’d love to tell you more about our latest hackathon!The hackathon’s theme was “Beyond Boundaries”, and it had a few broad categories for staff to choose from:Shoot for the Moon. Pushing the boundaries of what 1Password can be.Shifting Left. Innovations in the earlier steps in our daily workflows that have compounding effects in the later ones.The Next Step. An incremental improvement in an existing feature, or a step toward something new.We encourage everyone in our Tech, Product & Design departments to set aside work to participate in the event, and ask them to self-organize into teams and projects. This means that the hackathon projects aren’t defined by leadership – they’re entirely grass-ro

“A man walks into a bank…” That may sound like the start of a joke but as hacker and security consultant Jayson E. Street tells it, it’s really nothing to laugh at. He’s walked into banks, hotels, government facilities, and biochemical companies all over the world and successfully compromised them.Street is an adversary for hire, Chief Adversarial Officer for Secure Yeti, a DEF CON group global ambassador, and the author of the book series Dissecting the Hack. He sat down with Michael “Roo” Fey, Head of User Lifecycle & Growth at 1Password, on the Random but Memorable podcast to share some fascinating stories about how he “hacks” human nature to get in the literal front door and compromise businesses.Read the interview highlights below or listen to the full podcast episode.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.Michael Fey: How did you get into penetrati

This is the third in a series of four posts on how to secure your hybrid workforce. For a complete overview of the topics discussed in this series, download The new perimeter: Access management in a hybrid world.In the first post in this series, we identified four key considerations to securing hybrid workforces: identity, shadow IT and bring-your-own-device (BYOD), security adoption, and security costs.Today, let’s talk about shadow IT.In a hybrid world, not only do we work from everywhere, we use a huge number of apps – 130 at the average organization – to get work done. Some apps are sanctioned by the IT/Security team. Many are not.Those apps not managed by IT/Security are, by definition, a blind spot. And because you can’t secure what you can’t see, those unmanaged apps are known as shadow IT.What is shadow IT?Shadow IT is all the apps we use to get things done that haven’t been explicitly approved – and therefore secured – by IT. It’s usually cloud-based apps, or software-as-a-ser

Today, it’s our pleasure to announce a new global partner program for 1Password resellers, distributors, cloud service partners (CSPs), system integrators (SIs), and global system integrators (GSIs).If you’re part of the global ecosystem of 1Password partners, you’ll notice new investments to help you secure your customers, differentiate your offering, and grow your revenue. That includes key sales, marketing, and enablement resources and a simplified partner experience in the near term, with many more initiatives to follow in the coming months.And if you’re looking for a world-class solution that can provide enterprise password management with simple, lucrative and supportive partner programs, look no further. We encourage you to learn more and understand how we can help you achieve your growth objectives while simultaneously increasing your customers’ security posture.Why partner with 1Password?Improve customer data security and complianceGain access to dedicated channel- and custome

Celebrating Black innovators and their contributions to society is incredibly important. It’s an opportunity to reflect on history and recognize the impact these visionaries have had, both by shaping our present and influencing the future.This Black History Month, 1Password proudly spotlights some extraordinary figures who have made significant contributions to technology, agriculture, education, media, culinary arts, and other important fields. Join us in acknowledging these trailblazers, as we believe their stories are integral to a more inclusive and enlightened narrative.Computer hardware and softwareNow: Mark E. DeanMark E. Dean, an American computer scientist and engineer, played a pivotal role in developing the original IBM PC and color PC monitor. His contributions extend to the invention of the first gigahertz chip, showcasing his pioneering work in computer technology.Now: Tope AwotonaTope Awotona, a Nigerian-born entrepreneur, founded Calendly, a widely-used scheduling tool

It’s easy for leaders to get swept up in the fast-paced and always-on nature of our jobs, leaving little opportunity for downtime. My mind races far too much, so it’s become important to find activities to engage in regularly that take me away from Zoom and Slack, and give me perspective.In today’s busy world, the emphasis on being constantly connected and productive can be overwhelming. However, through my own work and career, I’ve noticed an essential truth: everyone needs a hobby or distraction from work. It’s more than just a hobby though – it’s a necessity for maintaining a healthy mind and body.For those who don’t know me well enough just yet, that escape is my tractor. Large equipment has always been a significant part of my life. This hobby started when I was 8 or 9 years old with my granddad bringing me to the rock quarry where he worked and letting me “drive” the various machines. As part of my upbringing, this hobby is both a connection to my past and something that grounds

This is the second in a series of four posts on how to secure your hybrid workforce. For an overview of the topics discussed in this series, download The new perimeter: Access management in a hybrid world.In the first post in this series, we identified four key challenges to securing your hybrid workforce: identity, shadow IT, the security vs. productivity tradeoff, and cybersecurity costs.Today, let’s dive into identity and access management. (We’ll explore the other topics in upcoming posts, so stay tuned.)Recap: The new perimeterIn 2023, 70% of data breaches involved an identity element, which can be a vulnerability as simple as a stolen password. And that number is growing – Forrester expects it to climb to 90% in 2024.This is happening for a number of reasons, but hybrid work is high on the list. Instead of badging in to a secure workplace, or using a VPN to access a secure network, we’re working everywhere: from the office, from home, from the coffee shop, at the airport.And inst

This is the first in a series of four posts on how to secure your hybrid workforce. For a complete overview of the topics discussed in this series, download The new perimeter: Access management in a hybrid world.What is hybrid work?To secure your company, it used to be enough to secure the workplace and its entry points – because work was happening at work. There was a clearly defined perimeter to defend against attackers.In hybrid work environments, work happens everywhere: in the office and at home, at coffee shops and coworking spaces, on laptops and phones and tablets. And to get that work done, we use a lot of apps.Hybrid work – which was a thing well before the pandemic, but was massively accelerated by it – is the new normal we’re all adjusting to. Even now, office attendance is 30% lower than it was pre-pandemic. There’s no going back.Suddenly secure networking, VPNs, endpoint protection, and employer-provided devices (basically the entirety of our old cybersecurity toolset) ar

Starting today, you can review and mitigate potential SSH key security risks in 1Password Watchtower.When was the last time you reviewed the SSH keys on your local disk? Do you know which encryption algorithm your keys use? Is every key secured with a passphrase, or are some stored as plaintext?We take care to protect many of the credentials we work with everyday. But too often we store SSH keys – the keys we use to access servers, databases, and other infrastructure – on the local drive and promptly forget about them.When left unaddressed, insecure and unencrypted SSH keys are security vulnerabilities that can be exploited by bad actors. Just this month, researchers discovered malicious NPM packages designed to upload stolen SSH keys to GitHub. Fortunately both packages were removed before they could be widely distributed, but this was yet another example of malicious actors using open-source package managers to target developers and engineering organizations.A new way to monitor the

It’s January, and 2024 is already seeing two major security announcements with wide-scale implications for security teams. While these announcements may seem disconnected at first, they highlight the continued importance of good password hygiene, and ensuring that employees are protecting themselves online inside and outside of the workplace.Here’s the TL;DR.What happened?Two significant security announcements have been reported:Microsoft email breach - State-backed Russian hackers broke into Microsoft’s email system, including access to the accounts of senior leadership members and the company’s cybersecurity team. The hackers were able to gain access by using “password spraying” and used a single, common password in an attempt to login to multiple accounts.The mother of all breaches (MOAB) - A massive database built from previous breaches, leaks, and private databases across a wide range of business and consumer sites from Twitter and LinkedIn to Adobe and Dropbox has been released b

The mother of all breaches (MOAB). That’s how security experts are referring to the recent discovery of a massive database that is composed of data from thousands of previous breaches, leaks, and private data databases.“But why should I care? How does it impact me?”The breach includes over 26 billion records. That’s staggering. And that means if any of your accounts are included (or if you reuse passwords anywhere), you need to take action in order to protect yourself and your family.Here’s the TL;DR.What Happened?A massive database built from previous breaches, leaks, and private databases across a wide range of business and consumer sites from Twitter and LinkedIn to Adobe and Dropbox has been released by an unknown source. This breach is composed of roughly 26 billion records, and is being referred to as the “mother of all breaches”.Who’s impacted?The database includes data from a wide variety of commonly used websites, including Tencent, Deezer, Dropbox, and LinkedIn, among others.

Here we are again: the beginning of a brand new year. Brimming with possibility, it’s the perfect time to reflect, evaluate, and plan.Everyone here at 1Password is looking ahead — including our Security team. As you can imagine, they have a few thoughts and predictions for the coming year. Maybe you want to know what to watch for as you and your family live and work on the internet. Perhaps your company is budgeting for security and you wonder where funds are best spent. Whatever you’re planning for, information is key.From (more) passkeys to increasingly sophisticated hacking techniques, there’s a lot in store for 2024. Let’s dive in.Don’t believe what you seeAs AI continues to permeate our lives, the use of deepfakes will grow rapidly in both targeted social engineering attacks and broader attempts to influence public opinion. While AI-generated audio, photos, and video is still far from perfect, it’s good enough to trick most people — and improving rapidly.Your employees are the tar

You can save all sorts of sensitive information in 1Password including your usernames and passwords, addresses, credit cards, and medical records. It’s also a safe and convenient place to store your passkeys – a new type of login credential that lets you sign in to accounts with unmatched security and convenience.In this guide, we’ll break down how to save, use, manage, and share passkeys using 1Password. You’ll learn what passkeys are, the different ways you can organize them in 1Password, and how to discover which apps and websites support them.By the end, you’ll know how to get the most out of passkeys so you can sign in to online accounts and protect your data fuss-free.ContentsWhat are passkeys?What you need to save and sign in with passkeys using 1PasswordHow to find websites and apps that support passkeysHow to create passkeys for your online accountsHow to sign in to an account with a passkeyHow to manage and organize passkeys in 1PasswordHow to share passkeys using 1PasswordGe

Ready to go truly passwordless? Starting today, anyone can join our public beta and create a new 1Password Individual account using a passkey.Choosing this passwordless sign-in method means you don’t have to memorize a 1Password account password or look after a Secret Key. All you need is your passkey, which is both convenient and secure to use.This is a major milestone for 1Password. Earlier this summer, we launched a private beta that allowed a small group of testers to try this new feature with a 1Password test account. A huge thank you to everyone who took part.Today we’re opening up the beta to everyone. A passkey is a fast and secure way of accessing everything stored in your password manager, and makes it even simpler to get things done throughout the day. We can’t wait for you to try it.The ability to unlock 1Password with a passkey is currently for new accounts only. Next year, we’ll make this feature available to anyone with an existing 1Password account.What is a passkey?Not

Personal information stored in business-owned accounts is a risk, especially when it contains vulnerabilities like weak or reused passwords.Separation of work and personal information is critical for companies – and for employees. This is precisely why every 1Password Business implementation includes access to free 1Password Families memberships for employees’ personal use.Employers never have visibility or access to anything stored in a 1Password Individual or Families account – and neither does 1Password.This separation helps foster the ideal security culture: work information in 1Password Business accounts; personal information in 1Password Individual or Families accounts. Aside from security best practices, no one wants to change jobs and lose access to their personal email because the credentials were mistakenly stored in a work account.In July, we released a feature for all 1Password accounts to help keep work and personal information separate right from the start – when you save

Passkeys have been publicly available for roughly a year. Engineered for security and phishing protection, this new form of passwordless authentication is still in the headlines — now under scrutiny.Some in the industry have questioned the longevity of passkey technology; specifically, how vulnerable they might be in a world where quantum computing is the norm. Many are questioning whether passkeys will remain a formidable force for decades or be rendered a liability faster than you can say “asymmetric cryptography.”We feel pretty strongly about passkeys around here, so this topic begs to be explored and I’m thrilled you’re joining us for the journey. We have a jam-packed itinerary today: establishing a few fundamentals, traveling through time (no big deal), and uncovering some missing pieces before we arrive at a conclusion.Are passkeys built to succeed in a world of quantum computing or doomed to fail?Let’s find out.Built to winPasskeys allow you to access your accounts and data with

A crisis has been quietly brewing behind the shiny facade of the latest software and technology. The problem: exposed developer credentials. What started as a slow leak has now become an impossible-to-ignore flood.These leaks, stemming from the accidental exposure of API keys, security tokens, and other credentials in code, have led to a surge in recent security incidents. The technology industry has known about this issue for almost a decade, and there have been countless attempts to solve it.But a recent report by Ars Technica just how severe the issue has become. It reveals that even the most sophisticated and security-conscious engineering organizations are not immune to lapses, indicating that more work needs to be done to reverse the trend.Almost 4,000 leaked secrets discoveredThe Ars Technica story centers on a study by GitGuardian that looked at exposed secrets in just one popular open source repository used by developers. The results provide a rare look into the scale of the p

Virtual meetings are critically important for any company that’s embraced remote or hybrid work.Ensuring these spaces are inclusive not only leads to stronger team morale, but better communication and more innovative outcomes. Ultimately, enabling more perspectives and contributions from your team members will result in better products.But how do you do this? We’re glad you asked. Here at 1Password, creating an inclusive culture is a big part of how we do our work. Our team has accomplished a lot this year, which couldn’t have been possible without fostering an environment where everyone’s voice can be heard.Employees at 1Password are encouraged to think about and use the following principles during their meetings:Take space and make spaceEmbrace discomfortOne voice at at timeAs a team that’s been remote-first since day one, we’re no stranger to searching for the best ways to work together online. Here are some tips we’ve gathered about creating inclusive, effective virtual meetings.Pr

Hollywood would have us believe that an airplane can be hacked by a tech-savvy passenger. But can they really? Ethical hacker Ken Munro decided to dig into airplane security and answer some common movie questions, like ‘what can a hacker do from seat 23A?’Ken Munro’s company, Pen Test Partners, does cybersecurity consulting and testing for a variety of industries and organizations – everything from banking apps to railway infrastructure. The team of ethical hackers saw an opportunity to pen(etration) test some decommissioned airplanes while passing by a plane graveyard.Michael “Roo” Fey, Head of User Lifecycle & Growth at 1Password, spoke with Munro on the Random But Memorable podcast to separate the movie myths from the real airplane threats. Read on for the interview highlights or listen to the full podcast episode.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Passwor

As the Chief Financial Officer of 1Password, I’d love to share how 1Password the product empowers my Finance team to be at its best. We work in an uncertain financial environment and strive for efficiency and prioritization, just like everyone else.From the Verizon Data Breach Investigations Report (DBIR), we know that stolen login credentials are the most common pathway for breaches. This is especially true in our remote-first, hybrid working world where employees bring their own devices and sometimes use unauthorized software and online services. As a result, the potential impact of Shadow IT increases.To quote Alex Stamos, former Chief Security Officer at Facebook:“The number one reason people’s privacy is violated massively is that they reuse passwords everywhere. You do not want to have a contagion effect where somebody [reuses a stolen credential] to take over your email and take bank account(s)" - Collision, 202175% of data breaches begin from compromised login credentials, and

What do you need to become a successful bug bounty hunter? Most importantly: a hoodie. But qualities like professionalism, a growth mindset, and good communication skills count, too.Katie Paxton-Fear never thought she’d become an expert in cybersecurity yet she now teaches the subject at Manchester Metropolitan University. She’s also the creator of InsiderPhD, a Youtube channel where she shares her adventures and expertise with other aspiring ethical hackers.Paxton-Fear joined Michael “Roo” Fey, Head of User Lifecycle & Growth at 1Password, on the Random but Memorable podcast to share some of her most fascinating vulnerability discoveries, how she got into the field, and her advice for anyone interested in joining the bug hunting ranks. Read the interview highlights here, or listen to the full podcast episode.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.Michae

You’ve probably heard of a few password management options, like 1Password (👋), Dashlane, and LastPass – but what do they all do?We’ve all dealt with the pains of password management, but there’s a lot more to it. Whether it’s repeatedly resetting passwords, searching for your wallet every time you want to make an online purchase, or struggling to securely share passwords, we need digital life management, too – and that’s where a password manager comes in.So, let’s take a deeper look at what password managers are, how they work, if they’re safe, and everything else you may need to know.What is a password manager?Simply put, password managers are apps that can generate and store all the passwords for your online accounts in one secure place.The passwords are stored securely and, using autofill, can be automatically entered on websites and apps when you need to log in. It creates and remembers strong, unique passwords – and you don’t have to type out or memorize them, saving you from ha...

Technology and cybersecurity changes so fast. But when businesses fail to put basic protections and processes in place, who’s to blame? Graham Cluley – writer, blogger, and host of the Smashing Security podcast – shares his 30-year perspective on this question, and what’s going on in cybersecurity today.He joins 1Password’s Matt Davey on the Random But Memorable podcast to talk about trends that come and go, the buzzwords that drive him crazy, why machine learning is yesterday’s news, and why we shouldn’t put all the blame for successful hacks on new technology like deepfakes.Read the interview below or listen to the full podcast for (buzzword alert!) Cluley’s “VORIWGM”: voice of reason in a world gone mad.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.Matt Davey: You’ve spent many years writing about security. How has the cybersecurity landscape changed since y

For many people, trying to remember all their passwords is a lost cause.But clicking “forgot password” to do yet another password reset and coming up with yet another permutation of your pet’s name is a colossal waste of time – not to mention a poor approach to protecting your most important information.Password managers offer an escape from sticky notes and password spreadsheets by giving you an easy way to create, store, and use secure passwords wherever you need them.The risks of not storing your passwords securelyYou’ve likely heard about the importance of good password management – using strong passwords that you keep safe – many times over the years. While the obvious risk of improperly storing passwords means that someone other than you can get your password and into your account, the inconvenience, and more importantly, the dangers, can be more far-reaching than you’d think. Here are just a few examples:When you use the same, easy-to-remember password everywhere, a hacker only

Major incidents like cyber attacks, terrorism, and pandemics are likely in the making right now but it doesn’t mean they’re inevitable. Learning from past incidents, asking the hard ‘what ifs’, and helping businesses build organizational resilience is always top of mind for security leader Sarah Armstrong-Smith.Chief Security Advisor at Microsoft and author of the book Effective Crisis Management, Armstrong-Smith has more than 25 years of experience working on the strategic, tactical, and operational response to major incidents and crises.Read her interview from Random but Memorable (or listen to the full podcast episode) to learn why security is actually a business problem, how leaders can build an effective security culture and the costs that companies bear if they don’t prepare and protect themselves.Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.Matt Davey:

Whether you’re in the market for a new password manager or looking to try a password management platform for the first time, you’ve likely come across both 1Password and Dashlane in your research.To help you decide which app is best for you, we’re comparing pricing, features, security, and functionality across both password managers.1PasswordPricing and choosing the right subscriptionYou can use 1Password to protect your most sensitive personal information for $2.99 per month. With 1Password Families, you can extend that protection to four more family members for only $4.99 per month. Additional family members or loved ones can be added for $1 per user per month.For businesses, 1Password offers three different options depending on your needs:1Password Teams accounts secure up to 10 team members for $19.95 per month, and comes with selective sharing and the ability to identify threats with built-in risk detection.1Password Business accounts include features like integration with identit

Not all hackers are bad. A subset known as white hat hackers, or ethical hackers, use their knowledge and skills for good, testing companies' defenses and discovering vulnerabilities for them.And those vulnerabilities can come in many forms! From pizza delivery driver disguises to voice synthesizers to bugged e-cigarettes – some hackers go all out, no matter which side they’re on.To get an insider perspective on what it’s like to be a white hat hacker, we sat down with Jamie Woodruff on the Random but Memorable podcast. Woodruff is currently a chief technology officer and the cyber safety advisor for the Cybersmile Foundation, an organization that helps victims of cyberbullying. He’s an ethical hacker who has reported vulnerabilities to high profile businesses, websites, and social platforms.Read the interview below (or listen to the podcast) to find out more about Woodruff’s unorthodox career path and why he thinks no company in the world is totally secure.Editor’s note: This intervie

We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed.On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.Since then, we’ve been working with Okta to determine the initial vector of compromise. As of late Friday, October 20, we’ve confirmed that this was a result of Okta’s Support System breach.See our internal Okta Incident Report for additional details.Your trust is paramount to us. Our systems and policies were able to identify and terminate this attack, and we are continuously enhancing our security measures to keep you and your data safe.This blog post includes an incident report that was updated on October 25, 2023. We received addition

This October, we’re excited to invite contributions to 1Password for Visual Studio Code.Hacktoberfest is a time where code meets celebration and open source enthusiasts come together to contribute to projects they care about. Personally, I’ve always been a watcher of Hacktoberfest, and I’m excited that this year 1Password is participating in the global event – now in its tenth year!Open source is in our DNA at 1Password. We’ve open-sourced several critical projects like Typeshare, our passkey libraries and 1Password for VS Code. We’re consistently impressed by the community contributions that bring speed and security to developer workflows. In particular, I want to shout out Zachary Cutlip, author of pyonepassword, a Python API to query the 1Password CLI.Also, a collective shout-out to everyone who’s contributed to 1Password Shell Plugins. We’re now more than 40 shell plugins strong, meaning more developers than ever can bring one-touch 1Password access to their favorite CLI.We’re exci

Every October the industry puts together information to share how people and businesses can be safer online. For this blog, we’re focusing on shadow IT – the hardware or software that employees use that isn’t managed by the company’s IT team – and how using a password manager can help.As employees found new ways to work and collaborate amidst the adjustment to hybrid work during the pandemic, the use of shadow IT rose dramatically.In 2021, over 60% of US workers created at least one shadow IT account. – 1Password researchShadow IT can improve employee productivity, but also carries along with it the risk of employees unwittingly introducing security vulnerabilities like unsecured sensitive data. While many employees have started moving back to physical offices at least part of the time, shadow IT is here to stay.Security and IT teams might be tempted to crack down with a zero tolerance policy for shadow IT. Few will follow through, though, because their primary job is to help their bus

If you’re comparing password managers, two names are likely to come up: 1Password and LastPass. So how do you know which is right for you?Let’s look at the similarities and differences between the two password management platforms so you can make an informed decision.1Password featuresSaving and filling passwords in 1Password1Password includes all the features you’d expect from a password manager. You can generate strong passwords with a click, and store all your login credentials in one place. The only password you need to remember – your one password – unlocks 1Password to give you access to every other login credential.With those credentials stored in 1Password, you can automatically fill – or autofill – passwords to log in to a site or service. There’s no need to remember the login information yourself, since 1Password will handle it for you.You’re also not limited to traditional username and password combinations. If you sign in to a site with Google, Apple, or other providers, 1P

Businesses can now automate threat detection for 1Password and their broader work environment with Obsidian Security, a security platform for software as a service (SaaS) tools.Keeping your organization secure online is a never-ending challenge, especially when you have hundreds or thousands of employees. People are great at many things but following ever-changing cybersecurity best practices often isn’t one of them. That’s why 1Password focuses on human-centric security and making sure you don’t have to choose between convenience and security.Even so, people don’t always make the right choices, which is why we’re excited to introduce a new integration by Obsidian Security that can give you extra peace of mind. Obsidian Security provides automated threat detection capabilities for your entire SaaS environment, including 1Password, utilizing advanced machine learning to detect impossible travel, successful logins from unusual locations, spikes in failed login attempts, and more.How does

Generative AI, large language models, and ChatGPT are dominating the headlines and people’s imaginations at the moment. While the incoming AI revolution may have some drawbacks, it also has the power to transform the way we learn, work, and play.Clint Bodungen, author of the upcoming ChatGPT for Cybersecurity Cookbook: Learn practical generative AI recipes to supercharge your cyber skills, joined Matt Davey, Chief Experience Officer at 1Password, on the Random but Memorable podcast to discuss:The different ways ChatGPT can give your business a security edge.How companies can use ChatGPT to improve their security training.Why ChatGPT is the best way to build apps faster.Read the interview below or listen to the full episode on your podcast app of choice.Editor’s note: The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.Listen to episode 113 ›Matt Davey: What will the book cover and who’s it for?Clint Bodungen: I focused on content for those who

Okay, so you’ve just landed an interview at 1Password. It’s natural to feel a bit nervous about what you’ll be asked and what you should say. Here’s our advice: share your experiences from the perspective of our company values.At 1Password, our company values are woven into everything we do. They inform how we show up to work, how we treat our colleagues and customers, and how we connect with our company mission. Through recognition programs such as Bonusly, which lets team members thank each other with redeemable points, and our newly formalized Values Awards, team members are empowered to live our values in ways that feel meaningful to them.Below, we share our best pieces of advice to help you succeed in your interview and embrace our three company values: keep it simple, lead with honesty, and put people first.Keep it simple“Keep it simple” reflects how 1Password employees strive to focus on what’s most important. It prompts us to stay solutions-oriented and communicate with each ot

The moment you’ve been waiting for has finally arrived. Passkey support is now available in 1Password, letting you create, manage, and sign in with passkeys on a growing number of websites and apps.Starting today, you can save and sign in with passkeys using the desktop version of 1Password in the browser, as well as your iOS 17 and iPadOS 17 devices. You can also use 1Password on any device to view, organize, and share your saved passkeys.It’s the most convenient and complete passkey experience.There’s no better time to get started with Google, Nintendo, GitHub, and others turning on capabilities for passkeys this summer.Visit our online passkey directory or open Watchtower in 1Password to discover which of your logins can be upgraded with a passkey.Passkeys are hereNeed a refresher on what passkeys are, and how they work? No problem. Passkeys are the future of account security and how we protect our private data. And they’re here to stay.You can use passkeys to sign in to compatible

Understanding how passkeys fit into the existing landscape of security and authentication is what our ‘versus’ series is all about. The goal of authentication is to verify that the person trying to gain access to a secret (e.g. an account) has permission to access it.In previous posts, we’ve compared passkeys to passwords, magic links, and 2FA and TOTP – now we’re going to dive into single sign-on (SSO).What is SSO?Single sign-on authentication allows users to sign in to accounts using a single identity provider rather than individual credentials for each account. This means people don’t need to remember unique credentials for every account. Instead, they just have to log in to their SSO provider.To learn more about a topic we could discuss for hours, check out our blog post on the differences between SSO and password managers, and why they make a great pair.What are passkeys?Passkeys are the cool new authentication kid on the block. They’re the next serious contender to shift people t

Data. Breach. We see these two words all the time in the news, on social media, and in company emails notifying us that our information might have been affected.(You may have read about one affecting a password manager recently.)Data breaches occur so frequently that it’s easy to tune out or convince yourself they’re not worth paying attention to. “Are these breaches really all that bad?” “Is anything really going to happen if I ignore a breach that might have affected one of my personal accounts?”It’s never been more important to be proactive when you hear about a data breach that affects one of your online accounts. To do this, you don’t need to be a security professional or devour the news every day. You simply need to know the potential impacts of data breaches, and how the right tools can help you quickly and effectively respond to them.What is a data breach?Let’s start with a quick data breach definition. The term refers to any security incident where a criminal gains access to s

1Password Shell Plugins bring one-touch access to programmers' favorite command line interfaces (CLIs). I’ll never get tired of cutting steps from what was once a manual process, especially if we can secure that workflow in the process. And that’s exactly what shell plugins do.As of this writing, 42 Shell Plugins are now available – and the developer community has written 22 of them! Because they’re open source, anyone can write a shell plugin for their favorite CLI. In fact, 1Password Engineer Amanda Crawley created a walkthrough to show you how to build one in less than ten minutes:Let’s explore the latest additions: Cloudflare Workers, Snyk, Pulumi, and Laravel.Cloudflare WorkersCloudflare Workers is your web development superpower. It’s like having a team of speedy mini servers all over the world. Instead of living on a distant server, your code runs on “edge” servers, speeding up your site for visitors. Plus, you control these servers with your own code, written in familiar langua

Why do businesses choose 1Password over other options on the market? We have a few ideas but thought it would be better to ask one of our customers directly.Visma is a European powerhouse that builds software for schools, governments, accounting departments, and more. They often acquire other software companies, which means they’re constantly onboarding new employees and teaching them about their security policies.Vlad Boldura, security manager at Visma, and Daytona Earley, customer success manager at 1Password, joined the Random but Memorable podcast to discuss:Why Visma chose 1Password.How they successfully rolled it out across the organization.The expected, and unexpected impact 1Password has made since implementation.Read the interview below or listen to the full episode on your podcast app of choice.Listen to episode 112 ›Michael “Roo” Fey: Can you tell us about the importance of cybersecurity and credential security at Visma?Vlad Boldura: The focus on security in Visma is top-not

You may have heard that 1Password beta testers can sign into websites using passkeys stored in their vaults. We’re actively developing the internal library powering passkey authentication, and now we’re open-sourcing it!You can use the same passkey crate that powers 1Password’s authenticator to develop a WebAuthn client and/or authenticator. The passkey v0.1.0 crate is an easy access crate that doesn’t implement anything itself. Instead, it re-exports the other crates as modules:passkey-authenticatorpasskey-clientpasskey-transportspasskey-typesWe’re also open-sourcing our public-suffix library, which is based on the one from the Go standard library. Before setting off any language wars, please read the FAQ below for the reasons why.All of these libraries are released at version 0.1 as they are still in relatively heavy development to support Android 14’s new credentials library and Apple’s updated Authentication Services APIs, which will release with iOS 17. We are also planning on add

Account password. Secret Key. These two pieces of information have been the backbone of 1Password’s security model for years. The Secret Key in particular is what makes 1Password fundamentally different to other password managers, and why you can be confident that your data is always safe, even if someone breached our servers.Now, we’re introducing the ability to create and unlock a 1Password account with a passkey. (It’s currently in private beta, and we’re working on a version that’s ready for everyone.) This is a big and exciting change, to put it mildly, that will streamline the experience of using 1Password for many people.But it also raises the question: Does a passkey offer the same level of protection as 1Password’s existing account password and Secret Key combo?The short answer is yes. While the two solutions protect your 1Password account in slightly different ways, they both offer excellent security. So whichever option you choose, you can rest easy knowing your data is well

We’re incredibly excited to introduce labs, a new space in the 1Password apps that lets customers test new experimental features to help influence the future of 1Password.These experimental features will be in the early stage of development, so we can collect valuable feedback from customers like you. You hold the power to enable or disable each of these features, putting you in full control of your 1Password experience.Why are we adding this to 1Password?We have a lot of great ideas that come up from customer feedback, the community forums, and social media. We’d like to explore more of these ideas before committing to bringing a new feature to 1Password. This way we know if we should continue to invest time and energy into a project or, sometimes more importantly, if we should move on to something else that better suits the needs of our customers.Labs lets us share early prototypes and new product explorations to every 1Password customer, so you’ll be able to tell us if we should kee

Policies are getting a new home, making it easier for 1Password Business admins to govern how and where teams use 1Password to help them stay in compliance.Employees don’t want to violate security protocols. When they do, it’s often a result of stress – or simply trying to get things done. The trick is to put the right guardrails in place so employees don’t have to think about protocol. Ideally, they can just go about their work.With the new, dedicated policies page, we’ve brought together all of 1Password’s existing policies, making it easier to manage them and to put the right guardrails in place to help employees stay secure.Going forward, we’re focused on giving you even more flexibility by expanding available policies, and adding more precise controls and granularity so you can configure 1Password to your exact specifications.What are policies?Policies in 1Password are a collection of security and administrative controls you can use to govern how and where your workforce accesses

We all leave a trail of digital breadcrumbs from our adventures in the online world. They might seem harmless but these breadcrumbs can lead others to a digital treasure trove of your personal information.The websites you visit should respect your privacy and security – but that’s often not the case. That means it’s up to you, the individual, to take steps to cover your digital tracks.So what should we be doing? Theresa Payton, the first female White House Chief Information Officer and CEO of security consulting company Fortalice Solutions, has a few ideas. She joined Matt Davey on the Random but Memorable podcast to share some simple, practical, and fast steps you can take to minimize your digital footprint.Listen to episode 111 ›Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.Matt Davey: Could you explain what a digital footprint is and why individuals should b

1Password will be in Las Vegas for the annual Black Hat USA conference. Will we see you there?Black Hat USA is an internationally recognized cybersecurity event series providing the most technical and relevant InfoSec research. The global security community congregates at the conference for the latest cutting-edge research, developments, and trends.This year, we’re thrilled to be sponsoring the event, hosting our own booth, and running a session on passkeys.Here’s a quick rundown of everything we’ll be up to:Stop by the 1Password boothIf you’re attending Black Hat USA, come by booth 2816 any time and say hi! Come chat with our team about all things cybersecurity, enterprise solutions, developer tools, and passwordless. You’ll find out why over 100,000 businesses trust 1Password with their security and get to leave with a smile.Plus, you can come grab a free drink and see 1Password in action with a live demo during the scheduled booth crawl.Black Hat Booth CrawlAugust 9, 4:00 – 5:00 PM

Here’s an existential question: is technology always the answer? Or are there other ways to solve our biggest problems?Author Scott J. Shapiro explores this debate in a book called Fancy Bear Goes Phishing, The Dark History of the Information Age in Five Extraordinary Hacks, which breaks down how some of the most fascinating cybercrimes were committed and what we can learn from them. Matt Davey, Chief Experience Officer at 1Password, spoke with Shapiro on the Random but Memorable podcast about when it makes sense to use technology to solve a problem like cybersecurity – and when it doesn’t.Hint: The answer has to do with “upcode” and “downcode” and lawyers being programmers – sort of. Read the interview below or listen to the full podcast episode to get Shapiro’s perspective on why fixing cybersecurity will involve rewiring more than just our technology.Listen to episode 107 ›Matt Davey: Can you give us a bit of background on you and why you decided to write this book?Scott J. Shapiro:

I remember my first hackathon. I was a junior developer at a civil engineering firm in Portland. I built a learning platform for employees to learn internal policies and procedures. It was a project that moved fast because we had a deadline - and my partner and I had so much fun.All of which is to say, this year’s 1Password Hackathon came with a heavy dose of nostalgia. Everyone obviously had a lot of fun – and I’m blown away by the ingenuity of the submissions.Some of you submitted entries to secure daily workflows (in true 1Password fashion!). Some built fun games, including one to help us all strengthen our passwords. Others built integrations that extend passkeys to new integrations and frameworks.In short, we saw a whirlwind of innovation, collaboration, and groundbreaking submissions.The 1Password Hackathon prizesA quick recap on the hackathon itself. Hackathon participants competed for $10,000 in prize money across five different categories, including:Innovation Award: Goes to t

We’re thrilled to share that we’ve partnered with Datadog to give you greater visibility into the security posture of your business, all from one central location!Starting now, your team can view 1Password security reporting in Datadog to easily monitor potential risks and investigate security issues while spending less time jumping between dashboards.Integrating with Datadog is simple and secure, and will give you and your team everything you need to monitor the security health of your business. Datadog customers can connect their 1Password Business account in minutes and use pre-built rules from Datadog to start monitoring for security events right away.1Password’s Events APIThe 1Password Events API lets you stream 1Password events to your SIEM (security information and event management) tool. These 1Password events can then be incorporated into things like custom dashboards, alerts, visualizations, and search to give you a deeper understanding of how your team uses 1Password.1Passwo

Have you ever wondered what it’s like to work at 1Password? Or wanted to know the career paths that other people followed before taking a job here? You’re not alone!In this blog series, we’re sharing what it’s really like to work at 1Password. To do this, we sat down and talked to team members from across our more than 900-strong organization, including engineering, human resources, and customer support. You’ll learn about the journeys that each person took to 1Password, as well as their their current role and day-to-day responsibilities.Today, we’re chatting with Allie Weiner, who leads our Account Management (mid-market) team at 1Password!Why did you join 1Password, and how did you end up here?Back in October 2020 I was searching for my next role. A former colleague (and now friend of mine!) had just joined 1Password and had nothing but brilliant things to say about the organization and the direction it was heading in.A former colleague had just joined 1Password and had nothing but b

We’ve compared passkeys to passwords and magic links, and recently explored two-factor authentication (2FA) and time-based one-time passwords (TOTP). We think this calls for a passkey and 2FA face-off, don’t you?Passkeys are the hot topic right now. This form of passwordless authentication allows you to sign in to websites and apps (that support passkey authentication) without a typical plaintext password. You authenticate with your biometric information or device passcode, and everything else happens behind the scenes, like that.Two-factor authentication requires two separate and distinct factors — it’s not merely the step of entering a TOTP that creates true 2FA. Let’s say you store your passwords digitally — in a first-rate password manager, for example. If you want the protection of true 2FA, your one-time passwords need to come from a different device than the one that holds your account passwords.So, passkeys or traditional 2FA? Let’s look at the differences between them, and wha

We recently shared that we’ll soon be rolling out a privacy-preserving telemetry system that will help us improve 1Password by leveraging aggregated, de-identified usage data. Here we’ll share technical details about how this system works and the steps we’ve taken to protect customer privacy while engaging with the resulting data.Our goal is to understand more about how our growing customer base – not specific individuals – are using 1Password. Our intent is to pinpoint where and how we need to improve our products by studying and drawing insights from aggregate usage patterns.While this is our goal, we are also 100% committed to our privacy and security standards and our technical architecture is designed to align with our core privacy principles:The passwords, credit card numbers, URLs, and other data that you save in your 1Password vaults is end-to-end encrypted using secrets that only you know. 1Password’s zero-knowledge architecture will remain unchanged. Our telemetry system cann

1Password’s summer of passkey announcements continues!Earlier this year, we said “goodbye passwords” and shared that we’re going all-in on passkeys: a simpler and more secure alternative to passwords.Since then, we’ve been hard at work bringing passkey support to 1Password. You can already create and use passkeys to sign in to online accounts with the public beta versions of 1Password in the browser. Plus, you can also use the 1Password desktop and mobile apps to view, organize, share, and delete passkeys saved via the browser.But you might remember we promised something else too: the ability to unlock a 1Password account with a passkey, rather than a password.Today, we’re delighted to share that we’re launching a private beta that allows a small group of testers to create and unlock a 1Password account with a passkey. This is an important step as we move toward our goal of releasing this capability for everyone later in the year.Learn more about what passkeys are, and how they work, i

It’s human nature: when we do something we’re excited about, we want to share it. So it’s not surprising that cybercriminals and others in the hacker space love an audience. Darknet Diaries, a podcast that delves into the how’s and why’s and implications of incidents of hacking, data breaches, cybercrime and more, has become one way for hackers to tell their stories – whether or not they get caught.Darknet Diaries creator and host Jack Rhysider joined 1Password’s Michael Fey (aka Roo) on the Random but Memorable podcast to chat about some of the fascinating cybercrime stories he’s covered recently. Read highlights from the interview below or listen to the full episode for answers to questions you might never have thought to ask, such as:What nefarious shenanigans are some of today’s hacker teens up to?How can I get someone else to pay for my burrito?What’s a hacker’s version of a microtransaction?Bonus: Find out how Darknet Diaries gets these stories and who wants to take credit for th

We’re delighted to announce that 1Password is now available for download on the Microsoft Store on Windows!Not soft on securityIn 2021, Microsoft unveiled a brand new, redesigned Microsoft Store on Windows, offering apps, games, movies, and TV content.If you’ve been looking to try 1Password and prefer to download and manage all your apps from the Microsoft Store on your Windows device, the wait is over! 1Password is now available to download directly from the Microsoft Store. All content in the Microsoft Store is tested for security, family safety, and device compatibility, so you can feel confident that the 1Password app meets these requirements.Safety at the speed of life1Password keeps you and your loved ones safe online without giving up on convenience – the whole family can create, store, and autofill login credentials whenever and wherever they need to.With intuitive apps and seamless syncing, 1Password puts your data at your fingertips across all your devices. From credit cards

A big part of 1Password’s mission is to make it both easier and safer for you to get things done every day, whether you’re at home or at work.Over the past few months, we’ve been hard at work making improvements to our apps and browser extensions so you can enjoy a faster, more consistent and convenient experience whenever you use 1Password.Watch our video to see what’s new in action, or read on for a rundown of what we’ve been up to.Save new Items to the correct 1Password accountIf you have multiple 1Password accounts, like one for home and one for work, 1Password will now automatically suggest saving it to the correct account based on the email address you use to create the new login. No more mixups!Plus, you’ll now also see a Watchtower alert if a login may have been saved to the wrong account, so it’s easier to fix even if some logins still do get misplaced.Manage accounts directly from the 1Password mobile and desktop appsIf you’re a Family Organizer for a 1Password Families accou

Why should consumers have all the fun (and less friction) using biometrics to stay secure? 1Password offers a suite of tools to help developers work faster and more securely. One of these tools is 1Password Shell Plugins, which enables one-touch access to command-line interfaces (CLIs) in your terminal.Know of a CLI we haven’t built a Shell Plugin for yet? Great news: you can build your own!Many developers have done just that. In a recent episode of our Random but Memorable podcast, host Michael Fey (aka Roo) talked with Kanad Gupta, the creator of the ReadMe Shell Plugin. Read the interview below (or listen to the podcast episode) to learn about Kanad’s experience using 1Password Developer Tools, how he built the ReadMe Shell Plugin – and how you can create one, too.Listen to episode 107 ›Michael Fey: Can you explain what ReadMe is?Kanad Gupta: ReadMe is a small startup. We’re essentially a CMS platform for API-first companies that are trying to build out an interactive developer hub

1Password Business customers can now unlock 1Password with identity providers (IdPs) that support the generic OpenID Connect (OIDC) configuration like Duo, OneLogin, JumpCloud, and others.We announced Unlock with Okta for 1Password Business earlier this year, and Unlock with Azure soon followed. Feedback from 1Password Business customers on those releases has confirmed our expectations: Pairing 1Password with your identity and access management (IAM) infrastructure simplifies adoption and improves auditing, compliance, and reporting workflows.“Everyone is now used to unlocking with Okta, and they definitely love that they don’t need to remember an extra password (anymore).” – David Baverstock, Senior IT Engineer at AirwallexOkta and Azure were our most popular integration requests, so between the two, a sizable portion of 1Password Business customers gained the ability to pair 1Password with their existing identity and access management (IAM) infrastructure.Unlock 1Password with additi

Coming to iOS later this week and available today on macOS, Windows, Linux, and Android, manage invites, guests, and more – all directly from the 1Password app.We’re making it a lot easier to protect and organize you and your loved ones’ online lives. You can now take care of some of the most common administrative tasks right from the 1Password app on your phone or computer instead of signing in to 1Password.com.What’s newManaging your 1Password Families membership just got a lot more accessible no matter where you are. As a Family Organizer, open the 1Password app on any of your devices and navigate to Manage Accounts… from the menu. You can now:Invite people to join your Families accountReady to share passwords with your new love interest or roommate? Quickly send out an invite from the 1Password app to new members or guests. Plus, you can also confirm or reject any new members who are listed under Waiting to be confirmed.Check the progress of account invitationsIf you’re wondering w

Attention developers and DevOps teams! Today we’re excited to announce that 1Password Service Accounts are now generally available to all users. Whether you’re a growing startup, a thriving mid-size company, or a sprawling enterprise, service accounts offer a secure, automated way to access infrastructure secrets exactly where they’re needed.This post will guide you through integrating service accounts with GitHub Actions, one of the leading CI/CD platforms, to secure your secrets within your pipelines. We also offer pre-built integrations for CircleCI and Jenkins.Managing secrets in shared environments is challengingWe all know that secrets management can be tough, especially in shared environments. With the stakes so high, it’s essential to keep secrets secure and ensure they don’t end up in the wrong place, like logs or code repositories.With service accounts and the CLI, you can encrypt all of your secrets in 1Password and grant applications programmatic access, with the ability to

Less than six months ago, artificial intelligence (AI) was largely considered to be in its infancy and primarily used for niche applications, like editing photos and keeping your home at a comfortable temperature. But that’s all changed. Since OpenAI introduced GPT-3.5 in November 2022, the possibilities of generative AI have come to dominate the popular imagination.And with good reason: ChatGPT-4 not only outperforms 90% of law students taking the bar exam, it also ranks highly for dozens of specialized tests ranging from economics to writing. Over the last few weeks, you’ve probably seen convincing images of famous people, heard catchy songs by popular artists, and read articles all completely generated by AI models.Excited by the untapped potential, many developers are jumping in and building new apps that integrate with OpenAI. Unfortunately, in their enthusiasm to create and share, many of these developers are accidentally giving attackers the opportunity to rack up thousands of d

We introduced support for time-based one-time passwords (TOTP) way back in the dark ages of 2015.The addition of TOTP storage lets you use 1Password as an authenticator for websites that support two-factor authentication (2FA). As 2FA became increasingly common, even required in many cases, people started to question the safety and security of using 1Password to store TOTP instead of an authenticator app that exists solely for that purpose.It remains a fairly common question — and a great one.The short answer is that storing your TOTP in 1Password is safe. It’s also faster and more convenient than using a separate, dedicated app.The rest of this article is the nuanced (and far less brief) answer. It addresses what dedicated authenticator apps provide (and don’t provide), and how you can 2FA the right way. 1A little two-stepLet’s create a (theoretical) account to illustrate the authentication process – and it is a process – then dive into those infamous factors and what we need from the

Back in March, we shared our plan to develop a privacy-preserving telemetry system that will help us build an even better 1Password. The goal was simple: to better understand how people are using 1Password, where they’re getting stuck, and which updates we should be focusing on first.Since that announcement, we’ve been testing our telemetry system internally with 1Password employees before rolling it out to anyone else. We wanted to be certain that our system, which collects small amounts of in-app usage data, could deliver valuable insights while staying true to our privacy principles.After months of development and refinement, we’re now confident we can deploy this system in a way that helps us build a better 1Password without compromising on our commitment to protect your privacy.Later this summer, you’ll see the option to participate in our telemetry system and help improve 1Password. You don’t need to take any action right now, and we won’t collect any usage data without your awar

It’s that time of year again. Summer? Yes … but no. Vacation? No. It’s WWDC, Apple’s World Wide Developer Conference! Each year, the company uses this event to give us a sneak peak at some of the new software headed to Apple’s devices, and sometimes new devices themselves!While one new product definitely stole the show this year, there was a lot more to take in and plenty that could benefit 1Password in the near future! So let’s get into what caught our team’s attention, and how we’re thinking about some of Apple’s most important announcements.Vision ProWow, nobody — okay, almost everybody — saw this coming. But Apple’s first spatial computer exceeded our expectations. The device is packed with impressive hardware, including two micro-OLED displays with 23 million collective pixels, an M2 processor, and an all-new R1 chip.The Vision Pro could be the future of personal computing. We’re excited about this new platform, and how 1Password could play a part in it. Our team is anxiously awai

We’re proud to announce that 1Password has been selected as one of 30 companies in the prestigious Enterprise Tech 30 list for 2023.What’s the Enterprise Tech 30?Now in its fifth year, the Enterprise Tech 30 showcases the most promising private companies in the enterprise technology space. The 30 chosen companies are split into three groups that reflect their size and the level of investment they’ve attracted to date: early, mid, and late stage.1Password made the Enterprise Tech 30 list for the first time this year. We came eighth in the late-stage group, which features other amazing organizations like Rippling, Canva, and Notion. And when all 30 companies are sorted by industry, we rank number one in the security category.We’re honored to be recognized for our impact in the enterprise space and proud to play a part in helping organizations secure their data.Read the report to see the full list of companies that were chosen for the Enterprise Tech 30 this year. You’ll also learn about

Pride month can be a time full of joy and is a great reminder of so much progress and so many people to be thankful for – but it’s also a reminder that the fight for 2SLGBTQIA+ rights is far from over.While our community has faced ongoing prejudice, we’ve recently seen a significant increase in hatred, discrimination, and transphobia. With uncertainty, fear, and anti-2SLGBTQIA+ legislation on the rise, it’s a particularly important time to advocate for the community, whether you’re a member or an ally.We believe that safety and security are basic human rights. These rights extend to everyone, and we can all play a part in making sure they’re protected all year round.Here’s some of what 1Password is doing to fight for equality and inclusion.Pride month initiativesWe’re always focused on finding ways to support our 2SLGBTQIA+ team members and the community in tangible, effective ways, and we encourage other businesses who publicly support the 2SLGBTQIA+ community to commit to doing the s

We’re always captivated by WWDC, Apple’s annual developer conference, and the announcements shared during its keynotes and various breakout sessions. This year’s conference was particularly exciting because Apple unveiled a new passkey API that will be implemented in iOS 17. The API will enable password managers like 1Password to create and use passkeys inside any native app that has added passkey support, including Safari.We’re thrilled about this announcement.If you need a quick refresher: passkeys are a new kind of login credential that entirely replaces passwords. Passkeys don’t need to be memorized, there’s no such thing as a “weak” passkey, and they can’t be stolen in a data breach. These passwordless login credentials also speed up the process of signing in to your online accounts. Research by Google shows that signing in with a password takes twice as long as a passkey login.Apple’s newly announced API will make passkeys even more useful and seamless to use on iPhones. Our deve

Last year, we joined the FIDO Alliance and committed to building safer, simpler, and faster login solutions for everyone. Today, we’re taking a major step forward and announcing that passkey support has started to arrive in 1Password. Using the public beta versions of 1Password in the browser, you can now save and sign in to online accounts with passkeys.Our beta extensions cover the following browsers:Chrome (macOS, Windows, and Linux)Firefox (macOS, Windows, and Linux)Edge (macOS, Windows, and Linux)Brave (macOS, Windows, and Linux)Safari (macOS)1Password for Mac, iOS, Windows, Android, and Linux have also been updated so you can view, edit, move, share, and delete any passkey you’ve created using 1Password.If you need a quick refresher: passkeys are a new kind of login credential that entirely replaces passwords. Passkeys don’t need to be memorized, there’s no such thing as a “weak” passkey, and they can’t be stolen in a data breach. These passwordless login credentials also speed u

We love hackathons. In fact, that’s where the idea for 1Password came from – with all-night coding sessions that demanded credentials throughout the process.Hackathons are high-energy, creative marathons that serve as a playground for innovation and collaboration, and often result in exciting projects that are a joy to deliver. That’s why we’re excited to announce the first virtual 1Password Hackathon hosted by Hashnode.Taking place June 1st through June 30th, participants will compete for a chance to win $10,000 in cash prizes by building with 1Password Developer Tools and Passage by 1Password.As much fun as in-person hackathons are, we’re also big fans of virtual ones that are global in scope and inclusive of all skill levels. If you’re a developer looking to sharpen your skills, network with like-minded individuals, and craft something extraordinary, the Hashnode Hackathon should be on your list. There are 10,000 reasons why – and utilizing 1Password Developer Tools and Passage can

The term ‘passwordless’ is easy to wrap your head around (no passwords!) but is often used as an umbrella term that includes passkeys and magic links sent via email or text message.That often leads to the question: “Are passkeys and magic links the same?”The short answer is no. While they both serve as a replacement for passwords, the experience of using them, and how they work behind the scenes, is quite different.Here, we’re going to explain what passkeys and magic links are, how they differ, and why more developers are working to include both options on their websites and apps.What are passkeys?Passkeys allow you to create online accounts and sign in to them without entering a password, copying a one-time code, or clicking on a special link sent to your inbox.Instead, you just:Confirm your authenticator (in the context of passkeys, this could be your phone, tablet, or PC.)Authenticate with biometrics or your device password when prompted.Behind the scenes, passkeys use public and pr

Toward the end of last year, Passage joined 1Password to bring passwordless authentication to everyone. Now, we’re ready to introduce you to Passage by 1Password: the fastest and most secure way for developers and businesses to add passkey support to their products.According to a FIDO Alliance survey, 58% of consumers in the U.S. have abandoned purchases due to the difficulty of managing passwords. Creating a secure, frictionless sign-in experience will benefit both your customers and your business – they get a smoother login process, and you get happy customers less likely to abandon their purchases.Recent research from Google shows that users are four times more successful logging in when they authenticate through passkeys rather than passwords. This means businesses who implement passkey support could gain a competitive advantage by making it easier for customers to log in.The problem? Adding a passwordless login experience to your website or app can be complicated.That’s where Pass

Artificial intelligence (AI) made a larger-than-usual splash recently when word broke of an AI-powered password cracker. I have a bit of AI fatigue, but these stories immediately grabbed my attention — they had me at “passwords.”If you saw the same headlines and plan to run for the off-the-grid hills — wait. Many of the articles fail to tell the whole truth.AI absolutely can be used to crack a password. And, no, you shouldn’t worry about it.I’ll explore the whole truth (and nothing but the truth), and reveal what needs to happen before AI password cracking can truly become new news.Old news happening to new peopleThe password cracker mentioned in the recent spate of articles was introduced nearly six years ago in September 2017. But the headlines at the time were dominated by other news so the deep-learning technology didn’t earn much attention.I’ll summarize the research to save you a deep dive into an academic paper: The tool was marginally successful but never came close to the accu

May is a particularly special time for the AAPI (Asian American and Pacific Islander) community. The annual celebration of AAPI Heritage Month is a time to honour the histories, cultures, and contributions of AAPI people, as well as draw attention to some of the challenges that the community faces today.It’s important to recognize that within the AAPI community, there is no one-size-fits-all experience. Each group within the community has its own unique history and culture. Here at 1Password, we’re honouring these multifaceted stories by embracing the unifying theme of “The Immigrant Experience”. Our goal is to amplify the voices and lived experiences of immigrants and children of immigrant parents. It’s a reflection of the conversations being had within our virtual walls, and beyond.With this in mind, we asked members of our AAPI community for some pieces of advice they would give to their younger selves. Here’s what they shared…Dave Chen, Senior Director, Research & InsightsAlways ha

Students can now get a free year of 1Password with the GitHub Student Developer Pack to jump-start their careers in software development.Once upon a time, I was a computer science student who depended on getting access to academic versions of software development tools for my courses. When Microsoft released Visual Studio Academic, I was excited that I could finally advance my skills without paying thousands of dollars for the suite.Today, things are a bit different. Code development, testing, and deployment require a host of cloud-based tools and platforms such as Amazon AWS, Azure, and others. If you’re learning software development, costs can rack up quickly as you pay for dozens of subscriptions and credits. That’s why we’re excited to partner with GitHub, to help students jump-start their adventure in software development.1Password in the GitHub Student Developer PackAs of today, through our partnership with GitHub Education and the GitHub Student Developer Pack, all students veri

Earlier today, Google announced that you can now create and use a passkey to secure your personal Google account. This support is an important step toward the widespread adoption of a simpler, more secure alternative to passwords.You might be wondering: Okay, but what does that have to do with 1Password?We’ve been working hard to bring you the ability to create, store, manage, and use passkeys in 1Password – just like you do with passwords today. Beginning in June, this will mean easy access to all your logins across all your devices, no matter what kind of credential is under the hood.Here’s a sneak peek of how passkeys are going to work in 1Password:Google & 1PasswordWe’re delighted that Google is supporting passkeys. There are a handful of critical services on the web that will drive passkey adoption, and Google is right at the top of that list.Google’s announcement will help more people discover passkeys, and encourage other companies to add passkey support to their websites and ap

On April 27th, between 9:03 PM and 9:26 PM ET, 1Password experienced a brief service outage. This was not a security incident, and customer data was not affected in any way.After completing a planned maintenance, our service received an unexpected spike in sync requests from client devices to the servers. During the outage, users erroneously received a message indicating that their Secret Key or password had changed.Our mission is to help people safeguard their most important information. 1Password is designed to protect your information, with local copies of vault data always available on your devices – even without a connection to the 1Password service or the internet itself. As a result, your passwords and other vault items remain safe and sound.We’re deeply sorry for any inconvenience this outage may have caused and appreciate your patience during our investigation. Service has been fully restored, and we can now share further details about what happened and how we’re working to av

Few disciplines change as quickly and continually as cybersecurity. For many CISOs, the pace of change and learning opportunities are what drew them to security in the first place. But it’s also hard to keep up with.That’s why we teamed up with Troy Hunt, web security consultant and creator of Have I Been Pwned, on a YouTube series called Hello CISO. In each episode, Hunt breaks down some of today’s biggest security challenges, and the approach you should take to combat them as a modern CISO.“The responsibilities of the modern CISO are expanding as digital infrastructure grows more complex. It’s no longer feasible to protect against every single threat, so you have to think more strategically. We need to work smarter, not harder – and that’s what I want to explore in this series." – Troy Hunt, web security consultant and creator of Have I Been PwnedThe last episode in the series was recently published on YouTube, so what better time to sit down and binge watch them all? You can browse

RSA Conference is here! It’s the security industry’s equivalent of Sundance Film Festival. Or Paris Fashion Week. Or … well, you get the idea.Each year, the security industry flocks to the Moscone Center in beautiful San Francisco for three and a half days of keynotes, seminars, networking, and more. This one is special though because … 1Password is attending for the first time!We’re excited to have our own booth, and to be taking part in some of the conference talks. There’s so much to discuss, including how our industry can best support passkeys, a secure and convenient alternative to passwords.(In case you missed it, we’re all in on passkeys!)Here’s a quick rundown of everything we’re doing at the show:Find us on the show floorIf you’re attending RSA Conference, swing by our booth and say hello! You can chat with our team and get an in-depth look at how to administer 1Password, our user experience, and our developer tools. You’ll find us in the North Expo hall, at booth number 5385.

You may have noticed that some things have started to look a little different at 1Password. Over the next few weeks, we’ll continue to roll out new elements of our brand across our website, advertising, social channels, and more. And yes, while we’ve made some visual changes to the way we express our brand, we’re still the same 1Password. The values, goals, and ethos of 1Password are the same today as they were years ago.We’re still the same 1Password that was founded by four friends in Ontario. The same 1Password that’s committed to providing the most secure and easy-to-use password manager. The same 1Password that puts customer safety and satisfaction above everything else. And the same 1Password that will continue to lead and shape the future of authentication.We, like the industry and technology we work with, continue to evolve and advance. In the beginning, we barely acknowledged that what we were building is not only a product, but a brand. In taking the step back to see all that

We’ve used passwords to protect our private data for a very long time. But if you don’t use a password manager, it can be difficult to keep them memorized – especially if you’re using strong, unique passwords for each account.Enter passkeys.Passkeys are a modern alternative to passwords. They make it simpler and more secure to sign in by allowing you to create online accounts you can log into without entering a password. All you need is a trusted device to act as your authenticator, which could be your phone, tablet, or PC. When you go to sign in to an account, your device will prompt you to authenticate using your fingerprint or face for maximum protection, or a secure PIN if biometrics aren’t available.Passwordless technology is positioned to change our lives. If we can get rid of passwords, we can also get rid of the many frustrations that come with them, from resets and phishing to failed logins and wasted time.But how do people feel about a passwordless future? Are they open to it

Life as a university student can get pretty hectic. You’ve got classes to attend, assignments to complete, and notes to memorize ahead of exams. On top of that, you might be juggling a part-time job, extracurricular clubs, and a busy social calendar.Setting up a password manager might not feel like the most important item on your to-do list. But it’s a small investment that can have a large positive impact on your student experience. Here, we’ll explain how 1Password will save you time, keep your accounts secure, and give you peace of mind so that you can focus on graduating with top marks.1. You’ll never forget a password for any of your university accountsMost university courses require you to create a lot of new accounts. You’ll likely have an academic email address, accounts for accessing teacher notes and resources, downloading research papers, and even accessing the school library.Remembering the password for each of these new accounts can be a real pain – especially if they’re a

Humans have used different forms of passwords to guard secrets for centuries. These days, we use strings of characters to access everything from garage doors to digital documents.The average person has over 100 passwords, all of which should be complex, random, and unique — a tall order if you don’t use a password manager like 1Password.We can add more special characters and make them absurdly long (when apps and websites allow us to) but they’re still the same passwords with the same risks. It’s time for passkeys.But what are passkeys and how do they differ from passwords? Can you use passkeys and passwords together? And are passkeys safer than traditional passwords?Let’s find out.On the surfaceWhen you create an account today, you choose a password and enter (or fill) that password when you want to sign in. You’re given access if what you enter matches what you chose when you signed up.Passkeys give the sign-up process a bit of a makeover. You use your biometrics (face or fingerprint

Over a decade ago, the sketch comedy show Portlandia tried to answer a simple question: why do hipsters put birds on everything? Teapots, tote bags, greeting cards, pillows — even toast. When in doubt, put a bird on it.It’s always fun to laugh at silly hipster trends, but UX designers also have quirky habits. Last year, the content design team at 1Password started to notice a lot of “Learn More” links across our product. A few Learn Mores are fine, but a website or app full of them creates accessibility and usability problems.To put all of this in super technical UX language: 1Password might have too many birds in it.The problemLet’s start with accessibility. Screen readers can navigate a page by jumping from link to link. If most of those links say Learn More, it’s impossible to know where they’ll take the user.Too many “Learn More” links can also make it harder to understand new features or change existing settings. Those are issues that every designer wants to avoid. Our goal is to

It’s like a technological thriller come to life. Ransomware entered the global spotlight in 2021 after a number of high-profile cases caught the media’s attention. But long before the growing threat entered the public domain, a small group of individuals started quietly helping thousands of people and businesses get their information back – without paying the ransom.Journalists Renee Dudley and Dan Golden have written about this incredible story in a book called The Ransomware Hunting Team, A Band of Misfits’ Improbable Crusade to Save the World from Cybercrime.We invited the pair onto our Random but Memorable podcast to talk about this remarkable group, and what they’ve both learned about the evolution of ransomware and cybercrime. Read on for the highlights of the interview hosted by Michael Fey (Roo), Head of User Lifecycle & Growth at 1Password, or listen to the entire episode on your favorite podcast player.Listen to episode 102 ›Michael Fey: Can you give us some background on how

Devs, have you ever wished you could quickly and securely automate infrastructure secrets in your apps and development workflows without spinning up additional infrastructure?1Password Service Accounts do exactly that - and today we’re making a public beta available to all 1Password Business customers.Service Accounts are a special type of account that isn’t tied to an individual user. They can be customized to only allow access to specific vaults, and to perform certain actions on those vaults. That adds an additional layer of security and access control for organizations when accessing 1Password programmatically using the CLI. It works by configuring the CLI to use a Service Account access token for authentication, rather than requiring a specific user to authenticate manually.Service Accounts provide a convenient way to automate tasks and streamline development and deployment workflows. You can use them to load secrets into GitHub Actions, or to share and manage infrastructure secre

1Password CLI brings seamless biometric authentication to your favorite terminal-based editor, Neovim.As a full-time Neovim user, the more things I can do without leaving my terminal, the more efficient my development workflow can be. However, command line tools that require authentication can present a potentially big problem: They all have their own ways of storing credentials, often using plaintext files stored on disk. We can mitigate this and keep everything safe and secure in 1Password using 1Password CLI!What is Neovim?Neovim is a flexible text editor that runs in a terminal. It is a modal editor, which means there are several “modes” that are optimized for different types of interactions with the interface. For example, there’s Insert mode for typing text, Visual mode for selecting text, Normal mode for navigating around and manipulating text, and Command mode for running commands.While very basic with the default configuration, it can also be highly customized and endowed with

Here at 1Password, we’re big fans of two-factor authentication (2FA). It adds an extra layer of protection to your online accounts, making it much harder for attackers to break into them.One of the strongest forms of 2FA is a FIDO2/WebAuthn hardware security key, like a YubiKey. That’s a small USB dongle that you plug in to your device, or tap via NFC, to authenticate who you are.We recently introduced the option for 1Password Business admins to enforce this type of 2FA inside their organizations. Once enabled, all team members will be required to use a physical security key when they first sign in on a new device at work.1Password is the only major password manager that gives you the choice to enforce FIDO2/WebAuthn hardware security keys in this way.We understand that the strength of your security matters. That’s why we’re giving you the choice to level up your digital defenses by ensuring your team is using the strongest possible form of 2FA with 1Password.“YubiKeys provide an extra

Almost everyone understands what passwords are, and how they work. But passkeys? That’s a different story.Here at 1Password, we’re excited about passkeys, which let you create online accounts and securely sign in to them without entering a password.But we know it’s early days, and the technology hasn’t gone mainstream (yet!)Many people don’t know what a passkey is, or have heard an explanation that isn’t quite right. Here, we’re going to address some of the most common misconceptions so you can better understand how passkeys work, and use them with total confidence.Misunderstanding: Behind every passkey is a passwordMany of us use biometric authentication to unlock our devices and access our favorite online accounts. But in these scenarios, your biometrics don’t eliminate your password.Passkeys, meanwhile, act as a replacement for traditional passwords.Here’s a quick summary of how passkeys work:Passkeys leverage an API called WebAuthn. Instead of a traditional password, WebAuthn uses

There’s one thing IT and security professionals can never have enough of: visibility. Now, 1Password Business customers can gain even greater visibility into their security posture with the upgraded Events API.The enhanced Events API features full event parity with the 1Password Activity Log, both to expand your field of vision and to support your auditing efforts.What is the 1Password Events API?You can’t protect what you can’t see. With the original Events API, you could stream some 1Password events to your SIEM (Security Information and Event Management) tool.Those 1Password events could then be incorporated into custom dashboards, alerts, visualizations, and search, for example, to give you a deeper understanding of how your team uses 1Password.The Events API makes it easy to correlate and enrich 1Password events data to surface security insights that may require action. Think automated alerts for threat detection, and the ability to visualize 1Password usage.That means you can mon

For 17 years, we’ve prided ourselves on making 1Password a delight to use. But no product is perfect, and when I hear of someone getting stuck, I get curious. How can we fix it? How can we prevent that friction for future customers?Today, we’re taking a step toward being able to better understand those moments by embarking on an internal, employee-only trial of our new in-app telemetry system. And, of course, we’re doing it the 1Password way – making sure it doesn’t compromise on our commitment to protecting your privacy and your data.Here’s a quick summary of what’s happening:1Password is beginning an internal test of our new, privacy-preserving in-app telemetry system. Initially, this functionality will be active only for 1Password employee accounts using the latest beta builds of the app.No customer vault data can be seen or collected. We’re only interested in how people use the app itself, what features and screens they interact with – not what they store in their vaults, what site

Unlock with Okta has been available in public preview since February. Starting today, all 1Password Business customers can sign in to 1Password using Okta instead of their account password – and support for other SSO providers is coming soon.People just aren’t built to juggle all the logins we use for work. IT departments spend so. much. time. on login-related issues that adopting 1Password reduces IT support tickets by 70%. That can save your IT team members 291 hours each every year – a $286,000 efficiency gain.Single Sign-On (SSO) helps, too. SSO can reduce your attack surface, strengthen minimum security requirements, and reduce IT support costs. It’s also a better login experience for workers, giving them a single set of credentials to log in to every service covered by your SSO provider.Now, you can combine 1Password and SSO to enforce stronger authentication policies, improve auditing capabilities, and give employees a simpler sign-in experience.Unlock 1Password with OktaTogethe

What are passkeys? How do they fit into a passwordless future? Why is user experience the key to adoption for passwordless? These are just a few of the questions people have for the FIDO Alliance – an open industry association that wants to reduce the world’s reliance on passwords.Matt Davey, Chief Experience Officer at 1Password, sat down with Andrew Shikiar, Executive Director and CMO at FIDO Alliance, on the Random but Memorable podcast to get answers to these questions and more. Read on for the highlights, or listen to the full interview and subscribe to Random but Memorable on your favorite podcast player.Matt Davey: Can you give us a bit of the background on FIDO Alliance and its core mission?Andrew Shikiar: FIDO Alliance is an open industry body focused on reducing industry reliance on passwords. When FIDO launched, the problem we were really trying to address was a data breach problem. We still seek to address that but the vast majority of data breaches are due to passwords for

Hey Bay Area, we couldn’t be more pumped to announce that 1Password is teaming up with the Golden State Warriors!Anyone can rebound from bad security habits – and partnering with the Dubs brings us one step closer to making online safety a slam dunk for everyone.Why the Golden State Warriors? 🌁We know that passwords and basketball might seem like an odd match at first, but you may have heard that defense wins championships – and defense is 1Password’s specialty, after all. Talk about an MVP.When it comes down to it, sharing the same values and principles as the Warriors made joining forces a pretty easy decision. Whether it’s taking teamwork to the next level, improving our communities, or continuously striving for innovation, 1Password and the Golden State Warriors are truly on the same team.No more jumping through hoops 🏀When your security is at stake, you deserve the best defense and the best offense – and it shouldn’t be complicated. When we’re on your team, we keep it simple. Th...

I’m always amazed at just how quickly the developer community gets things done. Case in point: Just weeks after we launched 1Password Shell Plugins, we’re now 33 plugins strong… 14 of which were built by you, the developer community. 🤯Shell Plugins enable one-touch access to command-line interfaces (CLIs). 1Password embraced an open-source model with Shell Plugins, so anyone can write a Shell Plugin for their most-loved CLI and include them in future releases of the 1Password CLI. Within days of the Shell Plugins announcement, we received half a dozen contributions!We’re thrilled that there are now 33 Shell Plugins spanning AWS, GitHub, Okta, Stripe, Snyk, Tugboat and more!Let’s walk through each Shell Plugin that you can now access through the 1Password CLI.Build and ReleaseArgo CD Shell PluginArgo CD is a declarative, GitOps continuous delivery tool for Kubernetes. We want to give a special thanks to open source contributor Seyed for helping make the Argo CD Shell Plugin happen.Expl...

Over the past 100 episodes we’ve heard Roo say “drop it in here” approximately 98 times, created six random but fun security games, interviewed leaders from around the globe, and asked the world’s greatest philosophical question: are cherries a berry?One of the best parts of producing Random but Memorable has been interviewing so many brilliant security experts. (Second only to hearing from you, our amazing listeners!) We’ve interviewed Twitter royalty @hacks4pancakes (Lesley Carhart), dived into email privacy with Ricardo Signes from Fastmail, and explored how data analysis can uncover insider threats with Distinguished Professor David Bader.The podcast has also given us an outlet to share 1Password tips and tricks, like how to archive items you don’t use often, and how to share items with people who don’t use 1Password.Whether you’ve been listening for the past 100 episodes, or just found us today, we’re excited to share a little more about Random but Memorable, and what you can expe

Have you ever wondered what it’s like to work at 1Password? Or wanted to know the career paths that other people followed before taking a job here? You’re not alone!In this new blog series, we’re sharing what it’s really like to work at 1Password. To do this, we sat down and talked to team members from across our more than 800-strong organization, including engineering, human resources, and customer support. You’ll learn about the journeys that each person took to 1Password, as well as their their current role and day-to-day responsibilities.Today, we’re chatting with Megan Barker, who works as Senior Security Specialist, Documentation at 1Password!What’s your current role, and what are your day-to-day responsibilities?I write security-focused posts for the 1Password blog, create informative (and lighthearted) posts for an internal security group, and edit security-related information for our Content team. I’m also responsible for all security, compliance, and privacy documentation!My

With February upon us, we can all feel the love in the air. But no matter what kind of love you’re celebrating, you and yours deserve a place to keep your secrets safe – from love letters to passwords.1Password makes sharing passwords, logins, credit cards and more a (romantic) walk in the park. And nothing says my partner is off the market quite like matching clothes, jewelry, and password managers. Show off your couple status by helping them switch to 1Password today – we’ll even help you entice them over by crediting the remainder of their invoice with a competitor when they make the move.To make your Valentine’s Day even more safe and sweet, we called in our favorite newspaper columnist, the 1LoveExpert, to answer some questions about love and security. 💝 🔑Dear 1LoveExpert,I need your opinion. Things are getting serious between me and my partner, and I just don’t know if I’m ready. I went to their place for dinner, and we’d just settled in to stream a movie when they said those t...

We’re all in on passkeys, and we’re starting with 1Password.Passkeys are the modern alternative to passwords. They’re easier to use, harder to steal or crack, and built on proven, open standards designed to make logging in to your favorite apps and services faster and more secure.And they couldn’t come at a better time: credential-based attacks are only accelerating. In 2022, it was rare that a month went by without a high-profile social, identity, or security service being breached.Instead of playing whac-a-mole with passwords, why not eliminate that avenue of attack outright? That’s our mission. It’s why we’re at the forefront of passwordless advocacy, and why we’ve committed to adding full support to 1Password for generating, managing, and using passkeys.But there’s still one small gotcha, and it’s right there in our name: “one password.”For passkeys to be the way forward, it’s not enough for them to replace some of your passwords. They have to be able to replace all passwords – inc

So you’ve set yourself up with a password manager and you’re feeling like a cybersecurity wizard – as you should! Flying high, you hop online, ready to effortlessly log in with a single click – but suddenly, it happens.Your go-to browser is still offering to save your passwords, getting in the way of your smooth sailing. Not cool.These prompts can turn from mild inconveniences to major annoyances fast, so it’s best to turn them off as soon as possible. Struggling to find the right option or toggle to disable your browser’s built-in password manager? Here’s a quick guide for Chrome, Safari, Edge, Brave, and Firefox.Disabling browser password manager promptsFirst, if you haven’t already, make sure to move any passwords you’ve saved in your browser over to your password manager so they’re safely stored and easily accessible. Now you can move on to disabling your browser password manager prompts:Chrome:Launch Chrome.At the top right, select Profile and then Passwords.Turn Offer to save pas

‘Can I trust a password manager that stores my data in the cloud?'It’s a good question to ask.After all, your passwords, credit cards, and other private information are precious. And when you choose a password manager with cloud-based syncing, you’re relying on someone else to watch and guard the server where your data is stored.But to answer the question: Yes, you can trust 1Password, which uses the cloud to keep your data in sync across your devices.Our systems are designed so that your data would remain safe even if an attacker gained access to our servers.Here’s how it works.What would happen if 1Password’s servers were breachedThe data you store in 1Password is always kept fully encrypted on our servers. And when we say “data”, we mean everything, including the names of your vaults, and the website URLs associated with each saved password.If an attacker somehow infiltrated one of our servers, the best they could hope to find is reams and reams of scrambled information. All of this

Recent breaches at Uber and Slack highlight the risks of storing secrets in plaintext on disk. But that’s just the way it works, right?1. Your daily git pull is as easy as scanning your fingerprintWith our SSH Agent we’ve made your morning git pull as easy and secure as unlocking 1Password – only a scan of your fingerprint required! New keys can be generated in 1Password and synced with Git clients in seconds, then used without the private key ever leaving 1Password. You can use the SSH agent not only for authenticating Git in your daily work, but also to SSH into remote machines. Plus, when you work from other devices, you can take all your keys with you.2. Shell plugins make the magic happen with all your CLIsWhy should the magic stop at Git? Shell Plugins allow you to authenticate with biometrics to all the CLIs you know and love, saving you from unnecessary typing or storing keys in plain text on your disk. Not only do we have over two dozen CLIs currently supported, but you can al

Starting today, 1Password Teams and Business customers have access to a new, streamlined Admin Dashboard. The new dashboard is your home for reporting, Insights, Travel Mode, and user management.The current 1Password admin homepage and dashboard have joined forces to give you a single, more helpful homepage experience. The new dashboard brings the 1Password Business features you rely on together into one well-organized, easily accessible place.What’s newBringing together high-level details about your business and quick-access links to useful features, the Admin Dashboard will give you a comprehensive overview of your account, team, and security posture.All the 1Password Teams and Business features and functionality you know and love will remain the same, but you’ll now have a more accessible and efficient experience in one central location.Find actionable information and potential risks through InsightsYou can now access Insights directly from the Admin Dashboard so you won’t miss a th

The difference between good and great software isn’t flashy features: it’s the feeling of using a tool that just works. With this in mind, our team recently decided to press pause, roll up our collective sleeves, and spend some quality time improving the fundamentals of 1Password 8.First, we collected all the feedback you’ve been sharing on our forum and on social media, in various app store reviews, and through conversations with our team. We then turned these requests into a to-do list and tasked ourselves with bringing as many of them to life as possible.Below is a sneak peek at what we’ve been working on. (If you’re an iPhone user, there’s a lot to be excited about.) All of these improvements are either live right now, or coming in the near future. We can’t wait for you to try them.Reorder fields and sections inside itemsiOS: Available nowAndroid: Available nowDesktop: Available nowEvery item can contain multiple fields and sections. But what if you want to re-order those different

Allow me to tell you a brief story — a story in which you (yes, you) are the protagonist.You signed up for 1Password, opened the app, and noticed there were items in your newly created vault. You revealed the item fields to find your Secret Key and account password.You didn’t create the item and know 1Password doesn’t have your credentials; you understandably wonder what happened — and how.Sound familiar? You’re in the right place. In this article, I answer those very legitimate questions, in order, for bonus points, and address a couple others that may be lingering in the back of your mind.Let’s start at the beginning.Here’s what happenedThe 1Password sign-up process consists of many technical and mathematical complexities. Among them is the code that triggers the creation of an Identity item and a Login item1 on your device.You’ll find the fields empty in the Identity item — they’re left for you to complete. Add your name, address, phone number, email address, and any other personal

When I joined 1Password at the beginning of 2022, I immediately recognized the value that the company places on its employees, its customers, and its community.With the support of our employees, we are fortunate to be able to give back and support important initiatives around the world.Our employee survey this year showed that over 80% of employees agreed 1Password is taking action to address issues of fairness, diversity, equity, and inclusion. Alongside our employees, we’re proud to support a range of important causes around the world. We know there is more to do, but we are truly excited to continue building on the partnerships we’ve built.Here are some of the ways we worked to make a difference this year.Standing with Ukraine 🇺🇦1Password stands with the brave citizens and leaders of Ukraine who are defending their homes and values. Earlier this year, we showed our support in a few different ways: pledging to match employee donations up to $50,000 USD, and standing with other Cana...

Recently, we announced that 1Password Business customers will soon be able to unlock 1Password with Okta.Since then, we’ve spoken with many of you who are eager for more of the technical details – and we’re happy to oblige! We love a good deep dive, so let’s talk about some of the thinking behind our approach.In this article, we’ll pull back the curtain a bit on the technical foundations of Unlock with SSO. We’ll touch on why it’s a tricky problem and how we engineered a solution that lives up to the 1Password promise – including how we ensured that no one but you can access the data in your vaults. Finally, we’ll share some notes on what Unlock with SSO means for the security of your 1Password account, and what the future holds.SSO and a decryption problemMost web services “just” need to solve authentication and authorization problems – ie. determining whether a user is who they say they are, and whether they should have access to a resource. For these kinds of services, SSO is an ide

Here at 1Password, we’re lucky enough to work with students throughout the year on our goal of creating a safer, simpler digital future for everyone.Roughly 15-20 Canadian university students join us each semester to spend four months as a member of our engineering and technical teams. Each student is given an opportunity to work on important projects, as well as develop relationships with senior members of their teams.We’re big on learning and development, and we believe that co-op programs not only benefit students but our full-time team members as well. Students have fresh perspectives that help us see things differently, and we all benefit from their enthusiasm and excitement for learning new skills.We asked three of our internship students what their experience at 1Password has been like, and what they’ll take with them when they go.Andrew SemchismDeveloper Intern, Full StackUniversity of WaterlooWhat made you choose 1Password for your internship?I chose 1Password because of its e

A public preview of Unlock with Okta is now available.We’re pleased to announce that a public preview of Unlock with Okta is now available for all 1Password Business customers. This allows admins to set up their 1Password account so that team members sign in to 1Password with their Okta username and password, rather than their account password and Secret Key.How did we get here?A few years ago, unlocking 1Password with SSO began to come up more and more in conversations with our customers. While the value and benefits were clear, we didn’t pursue this feature because at the time we didn’t have a way to build it that met our stringent security standards. Unlocking with SSO has its own risk considerations that differ from 1Password’s traditional unlock model, and we wanted to make sure our solution was truly secure.After many months of research and listening to our customers, we’ve engineered a solution with the same careful consideration for our customers' privacy and security as every

Hello everyone,I hope you’re having a wonderful New Year so far. I had lots of fun with friends and family over the holidays and am excited about all the things we have planned for 1Password in 2023.Before looking forward, let’s take a look back at some of the things that I didn’t have a chance to share with you last year.Security is our foundationI love highlighting our security model whenever I get a chance, and with at least one of our competitors being breached recently, I thought now would be a great time to review how we designed 1Password to keep you and your data safe. Always. Even in the event of a breach.We built 1Password with security and privacy as our foundation. You see this in the features we add, the “features” we refuse to add, and how we design those features to always preserve your security and privacy.There’s many aspects to this but given recent events, the star of today’s show is our unique Secret Key and how 1Password uses it to encrypt your data in a fundamenta

How 1Password protects your sensitive data, and why an attack on 1Password would pose no threat to information stored in your vaults.As data breaches become increasingly common and scary headlines hit the news, you may be feeling a bit uneasy. Here’s the good news: if you’re a 1Password customer, there’s nothing you need to do and no reason for you to worry.We’ll explain why below, but if you’re in a hurry you can rest easy knowing that:If you use 1Password, your information is safe. 1Password encrypts your vault data in a fundamentally different way than other password managers. Our dual-key encryption ensures a breach of 1Password’s systems would pose no threat to sensitive information stored in your vaults.1Password encrypts crucial metadata to protect your privacy. In addition to the contents of your vaults, we also encrypt vault names and stored website URLs. Without them, someone who obtains your encrypted vault data would have no way to guess what’s inside – they wouldn’t know i

PDF files have become an essential part of our digital lives. We use them to create and share invoices, reports, contracts, and countless other documents every day.Here, you’ll learn several ways to add password protection to your PDFs. This guide also explains how you can securely store and share your PDF files using a password manager like 1Password.Why protect your PDF files?By default, a PDF file can be opened and viewed by anyone. This is often useful and convenient. For example, if you run a restaurant, you want everyone to be able to visit your website and look at a PDF version of your menu.But PDFs can also be used to record and share private information. You might create one for your company’s next quarterly earnings, or to prove to a mortgage lender that you’re earning enough to buy a home. The best way to keep these types of PDFs secure is by protecting them with a strong password.A quick search online will reveal many websites and apps that promise to add password protectio

The security landscape is always evolving. This can make predicting what’s going to happen next complicated, but no less necessary.Part of our security team’s job is to keep an eye on the security landscape so that we can be flexible as changes need to be made. As part of that, we’ve asked them to share some of their security-related predictions for 2023.1. Passkeys are going to achieve critical mass in 2023People have been talking about the end of passwords for more than a decade at this point, but for once, they might actually be right. With the introduction of passkeys there is now an accessible password replacement option that is strong and secure.Passkeys are digital credentials that let you sign in to apps and websites without using a password. And in 2022, passkeys finally worked their way into mainstream awareness – which is the first step towards reaching mass adoption. Not only do people now know about passkeys – and the passwordless future they promise – but there’s even a p

LastPass, a competitor, recently announced that password hashes were included in an August 2022 breach of their cloud storage.The company’s notice claimed that if users had followed default settings, “it would take millions of years to guess your master password using generally-available password-cracking technology.” That claim is highly misleading. In this article, I’ll explore the LastPass claim and unique 1Password features that protect you — now and in the event of a similar breach.If 1Password were to suffer a similar breach, the attacker would not be able to crack your combination of account password and Secret Key – even if they put every computer on Earth to work on the cracking and ran them for zillions of times the age of the universe.The newsOn December 22nd, LastPass posted an update to their announcement around an August 2022 breach. The update states that encrypted user data “remains secured with 256-bit AES encryption and can only be decrypted with a unique encryption k

Millions of people use Microsoft Excel to record, organize, and analyze important information. If you fall into this group, you may want to password-protect some of your most important spreadsheets and Workbooks.Here, you’ll learn a few different ways to add password protection to your Excel files. We’ll also explain how you can store and share those passwords in a password manager, alongside your account logins and everything else that’s important in your digital life.Keep your important data privateMany Excel spreadsheets contain a lot of sensitive information. If you’re using the software professionally, that could include client contact details, credit card information, social security numbers, or data about your co-workers.Using Excel for school projects, or to keep your personal life organized? You might still have some spreadsheets that you want to keep private. For example, if you’re planning a surprise birthday party for your partner, you don’t want them to find and open the s

With the holidays around the corner, our team is not only whipping up ideas and plans for 2023, but also some delicious holiday creations in their kitchens. For the second year in a row, we asked our team to contribute to an internal cookbook that everyone can draw inspiration from. We welcomed both sweet and savory recipes, as well as any stories about how the recipe came to be a favorite.The cookbook is part of a larger program we call Season of Giving. After a long and exciting year, we want to ensure our teams take the time to give back to their communities, chosen families, and themselves. We’ve been running a number of internal events over in December that focus on everything from mental fitness coaching to laughter yoga (yes, it’s a thing!) Our hope is that by taking a moment to reflect and give back, our teams can head into the holiday season feeling proud of what they’ve done in 2022.In the spirit of the season of giving, here are three of the recipes from our cookbook. We pro

Permacrisis: ‘An extended period of instability and insecurity, especially one resulting from a series of catastrophic events.'We can probably all agree that we’re living in a state of permacrisis right now. After grappling with Covid-19, the world has been rocked by volatile stock markets, record-setting inflation, and the ongoing conflict in Ukraine. No wonder Collins Dictionary chose permacrisis as its word of the year for 2022.Last year, our State of Access report delved into burnout and its impact on cybersecurity in the workplace. This year, we’re exploring how these trends, challenges, and behaviors have evolved in a time defined by permacrisis. To do this, we surveyed 2,000 adults in the U.S. and Canada who are in full-time employment and spend most of their working hours in front of a computer.Here’s what we found:Our key findingsThe permacrisis is causing more stress. One in three employees (32%) told us they’re more stressed than ever before.Non-stop crises are making worker

1Password Shell Plugins brings the security and ease of use of biometrics to every tool in your terminal.I love Touch ID. When I use it to log in to a site or authorize a purchase, authentication just kind of happens. It doesn’t feel futuristic anymore, but it does feel like the present. It’s the modern computing experience.Then I open my terminal, and I’m transported right back to the past. Why can’t devs have that modern experience?I know I’m not alone. When we introduced Touch ID support for 1Password CLI 2.0, one of the most frequent pieces of feedback we heard was: Can we have touch ID for all CLIs?So, about that.Introducing 1Password Shell PluginsWe use CLIs to perform quick actions from the comfort of our terminals and automate recurring tasks. You might use the GitLab CLI to submit your code in a merge request, so the team can review it and include it in the next release, for example. Many other developer platforms like AWS, Stripe, Sentry, and CircleCI offer CLIs as well.Conne

Data breaches are on the rise, so it’s critical that companies properly protect their customers’ passwords. One of the ways that businesses do this is by hashing passwords before storing them.But what is hashing, and how does it work? And can a hashed password ever be cracked? Here, we’ll answer all of these questions and more.How does password hashing work?Hashing is a cryptographic technique invented more than 50 years ago, long before the internet and the personal computer. Today, companies use hashing to secure all kinds of sensitive data, including customer passwords.Hashing is a one-way process that protects a password by turning it into a different and seemingly random string of characters.When you choose a new password for one of your online accounts, it’s usually run through a mathematical algorithm called a hash function. The hashed password that comes out the other side is then stored on the company’s server. This helps protect it from an attacker who manages to access the p

As an Airbnb host, you have a lot to manage. Reservations, cleaning, finances – the list goes on and on. But one of the most important parts of being a host is keeping your guests, and your property, safe and secure.You might think that Airbnb security starts and stops with having a robust lock for the front door. But there’s also a digital aspect that you should be aware of. Sharing passwords securely can protect your property, and your guests, from property damage, hackers, and even uninvited people. In this post we’ll explore some ways you can digitally secure your property, and the people staying there, so everyone has a stress-free experience.Lock down access to your propertyMany Airbnb hosts are happy to meet their guests in person and physically hand over the front door key or passcode. However, an increasing number of property owners are using lockboxes and other solutions that don’t require them to be present at arrival. If you fall into this camp, you need to make sure that y

We have more sign-in options than ever, but keeping track of them all is becoming increasingly difficult. So we’re making it easier.Every morning, I sit down with a mug of iced coffee – shoutout to Pilot Coffee Roasters 😉 – and open my laptop. I like to throw on a Spotify playlist before I get started, so my very first action is launching Spotify in my browser. (Some good punk rock always gets me going strong early.)Occasionally I find myself logged out of Spotify, so I need to sign in. And every single time, I fail to remember which set of credentials I used to create the account more than a decade ago.Did I sign up with my Google account? Or maybe it was Apple? Or Facebook? Or an email and password?Luckily, I can avoid the guesswork simply by using 1Password in my browser to log in, because it now remembers how I signed in (or signed up), even if I used a Google, Apple, or other account to do so.No more guesswork. No more password reset loops. No more frustration.Sign in to your fav...

My colleague, 1Password Senior Security Specialist (and all round stand-up guy) Chris Butler, and I recently chatted about a trend that’s emerged over the past few years: attempts to capitalize on cybersecurity incidents through self-promotion.Chris drew an interesting comparison: “Data breaches are similar to car accidents in some ways. And members of the security industry are like the first responders.”Just like highway traffic slows after a collision so drivers can sneak a peek at the damage, all eyes (and minds) are on cybersecurity after a breach. That period of heightened interest and awareness is the ideal time to share information, insight, and instruction.Rather than take to social media and other platforms to essentially shame the affected business and fearmonger others, we should shout about how similar attacks can be prevented.And our industry needs to lead the charge.Say it loudImagine someone could perform a basic Google search and locate a tool that scans your network an

Today, 1Password is making Typeshare publicly available as an open-source project to help Rust developers generate consistent type schema across multiple languages.With Typeshare, developers can now create FFI (foreign function interfaces) with confidence.What problem does Typeshare solve?We often write code in another language and have Rust call that code. For example, 1Password is powered by a Rust framework built from the ground up to be highly performant and secure, with a separate frontend to display the UI (user interface) on various platforms.Decoupling the display code from our business logic gives us cross-platform consistency while also letting 1Password look great on any device. But the frontends are written in a different language, so we use a foreign function interface to communicate with the frontends.But we needed to ensure the data we gave to the frontend was understood correctly - if the data types between the languages weren’t in sync, it would result in a host of pro

You may have seen mention of a “passwordless future” – the concept of simpler authentication and no passwords. That future is rapidly approaching, and we’re excited to share a glimpse of it with you today.Recently, we’ve shown you 1Password’s vision of the future, a future that goes beyond passwordless to provide a simple sign-in flow no matter what kind of credential you use.We’ve been members of the FIDO Alliance for some time now, but we were recently invited to sit on the board, where we’ll be able to work more closely with our fellow tech leaders to build out a universal password-free sign-in experience. The wider introduction of passkeys is an important step on this path, but what happens next is crucial.As a group, we have to deliver on the promise of making this future accessible to everyone, everywhere, and we see our appointment to the FIDO Alliance board as an important opportunity to strengthen our commitment to the cause.Explore passkeys in 1PasswordExperiencing the future

SIM swapping, also known as SIM jacking, is a technique used by attackers to gain access to a person’s phone number and, ultimately, their two-factor authentication (2FA) codes.A fraudster will impersonate a target while calling their mobile service provider and ask for the target’s phone number to be ported to a new SIM card. The attacker will then check whether they can use the phone number to intercept any SMS-based 2FA codes.How does SIM swapping work?SIM swapping is a growing problem that leverages social engineering.Criminals will call their target’s mobile service provider and recount a fake but believable story for their SIM swap request. For example, they might say: “I lost my phone at a music festival and need help transferring my number to a new SIM card.”The mobile service provider will likely ask some security questions to verify the caller’s identity. However, criminals are smart and will prepare for these questions by researching their target beforehand. They’ll root thr

Administrators, this one’s for you. 1Password 8 for Mac now includes a set of mobile device management (MDM) options. We’re also releasing PKG and MSI installers for Windows and Mac respectively, which we know have been highly requested by our business customers. These new tools make it simple to deploy and manage 1Password across your entire organization.But wait, there’s more! We’ve also added support for ARM-based Linux devices such as the Raspberry Pi, alongside many other quality-of-life improvements.Deploy 1Password 8 with MSI and PKG installersFirst, let’s talk about deployment.You can now roll out 1Password 8 to any team member with a Mac using the 1Password PKG installer. Do some or all of your team members use Windows PCs? No problem. You can quickly install 1Password 8 for Windows on a per-user basis with the 1Password .exe installer, or on a per-machine basis using 1Password MSI.These tools streamline the process of rolling out 1Password to new hires and existing team membe

When a data breach appears in the news (which has happened a lot recently), many of us picture a hacker in a black hoodie, trawling through reams of code on a custom-built PC. We often imagine them finding a single mistake – a zero that should be a one, or vice versa – that lets them slip through a company’s defenses.After all, that’s how hacking is usually portrayed in movies and TV shows.But re-read the latest news reports and you’ll notice that most data breaches can be traced back to a single cause: social engineering. Increasingly, hackers are exploiting human psychology, rather than technical vulnerabilities, to access company accounts, tools, and databases.The success of these attacks hinges on how persuasive the hacker can be – or how well they can imitate someone trustworthy – rather than their knowledge of a particular programming language.It’s a timely reminder that cybersecurity is always changing, and the best way to protect a company is by focusing on the people who work

We like to get things done at 1Password, which is why we’re such big fans of Quick Access in 1Password 8.Quick Access gives you … well, quick access to everything you’ve stored in 1Password. If you’ve ever used Spotlight on a Mac, it will feel awfully familiar.Like Spotlight, you can summon Quick Access from anywhere on your desktop with a keyboard shortcut or mouse click. When you do, you’ll see a simple search window in the middle of the screen. Start typing to find any item in your 1Password vaults, then take fast action on the item so you can get back to what you were doing.Quick Access is smart, too. Let’s talk about what makes Quick Access such a capable companion, and how you can master its capabilities to make quick work of any task that requires one of your saved items.Quick Access basicsFirst, the fundamentals. You can open Quick Access using the following default settings:On Windows or Linux: Use the Ctrl + Shift + Space keyboard shortcut, or select the 1Password icon in you

Every single day we use passwords to sign in to our online accounts. But that doesn’t mean they’re a perfect solution.If you don’t have a password manager, it’s challenging to create and remember hundreds of strong passwords. Many people give up and use the same password for everything, or a few predictable passwords, which makes it easier for cybercriminals to hijack their accounts.Enter passkeys. You may have heard of them in the news, and with good reason. Many companies (including 1Password!) are excited by this technology as a simple, fast, and secure sign-in solution. Here, we’ll break down what passkeys are, how they work, and some of the benefits they offer over traditional passwords.What are passkeys?Passkeys allow you to create and sign in to online accounts without a password.When you use a passkey, you don’t have to memorize or type anything out, or enter a two-factor authentication (2FA) code. And, if you land on a fake but convincing (phishing) website, your passkeys won’

Passage, a leader in modern authentication technology, is joining the 1Password team to help accelerate the adoption of passkeys for developers, businesses, and their customers.Today, I’m thrilled to welcome the Passage team to 1Password. Together, we’re ushering in the next chapter in our journey toward secure and simple sign-ins for everyone.When I look at the growing interest in passkeys, I can’t help asking myself: what will it take to make passwordless technology flourish? How will 1Password contribute? After all, the underlying technology isn’t new.What’s changed is an emerging consensus around how to make that technology available to any developer, business, or individual that wants to use it – on any platform or device.And that’s where Passage comes in.What is Passage?The Passage team is dedicated to making it easy for developers and businesses to implement passwordless authentication. Their API allows anyone to build a class-leading sign-in experience that prioritizes device-n

Have you ever heard the cybersecurity term “dictionary attack”, and wondered what it means? You’re not alone. Here, we’ll break down what a dictionary attack is, and explain what steps you should take to protect yourself from this threat.What is a dictionary attack?A dictionary attack is a type of brute-force hacking method that relies on specific lists (i.e. “dictionaries”) of words or phrases the attacker thinks will have the highest chance of success. Unlike a typical brute-force attack, which tries every possible password combination (e.g. “AAA”, “AAB”, “AAC”, and so forth), a dictionary attack is much more focused and efficient.The list could include words from a dictionary, passwords that have leaked in the past, or common regional references or phrases, like a Florida resident using“Dolphinsfan305”. They then use automated programs to try combinations of possible usernames and passwords until they’re able to break into the account.While hackers can use dictionary attacks directl

Your password manager protects your digital life. Passwords. Credit cards. Your most important documents. By its nature, the password manager is personal.But you can go a step further and make 1Password truly yours by changing your profile picture and using custom icons for your 1Password Families and 1Password Business accounts, as well as individual vaults and items.With these options, you can:Reflect your personal sense of style in 1Password.Make it easier to glance at 1Password on any device and find exactly what you’re looking for.Ready to add a personal touch to your favorite password manager? Here’s how…1password.comChange your profile picture:Select your name in the top right-hand corner, followed by My Profile.Select Edit Details.Select the arrow on top of your profile picture.Choose from one of our many icons, or upload your own by selecting the “+” symbol.Change your family or business icon:Find your family membership or business account in the sidebar and select Settings.Se

WebAuthn technology is pivotal to passwordless authentication. When implemented correctly, the specification makes it simple and secure to sign in to accounts without entering a traditional password.If you have questions about WebAuthn, you’re not alone. After all, it’s not a term you hear often in casual conversation … unless you’re really into security.Here, we’re going to unpack the term and explain how it allows developers to offer passwordless solutions. This will give you a better understanding of where cybersecurity is headed, and why so many companies including 1Password are excited by the technology underpinning it.What is WebAuthn?WebAuthn, or Web Authentication, is an API that gives website developers the ability to support a passwordless login experience on their websites and in apps. It’s an essential piece of software that connects those websites and apps with your chosen authenticator.Authenticators are available in two forms:Roaming authenticators. These are standalone

The internet’s evolution is transforming our way of life in real time. That includes the experience of being a parent, and to an even greater degree, a young person. Today, it’s not uncommon for kids to have an online presence before losing their first teeth. But we’re only just starting to learn about the impact of these changing habits, and the challenges they’re creating for families around the globe.There’s never been a greater need to understand the internet’s influence on parenting and childhood – especially as more kids grow up and become parents themselves. That’s why we partnered with Malwarebytes for a comprehensive survey that asked parents and Gen Zers about their habits and honest feelings on the topic. Today, you can read our findings in a joint report titled “Forever connected: the realities of parenting and growing up online.”The new struggles for today’s kidsThe challenges of life online are far greater than choosing the best profile photo. Misinformation, identity the

Your most precious data is now securely accessible from your most personal device. The all-new 1Password for Apple Watch offers customizable access to nearly anything in your 1Password account, with full support for complications and the same intuitive experience you know and love.For many of us, Apple Watch is the most personal piece of technology we own. It accompanies us even in places our phones do not, offering glanceable access to the time and date, app notifications, the weather, even information about our health and wellbeing.With the latest update to 1Password 8 for iOS, your Apple Watch can now serve as a secure window into your most important information as well – even when your phone isn’t on you, or you have no internet connection.1Password for Apple Watch provides quick access to two-factor codes, Wi-Fi passwords, secure notes, or any other items you choose to bring with you.Complications, Large Type, and moreWe’ve rebuilt our Apple Watch app to take full advantage of wat

Here in Ontario, the leaves have begun changing colors and Thanksgiving has arrived. It’s a welcome reminder to appreciate what we have, from the simplicity of a warm meal to the joy of sharing that meal with loved ones.It’s a great opportunity for us to give thanks and give back to our communities. Since Thanksgiving comes early for Canadians, we’re kicking off our season of giving thanks now!Help your community this Thanksgiving 💙From now until November 25th, when someone becomes a new 1Password Families customer, 1Password will be donating to three different charities. These groups work within our communities to help provide food security and build stronger networks for all.Food Banks Canada helps those across Canada living with food insecurity by relieving hunger today and preventing hunger tomorrow in collaboration with the food bank network.Second Harvest is creating an efficient food recovery network, reducing the environmental impact of food waste while ensuring that everyone ...

1Password is serious about securing developers' workflows. That’s why we’ve built and continue to improve upon 1Password Developer Tools.Today we’re talking to developer and friend of 1Password Soner Sayakci, who is both a Jetbrains and 1Password user. Just a few weeks ago, Sayakci released a fantastic integration that enables developers to make use of 1Password vaults, secret references, and more within the Jetbrains integrated development environment (IDE).By automating tedious tasks, 1Password Developer Tools speeds up development workflows while eliminating the potential for human error. We’ve automated SSH key management. We’ve added biometric unlock to Git authentication and other SSH workflows to simplify secrets management in the terminal. We also aim to bring 1Password’s security model and ease of use to the tools developers use every day. Earlier this summer, we released 1Password for VS Code, an open-source integration that enables VS Code users to take secrets (such as Stri

The 1Password SCIM bridge is a powerful tool for businesses that want to use a password manager alongside an identity provider like Okta, Rippling, or Azure Active Directory. But if you haven’t used the SCIM bridge before, you might be wondering: What exactly is it? And does my company need a SCIM bridge?Today, we’re going to dive in and answer both of these questions. But to do so, we have to explain the problem the SCIM bridge solves.The problem: your time is valuableHow can you effectively provision, manage, and deprovision users in 1Password if you work for a large organization?Imagine you’re an administrator for a Fortune 500 company. You have over 100,000 users in your directory, and management is telling you that everyone needs access to 1Password.Now, let’s be generous and assume inviting a user, confirming their account, and placing them in the right 1Password groups takes a total of 30 seconds via 1Password.com. Congratulations! Your new job for the next three months is going

SSH key management practices reflect the environment in which they were first introduced. The 1Password SSH agent is a big step toward aligning practices with the modern world.Earlier this year, we introduced the 1Password SSH agent as part of our commitment to bring developers the kinds of things developers want to see. Today, I’ll discuss a re-evaluation of the security properties and habits some of us old-timers may have regarding SSH keys, and which of those habits are outdated.The short version is that SSH was originally a drop-in replacement for rsh (remote shell) and rlogin, which were centered around one machine trusting another machine, or one account on a machine trusting an account on another machine. SSH private keys were associated not just with individuals, but individual accounts on particular hosts.Some of us old-timers need to adjust how we think about SSH keys.SSH key management tools and conventions grew out of that environment. A key pair didn’t so much belong to a

Encryption is an essential step in cybersecurity that protects confidential information by turning it into scrambled gibberish. This ensures attackers can’t understand it, and only trusted individuals can make it understandable again.There are different types of encryption, with different security and access levels. There are two main types of encryption:Symmetric, which uses a single key for encryption and decryption.Asymmetric, which relies on pairs of connected keys called a public key and private key. This means a different key is used for the encryption and decryption processes.Asymmetric or public-key cryptography is an increasingly popular method used in modern technology. Here, we’ll explain how public and private key pairs work, and why they’ve become such a widely used form of encryption.What are encryption keys?First, let’s establish what a “key” is. In cryptography, it’s a tool that can turn readable data into something indecipherable. It’s not, as it may sound like, a plot

Single sign-on (SSO) and 1Password make a great team. Separately, 1Password and SSO each reduce your attack surface by securely logging you in to sites and services you use to get things done. Together, they’re a powerful risk reduction duo.And we’re working with 1Password Business customers to unlock the true power of that combination. More on that in a bit.Let’s talk about why SSO and 1Password are better together, and where the pairing can go from here to improve your security posture by:Streamlining security policies.Simplifying administration and onboarding for IT.Improving the sign-in experience for your workforce (and why that matters for security).How SSO simplifies your security postureFirst, a quick primer on SSO and how it fits into your enterprise security framework.If you’re not using a single sign-on provider like Okta, Google Workspace, or Microsoft Azure Active Directory to sign in to work services, it’s up to each worker to create their own logins for every service the

You’ve probably watched at least one movie or TV show where a hacker sneaks into someone’s house, finds a computer, and then guesses the password on the first try. They then declare, “I’m in!” before downloading reams of sensitive data.You may have asked yourself, “Is this really how criminals figure out people’s passwords?” The short answer is no. But hackers do have some tried-and-tested ways to obtain passwords. In fact, almost half of all data breaches involve stolen credentials.Here, we’ll explain the most common techniques hackers use, and what you can do to protect yourself.1. Social engineering and phishingSocial engineering is a form of manipulation. Attackers trick people into sharing their passwords, payment details, or other sensitive information by posing as someone trustworthy or authoritative. Criminals will use this tactic over the phone, in an email or text message, or a DM on social media – anywhere that you could feasibly be contacted by the person or company they’re

Have you ever wondered what it’s like to work at 1Password? Or wanted to know the career paths that other people followed before taking a job here? You’re not alone!In this blog series, we’re sharing what it’s really like to work at 1Password. To do this, we sat down and talked to team members from across our more than 800-strong organization, including engineering, human resources, and customer support. You’ll learn about the journeys that each person took to 1Password, as well as their their current role and day-to-day responsibilities.Today, we’re chatting with Josh Gorman, Senior HR Program Specialist at 1Password!Why did you join 1Password, and how did you end up here?It was a long, winding journey full of starts and stops. But I think a better story is my journey from when I started. I was hired in customer support and spent my first month doing that role. But my manager recognized my skill set and helped me onto the path I’m on now. I quickly started teaching our new team member

For many workers, accessing the tools required to do their jobs is a hassle. This ‘login fatigue’ could be putting your business at risk as employees find less secure workarounds to complete tasks, or, in some cases, give up on a task altogether.To better understand login fatigue and the risks it poses, 1Password surveyed 2,000 adults in Canada and the U.S. These were all full-time employees at companies with more than 250 workers, and who primarily used a computer to do their job. We expected login fatigue to be a source of frustration. What we found is an escalating and far more complex problem, with wide-ranging effects on worker productivity, security, and mental health.Key findingsFatigue and frustration: Nearly half of employees (44%) say that the process of logging in and out at work harms their mood or reduces productivity.Incomplete work product: 26% of workers have given up on doing something at work to avoid the hassle of logging in.Missing meetings: 62% of employees miss pa

1Password Business customers can now connect 1Password to Google Workspace to automate provisioning and deprovisioning tasks, saving valuable IT resources and strengthening your security posture in the process.Manually provisioning and deprovisioning users isn’t the most valuable use of your IT team’s time. And because it’s a manual process, it’s also prone to mistakes and oversights that can create security vulnerabilities.The 1Password SCIM bridge makes it easy to automate provisioning and deprovisioning in 1Password by connecting your identity provider – in this case Google Workspace – to your 1Password account. Once the connection is established, you can automate tasks like creating users and groups, controlling access to groups, and suspending deprovisioned users.The new Google Workspace integration enables automated user provisioning (to provision or deprovision all users at once) and group provisioning (to provision or deprovision a predefined group of users).Once you’ve connect

Much of online education directed at students focuses on internet safety and privacy – and rightfully so. But it’s important that equal attention be directed towards teaching the next generation how to keep their accounts and identities safe online.That starts with helping them know how to spot the most common scams and threats, and sharing what preventative measures they can use to reduce their risk.The first week of school is the perfect time to introduce students to online security. As they get acquainted with school devices and set up new accounts it’s a great time to talk about risks and how they can be proactive about avoiding them. But security should be an ongoing conversation. Invite your students to approach you with any questions they have about security – if you don’t know the answer you can always find out together with your student.Security should be an ongoing conversation.Create a positive space for students so they feel safe sharing threats they’ve encountered, and eve

A well-thought-out incident response plan is no longer recommended – it’s critical. With the rate that cyber attacks are increasing – putting customer privacy at risk and forcing some businesses to close – it’s never been more important to educate your team on the risks, and help prepare your organization for the worst case scenario.Most businesses don’t have a plan in place for when a security breach occurs. That’s a costly oversight given that, according to the same research, the majority of large U.S. businesses have experienced some form of cyber attack before. An effective incident response plan brings people, processes, and technology together to reduce the chances of a breach, and minimize the damage of any that do occur. No matter what type of business you operate, putting this plan in place is critical to creating a strong, proactive cybersecurity strategy.1Password is excited to share two new resources to help with navigating the modern threats that businesses face. The data

So 1Password CEO Jeff Shiner just committed code to one of my GitHub repositories. That’s strange. While he’s a developer at heart, I don’t think he gets much time to code these days. What’s going on here?As you might have guessed, this didn’t actually come from Jeff Shiner. In fact, anyone can spoof a Git committer or author name with just a few terminal commands and pretend to be someone else:$ git config user.email "[email protected]"$ git commit -m “Add tractor autopilot mode.”This can make for a fun prank but is also a security liability. If you don’t know who is pushing code to your repositories, how will you know if your codebase is being hijacked by someone pretending to be a coworker?The answer is, you won’t know who is actually committing code unless your team signs their commits. This means using a cryptographic key pair to add a digital signature to each commit that verifies your identity. Once you sign, GitHub adds a handy “verified” badge to each commit. Goodbye f

Schools and colleges are increasingly using technology to deliver engaging classes, track student progress, and more. But as the classroom shifts online, it’s never been more important for educators to practice good security habits.Schools and colleges are increasingly using technology to deliver engaging classes, track student progress, and more. But as the classroom shifts online, it’s never been more important for educators to practice good security habits. Data breaches are on the rise – ransomware attacks cost schools and colleges an estimated $3.56 billion in 2021 alone. Like any other business, educational institutions need to protect their private information.A password manager may seem like a luxury when budgets are tight, but there are many reasons to invest in one. Here, we’ll explain how it can make your teachers, lecturers, and administration staff more secure and productive, saving you time, money, and stress in the long run.Your staff will never forget a password againWe

Ever heard of pretexting? And no, we’re not talking about when you first carefully draft a risky text message before sending it! Pretexting is a sneaky and highly effective form of social engineering that attackers use to dupe people into sharing their personal information.If you spend a lot of time on the internet, you’ve probably encountered it in some form many times before. Suspicious texts, calls, and emails trying to trick you into sharing your data have become an all-too-common part of our daily lives. Some of these attempts may seem silly, obvious, and easy to dismiss, but a growing number of attackers are learning to create more sophisticated and convincing stories.We’re all still susceptible to becoming a victim of social engineering, including pretexting, so it’s important to understand how this tactic works in order to stay secure.What is pretexting?Pretexting is a type of social engineering attack that involves a criminal creating a story, or pretext, that manipulates thei

You’ve probably heard or read the advice: ‘Turn on two-factor authentication (2FA) everywhere it’s offered.’ After all, it’s a great way to add an extra layer of protection to your online accounts.But should that include your 1Password account?The short answer is no, it’s not necessary. But there’s also no harm in enabling 2FA if you have a special set of circumstances, or think it will give you a little more peace of mind. To explain why, we need to unpack what 2FA does, and how your data is protected by 1Password’s security model.What is two-factor authentication?Two-factor authentication is a second line of defense that makes it tougher for criminals to gain access to accounts that are otherwise only protected by a username and password.For example, imagine a criminal managed to find or guess the password to one of your social media profiles. With 2FA enabled, they wouldn’t be able to sign in to the account, because the service would ask for a one-time code that you’ve chosen to be

Have you ever wanted to put a Save in 1Password button on your website? You can now add the integration to your website without anyone from 1Password building, approving, or getting involved with the process.Adding the Save in 1Password button allows your website visitors to easily save their sign-in details, credit cards, and other private information to their vaults with a single click. Read on to learn more about the update and how some of our partners have integrated the new button on their websites.Why you should add a Save in 1Password button to your websiteThe Save in 1Password button has many benefits – both for your business and your customers.This integration is both secure and convenient – helping make it easy for your customers to save their information and then autofill that saved information the next time they visit your site.Adding the Save in 1Password button can also help to drive sales and improve your customer’s journey. It’ll also save your organization time and mon

In a perfect world, software developers would not only have an innate understanding of security but be able to create bulletproof code from the get-go.I have been working across the software development lifecycle for over 25 years, so I can say with confidence that we don’t live in a perfect world.In 2021, a survey of DevOps and IT professionals revealed that roughly 80% of companies admit to not managing their infrastructure secrets well. With the myriad of secrets that software teams manage, it becomes a herculean task to keep track of all of those secrets at a granular level.As a result, developers often store secrets in plaintext files and other formats to make them easily accessible – but if they’re accessible to devs, they’re also accessible to attackers. Unattended secrets such as database credentials and API keys open a security backdoor, and the payoffs for bad actors are bigger than ever. According to 1Password’s “Hiding in plain sight” report, organizations that experience s

If you’ve spent a lot of time on the internet, you’ve probably heard the term “doxing” before. You may know that it has something to do with online bullying, harassment, and crime, but still have questions about exactly what it means. If so, you’re not alone. Here, we’re going to explain what doxing is, how it works, and how you can protect your sensitive data.What does doxing mean?Doxing is an abbreviated form of “dropping dox”, an old revenge tactic created by the hacking community in the 1990s. Hackers would find and release documents – known as “dox” or docs – about previously-anonymous rivals, revealing their true identities and exposing them to authorities who might have been trying to track them down.Doxing has since evolved into a more mainstream type of online harassment. It usually involves uncovering and compiling someone’s personal information without their knowledge or permission — such as their real name, address, job, or phone number — and sharing it publicly on the inte

Have you ever wondered what it’s like to work at 1Password? Or wanted to know the career paths that other people followed before taking a job here? You’re not alone!In this blog series, we’re sharing what it’s really like to work at 1Password. To do this, we sat down and talked to team members from across our more than 800-strong organization, including engineering, human resources, and customer support. You’ll learn about the journeys that each person took to 1Password, as well as their their current role and day-to-day responsibilities.Today, we’re chatting with Mark-Shane Scale, Team Lead for Customer Support at 1Password!Why did you join 1Password, and how did you end up here?In February 2019, I attended a job fair at a small Canadian city mall. Armed with my resume and cover letter, I was set on talking to three businesses, and I wanted one to be a technology company. That day, I met a hiring manager and one of the founders of 1Password.I knew nothing about 1Password until I saw t

We’re thrilled to announce that 1Password has been included in the Forbes 2022 Cloud 100, the definitive ranking of the top 100 private cloud companies in the world!We’re on cloud nineThe Cloud 100 reviews hundreds of cloud organizations each year. Companies are ranked across four factors: market leadership, estimated valuation, operating metrics, and people & culture.“The companies of the Cloud 100 list represent the best and brightest private companies in this fast-growing sector. Every year, it gets more difficult to make this list – meaning even more elite company for those who do.” - Alex Konrad, senior editor at ForbesComing in at number 66 on the list, 1Password is the first Canadian company to be chosen for the Cloud 100 since 2019! Not bad, eh?This is quite the honor for 1Password, and we couldn’t be prouder. The cloud helps us make the digital world simpler and safer for everyone, delivering better experiences to more customers.1Password and the cloudPhones, laptops, tablets

Sometimes I forget to marvel at what we, as an industry, have built in the past 30 years.I have this little device in my pocket, and a slightly larger version on my nightstand. With either one, I can video chat with a friend in the UK, access my medical records, or check in for a vet appointment. I can track my workouts or reserve a table at my favorite restaurant.I can buy movie tickets, concert tickets, and plane tickets. I can watch videos uploaded by creators from around the globe and learn how to do almost anything. Heck, I can even pair up a controller and play some pretty awesome games. All from the device in my pocket.Unless I was tethered to my desk, I couldn’t do any of that when our founders – Dave, Sara, Roustem, and Natalia – built the first version of 1Password in 2006. The smartphone and tablet as we know them didn’t yet exist.But today, when I pull out my phone or grab my iPad, a world of possibilities opens to me.That’s the world for which we built 1Password 8. The one

Duke University is one of the most storied and prestigious learning institutions in the United States. Duke and its healthcare arm, Duke University Health System, are home to tens of thousands of students and employees.With so many coming and going from the Duke campus every day – and accessing Duke’s many state-of-the-art services within its digital network – security is a top priority for Duke’s Office of Information Technology (OIT). And like any IT department head, IT Security Office senior manager Nick Tripp knows that password security is the backbone of a sound security approach.“Password managers make life easier, more secure. We’re all aware that the main problem with passwords is it’s hard for users to create strong passwords,” Tripp says.The trick, though, is getting everyone to use their password manager to generate and store strong passwords. Having adopted a 1Password competitor years ago, many on campus simply didn’t use it. And even those that did struggled to integrate

I own a lot of domains, and keeping track of where all of them are pointing can be more than a little tricky. I found a tool that helps me keep everything in sync with a single point of truth.After mixing in the 1Password command-line tool, I had everything I need to keep my domains up to date and pointing where I want them, without having to worry about my credentials being stored unsafely.For creatives and online professionals, we’ve all been there. We think of an idea or concept and say: “Oh, that’s a good domain name”, click, repeat. Eventually, you end up with your domain registrar looking a little something like this.Not only do I have it bad here, I’ve got three other name registrars chock full with domains between them. I’ve been managing them mostly by moving them into a single nameserver provider, but for various reasons, I keep a few on a separate nameserver provider.I’m constantly seeking a better way of managing them and a few weeks ago, a friend of mine pointed me in the

Feeling a bit lost in the woods when it comes to cybersecurity? Up your security skills at 1Password’s Security Summer Camp. Learn from our security summer camp counselors about attacker’s motivations, how and why data breaches occur, and best practices for how you can protect your organization from unwanted threats.Join us August 1st at 4PM PT / 7PM ET for a Twitter Spaces event and then August 2nd – 4th at 9AM PT / 12PM ET for a daily 1-hour webinar – we promise it won’t be too in-tents for summer! To learn more about the week’s events, check out the camp activities in this post – or visit Security Summer Camp to learn more.Security Summer Camp: Twitter Spaces event 🔥🪵Have you ever wanted to share your security horror stories around a campfire? We’ve got you covered with our Security Summer Camp kick-off Twitter Spaces event. Join 1Password hosts Michael Fey (Roo), VP of Engineering, and Andrew Beyer, Browser Experience Lead, around the virtual campfire on August 1st at 7PM ET for ...

Have you ever seen someone plug a USB dongle into their device in order to sign in to something? Or worked for a company that required you to use one whenever you unlocked your laptop, or logged in to an important account?These authenticators are called hardware security keys. Some people will also refer to them as just security keys, or two-factor security keys.Here, we’ll break down what these dongles are and how they make it harder for criminals to gain access to your devices and accounts.What is a hardware security key?A hardware security key is a way to prove that you or someone you trust – and not a criminal – is trying to access or sign in to something. They’re known as a “possession factor” because they prove you physically own something used to authenticate your account.Security keys are a form of second or multi-factor authentication (MFA). This means that when you log in with your normal credentials – which could be a four-digit pin code on your phone, or a username and pass

Have you ever wondered what it’s like to work at 1Password? Or wanted to know the career paths that other people followed before taking a job here? You’re not alone!In this blog series, we’re sharing what it’s really like to work at 1Password. To do this, we sat down and talked to team members from across our more than 600-strong organization, including engineering, human resources, and customer support. You’ll learn about the journeys that each person took to 1Password, as well as their their current role and day-to-day responsibilities.Today, we’re chatting with Sean Foster, HR Program Specialist at 1Password!Why did you join 1Password, and how did you end up here?Before, I was working in the IT department at a TV production company with Andrew Costen. He eventually left that company and went on to work at 1Password - an app he introduced and converted me to! I was immediately a fan of the product.A year or two later, I was looking for work and a friend who was already at 1Password p

Addresses, credit card numbers, software licenses, and more. There’s a lot you need to keep track of to manage your online world.Modern life can be messy, and it means we’re all likely to make a mistake at some point.You might use 1Password to update a weak password, only to realize you still need the old one for a different website. Or you accidentally opened the wrong item in 1Password and replaced a set of important security questions and answers. Maybe a family member updated the password to your streaming service but forgot to click save, and now you still need the old login. Accidents happen!In situations like these, it’s easy to think, “Uh oh, what now?”Don’t panic – you haven’t lost access to any of your favorite accounts. And you won’t have to go through the tedious process of resetting the password. 1Password remembers the history of every item saved in your vaults. If you need to see the older version of any item, you can easily review older versions of it – including passwo

“Hey, did you read about (blank)?” Keeping up with the barrage of news is just one of our many daily distractions from work. Toss in our personal obligations and other stressors – all fighting for space in our minds – and making a dent in the to-do list is often harder than we expect.For many, a healthy work-life balance is increasingly difficult to maintain (or find in the first place). Your life is far more than your work, but work still has to get done. So figuring out how to stay productive is crucial for both you and your team’s success. Just a few tiny habits or perspective shifts can make a world of difference and help keep you on task without feeling overwhelmed.If you need some inspiration, our team is excited to share a bit about what works for us! Experiment with some of these tips for yourself and find out what works for you.Mental health is top priority (always)Thankfully, mental health is becoming less of a taboo topic at work – a shift that is well overdue. Along with mo

Reduce the time your team spends investigating security issues by using a customizable dashboard that shows your organization’s entire security posture. With the new Sumo Logic and Panther integrations for 1Password, you can monitor potential risks around company data or credentials stored within 1Password.Now, as a 1Password Business customer, managing all your 1Password security reports with your security information and event management (SIEM) system can be done in one central location.1Password’s Events API as a reporting bridgeAs the cost of a data breach increases each year, hitting $4.24 million in 2021, businesses can no longer afford to set and forget their security protocols. To minimize risk it’s important to keep track of your organization’s security and address risks on a regular basis.With a dashboard related to events like failed sign-in info and item usage, along with security recommendations, 1Password is the easiest way to monitor and manage your organization’s secret

At 2022’s AGConf (1Password’s annual employee conference), every employee received a goodie box to celebrate the event and the company’s successes over the past year. Our theme this year was “space”, so the goodie box included a kit for a Lego rocket ship (very appropriate considering our own CEO is a Lego aficionado).Building the spaceship brought me back to when I was younger and played endlessly with those little bricks.For me, though, it wasn’t so much about building the specific items in a kit. Sure, I absolutely loved putting together the houses and planes and cars, but what I was most fascinated by was how I could use tiny bricks to expand my creation and build anything I could dream up. The possibilities were endless, my imagination ran wild, and sometimes – usually through through dumb luck – I built something way cooler than what the kit offered in the first place.Late last year, I started exploring the React-based documentation framework Docusaurus, and spent a good chunk of

With so many ways to sign in to apps and services, there’s even more to keep track of. That’s why we’re introducing the ability to save and fill new kinds of logins in 1Password.Signing in to websites used to be as easy as filling in a username and a password. But lately, it’s started to feel more like a multiple choice exam. So many of us stare at login screens and wonder if we need to:a) “sign in with Google”“Sign in with…” buttons are becoming more popular, and it’s easy to see why. They let you reuse an account you already have, instead of creating a new one with a unique password for every site.But as convenient as these options are, they’re not hassle-free. They still involve too many steps, clicks, and, yes – passwords. And it’s so easy to get lost in the sea of choices and forget which account or provider you used for which website.No password? No problem.When we announced our vision of the future, we introduced the concept of Universal Sign On. What that means to us is that lo

In October, we introduced a new way for 1Password customers to securely share virtually anything in their 1Password vault with anyone – even if the recipient doesn’t use 1Password.Now we can remove that “virtually” bit. Item sharing now supports sharing documents (the Document item type in 1Password) and files (files attached to any other 1Password item, like logins, secure notes, and credit cards). 📄🙌What is 1Password item sharing?Item sharing with 1Password is the easiest way to share anything in your 1Password vault with anyone else. Let’s say I want to share my bank account information with my partner.To do that, I first open the item in 1Password. Then I navigate to the item menu and select “Share.”When I do, I’ll see two options. I can set an expiration date for the sharing link I’m about to generate, and I can choose to share it with anyone with the link, or only with people I specify. (If I restrict sharing to only people I specify, they’ll need to verify their email address ...

Each June, Apple hosts a week-long Worldwide Developers Conference (WWDC) to showcase exciting features for their upcoming OS releases, help developers learn new APIs, unveil fresh hardware, and more.This year’s WWDC followed a similar formula with previews of dramatic changes to the iPhone lock screen, improvements to how apps using SwiftUI can handle navigation, and the reveal of a redesigned MacBook Air powered by a new M2 processor.When WWDC rolls around, we like to set aside time to brainstorm new ways to improve the 1Password experience for our customers. Before the week was over we were able to put together some exciting ideas to really elevate 1Password on iOS and macOS.Log in with PasskeysEarlier this month, we announced that we had joined the FIDO Alliance along with companies like Apple to help build the future of authentication. This year, Apple revealed Passkeys which will leverage the WebAuthn protocol. We’re excited to see how this space develops and will continue to wor

Have you ever wondered what it’s like to work at 1Password? Or wanted to know the career paths that other people followed before taking a job here? You’re not alone!In this new blog series, we’re sharing what it’s really like to work at 1Password. To do this, we sat down and talked to team members from across our more than 600-strong organization, including engineering, human resources, and customer support. You’ll learn about the journeys that each person took to 1Password, as well as their their current role and day-to-day responsibilities.First up is Katie Davis, Senior Developer at 1Password!Why did you join 1Password, and how did you end up here?I joined after hearing from a friend who had recently been hired that the culture was incredible, and that I should apply. I had used 1Password personally and professionally for years, so it was an easy sell. I was coming from a larger company and drawn to 1Password’s size and growth rate - it seemed like a place where I could make a posit

In writing software, we’re used to embedding secrets and other configurable values right in the codebase. They might be Stripe keys to power your online shop, webhooks for a custom Slack bot, a Docker username and password for a CI config, AWS credentials, or an API token and host to set up 1Password Connect.Secrets are used everywhere in our code. Sometimes, though, we forget when we’ve been using real secrets in our work. Maybe there’s a leftover token you dropped in to build that one feature, or maybe you didn’t delete the .env file you set up to test drive the app. Now you’ve got to rotate your secrets because you accidentally committed and pushed sensitive values for the whole world to see. Yikes.We’ve all been there. That’s why I’m delighted that I get to announce the launch of the all-new 1Password for VS Code extension.Go ahead, commit your secrets referencesWith 1Password Secrets Automation, the 1Password Developer Products team introduced the concept of secret references. It

IT and security professionals rely on one thing above all else to minimize risk: information. Today, we’re announcing a brand new way for 1Password Business customers to view their account security posture with unprecedented visibility into password health, data breaches, and team usage.Say hello to Insights from 1Password, a new way to monitor and mitigate security risks across your business.The Insights dashboard consolidates information already available in places like the Team report, domain breach report, and Watchtower reports in one glanceable dashboard. Open the detailed view of a particular section to see and act on the insights presented in the dashboard view. Dive deeper still by accessing the complete report to get the full picture.Use Insights to get ahead of potential security risks and take action on those risks with suggested next steps, all in one place – because you can’t protect what you can’t see.Illuminating and eliminating riskImagine you’re a small business owner

If you don’t work in IT or security, there’s no need to fret about every detail of every online danger. Nevertheless, it’s worth having awareness of the strategies and techniques that criminals are using to achieve their goals online.In this explainer, we’ll be breaking down DDoS attacks to help you understand the basics and how you can be affected.What is a distributed-denial-of-service (DDoS) attack?A DDoS attack is a method that criminals use to overwhelm an online service, like a website, by bombarding it with fake internet traffic from multiple different locations. The sheer amount of traffic prevents real users from accessing the targeted sites or online services.Am I at risk of a DDoS Attack?The average person isn’t likely to be on the receiving end of a DDoS attack. However, you could be one of the users unable to access an online service because of one, or even own one of the devices being used to perpetuate an attack. If you’re running a business – big or small – you’re much

Two decades ago, the web was a casual escape dominated by message boards, AOL Instant Messenger, and Homestar Runner. Only some people used it for work. Fast forward 20 years, and countless jobs require that you use the internet in some way. This has made it easier than ever to take a quick break, open a new tab, and do some personal surfing – blurring the line between work and leisure.While on the clock, it’s crucial that you and your employees use the internet wisely. Everyone needs a break, and watching the occasional funny video can actually be a healthy habit. But that doesn’t mean you can be careless, either. Everyone on your team should know how to browse wisely, securely, and respectfully while working or using company devices. Some basic online awareness can also be one of the most effective plays in small business security, while keeping your team mindful participants in a web-friendly workplace.We be surfin’Have you ever paused work to read an online movie review? Or used yo

When we develop software, it’s common practice for engineers to require system configuration in order to run a program. We specify instructions on how to set up your own local environment in a .env.example file or README.md file.For every project that we work on and for every configuration change of those projects, we need to do manual work to keep our local environments up to date so they continue to work. Often, this is a struggle. Also, aren’t we all sick of hearing “it works on my machine”?Why are we creating and maintaining this configuration manually? The reason: our required configuration contains sensitive values that should be kept secret. For this reason, the environment file that’s consumed by our applications is added to the .gitignore file, in order to avoid it being synced to source control.To date, there is no common practice to collaborate on and share these sensitive values securely and effectively. We’re either sharing the values insecurely (via email and other messag

I’m happy to announce that 1Password has joined the FIDO Alliance to help build safer, simpler, and faster login solutions for everyone. In fact, we’re already on our way … keep reading for a sneak peek at the future of authentication in 1Password.Passwordless: we’re ready when you areWhen it comes to online security, people are often at their most vulnerable when logging in to accounts. That’s why 1Password has spent the better part of two decades making that process safer, easier, and more convenient for our customers.As technology advances, new methods of authenticating – including passwordless – continue to appear. By joining the FIDO Alliance, we’re taking an active role in shaping what comes next.As more services adopt passwordless approaches for authentication, 1Password will be ready to ensure our customers can log in securely without worrying about what technology is under the hood.This is an important step toward our vision of a future where signing in is no longer complicate

Pride Month is about coming together to honor, celebrate, and show support for the LGBTQ+ community. A number of our 1Password team members are part of the LGBTQ+ community, and it’s important to me personally, and to us as a company, to be allies and create space for everyone to be their truest selves. While we’re celebrating Pride this month, showing support for LGBTQ+ year round is important to us. Which is why we created a number of programs to champion equity and diversity on an ongoing basis at 1Password.Alongside my colleagues and team this month, I’m taking the step to make my pronouns more visible across my social channels as well as internally across Slack and Zoom. I do this to normalize the use of sharing pronouns in advance of meeting new team members and colleagues, and to ensure that no 1Password team members feel they are alone in declaring who they are at work.We’ll be hosting a number of learning sessions that will be led by speakers and organizations who are part of

Hello everyone, 👋I hope you’re doing well and enjoying weather as nice as we have here in Canada.It’s gardening season and I have big plans to make sure I (once again!) win my tomato competition with my neighbour. I’m on a winning streak and am planting twice as many this year to guarantee victory. 😃1Password 8 has scored some big wins as well. Let’s take a look.1Password 8 for Mac is here!Mac is where it all began. Way back in 2006, Roustem and I coded the first version of 1Password on our shiny new PowerBook G4s. The love and support we received from the Mac community was tremendous and launched us to where we are today. 🥰Every year since we’ve pushed hard to create the best experience possible on Mac, and I’m thrilled to announce that 1Password 8 for Mac extends that tradition. 😍1Password 8 integrates deeper and tighter with macOS than ever to bring you the most modern, productive, and secure version of 1Password yet. 🙌1Password 8 for Mac announcement postThere were too many am...

“You find yourself in front of an old mansion. The grand prize, a coveted console, is hidden somewhere deep inside. To complete your quest you’ll have to move from room to room and overcome complex puzzles and obstacles. Looking around you see your competitors – you’re all here for glory and the grand prize. But you aren’t afraid of a little hard work. Armed with determination, skill, and grit you step forward with confidence – this prize is yours for the taking…”Intrigued? That’s the introduction to Quest for the Lost Console, a browser-based game we created in partnership with Gen.G, a top esports organization that competes in League of Legends, Valorant, PUBG, and more.Quest for the Lost ConsoleQuest for the Lost Console is free to play and available in your web browser. We’ll release new puzzles over the next three weeks to test your creative thinking and perseverance. But don’t worry if you get stumped – top video game streamers including Stanz, Goofywise, and Luxx will share hint

Streamline your organization’s processes by managing all of your permissions in one place. The 1Password SCIM bridge and Rippling integration makes it easy for you to provision and deprovision users, manage group memberships, and secure your business.Protecting your organization’s data and secrets with 1Password, while working seamlessly within Rippling, will help reduce the demands on your IT team so they can focus on other priorities.1Password and RipplingSmaller businesses are three times more likely to be the target of cyberattacks. Unlike larger corporations, small and medium-sized businesses often don’t have the resources required to effectively combat security threats.1Password helps businesses protect against password reuse, reduces the frequency of password resets, and lets administrators manage who has access to what business secrets. Rippling is an employee management tool that simplifies and combines HR and IT into one platform – allowing administrators to manage payroll, d

1Password for Linux turns one today. 🎂One year ago today, we welcomed Linux to the 1Password family, knocking out the single most-requested feature in the history of 1Password and fulfilling a years-long personal goal.Since then 1Password for Linux has learned many new tricks and for their birthday and I thought we’d celebrate with a year-in-review post that covers their greatest achievements.Let’s see what 1Password for Linux has been up to.Quick AccessQuick Access is all-new, and it puts 1Password right at your fingertips. Just tap the Ctrl + Shift + Space keyboard shortcut, start typing, and any items in your 1Password vaults that match your query are instantly available.Quick Access is smart, too. It’ll automatically highlight items for apps you have open when you launch it and prioritize items based on previous searches, so it’ll get even smarter over time.Customizable appearanceYou can also customize your sidebar to include Categories or hide Tags – or hide it altogether for an ...

It’s your turn, Android folks! The newest generation of 1Password is now available in Early Access – so put on your explorer hats, help us track down those bugs, and let the feedback flow.🕵️‍♀️This early preview represents one of the most monumental updates we’ve ever created for Android, and it’s all about two things that make Android such a great mobile OS: fun and extensibility. It’s 1Password to the Core, and it makes the most of everything Google’s latest mobile operating system has to offer.If you’re already sold, then by all means, head over to the Play Store and install it right now. Happy testing — and don’t forget to report those bugs!There’s a lot of goodness below the fold, so if you’d like to take a quick tour first, let’s dive in…Modern designEvery aspect of 1Password 8 for Android has been redesigned for a more cohesive experience across every platform you might use. Jumping over from Windows, macOS, Linux, or even iOS? You’ll feel right at home regardless, because this...

It’s been more than a year since the PlayStation 5, Xbox Series X and Xbox Series S hit store shelves. These releases, combined with the ongoing pandemic, have led to an unprecedented number of people turning to gaming to spend their free time. But with that increase comes more interest from scammers hoping to take advantage of unsuspecting customers.People spent more than $60.4 billion on video games in the U.S. last year – an 8% increase over 2020. The first lockdown saw a 54% increase in gaming-related phishing attacks. But it’s not just the money that makes gaming attractive to criminals – it’s also the wide variety of information that can be stolen and exchanged for real-world dollars.Criminals who target gaming can steal in-game currency, in-game loot, or even sell entire accounts. Some convert game items like skins or rare items to cash on Ebay, or use stolen currency to purchase and sell expensive items.That’s why it’s more important than ever to secure your game accounts.Level

Happy World Password Day!The idea behind World Password Day is simple: to promote the use of strong, unique passwords to keep your accounts protected and your browsing safe. For those of you wondering how best to celebrate the day, we’ve got a challenge for you: how high can you get your 1Password Watchtower score?While a high Watchtower score won’t give you access to better loan rates, it will give you peace of mind. Not to mention some bragging rights, too.Level up your Watchtower scoreThink of the Watchtower dashboard as your online security HQ – a 24/7, always-on command center where you can review and resolve potential vulnerabilities. To view your Watchtower report and score, simply navigate to the Watchtower tab in 1Password.Improving your score is easy. With the new Watchtower dashboard in 1Password 8, you can quickly see what needs your attention.To give you a head start, we’ve outlined some actions below that you may see flagged in your dashboard – resolve these and watch you

As microtransactions in gaming increase and more money is exchanged online, it’s become more important than ever to secure your financial and personal information.In 2021, there was an 8 percent increase in spending on video games, including subscriptions and in-game purchases across mobile, console, and PCs. That means people spent over $60.4 billion on video games in the U.S. last year. This growth is contributing to an uptick in scams looking to take advantage of gamers' poorly protected financial information.The cost of convenienceTo avoid interrupting the gaming experience, game makers have made it easy to save payment details. Of course, adding credit card information to your account makes it accessible to anyone who logs into your account – legally or not. With an increase in attacks acquiring login credentials, it’s more important than ever to protect your game account.Lock your accounts downCriminals aren’t the only ones with sticky fingers; a quick Google search shows many ca

Today I have the honour of introducing the most powerful and capable 1Password ever. Wrapped in a gorgeous new design and blazingly fast, 1Password 8 is our love letter to Mac users everywhere. 💌Mac is where it all began. Way back in 2006, Roustem and I coded the first version of 1Password on our shiny new PowerBook G4s. The love and support we received from the Mac community was tremendous and launched us to where we are today. 🥰17 years later, the pressure was on to create the best Mac app possible and I’m thrilled to say that the team delivered. 1Password 8 integrates deeper and tighter with macOS than ever to bring you the most modern, productive, and secure version of 1Password yet. 🙌Modern, sleek designWe created an entirely new design language, code-named Knox, to unleash the power and productivity we’ve been dreaming of – all while preserving the heart and soul of 1Password. 😍I absolutely adore our new design language. From the vibrant sidebar and unified toolbar to the typ...

It’s a tough time for small business owners and their employees. Surging operational costs and supply chain issues are colliding with a rate of inflation that’s limiting how much consumers are willing and able to spend. And as the pandemic continues, there could be more legal and economic hurdles on the way. Startups and other small businesses are fighting to keep their doors open, or to open them in the first place.If your team is struggling, cybersecurity may not seem like the highest priority. But investing in the right tools and processes is critical to keep employees productive and your business protected. Any upfront costs are nothing when compared to the potential price of a data breach. Most businesses that are attacked don’t get a second chance to improve their defenses, either.In the small business comeback story, secure-minded habits like better password management will be a critical plot point. Since most cyber attacks involve “human error” – like weak or reused passwords o

On April 27th, 1Password experienced a brief service outage owing to an internal code issue – it was not a security incident, and customer data was not affected in any way.1Password is designed to protect your information at all costs, with local copies of vault data always available on your devices – even without a connection to the 1Password service or the internet itself. As a result, your passwords and other vault items remain safe and sound.We’re sorry for any disruption this outage may have caused and deeply appreciate your patience during our investigation. Service has been fully restored, and we can now share further details about what happened and how we’re working to avoid similar situations in the future.What happened?On April 27th, our scheduled maintenance included an upgrade to our database aimed at improving performance.Although the upgrade itself was successful, the improvement had unintended consequences. It revealed that certain queries weren’t optimized for the new p

In case of emergency – that is, forgetting your login for 1Password, or someone else needing to get in – the 1Password Emergency Kit can truly save the day. This short and sweet document keeps all the necessary details for getting into your account in one place. But you shouldn’t need to break glass to retrieve it (which is a huge pain to clean up, not to mention dangerous). Here’s how to keep your Emergency Kit both safe and accessible.What is the Emergency KitWe’re not talking about a flashlight and a pocket knife. The 1Password Emergency Kit is a simple document that you should know about and look after if you use 1Password to store your passwords and other sensitive details or documents.Here’s why: To best protect your secrets, every item you save in 1Password is fully encrypted. Your account password and a randomly generated Secret Key are both required to decrypt your data – and only you have the Secret Key. That means we couldn’t look at your passwords if we tried – nor could an

1Password for SSH was shared with the world last month. I have been using it since it was available for internal beta. I knew it would improve my endpoint security. I didn’t expect it to change the way I generated, stored and used SSH keys the way I work.Let me take a step back.The first time I used SSH, I connected my college’s global lab linux server with PuTTY. I used a username and password to authenticate and never really appreciated the magic that made it all work. It was a step away from the familiar world of FTP and RDP.SSH later became an integral part of my developer experience when my job switched from Subversion to Git. I was a Jr. Developer at the time and struggled to generate an SSH key. Another developer on the team generated an RSA key pair for me and shared it on a thumb drive. It was some years later before I realized this was less than ideal.Eventually, I fell into a routine. I would get a new laptop, generate a private key – sometimes I would even use a passphrase

While 1Password is usually there to autofill your passwords, sometimes you still have to manually type them in.We’ve all had the experience of connecting to Wi-Fi on a new device, setting up a gaming console, or signing in to a streaming service on our TVs. When these moments come up, typing in a password liken1}C9_X>V-^A5hc]z8!uCXB]bc3jTRWx+Csis not a fun experience, regardless of how secure it may be.So what’s the answer? Enter Memorable Passwords (also known as passphrases). These are created by combining a handful of real but unrelated words. A passphrase could beball-orange-moon-car-pilot, for instance. As long as each word is random, the complete passphrase can be just as difficult for an attacker to crack as a password that contains characters, letters, and symbols.With Memorable Passwords, 1Password can generate passwords that, while still distinctive and random, are easier to remember. Memorizing and typing something likestern-patron-mailmen-degreaseis a practical way to maint

Michael Fey, VP of Engineering at 1Password, recently interviewed Jeremiah Peschka, staff software developer at Stack Overflow, on our Random But Memorable podcast.Stack Overflow is an extensive online community where you can get answers to all your technical questions. Michael and Jeremiah dive into why building communities for developers is so important and how code is reshaping our world. Check out the highlights below, or listen to the full interview.Michael Fey: I’m sure most of our listeners are aware of what Stack Overflow is and have taken code snippets and shipped it out to production systems, but for those who might not know, can you give us a quick overview?Jeremiah Peschka: Stack Overflow is the finest repository of copy and paste snippets you can find. It’s where users can ask questions and get answers to questions. We have a lot of different sites where there are different communities – like sci-fi, cooking, and woodworking – where you can focus on more than just general

One of the many values of 1Password is that we make it faster and easier to use strong, unique passwords everywhere online. That’s great if you already have a good handle on why password strength matters for online security. But we know that not everyone does.If you’re ever in a position of needing to explain the benefits of using a password manager – whether to a friend, family member, boss, or colleague – this post is for you. We hope this helps you share the value of stronger online security.Online threats are on the riseA great place to start is with the problem a password manager solves. We try not to be scaremongers, but at the same time, everyone should know that the internet can be risky to use. For all that it adds to our everyday lives, there are also innumerable threats in the shape of criminals, hackers, and con artists who want access to your personal information. Stealing passwords and logins is fundamental to their work.Websites and the companies that operate them are fr

Very few people can memorize all of their passwords – especially if they’re using unique ones for each account. Many solve this problem by embracing a password manager like 1Password, while others turn to pen and paper. The latter could be a tiny notebook, a whiteboard on their office wall, or an array of sticky notes attached to their PC monitor.We hear two questions a lot: Is it safe to record your passwords in an analog format? And, what are the benefits of switching to a password manager?The short answer to the first question is … yes, pen and paper can be a secure way to manage your passwords. But that doesn’t mean it’s the best way to protect your accounts and stay safe online. Read on to learn why.Is it really that bad if I write down my passwords?Grabbing a pen and writing down your passwords isn’t necessarily insecure. It depends on where you keep the object (your notebook, whiteboard, etc.) that contains your passwords, and the likelihood that a criminal will stumble upon it.

Update: Our TestFlight program for 1Password 8 for iOS filled up fast! We’re making room for new testers every week, so check back often to sign up.I have been waiting to publish a post with this title for a long time. With 1Password 8 for Linux and Windows out in the world – and the Mac version in beta – many folks have justifiably been asking, “but what about iOS? When do I get to see that?The answer to that question is: today! We are lifting the Early Access curtain on our brand new iOS app – and it is gorgeous.I’ve written a whole post about why you’ll love this update and why you should check it out, but maybe you don’t need that. Maybe all you need is the TestFlight link. If that’s the case, happy testing – and don’t forget to report those bugs!It’s worth noting that 1Password 8 is a separate app from 1Password 7, and you’ll need to join this TestFlight crew even if you’re already a 1Password for iOS tester.If you’d like to take a quick tour before testing, I’m happy to oblige. L

Full-stack data platform Y42 is growing fast. The company kicked off 2021 with 15 employees. By February 2022, they were closing in on 100 team members.Hai Nguyen Mau, VP of Operations at Y42, is tasked with designing and refining the systems that allow everyone to get their work done – both securely and efficiently. He loves how simple 1Password makes it. “We need to make sure everyone has the right credentials, and 1Password is part of our infrastructure for doing that. It’s turned out to be a superpower,” Hai says.Y42 uses 1Password to:Scale company onboarding so more people can be brought on quickly and securelyEnsure secure usage of company and customer data across a growing teamMake sure everyone has fast, easy access to the logins they need – and only the logins they needHow Y42 structures 1Password vaults to simplify onboardingHai takes advantage of 1Password’s granular permission settings to streamline onboarding.Ensuring proper permissions starts by giving each team its own v

From smartphones to smart fridges, the Internet of Things is producing more and more devices that are meant to be connected to a Wi-Fi network. The average household was expected to own 50 connected devices in 2021, up from just 10 devices the year before. With so many gadgets living on your home network, it’s never been more important to ramp up your Wi-Fi security.The basics of home Wi-Fi securityMany of the steps required to fortify your home network involve adjusting some settings. Every router and Internet Service Provider (ISP) will have some variation in the way you can access and change these settings, but you should be able to easily find the information you need on your ISP’s website. If you can’t find the instructions online, contact your ISP directly or reach out to the manufacturer of your router.1. Change the default name and password of your Wi-Fi networkOne of the simplest ways to protect your internet connection is to change the default name and password for your Wi-Fi

From restaurant menus to sporting tickets, using a QR code has become a regular part of life for many. They’ve been widely used in some countries for years, and during the pandemic they finally hit mass adoption in North America and the UK.But as QR codes grow in popularity, so do the security risks. It’s important to understand these risks and what you can do to avoid them, so you’re prepared the next time you encounter one in the wild.Why QR codes are on the riseQR codes were first invented in 1994 for tracking automotive parts during manufacturing, and slowly began to spread into parts of everyday life. In China, contactless payments driven by QR codes have been the norm for a long time, with many businesses not even accepting credit cards or cash. However, the QR code initially struggled to gain traction in the Western market.But when the pandemic hit in 2020, there was a clear benefit to touchless technology. Suddenly it wasn’t just an option, but the preferred choice for consumer

As a consumer, I’m a bit spoiled. When I pick up my phone to check my messages in the morning, I scan my fingerprint to get instant access to everything I’ve added to my homescreen. It’s my very own personalized magic portal to all my stuff.Even the apps themselves are (with some exceptions) built to delight.That’s not the case for most tools that developers use every day. Once you leave the consumer ecosystem and get to work in a terminal or an IDE, the experience changes. Because of our technical know-how, we think we need complexity. But we’re here to build the software that powers the world, not necessarily to remember an arcane command and copy access keys a million times every day.When you need to authenticate in your terminal or IDE, why can’t you just use your fingerprint, watch, or face like we can do today in most consumer products?There’s nothing I want more than to extend the magic that we take for granted as consumers to developers. And with last week’s release of 1Passwor

Hello everyone!I hope you and your family are safe and well. 🙏Thankfully my family and I are, and with the snow starting to melt here in Canada, I’m excited to come out of hibernation and so happy to be out walking again.Our development teams were busy over the winter creating some great new things. What better way to spend the cold months than indoors with their machines to keep warm, eh? 🙂We have a lot to cover so let’s jump right in.SSH and Git and CLI, oh my!Developers and designers and those in IT are going to love this section. If that’s not you, you may want to jump ahead while I geek out here. 😘Roustem and I originally created 1Password as a development tool for our web consulting business. Being able to automatically fill logins, addresses, and credit cards was a huge boon to our productivity.I’m excited to announce that the team has built on these roots and have brought this magic into development workflows to make them easier and more secure.They started with SSH keys and...

There are countless reasons why you might want to keep the websites you’re visiting a secret. For example, you could be planning a surprise vacation for your best friend, seeking out information that’s meant to be banned in your country, or simply trying to minimize what advertisers know about you.In these situations, many people turn on their web browser’s built-in private browsing or incognito mode. Why? Because the names of these features suggest they’ll turn you into a temporary ghost that can’t be tracked by any person, employer, advertiser, or government.But they don’t work like that.Private browsing and incognito modes can be useful, but they don’t hide your activity from everyone. If you want to take back control of your privacy, it’s important to know what these modes conceal, and who they conceal it from. Once you know their limitations, you can turn them on at a time that makes the most sense for you, and take other precautions to increase your privacy when necessary.What pr

When we released 1Password 8 for Windows, it marked the start of the next chapter for 1Password. And though Santa may have come and gone in the weeks since, we’ve still got a bag full of shiny new toys for our Windows customers.Earlier this week, we released 1Password 8.6 for Windows and Linux and a new beta for Mac. And while the new SSH agent and 1Password CLI 2.0 rightfully stole the show, there are so many other goodies I wanted to highlight since 1Password 8 for Windows launched in November.It’s only been four months since that release but 213 improvements have shipped since. 🤯 Let’s review the hightlights. 😍Beautiful-er sidebarLet’s start with the sidebar as it contains some of the most visible changes. One of our biggest requested features was to bring Categories back to the sidebar and that is once again possible. 😍You can bring Categories back to your sidebar from within the new Appearance settings. And while we were there we added the ability to hide tags, too. Speaking of...

We are halting new account creation in Russia, along with renewal payments for existing customers in the region.Effective immediately, we are halting the creation of new 1Password accounts and renewal payments from sanctioned regions.Affected accounts will become read-only at the end of their current billing period. Customers can continue to view and export everything in their account, but can no longer add or edit items.Customers outside of sanctioned regions remain unaffected.1Password has customers all over the world, and we’re proud that our product is being used internationally to keep people safe online. However, given the current events, we’re taking action to comply with international sanctions and to further our support of Ukraine.Earlier this month, we showed our support in a few different ways: pledging to match employee donations up to $50,000 USD, and standing with other Canadian business leaders in a letter to the Prime Minister in support of Ukraine.Steps we’re takingWe

1Password now includes full support for SSH keys, providing the easiest and most secure way for developers to manage SSH keys and use Git in their daily workflow.The magic of 1Password has always been making the secure thing to do the easy thing to do. Today I’m thrilled to announce that we’re bringing this magic to development teams everywhere with the all-new 1Password SSH Agent. 🦄In today’s release 1Password can now create new SSH keys, keep them organized, and make them securely available everywhere you need them with just a few clicks. Best of all, each feature was built for developers, by developers, so they fit perfectly in your existing workflows.Our private beta hit #1 on Hacker News last month so it seems we’re not the only ones that had this itch. 😍Using SSH keys is now as easy as 1, 2, 3…Many toolchains and workflows rely on SSH keys. Everything from git to scp to logging into remote servers require properly configured SSH keys before being able to get your work done.It g...

Our new command-line tool makes authorizing with services and securing your development toolchains easier than ever.The magic of 1Password has always been making the secure thing to do the easy thing to do. Today I’m thrilled to announce that we’re bringing this magic to development teams everywhere with our new 1Password ssh agent and op command-line tool. 🦄Use op to level up your shell by seamlessly providing secrets to all the services and accounts you use in your workflow.Here we see op in action as we attempt to list our S3 buckets on AWS.Did you see the magic? You need to look close as it’s easy to miss. 🕵🏻You can catch a glimpse behind the curtain in the window title as aws is not being run directly. It has been aliased.$ alias aws="op run --env-file=$HOME/.config/op/aws-env -- aws"Now when aws executes it does so from within an op run context.When it’s time to locate the access secrets aws does what it always does, but there is no (plain text) ~/.aws/credentials RC file for ...

Responsible for keeping your business secure? We know it can feel like a daunting task. After all, the average business has multiple employees using different devices with varying amounts of technological expertise. A single team member might use just one app to stay productive, while another may use 1,000. And they could work in a company-owned location, like an office, or hundreds of places around the world, including their own home.That’s a lot to consider.If cybersecurity is leaving you tired, anxious or overwhelmed, you’re not alone. In our first State of Access Report, 84% of security professionals said they were currently feeling burned out.The truth is there’s no quick fix that will make cybersecurity an easy or endlessly relaxing problem. If you start cutting corners, the likelihood of a breach will only increase. But there are some basic principles that can help you manage your company’s digital defenses, and encourage other team members to make smart, secure decisions on the

Raising a family today means, for many parents, having kids who use the internet for entertainment, talking with friends, and schoolwork. Millions now have a smartphone around the time they lose their first tooth. This creates new challenges for parents who want to help their children navigate around mature content, misinformation, and other online risks.But kids need space to explore and learn about technology at their own pace. So don’t monitor or look over their shoulders at all times. Instead, give them advice on how to use the internet securely. Below are some tips on how to approach these conversations, and what specifics you should share with your children when it comes to online safety.Approach with care, and be an allySome early guidance will set your child up for success – both in using technology and handling any problems. Have a relaxed but realistic conversation at a time and place where you’ll have their full attention. Remember that this isn’t meant to scare them away fr

At 1Password, we’re committed to providing an industry-leading security platform for both businesses and families. That’s why today, we’re announcing that we’ve increased our top bug bounty reward with Bugcrowd to $1 million. With this investment, we’re further bolstering our ongoing efforts to keep 1Password customers as secure as possible.What is Bugcrowd?Testing software for security vulnerabilities, commonly called penetration testing, is typically handled through specialized firms. Bugcrowd provides a platform where multiple security researchers can come together to offer a crowdsourced investigation. Bugcrowd makes it possible for companies like 1Password to work with tens of thousands of security researchers and ethical hackers on an ongoing basis.The bug bounty program lets 1Password reward these security researchers for helping fortify our defenses and protect our customers against evolving threats.1Password and BugcrowdSince 2017, 1Password has worked with Bugcrowd to reward

Getting a password manager is the ultimate minimalist move – after all, reducing the number of passwords you need to remember down to one is pretty significant. When we’re talking about digital minimalism we’re referring to the idea of simplifying your digital life to help you focus on the things that are truly important to you. A password manager is an important tool in any digital minimalist’s life and can help you achieve that organizational, zen-like happiness.Why digital minimalism is importantDigital minimalism is about intentionally choosing the technology we use in order to improve our lives. This is important from both a security standpoint and a well-being standpoint. Security-wise, using a password manager means you can use strong, unique passwords for every account. 1Password also points out websites where you can enable 2FA, and highlights websites where a breach has occurred advising you to update your password on that site.From a well-being standpoint, not having to worr

Creating and remembering strong, unique passwords can be a challenge, and resetting them when you forget can be annoying and time-consuming. But it doesn’t have to be this way. If you adopt a password manager like 1Password, you can instantly generate and safely store all your passwords in one place.The problem with passwordsWith nearly everything online requiring an account these days, password security has never been more important. You can’t protect every account with your pet’s name or your mom’s birthday and expect them to remain safe. Instead, you need to use strong, unique passwords. But if you don’t have a system for remembering them, it’s easy to fall into a frustrating cycle of creating, forgetting, and constantly resetting them.Security breaches and password theft are on the rise, so it’s no surprise that many sites are demanding longer, more complex passwords with upper and lower case letters, and at least one number and special character. They’re tougher for cybercriminals

1Password stands with the brave citizens and leaders of Ukraine who are defending their homes and our values.I am taking a stand, alongside the founders of 1Password – David Teare, Sara Teare, Roustem Karimov and Natalia Karimov – and 78 other Canadian business leaders, to urge the Government of Canada to continue taking bold action with the conflict in Ukraine.We signed an open letter to Prime Minister Justin Trudeau, Deputy Prime Minister Chrystia Freeland, and Minister of Foreign Affairs Mélanie Joly, which was published in The Globe and Mail this week to express our deep sorrow, concern, and recommended action steps. Thank you to Michael Katchen and Som Seif for organizing this letter.To help support the people of Ukraine, 1Password is matching donations made by our employees up to $50,000. We’re also offering support to our employees who are impacted by the conflict.I stand with peace.We're listeningQuestions? Reach out if you want to discuss the letter or our support of Ukraine d

We’re making it easier for Phantom wallet owners to save their account password, secret recovery phrase, and wallet address in 1Password. Phantom is a digital wallet that lets you manage cryptocurrencies, tokens, and NFTs built on the Solana blockchain.This is the first of many partnerships that we’ve been working on in the cryptocurrency space. It’s always been our goal to make it easier for everyone, regardless of their technological proficiency, to protect everything that’s important to them. And for an ever-growing group of people, everything includes digital assets.It all feeds into our mission to bring human-centric security to everyone.Starting today, if you create a Phantom wallet in your browser – and have an active 1Password membership – you’ll see a Save in 1Password button. Choosing this option will save everything you need to access your Phantom wallet and safely trade Solana-based tokens and collectibles.That includes:Your Phantom wallet passwordYour wallet address (You n

The trusty webcam used to be a “nice to have” for the occasional job interview, virtual hangout, or simple YouTube recording. But that all changed when the pandemic started. In just a few months it became a daily tool for people around the world, from fully remote businesses to families and friends kept apart in lockdown.Webcams now play such a large role in our lives that it can be easy to forget their potential risks. Many people don’t realize that cybercriminals can exploit laptop webcams, phone cameras, and standalone webcams if they’re used incorrectly. The exploding popularity of video calls and personal livestreams also means that more cameras are in use at any given time, creating more opportunities for attackers.Webcam usage is only going to rise as more of us work remotely, connect with loved ones on platforms like Zoom, and experiment with apps like Twitch and Instagram Live. So it’s important you take some precautions to keep out would-be attackers.How attackers target your

The end is in sight. You’ve decided to leave your job and have already handed in your notice. You’re finishing up some final projects and, before too long, will be saying one last goodbye to your coworkers.Job (literally) done? Not quite. Before your last day, you need to decide what to do with all of your corporate accounts and devices.Why it mattersYou might be thinking: “Why do I need to do anything?” After all, if you leave and something goes wrong, it’s not like it’s your responsibility, right? Wrong. We all bear some responsibility when it comes to security, and figuring out the best, most secure action for all of your work-related hardware and passwords has its merits.Taking the correct steps will help you maintain a good relationship with the company. Because who knows – you might want to work for them again someday.It will protect your former employer from data breaches. The average cost of a data breach rose to $4.24 million in 2021, according to IBM’s annual Cost of a Data B

You power on your computer and open your inbox, ready for another day at work. But instead of some unread emails, you see a login screen with an all-too-familiar message: it’s time to update your password. And it can’t just be any password. It needs to be one you haven’t used before, and it must include a number… and a special character… and be 8 characters long…Sound familiar? Many companies require their employees to change their password every 90 days. It’s an inconvenient policy which leads people to ask: Is it really necessary?The short answer is no. Frequent password changes may have been a good idea in years gone by, but they’re not necessary today. Read on to learn why.The thinking behind mandatory password changesThe idea behind forced password expiration is simple. If your credentials are always changing, it’s harder for an attacker to know what they are at any given time. For example, a cybercriminal might stumble upon a list of leaked passwords. But if the leak is three mon

Conversations about consumer data privacy grow louder each year, with the news headlines to match. Trust in the technology sector is now at an all-time low and customers are increasingly concerned about the privacy of their personal information. It’s become a serious topic that all business owners need to follow, not just security specialists and tech bloggers.For small businesses, there’s some good news: Customers are more likely to trust you than the larger brands, according to a 2021 study by the Kearny Consumer Institute. But remember that trust needs to be earned. As more data is collected, both inside and outside of tech, privacy efforts are now critical – both ethically and legally. No matter your size, it’s never been more important to treat personal data with the respect it deserves. This includes data from paid customers as well as those who simply visit your website or sign up for your newsletter.Even the most trusted companies can be careless with customer data. It’s not ju

A digital declutter helps you organize your life and has the added bonus of reducing your vulnerability to common threats. But knowing where to begin can be hard – most of us leave a larger digital footprint than we realize. We’ve created a checklist to help you clear away the clutter and reap the rewards of a clean digital state.We recently covered the benefits of a digital declutter on our podcast, Random But Memorable, so you can have a listen to that as well (skip ahead to 23:16 to jump right into the decluttering discussion).Read on for our top tips for tackling your digital clutter.The benefits of a digital declutterSpotting online threats isn’t always easy – after all, their job is to deceive you. But, with a healthy polish of your online presence, you can reduce the likelihood of falling victim to a cyberattack. Here are a few hazards a digital declutter could help prevent:Data breaches: By deleting old accounts or shoring up your account security with two-factor authentication

For the average person, “traditional hacking” isn’t really an ever-present threat. It’s unlikely that a hacker will ever try to track you down, steal one of your devices, and bypass whatever you’ve set up to protect your personal data. Social engineering, on the other hand, is an increasingly common security threat that you’ve probably encountered many, many times before.Ever gotten a suspicious email claiming to be from a well-known company? A robotic voicemail asking for your information? Most of us have. While it might just seem like a nuisance you can ignore, social engineering is a very real threat you need to be prepared for.We’ve all been there. You get a ridiculous-looking email full of typos claiming to be from a service you don’t even use, asking you to log in and share your information. It might seem impossible that anyone could fall for such a blatant scam, but don’t let the obvious tricks lull you into a false sense of security. Social engineering techniques are always evo

Brex and 1Password have partnered to make online payments secure and frictionless. 1Password customers can now use Brex virtual credit cards to check out online with just two clicks.Brex is a powerful financial stack designed to serve the next generation of growing businesses, and now that power is accessible through 1Password in the browser.Growing businesses choose Brex because their all-in-one platform of financial software, services, and products makes it easy to control corporate spending and manage runway in one place. 1Password Teams and Business customers can now connect their Brex account to 1Password for frictionless, secure online payments in just two clicks.With the new integration, Brex customers can autofill their Brex corporate and vendor card information while checking out anywhere on the web – right from 1Password in the browser. Brex admins can also create and fill vendor cards during checkout.How to simplify and secure online payments with Brex and 1PasswordImagine y

Single sign-on, or SSO, is a valuable addition to your enterprise security arsenal. It doesn’t protect against every threat, but it can reduce your attack surface, lower IT costs, and provide a better login experience for your employees.What is SSO?Without single sign-on, employees typically create a unique login for each site and service they use at work. With SSO, employees sign onto their SSO platform with a single, strongly vetted identity. That single identity then gives them access to all the services within the SSO framework.Each SSO provider works a bit differently, but the basics are the same. Let’s use Okta – a leader in enterprise SSO – as an example. Once deployed, employees can log into Okta to see a dashboard that lists all of the services they can access. They simply click the site or web app they want to launch from the list, and Okta launches the URL and logs them in automatically using SSO.That’s a very different experience from opening each site and entering login in

As our online lives become subject to new and evolving threats, we’re doubling down on protecting the digital privacy and peace of mind of everyday people – at home and at work.1Password has raised $620 million (USD) in the largest funding round ever for a Canadian company.Our latest round was led by ICONIQ Growth, with participation from other wonderful partners including Accel, Tiger Global, Lightspeed Venture Partners, and Backbone Angels.I’m delighted to announce that 1Password has raised $620 million in our latest investment round that values our company at $6.8 billion. This moment represents a lot of hard work by a lot of amazing people.Most days, I find myself too busy to truly reflect on all we’ve accomplished over the past 17 years. I think back to our tiny Macworld booth, or the weeks we’d spend at the Cupertino Inn working on our latest iOS or Mac release. It feels like yesterday that I was excited to cross the 100-employee threshold, yet here we are just a few years later

The journey to becoming a developer has many paths. The most traditional is through attending a university and obtaining a computer science degree. However, many in the industry arrive via a different route.In particular, those who come from traditionally underrepresented groups often find themselves entering this space later in life and with vastly different experiences than those from university.But it can be tricky to enter the profession from an unconventional route because so many learning and training opportunities are restricted to university students. So where does this leave those who found their way into tech outside of the traditional path?Introducing The Collab LabLuckily there are organizations like The Collab Lab that are trying to help fill in this gap. The Collab Lab exists to help early-career developers, especially ones from underrepresented groups, learn the skills used every day on development teams. These include pair programming, code reviews, writing great PR des

Millions of workers are leaving their jobs after enduring stay-at-home lockdowns and reflecting on what they need to be truly happy and healthy. While the ‘Great Resignation’ could have a positive impact on society, it also represents a security risk for businesses of all sizes.Because if your company doesn’t keep tabs on its rapidly changing workforce, it could accidentally grant someone the wrong access and, in the worst-case scenario, give cybercriminals access to critical data.To safely navigate the Great Resignation, you need to focus on two key areas: provisioning and device management.Why provisioning matters“Provisioning” can refer to many aspects of IT infrastructure, but here we’re talking about access to important files, accounts, and services. In 2021, almost every employee needed a combination of software and digital resources to do their job. Depending on your industry, that might have included apps, browser-based services, or files stored on a company-managed server.To k

If year-end reviews have taught us anything, it’s that people love recaps that cram 12 months of growth and change into a five minute digestible read. Last year we worked hard to bring easy but secure password management to everyone – businesses and individuals alike.New apps, integrations, research, and partnerships – 2021 had it all. 1Password was even named one of G2’s Best Software Products of 2021. Here’s a quick overview of everything our teams got up to:Product releases and updatesLast year was the starting point for the next generation of 1Password.We launched our first Linux app, which doubled as a world debut for 1Password 8 – an all new design optimized for peak productivity and unrivaled security. We also released 1Password 8 for Windows – first in early access, then fully featured and ready for the world.1Password 8 introduces a new design language, code-named Knox, and countless additions that make it faster and simpler to use, like Quick Access search.Apple devices also

Business security is often associated with larger companies where employees spend most of their time in front of computers. This stereotype can lead small business owners – especially ones outside the tech industry – to think they’ll never be targeted by hackers and don’t need to invest in security. It’s a mistake that cybercriminals are exploiting. Even without a traditional office environment or complex IT infrastructure, your growing business needs to take security seriously.If your team uses the web in any capacity, it’s critical they protect their accounts with strong, unique passwords. Stolen logins are at the heart of most modern attacks. But there are other vulnerabilities and threats to be aware of, some which might be specific to your industry or company structure. So staying informed is critical.Most businesses are “online businesses”Restaurants, law firms, and even doggy day spas are all connected to the web. You might advertise online, handle transactions electronically, o

Several layers of protection guard the data you store in 1Password, but is it enough to defend against cyberattacks like credential stuffing?Few things are scarier than getting an email about someone trying to log into one of your accounts. Doubly so when that account is for your password manager.The good news is that by using 1Password, you’re already protected against the most common type of cyberattack that triggers these emails: credential stuffing.What is credential stuffing, and how does it work?Modern cyberattacks rarely involve actual hacking.It’s become easier and more effective to simply use credentials stolen from data breaches without wasting time trying to crack individual passwords. Hackers use specialized software to make login attempts against popular web services using those stolen credentials on a massive scale. This type of attack is known as credential stuffing.By now, we’ve all learned that data breaches are a fact of life online. In 2021, they were at least 17% mo

Creativity can be fickle. One day, your brain is full of bright ideas you’re keen to jot down, develop, and share with others. The next day, you have nothing. Zilch. Not even a flicker of an idea. You suddenly feel like a world-class restaurant that’s run out of ingredients.A key element of creativity is finding the odd jolt of inspiration. But discovering that spark can be tricky if you work from home. You don’t have a normal commute, which for many is a chance to let your mind wander and experience random but inspirational moments. Similarly, you’re not working in a busy office that’s full of sights, sounds, and smells to draw from.But that doesn’t mean you can’t be just as creative while working remotely – you just need to make a conscious effort to surround yourself with sources of inspiration. These can be physical objects, online communities, or activities that encourage you to hit pause on work, turn off your devices, and clear your head.Real-world serendipityRecreate the commut

Staying secure at work doesn’t need to be complicated. Minimize stress and avoid burnout by following these simple cybersecurity tips.How cybersecurity and burnout are relatedNo-one wants to feel burned out at work. Battling physical or emotional exhaustion can impact your health, happiness, and any sense of professional fulfillment. That in turn can affect your productivity and the likelihood you’ll make an honest mistake that puts your company’s data at risk.Our first State of Access study found that burned-out employees are 37% more likely than other workers to have poor practices when setting up work-related passwords.While there are many factors that can lead to burnout, staying secure doesn’t need to be one of them. Follow these 15 cybersecurity tips to protect yourself and your company from the vast majority of attacks:Passwords1. Use Strong, unique passwords.That means no common passwords like “123456,” “qwerty” and “password,” or anything that includes your name or date of bir

2021 has been an incredible year! 🙌 Here’s my last newsletter of 2️⃣0️⃣2️⃣1️⃣ to wrap up the year. 🤗Hello everyone, 👋I hope you and your family are safe and well. 🙏I’m fortunate that my biggest concerns this year are stocking up on all the ingredients for our three family dinner celebrations and making sure everyone has something wrapped under the tree. I’m very thankful for that!We also have some presents for you. Let’s unwrap them together now, shall we?Dave's Newsletter1Password 8 for Mac is now in beta 🎉I’m thrilled to announce that 1Password 8 for Mac has officially entered beta. 🙌I shared the early access with you earlier and the response was incredible. I was blown away by how many people reached out to discuss our latest baby. 🥰Now that we’ve had a chance to polish things further we’re ready to invite all of you to our beta family and give it a go. Here’s the gorgeous design that will greet you.I really love our new design language and the incredible speed of 1Password 8...

In 2020, millions of businesses were thrust into remote work. What started as necessity has revealed lasting benefits for both employers and employees, though. The model improved productivity and employee morale, while lowering operational costs. Between these benefits and the continued priority of worker safety, many startups are launching with a remote or hybrid approach from the outset.New businesses may find it easier to adopt this style of work because they don’t have a team that’s used to being in the office together, or to following processes that were never designed with a remote model in mind. This provides an advantage for cybersecurity, as well.With employees working from anywhere, security education and involvement are more crucial than ever. A culture of security can be a unifying force that makes safe online habits a source of pride, rather than a chore. The good news for startups is that it’s less work to create this from scratch than it is to transform an existing cultu

As a startup, you might have branded swag well before a cybersecurity strategy. And it’s not hard to understand why. Printing stickers is easy. Knowing where to start with security – the who, what, how, and why – can feel a bit more daunting. But it doesn’t have to, and is far more important to your company’s future.Cybersecurity risks are growing by the day, especially for startups. Almost half of smaller businesses reported cybersecurity breaches or attacks over the last year, up from less than a third in the previous year. It’s an epidemic that forces 60 percent of affected businesses to close within 6 months.Part of the problem is a lack of resources – small companies are often stretched thin, and IT hires aren’t always seen as a priority early on. But the larger issue is a lack of awareness. Startups often don’t know the extent of risks they face, their particular vulnerabilities, or that solutions don’t need to be expensive or complicated.If you’re leading a startup, and have a s

Finding new ways to help the planet and the people around us is some of the most important work we do here at 1Password. At some point we started to wonder, what can we do to support the health of our oceans? As part of our continuing 1Password for Good initiative, we’ve decided to partner with the Sustainable Ocean Alliance to make a positive impact on our environment.Sustainable Ocean Alliance (SOA) is a global community of over 6,000 youth, experts, and entrepreneurs based in 165 countries, all collaborating to solve the greatest challenges facing our ocean. They support solutions and projects that address the targets of United Nations Sustainable Development Goal 14: to conserve the ocean and sustainably use marine resources. SOA does this by providing funding, network access, mentorship, and other resources to startups and grassroots leaders around the globe who are working to improve ocean health.Seas the day 🌊Our donation of $50,000 supported 10 projects, with missions that ran...

If you feel like you can’t go a week without hearing about yet another data breach on the news, you’re not experiencing déjà vu. Data breaches are on the rise, and massive organizations like Solar Winds and Facebook aren’t the only ones vulnerable to attack.From businesses to individuals, data breaches can affect anyone. For example, small and medium sized-businesses are now targeted by 70% of cyber attacks, and 58% of breaches involve personal data.It might seem like a battle you just can’t win, but there are ways to minimize your risk and stay secure online. We’ll walk you through a simple data breach definition, how to protect yourself from a data breach, hacking and social engineering attacks, and what you need to do if your data is ever compromised.What is hacking?People often confuse the words “hack” and “breach” or use them interchangeably. So before we go any further, let’s quickly clarify what they mean. Hacking is when someone, sometimes called a “black hat hacker,” aims to c

Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly.But now, nearly two years into the pandemic, another cybersecurity threat has emerged: employee burnout.Work-related exhaustion isn’t a new phenomenon, but it’s been amplified by Covid-19. And when it’s left unaddressed, burnout can put companies at risk because it influences employees' habits and decision making.To understand the issue, 1Password surveyed 2,500 adults in the U.S. and Canada who are in full-time employment and spend most of their working hours in front of a computer. It’s the focus of our first annual State of Access study, which explores the latest security threats, how workers feel about them, and what businesses should do to protect themselves.Our key findingsBurnout is a huge problem across the U.S. and Canada. 80

A unique feature of 1Password’s security is the Secret Key, but its value is often misunderstood by users and security experts alike. Instead of thinking in terms of “is it like a second factor” or “is it like a key file” it’s best to explain it in terms of what it actually does: It protects you if we were to be breached.What is the Secret Key?The Secret Key is central to what makes 1Password’s security uniquely strong. It offers our users exceedingly strong protection if our servers were to be breached. However, its uniqueness makes it difficult to understand. Not only is it difficult to understand, it places an additional burden on users. Burdening users with an additional task that is hard to understand is really not our style. The fact that we do so should give some idea of just how important the Secret Key is for security.A cracking reviewLet’s review what happens when some service gets breached. If you already know a bit about password cracking and hashing, just skip this section

You don’t reuse passwords, so why are you reusing your usernames? Using a unique username does more than just protect your privacy, it also has important security benefits.Below, we’ll explain what threats unique usernames protect you from, when you should use a unique username, and how to use a username generator to create them.The dangers of repetitive usernamesIt’s risky to use the same username for everything. Why? Because if it’s visible to the public, or is exposed in a leak, cybercriminals don’t have to worry about figuring it out when they try to access any of your other online accounts. With more than 61 % of breaches involving credentials used to authenticate a user, having both a unique password and a unique username makes any attempts to breach your account more difficult.Are you guilty of using a variation of your own name or adding some other personal identifying information – like your birth year – to make a new username unique? You’re not alone. However, using personal

Thanksgiving is the holiday so nice we do it twice – a quirk of having our North American team members distributed across the US and Canada! With your help, we raised over $51,000 USD this year to support Second Harvest, United Way Centraide, and Food Banks Canada in their efforts to make the holidays happy for everybody.Too often it feels like our ability to make an impact is limited, but during times like these it’s helpful to remember the compounding power of small gestures. You may think one person can’t move the needle much, but collectively we can effect real change.And we have.Between Canadian 🇨🇦 and US 🇺🇸 Thanksgiving, over 51,000 of you signed up to keep your loved ones safe with a 1Password Families account. By choosing to protect your family online, you’ve also chosen to help other families put food on the table this holiday season.🤝 Supporting Our CommunitiesOver the past month, $1 from each of those sign-ups was donated to three notable organizations working hard to s...

Starting today, we’re adding JumpCloud to the list of popular enterprise identity providers compatible with the 1Password SCIM bridge, making it easier for more teams to provision and manage their users. We’re thrilled to add JumpCloud’s easy-to-use and highly rated service to our growing list of integrations.Using JumpCloud and 1Password, you can establish the oversight you need to fortify your security policies and protect your team.“Password management is a critical part of any company’s security model, and we find that 1Password does it better than anyone else. The 1Password and JumpCloud integration allows us to have a complete Single Sign-On solution, and offers a very effective way of programmatically managing access.” – Reilly Scull, CTO at MacktezUninterrupted workflowThe 1Password SCIM bridge helps you manage your teams at scale, bringing 1Password into the workflows you already know and trust. It lets you control the rollout of 1Password Business from your existing IDP (Iden

Go, go, go, go. And then go some more. For countless small businesses, this is your reality. But breakneck productivity is not always the healthiest approach, and it often comes at the cost of security.You’re focused on building your business. You may be piling on assignments for employees, even outside of their expertise, just to hit your goals and stay competitive. So you may think focusing on improving security is either unnecessary or, worse, hindering production. If that sounds like you, consider this your polite slap on the wrist. 💁You shouldn’t have to sacrifice workplace productivity in the name of security – even if your “workplace” is fully remote. Believe it or not, when your employees work securely, improved productivity often follows. Striking the right balance now, in the early stages, can create lasting change as you scale and greet new challenges – and successes – in your journey. Stay secure … and productive? 🤯The tunnel vision of workplace productivityIn recent year...

Before the pandemic, most millennials didn’t have a will, let alone a plan for handing over their digital accounts.Why? Many simply don’t know how to get started, or worry the process is too expensive, complicated, and time consuming. Others simply feel that it’s not a pressing issue, especially if they’re still healthy or don’t have a lot of savings.The COVID-19 pandemic changed everything, however. It forced millions of millennials to reconsider their health, finances, and relationships, as well as what would happen if they were to suddenly pass away. But has this moment of reflection triggered a wave of new wills and digital estate plans, which include passwords and other online credentials? To find out, we conducted a survey with estate-planning experts Willful and Trust & Will.Some of the findings might surprise you.Takeaways from the U.S.68% of millennials still don’t have a will. However, the last two years have been a wake-up call. Almost three quarters (72%) of respondents who

Got a Windows PC? You can now enjoy the modern design, improved productivity, and enhanced security & privacy of the all-new 1Password 8. 🥳I’m so excited to share 1Password 8 for Windows with you today. We went back to the drawing board and recreated every bit and every pixel to bring you the most modern, productive, and secure version of 1Password yet!Let’s start with the all-new lock screen. 🔐Sold already? Here’s the download link. 🙂You can also hop on over to our 1Password 8 for Windows: Dark Mode Edition companion post to see this announcement and every screenshot in glorious dark mode. That’s right, 1Password 8 fully supports dark mode! 😎Modern DesignWe set out to create a modern, first-class experience that feels right at home on Windows 11. To make this possible we created an entirely new 1Password design language, code-named Knox.Let’s open things up to see the beautiful design in its full glory. 😍Despite its simplicity, 1Password 8 is packed with features to help you orga...

A virtual private network (VPN) is a useful tool that protects your online activity by creating a secure ‘tunnel’ that sits between your device and the site or service you’re trying to access.These days, VPNs are everywhere. Many workers rely on them to access their email and corporate files while they’re outside the office. Others use them to visit sites and watch content that isn’t normally available in their country. Or to better protect their internet traffic while they’re browsing the web on a public Wi-Fi network.Using a VPN is usually quite straightforward: launch the client, click connect. But understanding how one works is trickier. Tunneling? Encapsulation? These terms are hardly commonplace, unless you’re an IT or security professional. Here, we’ll break down the basics and answer a common question: is it always necessary to use a VPN while connected to the internet?The basics: How does a VPN work?A VPN acts as a gatekeeper between your device and whatever you’re trying to i

Our core values as a company center around our users’ privacy, security, and satisfaction. While developing Masked Email – our integration with Fastmail that lets users create new, unique email addresses without ever leaving the sign-up page – we needed a technology that brought all three values together.Enter JMAP: the developer-friendly, open API standard for modern mail clients. Below, we’ll introduce you to JMAP, explain why we chose it for Masked Email, describe how the integration works, and share how you can get started using JMAP in your own projects.I’ll be honest, I’d never heard of JMAP (JSON Meta Application Protocol) before we started working on the proof of concept for Masked Email. I was amazed that I’d never heard of this standardized open protocol (RFC8620) that can do so much – JMAP is faster than its predecessors, it’s an open standard, and it’s easy to use.The more I read about JMAP, the more I realized how antiquated the de-facto APIs that run our digital lives are

We hear a lot about the consequences of practicing poor security. And for a while, this was rightfully so. When the importance of cybersecurity was still emerging, many people didn’t understand what could happen if they weren’t following proper security procedures.But those days are long behind us, so it’s time to retire the scare tactics of the past.I like to call it “spooky security”. It’s when we try to scare people into submission or use fear mongering to force people into behaving more securely. It’s not working, and it’s stopping businesses from building a healthy security culture. A strong culture of security includes individuals not only being aware of policies and procedures but also understanding security and the role they play in it. It also involves employees’ attitudes towards security and how that impacts their actions. If that attitude is fear and uncertainty, they’re less likely to take an active role. An organization with employees disengaged from security is bound to

With each passing year, our digital lives grow in size and complexity. We open new accounts and place more value on the ones we log into and use every day. The trend has led to a rise in digital estate plans – a handover that ensures your friends and family members can take over your most precious accounts after you’ve gone.Creating a plan is one challenge; figuring out what to do with someone else’s is another. Maybe you’ve inherited one, or know a family member who plans to give you their accounts after they’ve passed away. Regardless, it’s important to have a strategy before logging into anything that was once owned by a loved one.Step 1: List the accounts in order of priorityThe first step is to take stock of everything in your loved one’s digital estate plan. Grab a piece of paper or create a digital document and rank the accounts in order of priority. It might seem laborious, but this exercise will help you identify which accounts require your attention first, and just as importa

As we’ve all learned, often the hard way, amazing tech has introduced not-so-amazing risks: viruses, hacks, and leaks, to name a few. A data breach or cyber attack can happen at any moment, to individuals or businesses of any size – and attackers do not discriminate.Many small and medium-sized businesses (SMBs) may have the “it won’t happen to us” mentality. Smaller teams and tighter resources can lead to the indefinite delay of a security strategy, skipping over cyber insurance, and even a lack of awareness or response when attacks do happen.But as it turns out, SMBs are now targeted by 70 percent of cyber attacks, making them especially vulnerable. At the same time, a majority of small business owners say they aren’t concerned about a potential attack in the next 12 months.To our friends in the SMB community, we want to offer a friendly nudge: You should prepare for anything, because an attack is something your growing business simply can’t afford. And improving your defenses can be

We’re excited to announce the launch of our free online learning platform, designed to help anyone develop a deeper understanding of online security, privacy, and staying safe on the internet.As our lives become increasingly digital and cybersecurity threats become more prevalent, it’s never been more important for everyone to understand how to stay safe online. But with the flurry of services, technologies, and advice floating around out there, it can be difficult to know how to put it all together.That’s why we’ve created 1Password University: your one-stop destination for free, online security resources – made for everyone.Security training doesn’t have to be boringFrom one convenient hub, you can access a wealth of knowledge ranging from 1Password-specific tips and tricks, to deeper dives into the fascinating world of IT security concepts. Learn how to make the most of your 1Password account’s features, find out how to build a culture of security in your workplace, or discover why

The 1Password Security team is a crew of wonderful characters responsible for security, privacy, and compliance. We have three very high-level objectives:to keep customer data safeto keep company/employee data safeto keep the product safeAnd a lot of (slightly) smaller efforts go into meeting those larger goals. One important onging effort is the tool review, which is an in-depth analysis of a proposed app, tool, or service before it’s used internally. Today, I’ll explore why we chose the tool review method, how we perform our reviews, and share a few things we’ve learned along the way.Why we chose the tool review methodThe in-depth review process isn’t the only way to vet software. Some organizations submit a questionnaire to the developer, others choose their apps based upon reviews and industry recommendations. There’s also the blind faith approach (popular and not recommended).Back when 1Password was a small startup, we’d get excited to try the latest and greatest apps and services

1Password customers can now securely share virtually anything in their 1Password vault with anyone – even if the recipient doesn’t use 1Password.Before I was Chief Product Officer at 1Password, I was a 1Password customer. Back then, I often shared items in my 1Password vault with friends and family who also use 1Password. I shared the Netflix login with my kids, I shared secure notes about doctor’s visits and grocery lists with my wife, and I shared all kinds of things with my colleagues to get our work done securely.But sharing with anyone who doesn’t use 1Password wasn’t as easy. What if my in-laws came to visit and needed the Wi-Fi password? (They’re not 1Password customers, but rest assured, I’m working on that.) What if I needed to share a login with a contractor for a temporary project at work?Sure, I could copy those items from my 1Password vault and paste them somewhere: in an email, in a chat message. Or I could screenshot and send it as an image. Of course, doing so dramatica

Whether you’re spending time with family around the dinner table or on a video call, Thanksgiving is a time to reconnect with the people who matter most.While it hasn’t been the easiest year, now is a good time to reflect on what we’re grateful for. For you, it might be reuniting with loved ones (in-person or virtually), being in good health, and even simple things like that perfect slice of pumpkin pie. It’s an opportunity for us all to give thanks, but also to give back to our communities.Since Thanksgiving comes early here in Canada 🇨🇦, we’re getting a head start on our efforts.🌽 Giving BackFrom now until November 25th, 1Password is donating $1 from every new 1Password Families sign-up to a few of our favourite causes:Second Harvest is creating an efficient food recovery network, reducing the environmental impact of food waste while ensuring that everyone ​​– regardless of their economic situation – is able to feed themselves and their family.United Way Centraide works across Can...

If you own any virtual currency, what will happen to it after you’ve passed away? Would your friends and family know what you owned? Or how to access the funds?If your answer to both of these questions is ‘no,’ consider creating a handover plan. Something your loved ones can follow without being crypto-experts or diving into unfamiliar message boards for assistance.Not sure where to begin? Just follow this guide.Hot or cold?First, understand what you’re trying to hand over. Cryptocurrencies are stored in one of two ways: hot or cold wallets. Many people hear the term ‘wallet’ and believe their funds are held inside, but that’s not the case. A cryptocurrency wallet simply contains the encryption keys required to access assets on a blockchain. It’s the blockchain — a digital ledger held by many people, rather than a single entity — that verifies every transaction and keeps track of who owns what.So if you want to give someone your assets, first figure out how to give them your keys. The

We’re often asked about single sign-on (SSO) solutions here at 1Password. We get questions like ‘Can we use 1Password and SSO?’ and ‘Why do we need 1Password if our organization uses SSO?’I’m about to cheat and answer (hopefully) every question at once: You absolutely can (and should) use 1Password alongside a single sign-on solution. Let’s start with a brief overview of the fundamentals.SSO, identity access management (IAM) solutions, and password managers are often conflated because they have similar high-level protocols: one login provides access to multiple accounts. While SSO and password managers aren’t the same — they aren’t mutually exclusive, either.SSO solutions allow users to authenticate with one username and password and use the same login session to access other websites and services. 1Password, at its core, is a password manager that allows users to securely store, fill, and share (if they choose) credentials, personal information, and documents.Now, let’s explore all th

Last year, we made it easier to make secure payments online through direct integration with Privacy. Now, we’re doing the same for email. Announcing Masked Email – a 1Password and Fastmail integration. Create new, unique email addresses without ever leaving the sign-up page. Keep your real email address private from the apps or services that you sign up for – using a masked email address can protect you from breaches, and puts control of your inbox back in your hands.Taking control of your privacy and masking your email address is now as easy as generating a strong password.1Password and Fastmail – a privacy-focused partnershipAt 1Password, we believe your data should be kept private and protected from prying eyes. Our friends at Fastmail wholeheartedly agree that privacy matters, which is why we’re thrilled to integrate their privacy-focused email experience with 1Password.We’ve teamed up to create Masked Email, making it easier for you to separate your online identities and reclaim s

It’s been a while since we ran our challenge, How strong should your Master Password be?, in which we gave out prizes to the first people who could figure out the passwords in carefully constructed challenges.The challenges were designed to simulate the threat to a user who has had their 1Password data stolen from their own machines (1Password data captured from our servers are protected by your Secret Key and so aren’t subject to this sort of attack). After paying out a total of $30,720 USD, we have a better picture.The short answer is that it costs the password cracker about $6 USD for every 2³² (4.3 billion) guesses of a 1Password account password. An attacker, on average, only needs to try half of all the possible passwords, and had we not provided hints, it would have cost the attackers $4,300 USD to crack the three-word passwords in our challenge.This figure of $6 USD per 2³² guesses allows us to calculate the cracking costs for any known password strength. Given that passwords c

At 1Password, we’re committed to a customer first, human-centered approach to inform our product roadmap and create award-winning experiences our users love.That commitment starts with a genuine curiosity about how and why people use our password manager. We need to understand our customers’ goals, needs and wants before we can improve the product and make a positive impact in their lives.When and how do people use 1Password? What problem is it solving for them? How can we make this experience better without making any compromises on our core values of security and privacy?To answer these questions we need research. User experience research.What is user experience research?User experience research is an essential part of any product development process. It involves making structured, deliberate efforts to understand current and potential customers and their experiences. Product teams use these insights to make smarter decisions and design solutions with customer needs in mind. This res

Everything you love about 1Password is now available in Safari on iPhone and iPad. And it’s as incredible as you could possibly imagine.Ever since we first released 1Password X for desktop web browsers, we’ve dreamed of bringing its power to iPhone and iPad. With today’s release of iOS 15, we’ve done just that! 😍You have immediate access to all of 1Password directly in Safari. Fill with a tap, search all items, generate Smart Passwords, or even view your favorite shortbread recipe. Having your entire digital life available directly within Safari is life-changing.And that’s just the beginning. We brought in-page suggestions over from the desktop as well.In-page suggestions allow you to access your items exactly where you need them. For sites that have complicated sign-in forms, we use our on-device machine learning to detect what’s happening and automatically fill the password for you.And if you use two-factor authentication, we automatically fill the codes, so you don’t need to copy t...

1Password has been a remote company since we started more than 15 years ago. We’ve worked hard to build and maintain a remote culture, as we grew, that places value on a healthy work-life balance, transparent communication, and trust. That’s why we’re thrilled to announce that we’ve been included in Quartz’s Best Companies for Remote Workers 2021.Making remote work, workAt 1Password we’re big advocates of remote working – after all, it makes teams happier and more productive. But a distributed workforce comes with its own set of challenges, too – collaborating with more than 400 people across multiple time zones takes a lot of empathy, support, and trust.With so many people and projects to coordinate, communication is key. Open communication and transparent expectations are at the center of our remote work culture. Each team’s projects and workflows are tailored to the individual capabilities (and availability) of its employees.Employees can always engage with managers and each other o

What does the future of email look like? How can you be a better digital citizen? And, why is online privacy so important? We answered all these questions and more when we sat down with Ricardo Signes, Chief Technology Officer at Fastmail – a privacy focused email service with no tracking and no ads. Check out the highlights below, or listen to the full interview with Ricardo on our podcast, Random but Memorable.Random But Memorable: Tell us a bit about Fastmail.Ricardo Signes: Fastmail – we provide email, contacts and calendar hosting. When someone asks me what we do I say we’re like hotmail, except our product is really, really good. We want the features that we build to make people feel good about using them – to make people enjoy the experience of reading their mail, writing their mail, and dealing with their calendar.RBM: What’s interesting about Fastmail is it’s a paid email service in a sea of free email providers – how is that received and how does that work?RS: I think it work

Greetings everyone! With the recent launch of our Early Access preview of 1Password 8 on macOS I wanted to take a few minutes to pull back the curtain on this software development project that is over two years in the making. Before we get into that, though, I think a bit of backstory is warranted.1Password 7, 6, 5, 4…With a fifteen year history, 1Password has seen a lot of changes across all our supported platforms, but the way we’ve built our apps has largely been the same over those years. The very first version of 1Password was built by Dave and Roustem as a weekend project to help them with their day jobs of building websites. They got tired of manually filling in usernames, passwords, and contact information to test the sites they were building and figured they could build a tool to automate that. This weekend project quickly took over their day job and spawned a whole company and industry.The first version of 1Password was a Mac app with a small team of four dedicated to it. Whe

Earlier this year we released our new Linux app and soon after opened early access to 1Password 8 for Windows. Now it’s time for Mac to join in on the fun! 🎊Mac has always held a special place in my heart. Roustem and I created the very first version of 1Password on our Mac PowerBooks way back in 2006. And our love has continued throughout our 15-year history. 🥰When we set out to create 1Password 8 we wanted to create a familiar, unified experience while staying true to what makes each platform special.With 1Password 8, we’ve done exactly that. 1Password 8 is our best Mac app to date and today we’re opening early access so you can get in on the fun.Welcome aboard the next generation of 1Password for Mac. 😍Let’s start at the top. Categories now sit atop your item list as a simple dropdown filter, giving the sidebar plenty of room to show all your vaults and their accounts.You’ll also notice an indicator next to each shared vault, making it easier to see which vaults are private and w...

As we discovered in our Women in Tech panel earlier this year, it’s important to show women succeeding in male-dominated industries, like technology/security, and to talk about how men can help create space for others in the workplace. We’ve previously highlighted our women-led Security team and now want to continue sharing stories about women in leadership by introducing you to two leaders that are helping create space for women and non-binary people in the tech industry.We talked to Helen Horstmann-Allen (Chief Operating Officer) and Nicola Nye (Chief of Staff) of Fastmail, a privacy-friendly email provider, about their interest in privacy-focused technology, challenges they’ve encountered in the industry, and their advice for women and non-binary folks working in or thinking about joining the tech industry.What’s your role at Fastmail?Helen: I came to Fastmail in 2015, when they acquired my email forwarding company, Pobox. As the Chief Operating Officer, I work to bring the best ema

If you’re reading this, and you don’t live under a rock, you know organizational security is important. But, these days, the term ‘organizational security’ means so much more than it has in the past. It’s not quite as simple as installing a highly-rated anti-virus solution on employees' computers and calling it a day.One can hire the best IT security people, purchase the most secure software, and procure the services with the safest and most private practices, and it’s still not enough. As we’ve learned, even high-profile organizations with every resource at their disposal aren’t immune to missteps.What that organization, and many organizations just like it, lack is a true culture of security.A what?A culture of security is the collective habits of employees who engage in security defences, and actively help protect an organization. When everyone on your team, from entry-level folks to your CFO, has an interest in the safety of operational data, you’ve created a security culture. As I

I have some fantastic news to share. Today we’re announcing a new investment round in 1Password. Our current investor Accel led this round and a number of incredible folks including Ashton Kutcher’s Sound Ventures and top executives from Shopify, Slack, Squarespace, Google, Eventbrite, MessageBird and Atlassian also came on board.That’s a pretty awesome list of partners, but why would we take a second round when we are still profitable? Let’s take a little trip back in time to roughly two years ago to find out.Taking that first funding stepIt was the summer of 2019 and founders Dave, Sara, Roustem, Natalia and I were discussing whether or not we should partner with Accel and take our first ever funding round.1Password was successful, profitable and growing so we didn’t need the money. We also knew that we had something truly special and wanted to make sure we weren’t going to screw things up. At the same time 1Password needed to grow in order to help as many people as we wanted to, and

Have you ever been convinced that your devices are listening to what you’re saying? We’ve all been there. Despite popular belief, your gadgets aren’t eavesdropping – but they are tracking everything you’re doing online and creating a hyper-personalized mega profile that advertisers use for targeted marketing.Here are some of the easiest ways to reduce your digital footprint and take back control of your privacy online.Privacy vs security: What’s the difference?While privacy and security are often thought of as synonymous, or used interchangeably, there are actually distinct differences between the two. Security is about protecting your data from being accessed without your consent, whereas privacy is your ability to choose what information you share. Privacy is a bit like sending a message in an envelope versus a postcard that anyone can read. While security is like sending a message in a lockbox that no one else has the key to open.Privacy is almost always context-sensitive. If you’re

A month ago, we asked for your help in supporting Let’s Encrypt, the world’s largest certificate authority.And boy, did you deliver.In just 17 days, you raised more than $28,000. The total came from more than 600 donors based in 28 different countries. We’re going to match everyone’s donations, as promised, and throw in an extra $22,000, bringing the campaign’s grand total to $78,141.That makes it the most successful fundraising campaign in Let’s Encrypt’s history.From everyone at 1Password and Let’s Encrypt: thank you. None of this would have been possible without your incredible support and generosity.How your donations will make a differenceLet’s Encrypt relies entirely on charitable donations to operate. Your support ensures the team can continue to support website owners around the world by removing the cost and complexity associated with HTTPS encryption.When you visit a website like 1Password.com, you’ll see a padlock icon in the address bar, which represents HTTPS — Hypertext T

Visibility is critical to security and IT teams. If they can’t see what’s going on, they can’t act. So today we’re giving security and IT greater data visibility with Events API, a public REST API for 1Password Business customers.In addition to the events that have always been available to admins, item usage and successful and failed sign-in attempts can now be routed to third-party platforms to create dashboards, alerts, and much more.With greater visibility, security and IT teams can now correlate 1Password events with other data sources to gain a deeper understanding of how workers are using 1Password.We’ve built the API with SOC (Security Operations Center) and SIEM (Security Information and Event Management) tools in mind – database tools which analyze and present time series event data with alerts, dashboards, visualization, and search. In fact, we’ve already created pre-built integrations with Splunk and Elastic (more on those in a minute).What can I do with Events API?With Even

As a huge Apple fan I’m always looking forward to the next operating system updates, and Monterey is bringing some really cool new features. FaceTime calls for everyone (with spatial audio!), a spacious new design in Safari, Quick Notes, Universal Control, and more.As a huge 1Password fan and 1Password developer I’m always looking forward to the next operating system updates to make sure everyone’s favorite password manager runs as smoothly as possible there.Our track record is quite good with out-of-the-box compatibility for Apple’s latest OSes over the past decade. So how’d we do this year? Our team members have been running the developer prerelease versions of Monterey since WWDC and 1Password has been running wonderfully.The best part? You can get on the prerelease bandwagon right now! Apple has released a public beta of macOS Monterey ahead of its official release later this year.Installing a beta is always a tad risky. (If you’re not sure, we recommend holding off or installing i

Simple, well-tested protocols prevent disasters.Food allergiesMy daughter has a life-threatening food allergy, so eating out is always a little scary. Over the years, we have learned which restaurants are “safe” for her and which are not. Those restaurants that are safe for her have one thing in common – an established protocol for dealing with food allergies. The typical protocol is something along these lines:Inform the server of the food allergy and the specific allergen.The server informs the kitchen of the allergy.The manager makes the food or supervises the making of the food.Her food is brought out on a special plate or by the manager.Having a documented protocol allows us to enforce adherence to the protocol, and the simplicity of the protocol allows us to easily spot violations. As an example, one restaurant we visited frequently would plate all allergy orders on yellow plates instead of their usual white. If my daughter’s order came out on a white plate, we spoke to the manag

We know that many businesses use identity providers like Okta, Rippling and Azure Active Directory to control what their employees have access to. That’s why we built the 1Password SCIM bridge — a way to connect these services with our enterprise password manager. It streamlines common administrator tasks, such as setting up new employees with a 1Password account and granting them access to specific groups.To sync everything up, all of our customers that want to leverage automated provisioning deploy the SCIM bridge on one of their own servers. But that made us ask the question: what would happen if a SCIM bridge went down? Could we do more to help companies diagnose and fix the problem?To solve this issue, we decided to build health monitoring, a tool that administrators can use to quickly check on their SCIM bridge and narrow down any technical issues. We had a good idea of how this should work, but we’re in the password management business, not the server monitoring business. Buildi

With the recent launch of 1Password Secrets Automation, we were eager to learn more about current habits and feelings related to secrets management – good, bad, and everything in between – to help illustrate the problem and the risks involved. We surveyed 500 businesses on the topic, and today we’re excited to share our findings in a new report.Today’s high-tech ecosystems involve thousands of vulnerable secrets, which are often spread out across multiple services with no visibility or auditability. To avoid a data breach, these need to be encrypted and delivered to machines and services safely; but as the report shows, there’s a long way to go. We’ve summarized some of the key takeaways below, or you can download the report to read the complete findings.Do you know where your secrets are?Around 80 percent of IT and DevOps teams are not managing their secrets properly – think API keys, tokens, and certificates. These secrets let a database admin access a database, an app access another

In summer 2020 a spotlight was placed on racial inequality and the institutionalized racism experienced daily by Black people around the world. The global Black Lives Matter protests highlighted just how important it is for people and organizations to raise their voices and take action with, and for, those who have been historically oppressed.Last year 1Password and its employees donated $85,214 to Black Lives Matter causes, including matching employee donations to help support causes important to our team. But while donations are important, we know there is so much more work to be done. As an individual, an employer, and a leader at a large organization it is my and others responsibility to help increase awareness around important issues that speak to our values.By taking the Juneteenth pledge we at 1Password are taking another step forward in our commitment to improving the lives of our employees, our communities, and society as a whole.The Juneteenth pledgeLast year was the first ti

We’re on a journey to reimagine everything 1Password can be on Windows. And you’re invited to join us!It seems like just yesterday I unveiled 1Password 7 for Windows. At the time I said every bit and every pixel had been recreated from scratch to make 1Password the best it could be. It was a tremendously successful release.Fast forward 3 years to today and I’m excited to reveal that we’re doing it all over again. We’re gearing up for all-new 1Password apps on every platform. Each one will be better and faster, and each will push the envelope for what you’ve come to expect from 1Password.Today we’re opening early access for the next generation of 1Password for Windows. And it’s gorgeous! 😍Next level designOur designers and user experience specialists never stop iterating, polishing, and reimagining how 1Password can best help you get your work done.For the next 1Password for Windows we’re applying every lesson we learned to create a delightful experience. And a delightful experience is...

Today, we’re thrilled to be partnering with Let’s Encrypt, the world’s largest certificate authority. Part of the nonprofit Internet Security Research Group (ISRG), the team supports website owners by removing the cost and complexity normally associated with enabling HTTPS encryption. That, in turn, helps the web become a more secure and privacy-respecting place for everyone.We want Let’s Encrypt to continue this important work. That’s why we’re teaming up and supporting the nonprofit’s annual summer fundraising campaign. We’ll be matching the next $50,000 in supporter donations this month, and giving $20 1Password gift cards to the first 500 people who donate $50 or more. You can donate here to get involved and help eliminate weak, insecure website connections for good.How Let’s Encrypt makes the world a safer placeIf you open a new tab and navigate to 1Password.com, you’ll notice a padlock icon in the address bar. Click on that symbol or the URL, and you’ll see the acronym “HTTPS.” T

Apple’s second fully-remote Worldwide Developer Conference kicked off this week and, as always, our Apple development and design teams have been excitedly studying the documentation and sessions all week.For the last year and change, Apple has been perfecting the art of transforming their typical in-person keynotes into highly polished tours through their incredible campus and the future of software on their platform. Even though we’re all at home, Apple still manages to reach through the screen and pull us into the excitement and the possibilities that make WWDC one of our favorite developer events of the year.One of my most-loved things about WWDC is how we challenge ourselves to see just how quickly we can take the new technologies Apple is touting and apply them to 1Password. This year was no different. In fact, you may have already seen some of what our amazing Browser Experience team was able to do by the end of the day on Monday.Safari Web Extensions on iOS and iPadOSI’ll be hon

If you’ve heard the news in the last month or so, I’m sure you know about the Colonial pipeline cyber attack that took place at the end of April. If you’ve not heard about this, I’ll summarize the story.On April 29, 2021, hackers gained access to the network of the largest fuel pipeline in the United States. The attack led to a ransom payment of $4.4 million and fuel shortages throughout the east coasts of the US and Canada.I work in cybersecurity so I understand the risks we face in this digital world. But when an organization of this scale is thwarted by the smallest security gap, I still think, “How does that happen?”On a purely technical level, I can tell you. The attackers - believed to be members of an infamous cybercrime group - hacked into the network through a Virtual Private Network (VPN). The VPN account that acted as the gateway for the attack wasn’t in use at the time, but it was still active (we’ll get to that in a minute).The password was the other problem. It was later

At 1Password, we regularly hire outside experts to check our source code and look for security vulnerabilities. A recent penetration test by Cure53 identified a case where the 1Password server wasn’t using a constant-time comparison when it should. The fix, while trivial, created an interesting challenge for us: How can we confidently say that we don’t have this issue elsewhere?This is the first in a series of new developer-written posts on our blog about Building 1Password, a behind-the-scenes look at what goes into making the app. You can expect these to be technical, nerdy, and frankly… not nearly as polished as what our crack marketing and content teams put out.What are we trying to solve?Before we get to the solution, let’s talk about the problem. It’s recommended that security-sensitive comparisons be done in a constant-time manner. In this case, the comparison was a token string that is sent to the user via email. The recipient uses this to effectively prove they received the em

The browser experience has been the core of 1Password since the very beginning. We’re constantly rolling out improvements, and today I’m happy to announce some huge updates that take things to the next level. 🎉Touch ID, Windows Hello, and biometric unlock 👉💻Our #1 requested feature has been Touch ID & Windows Hello support. Now, if 1Password is locked and you have the desktop app installed, you can use biometric authentication to unlock faster than ever!No matter your flavor—Touch ID, Windows Hello, or biometrics on Linux—you can now enjoy passwordless unlocking for 1Password in the browser. Yet another example of how apps help make the browser experience better.Dark mode 🌒If you stay up into the wee hours of the night like I do, you likely favor websites and apps that do dark mode well. This update brings full support for dark mode to 1Password in the browser—and it’s never looked better.And the pop-up isn’t the only piece that looks great in shades; our on-page suggestions also l...

At 1Password, we’re always striving to make our products and services as secure as possible, and we couldn’t do it without your help. To say thanks, we’re increasing our bug bounty rewards.Since day one, we’ve encouraged everyone to reach out to us with suggestions around how we could improve 1Password security. Though our team works hard every day to design and build the most secure password manager there is, that doesn’t mean we don’t have blind spots. That’s why we’ve worked with Bugcrowd since 2017 to be able to reward researchers who point us towards anything we might have missed. When a researcher finds something we’ve overlooked, we want to hear from them, and reward them for their efforts.In the last few years we’ve rewarded more than one hundred submissions to our Bugcrowd program, with an average reward payout of over $800 (USD). While our $100,000 (USD) top bounty remains unclaimed, we find enormous value in the reports we get at the other levels. The creativity on display i

The wait is over. 1Password for Linux is officially here.Linux support is far and away our most requested feature. Bringing the world’s most loved password manager to such a passionate community – and building on the incredible work of the open source community – is both humbling and exciting for all of us at 1Password.So today we’re rolling out the red carpet for our Linux friends. 🤗I know many of you have been using 1Password in your browser to generate and store strong, unique passwords for a long time. And we’re proud of how well that works. But nothing beats a full-featured desktop app that takes advantage of everything the operating system has to offer, especially if it can make the browser experience itself better (spoiler alert: it does).Let’s take a walk up the red carpet and see what awaits us.Loaded with goodiesWe believe that native apps with deep integration create a better experience, so 1Password for Linux will feel right at home on your desktop, whichever flavor of Lin...

We’re all familiar with wills. But have you considered your digital estate? By that, we mean all of your personal data, including any service that you log into online. Many people don’t realize they need a handover plan, which can create complications for their loved ones when they pass away.If you want to avoid any legal and technological headaches, follow this beginner’s guide, which we created in partnership with estate-planning expert Trust & Will. “By creating a digital estate plan, you are protecting your online assets from risks like identity theft, hacking, and fraud,” Patrick Hicks, Head of Legal at Trust & Will explained.What is digital estate planning?Digital estate planning is like traditional estate planning – but focused on everything that makes up your digital life. The process involves taking stock of your assets, including online accounts, cryptocurrencies, and data stored on personal devices, hard drives, and cloud-based services. The next step is to make arrangements

At 1Password, we’ve always worked hard to help you secure your digital life. You can use our password manager to safely store and access logins, passwords, company credit cards, email addresses, and other identity information.It’s also a great place to keep copies of important documents – everything from birth certificates to real estate records – the list is endless.And today, that list got a little bit longer with the addition of a brand new item type with distinct fields to help you store and track health-related information. Introducing the Medical Record, available to all 1Password subscribers.Add a title, date, practitioner’s name, and anything else you want to save. We’ve included some default data suggestions and, like other 1Password item types, you can add custom fields and remove others as you see fit. It’s all incredibly flexible and practical – and that was the goal.New features and item types aren’t born out of think-tank brainstorm sessions in far-away company offices. W

Cybercrime is on the rise, businesses have become the number one target, and data breaches are costing companies millions. With most breaches caused by weak, reused, or stolen credentials, it’s time to talk about your passwords.Times have changed, passwords haven’tBusinesses have relied on passwords for more than 70 years. Back then, and until the rise of enterprise software, there was little need for long, complex passwords. A pet’s name or a spouse’s birthday worked just fine. Fast forward a few decades, and it’s a different story. An estimated 81% of data breaches are now caused by compromised credentials.If data wasn’t valuable, hackers wouldn’t hack itThe prevalence of cookies, trackers, and other data collection tools has boosted the volume and value of a company’s data assets. Even the smallest company has something to lose from a breach, the most precious being its reputation as a trusted place to do business. And without trust, sales suffer, customers leave, and market shares

By now, you’ve heard the news. SecretHub, the company I founded in 2014, is joining 1Password. I’ve shared my thoughts and next steps with SecretHub customers – without whom I wouldn’t be here – but today I want to address you, 1Password customers.I’ll start by saying this:Boy, it’s good to be here. Let me tell you why.The SecretHub storyThe first product we built at SecretHub was a secure, end-to-end encrypted file syncing service. While working on that application, we ran into an interesting problem.Like everyone else, we were deploying more frequently than ever before, sometimes multiple times a day. And like every cloud application, our software needed a handful of credentials to access a database and a few APIs. But where to put those credentials?We had two options. We could put the secrets in our code (or somewhere else where they would be visible to a number of people) but that would leave them exposed. Or we could restrict access to one person (me) and manually input the creden

Secure, orchestrate, and manage your company’s infrastructure secrets with 1Password Secrets Automation.Today is a big day at 1Password. Today, we’re launching 1Password Secrets Automation, a new way to secure, orchestrate, and manage your company’s infrastructure secrets. With the addition of Secrets Automation, 1Password can now protect all of your company’s secrets in one place.Passwords and infrastructure secrets, all in one placeSince 2005, 1Password has been keeping secrets safe for humans like you and me: our passwords, our credit cards, our personal documents.Machines have secrets, too. These secrets give humans and machines access to other machines. They’re how a database admin accesses a database, or an app accesses another app. Secrets are the lifeblood of the growing organism that is your infrastructure.And that organism is growing faster than anyone could’ve predicted. Every company is now, to some degree, a technology company. We’re all shipping software at an incredible

It’s now easier than ever to secure your employees at scale with our powerful new updates to automated provisioning in 1Password. We’ve redesigned the user experience to be more straightforward to navigate from initial setup to managing existing deployments.The SCIM bridge automates provisioning by securely connecting 1Password to your identity provider. 1Password integrates with Azure Active Directory, Okta, Rippling, and OneLogin, allowing you to fold the management of your 1Password account into your existing workflows, using the systems you already trust.Once set up, you can use your identity provider to deploy 1Password, invite employees, grant them access to groups, and deprovision them when they leave.With the latest updates, administrators gain access to an assortment of new features and refinements including a streamlined setup flow, improved user interface, health monitoring, expanded security options, and better Let’s Encrypt support.Together, these updates further improve t

We’re thrilled to be partnering with Ramp, a corporate card and spend management platform, for the initial rollout of the “Save in 1Password” button.The new “Save in 1Password” button makes it easier than ever to save payment cards and other details in 1Password.What is it?Starting today, Ramp customers will see the “Save in 1Password” button when they sign into their Ramp dashboard.If they have 1Password installed, when they click the button, 1Password will offer to save their payment card details and, from then on, 1Password will automatically surface those payment card details whenever an online purchase is made.Launching with RampRamp offers corporate cards and spend management tools to help mid-sized companies accelerate growth without compromising on their finances.If you’re a Ramp customer, the “Save in 1Password” button will let you quickly add your card details to 1Password so they’re at your fingertips the next time you’re making an important business purchase. And, of course

We know there are several password managers to choose from. They all have different names but promise to do the same thing: protect your employees’ accounts with complex, hard to guess passwords. So why choose 1Password for your business? There are many reasons, but the most important is our promise to prioritize your privacy over everything else.Encryption you can rely onWe have many protections in place to stop would-be attackers from accessing our servers. (It’s no coincidence that we’ve never been hacked!) And even if a thief somehow slipped through, they would only have access to reams of scrambled information. That’s because 1Password uses end-to-encryption to safeguard everything that your team has in their accounts. Unless the hacker had access to everyone’s decryption keys, the data would be worthless.Every team member’s decryption key comes in two parts. There’s a Master Password, which you need to remember to access your account, and a Secret Key. The latter is a long series

On International Women’s Day, we shared highlights from our recent Women in Tech panel, where women at 1Password discussed the obstacles faced by women and non-binary people in the tech industry. One of the issues raised during the panel was how important it is for women working in male-dominated spaces to see other women succeeding. With that in mind, we wanted to highlight and celebrate our women-led Security team.We spoke to Harlie Hardage (Security Training Coordinator), Pilar García (Privacy Officer), and Rainbow (Incident Response Manager) about their paths into the industry, the challenges they’ve faced, and their advice for women and non-binary folks considering a career in privacy and security.What’s your role in the Security team?Harlie: I coordinate our internal security training initiatives, so I spend a lot of time talking to other teams, as well as developing and leading training sessions.Pilar: My area is privacy and compliance. I talk to people in different areas of the

We’ve been told what makes a strong password for years. The rules are indelibly etched in our minds: Make ‘em long, and make ‘em random. The more difficult a password is to guess, the harder it is to crack.That’s true. But there’s more to it.Our password generator has created an incalculable number of long, random passwords since 2006. It’s gone through a few iterations in that time, but it’s been dubbed the Strong Password Generator for about 14 years. Because, well, that’s what it is, and who needs flashy nomenclature?But it’s 2021; it’s time for a change, and I’m excited to announce the Smart Password Generator.Still strong. So much smarter.One smart cookieI spoke with Client Apps Product Lead, Mitchell Cohen (also a smart cookie), about how the Smart Password Generator (SPG) earned its name.Mitch first walked me through a user interface (UI) that’s clean and simple.The UI is sparse because you don’t really need it. And therein lies the beauty. Elsewhere lies the brain.The (aptly na

Being a woman in tech means navigating an industry that is difficult to enter, and even more difficult to advance in. It means facing the gender pay gap, challenging systematic bias, and even dealing with harassment – amongst other challenges.We want to get real this International Women’s Day and talk about what everyone can do to help women overcome the obstacles they continue to face in tech.During AGConf this year, our annual company conference, we hosted a Women in Tech panel with seven women leaders at 1Password – Jeannie De Guzman (Chief Financial Officer), Rachel Yarnold (Director of Marketing Campaigns), Meena Lakhanpal (General Counsel), Lynette Kontny (Senior Manager of Customer Success), Mary Sison (Director of Finance), Sasha VanHoven (Staff UX Writer), and Youri Wims (Senior Web Developer).These women shared stories of challenges they’ve faced, how they’ve managed to thrive in the tech industry, and what they think could make the most significant differences for the future

News of a data breach is stressful, to say the least. You may be thrown into a panic, wondering:Is my sensitive data safe?How much of my information was stolen?What am I actually supposed to do next?Thankfully, 1Password has your back. Let’s break down what a data breach actually is, and walk through five simple steps you can take to secure your data in the event of a breach.What is a data breach?A data breach is when someone with malicious intent gains access to sensitive data, such as financial information or social security numbers, without the owner’s permission. This information may be sold on the dark web, held under ransom for payment, or leaked to the public.How to protect your data in the event of a breachHere are five steps that you can take right now to protect your data in the event of a breach.1. Check Watchtower for data breach reportingWatchtower is built right into 1Password. The data breach monitoring tool informs you about security breaches on the websites you use alo

At 1Password we’re committed to transparency, customer privacy, and support. But becoming the world’s most trusted password manager didn’t happen overnight, and it didn’t come for free. 1Password memberships help power this machine at the highest level, keeping customers safe and satisfied across the globe.If you’re considering using a password manager for the first time or making the switch to 1Password, here are a few reasons why the small membership cost goes a long way.Privacy and transparencySince day one, we’ve placed customer trust at the forefront, a commitment that extends from our data privacy protocols to our hundreds of support interactions every day.With any membership you’ll get everything 1Password has to offer, with no hidden details or surprise fees. This includes expert-tested data encryption developed on top of open standards. You can read all about how we keep your online secrets secure, while never having personal access to your passwords or other info you store in

Even if you’re not a fan of all the mushy stuff, Valentine’s Day might still get you in the mood to think about those important relationship milestones.Making things exclusive, getting a drawer at their place, moving in – these are all important steps in a relationship. But one milestone rarely mentioned – perhaps so commonplace it often goes unnoticed – is sharing passwords with your significant other.Okay, so giving someone your Netflix login doesn’t sound that romantic. But while it may not sweep them off their feet, it’s a big sign of trust. Whether you’re married, living together, or you’ve just reached the password sharing stage, if you’ve been flirting with the idea of 1Password Families, it’s time to make your move.Not sure you’re totally ready to commit? You can share only the logins and information you’re comfortable with while keeping everything else private. Even better: 1Password Families is cheaper than two separate accounts while still letting you maintain any boundaries

Last year we published a report looking at the state of online security and password habits in the home. Today we’re publishing the second half of that research in a new report that focuses on password sharing in relationships and the online security habits of romantic partners.How dating and relationships factor into the online security equation is interesting to say the least. If you want to dive right in, you can download the report – but I wanted to share some of the most interesting findings here.Trust and personal comfortAs with anything, we all have different philosophies on this topic. Your comfort with sharing private details is your own, and we’re not here to judge. The findings in our report show the range of habits and opinions here, at the intersection of online privacy and romance.According to our survey, 25 percent of people won’t share their smartphone password with a partner until they get married. While not insignificant, that tells us the majority are still trusting

Upgrading your 1Password membership to 1Password Families lets you securely share passwords and documents with family members – no matter where they are. It’s also a great way to encourage your family to adopt better digital security habits.Whether you’re in a relationship or looking to help secure your parents, siblings, or kids, there are plenty of benefits to upgrading to a 1Password Families membership.The benefits of 1Password Families1Password Families is a budget-friendly way to protect your whole family. For less than the cost of two individual memberships, you’ll be able to add five family members to 1Password Families – and if you need to, you can invite more family members for one dollar a month. Upgrading to 1Password Families is a great way to save money while protecting your family.Don’t worry if you’ve got accounts and passwords you’d rather keep to yourself, as each family member has their own private vault where they can tuck away anything they want to keep separate fr

1Password has been named one of G2’s Best Software Products of 2021 and is the only password manager to appear on the list. That seems as good a reason as any to share a brief recap of some highlights from the last 12 months.In 2020, in an effort to slow the spread of coronavirus, many businesses made the shift to remote or hybrid work. This unexpected transition left many businesses scrambling to adjust to new ways of working.We responded to the COVID-19 pandemic by offering businesses 1Password free for 6 months, sharing our experience around hybrid work and security, and helping businesses adjust to the changing nature of the workplace.Though 2020 posed challenges for 1Password – as it has for many – in some ways it’s been a great year for us. The number of businesses using 1Password grew to over 75,000, as more companies shifted to hybrid work and began looking for a secure way to share information and passwords outside of a physical workspace.With plans for both small teams and en

In the Compilation of Many Breaches (COMB), more than 3 billion unique sets of login credentials have been shared online in what some say is the largest data breach of all time.Though it seems that no new login information has been exposed, the compilation and sharing of so much data significantly increases the risk that previously exposed credentials could be used to gain access to online accounts – particularly where passwords have been reused.With an event of this magnitude, it’s crucial to stay informed and take steps to prevent your online accounts being compromised, whether at home or at work. In a nutshell, that means changing affected passwords ASAP. We’re here to help.What is the COMB data breach?COMB is made up of compromised email and password combinations exposed by around 252 previous breaches, including from major sites like Netflix and LinkedIn. It’s the largest incident of its kind on record – far exceeding the 2019 Collection #1 data breach.This mammoth compilation of

Identity fraud has become a growing problem as more people work, socialize, and shop online. Unsurprisingly, having your identity stolen has a significant impact on your financial and mental health, and it can take years to recover. And unfortunately, identity theft, credit card fraud, and having your bank accounts compromised are only the tip of the iceberg.ContentsEmerging scamsPandemic-centric identity fraudEarly signs of identity theftPrevent fraudIn April last year, Google reported that nearly one-fifth of all phishing scams were related to coronavirus. Based on previous trends, especially given the effects of the pandemic, we can expect another increase in identity fraud scams in 2021. As scams evolve, it’s important to learn how to spot them so you can protect yourself from these kinds of attacks.Emerging scamsWhen lockdowns started in March, banking online became a new reality for many, and online shopping increased exponentially. Technologies like Zoom, HouseParty, TikTok, and

If you keep an eye on security headlines, you may have seen the news that up to one in five work passwords include the company name.This is according to new research by data protection specialists Acronis, which also suggests that around 80 percent of companies don’t have an established password policy. Both stats are concerning from the point of view of businesses’ online security – but they are trivial to fix if you use an enterprise password manager.The problem with non-random passwordsPeople use the name of the company they work for as part of their password to make it memorable. When people are forced to remember passwords, especially those that they need to change regularly, it carries the unintended consequence of making passwords less secure.People rotate through minor variations of the same base password, such as using their company name with a few extra characters on the end, to check off password policy requirements while still being able to remember their password.The probl

Right now at 1Password, we’re in the process of a large-scale development effort focused on the apps that our customers use every day on macOS, iOS, Windows, Android, and in the browser.We kicked off this effort with the addition of a new platform where we’ve never had a desktop app before: Linux. At the genesis of this project we had a lot of internal discussions about programming languages, tech stacks, toolkits, and more. However, one thing we never disagreed on was our commitment to continue building great apps.We’ve been developing native apps since 2004 so we understand the value they bring to our customers – things like offline access, deep integration with system features, and the ability to manage more than passwords. With every new platform we support, we strive to deliver an experience that feels like the 1Password you know and love, but also feels right at home on the platform you’re using.Your passwords, right where you need themIf you’re a 1Password customer there’s a goo

2020 is over – we can finally say it out loud. While we may not be able to put everything behind us, there are a few things we can pack up and wave a cheery goodbye to. The first one that comes to mind? Bad online security.While it might not be the most obvious new year’s resolution, scrubbing up online habits can be a little more exciting than ushering in a reduced Netflix schedule.Internet use changed dramatically over the past year, as companies moved to hybrid work and families opted for virtual gatherings. This shift in online activity comes with an increase in vulnerabilities due to careless online habits, like weak passwords and reusing the same password for multiple accounts (hint: Changing the number at the end just isn’t good enough).The good news is that, with a few simple changes, you can set yourself up for security success this year.Start with emailThink of your email as the gateway to each of your other accounts. That said, it’s a logical first step when buttoning up you

Today we’re publishing a new report which has some great insights into the state of online security, password use, and password sharing in the home.It’s a must-read for anyone interested in improving their family’s online security, or with a professional interest in consumer-level security. Please feel free to download the report right away, but I did also want to take a moment to share a few highlights and thoughts.A brighter, more secure futureKicking off on a note of optimism, I’m personally delighted to see that, according to our survey, 40% of parents talk about online security with their preschool children. Yes, that number could be higher, but it still amounts to a huge number of parents talking about online safety with young children. The idea that 40% of little ones are budding security and privacy advocates is very heartening indeed.Points of concernPerhaps inevitably, though, points of concern do arise – particularly when we dig into the areas of password use and password sh

We’re excited to announce that it’s now easier than ever for Slack Enterprise Grid admins to initiate an org-wide deployment of 1Password Slack app across all of their workspaces. You’ll be able to manage and monitor how your team uses 1Password, and a variety of other apps, in one place – saving you time and focus.If your team is already using 1Password and Slack and you want to know how org-wide deployment of 1Password through Slack makes your work easier, check out the benefits of this top-down deployment approach below.Secure employees at scaleThe 1Password Slack app lets you monitor important actions your team takes in 1Password and is one of the simplest ways to roll out 1Password across your business. You can invite an entire workspace at once, invite team members in a specific channel or group, or send a direct message to anyone who hasn’t already joined your team. Using the 1Password Slack app, Admins can see who has been invited and their status.As you know, employees are mor

My new 13” MacBook Pro arrived on Friday and the first thing I did was install 1Password to see how things perform on the new M1 chip.The current official release of 1Password was built to target an Intel x86 architecture so Big Sur prompted me to install Rosetta to translate things to run on Apple Silicon.My heart sank a little as hardware emulation is often slow. Upon launching, however, I was surprised to find 1Password launched as fast as ever. This was an incredible delight for sure. Apple really hit the mark here and the developer in me is very thankful they made this transition so smooth.Of course I wanted to enjoy all the power of this new M1 chip so I tried our new beta release which comes as a universal binary. This means it includes both Intel and Apple Silicon instruction sets, allowing macOS to choose the best for the machine it’s running on.This is where things really heated up. 1Password built for Apple Silicon running on the M1 is incredibly fast! 🏎🔥1Password launches...

Hot on the heels of Apple’s release of macOS Big Sur, 1Password 7.7 for Mac brings a host of new features, including support for Apple Watch Unlock.Big Sur is here, and we’re celebrating with a slew of new features that highlight the technological advances that power Apple’s newest operating system.Let’s start with my favorite new way to unlock 1Password.Unlock with Apple WatchOne of our most highly requested features, Apple Watch can now unlock 1Password on any Mac with a Secure Enclave. If you’re using macOS 10.15 or later and using the latest devices, you’ll now see an option in 1Password preferences to turn on Unlock with Apple Watch alongside the Touch ID option.After you set it up, you’ll get a notification on your Apple Watch any time you open 1Password in macOS. Double click to unlock, and you’re in.I can’t tell you how handy this has been for me – especially when I’m using my MacBook with an external keyboard and trackpad. Now I don’t have to reach across my desk to get to the

How do we like our passwords? Just like our podcast: Random but Memorable. We recently hit a huge milestone, recording our 50th episode! That means our fans and listeners have tuned in for 1604 minutes worth of security advice and banter from 1Password and guests. That’s like watching The Lord of the Rings trilogy three times on repeat!Along the way, we’ve been fortunate enough to interview some of the leading voices in the security space. We’ve climbed up a mountain of data breaches with Troy Hunt, navigated the wild west of surveillance with Ann Cavoukian, and dived into the pool of private browsing with Daniel Davis from DuckDuckGo. We’ve also dished out a healthy dose of 1Password tips and tricks to keep your hunger for security satiated along the way.I’m in the mood to celebrate, so whether you’ve never tuned in before or you just want to relive the highlights, here are my favourite Random but Memorable memories.Password Cracking Hacking Spree with Mike PoundI love this episode. Y

If you’re reading this, you probably take your online security seriously – but was your past self as diligent? Most of us have been guilty at some point of reusing passwords or not making our passwords strong enough. But if you haven’t corrected those mistakes, your past just may come back to haunt you.We’re going to help you clear out those virtual cobwebs and set you up to defend against any ghosts that may be trying to haunt your old accounts.Here’s what you need to watch out for, and how to make sure all your accounts belong to the land of the living.Ghost accountsThe Internet moves fast, and in our enthusiasm to try the latest and greatest, we often leave old sites behind. You might not ever have intended to “quit” Myspace or Ello exactly; you probably visited less and less over time, until it had been months, then years, since your last sign-in. Dormant accounts like these never really go anywhere – and they can come back to haunt you in a data breach.Abandoned accounts are still

I’m excited to announce that Troy Hunt will be joining the 1Password advisory board. He’ll be helping us support businesses that have been affected by data breaches and continue our work building the world’s most trusted password manager.A natural next stepMany of you will already be familiar with Troy and his work: he’s a key voice in the security industry and the founder of Have I Been Pwned (HIBP), a free service that allows anyone to check if their accounts have been compromised in a data breach.We’ve been collaborating for a number of years already and this feels like the natural progression of our existing partnership. Troy’s been writing about 1Password since 2011 and has already introduced millions of people to better password security.In 2018, we partnered with Troy to bring the power of HIBP to Watchtower. For the first time ever, this meant people had both the knowledge of being affected by a data breach and the tools they needed to protect themselves. Over the last two year

In June, we released domain breach reports to help businesses guard against data breaches. Today, we’re excited to share some powerful new features that make it easier to quickly identify threats and notify employees so they can secure their accounts immediately – even if they’re not using 1Password.Guard against external breachesMost hacking attacks are relatively straight-forward. More than 80% involve lost or stolen credentials, or use brute force – guessing different combinations of characters to crack a password.With as many as 65% of people reusing passwords for their accounts, it only takes one leaked password to open the door to others – including some you may not have visibility of.The best way to defend against these types of attacks is to act fast: identify the breach and update exposed passwords to strong, unique alternatives.Notify everyone affected in a few clicksNow you can send a customizable email notification to everyone who has been affected by a breach, including th

Our Chief of Security (AKA Chief Defender Against the Dark Arts), Jeffrey Goldberg, wrote a fascinating article back in 2012 that ended with this:1Password, like pretty much all cryptographic software, needs cryptographically secure random numbers to do its stuff securely. What it means for a number to be cryptographically secure, why 1Password needs such numbers, and where it gets those from will be the subject of a future article.It’s been eight years, and I’m here to make good on that pledge with said article. Good things come to those who wait and all that, right? I won’t make any promises that what you’re about to read will be a “good thing” but let’s shoot for the stars.That’s (not) so randomAs I’ve alluded to with the title of this post, humans are notoriously terrible at creating randomness.For example, if I ask you to choose a number between 1 and 10, statistics show about 30% of you will choose 7. There’s an excellent chance everyone will choose an integer, and not something

Buckle up Linux Desktop users! We just opened an awesome ride that we’d love for you to join us on. 🎢 🙌🏼I’m super excited to announce our first beta release of 1Password for Linux. That’s right – we now have a full-featured desktop app for Linux which you can use to quickly find, edit, and organize your items! And it looks gorgeous, too! 😍Planned for official release early next year, we couldn’t wait to share the news with you so today we’re unveiling a beta so you can join in on the fun.A true Linux appOur new app is built to meet the security and performance expectations of Linux users. Its backend is written completely in Rust, a secure systems programming language that has made a lot of waves in the Linux community. We’re especially proud to be using the incredible ring crypto library to power the end-to-end encryption that keeps your data safe.We used this new foundation to bring you the 1Password experience you know and love to Linux and extended it further with:Quick Find an...

Breathe in, two, three, four. Hold it for two, three, four. Now breathe out, two, three, four, five, six. One more big breath in, and exhale, all the way to your toes.It’s amazing how something that seems so silly – counting your breath – can help to pull you into a completely different mindset. By taking that minute to count and concentrate, you can focus on something that is completely you and under your control.You might be wondering why any of this matters to us here at 1Password. Are we about to add a “count my breath” feature to the world’s best password manager? Although we’re always looking for great ways to bring security and convenience together, that’s not on the roadmap. 😂As we enter that season where we’re usually reflective, during a year when we all have more to reflect on than ever, I want to talk a little about the importance of finding that centre when you need it most, and how we’re helping our team do that at 1Password.Make self-care a priority, seriouslyAs we’re a...

Security questions. Used for online account recovery, we’re faced with these queries nearly every time we register with a new service or website.You know the deal: Choose about three questions (though the number varies) from a list of presets, and provide the answers in freeform text boxes. If you forget your username or password for that website in the future, answer one (or more, again, depending on the site) of your security questions correctly, and you’ll be granted access to your account.Want to stay secure online? Create a unique username with 1Password’s free Username Generator!Common security questionsHere are some examples of common security questions:What is your father’s middle name?What was the name of your first pet?What is the name of your favorite teacher?What was the model of your first car?Where is your favorite place to go on vacation?Creating and remembering answers to all of these is easy peasy, right?(insert eye roll emoji)Security questions are common authenticati

Today we’re announcing a new partnership with Privacy. 1Password now lets you create Privacy Cards, virtual payment cards that protect you when you spend online. You can create as many Privacy cards as you need and control where and how they’re used.Contents1Password and PrivacyPayments with 1PasswordGetting started1Password and PrivacyWe’re so pleased to add these features to 1Password – we’re pretty sure it’s new territory for password managers across the board. This partnership means we can now do for your money what we’ve always done for your passwords; namely, create unique information for every service you use to keep your most important data as safe as can be.We have all the details below, but here’s a video with the main details if that’s your jam:Payments with 1Password1Password is now the best way to create and use virtual payment cards in your browser. The Privacy integration is available now for 1Password X, and soon for the 1Password Safari extension. It lets you:Create ne

To coincide with the launch of Android 11, we’re bringing you a brand new update to 1Password. Your favourite password manager now takes full advantage of the new features and security enhancements that come with Google’s latest OS update.Awesome autofillTo start, let’s look at the change nearest and dearest to my heart. With Android 11 comes support for displaying autofill results in the suggestions strip above your keyboard.Now, you can see your logins from 1Password as suggestions in Gboard when signing in to supported apps and browsers.This feels like a natural fit, as the suggestion strip already supports smart suggestions, emojis, and pasting from the clipboard.Protect your privacy with app permissionsAndroid 11 also gives you even more control over the permissions for apps, like access to your mic, location data, or camera.You can set permissions to automatically expire, so if you haven’t used an app for a while, it won’t continue to access your information. Or, you can grant on

You’ve probably seen the term “principle of least privilege” (or “PoLP”) around the interwebs, or perhaps you’ve heard it from your own security consultant.ContentsWhat does the principle of least privilege (PoLP) mean?Why does the principle of least privilege (PoLP) matter?How does the principle of least privilege (PoLP) work?How does the principle of least privilege (PoLP) look?How is the principle of least privilege (PoLP) used?The bottom lineI’m sure you’ve surmised it’s dubbed a “principle” for a reason (i.e. it’s a good thing). It’s another one of the (myriad) phrases tossed around when people talk about organizational security and – I get it – how can one know each of these phrases in depth unless security is their sole responsibility? It’s just not realistic.That’s why we’re here with our From the Security Desk series, and why I’m here to tell you all about the principle of least privilege and how it can strengthen your company’s security.What does the principle of least privil

Back in May, we released the first installment of findings from a survey we conducted of 1,000 US knowledge workers, including 500 IT department personnel. Those findings shed light on the opportunities and challenges that companies faced as they embarked on their remote work journey, and the largely overlooked successful job of IT in leading the transition.The next chapter of this research, released today, dives into the enormous amount of time IT spends managing Identity and Access Management (IAM), and how this influences the quest that all enterprises have to achieve the holy grail of security, productivity, and convenience.Our research paints a picture of shadow IT that is more complicated than many of us expected. While most employees do follow IT’s rules, a small group of workers tries to get more work done by circumventing company policies — and sometimes those workers are enabled by IT personnel who grapple with limited resources and empathize with their pursuit of productivit

The end of the academic semester is always bittersweet at 1Password – a time when we part ways with the talented people who’ve joined us for an internship over the weeks before. Bittersweet because it’s always sad to say goodbye to new friends, but lovely to reflect on the valuable contribution they’ve made to 1Password – both our product and our culture.This year I wanted to share some thoughts from Mio who interned with us over the spring semester as part of the integrations team, working on the command-line tool. I hope Mio’s story gives you some insight into what it’s like to intern at 1Password – and hopefully encourage you to get in touch if it’s something you’d like to do in future. We’re always thrilled to have new students join the team.Take it away Mio…I got to introduce secure password generation to the command-line interface (CLI). I think it’s an awesome feature for a passwordmanager to have, so being able to add that to the CLI myself was honestly pretty exciting.Nothing

Today we’re announcing a major update to Watchtower, the part of 1Password that lets you know about security breaches on the websites you use.This update adds notifications, so you don’t have to remember to check Watchtower to see if any sites you use have been compromised. Instead, 1Password will notify you if and when there’s a problem, so you can change your password to help keep your online accounts safe.Notifications you really wantWatchtower will only alert you to security issues with sites you’ve saved, so you can be sure notifications will be relevant. They’ll save you time and worry because you no longer need to check in on Watchtower to see if any websites you use have been compromised.Website security breaches don’t happen often, so you shouldn’t see Watchtower notifications very much. It won’t send you more than one notification per day, and you’ll only receive notifications when 1Password is unlocked.If a site you use has been exposed by a security breach, your username an

UpdateThere’s a .well-known saying: Save the best for last. That’s exactly what Apple has subtly done for 1Password during Friday’s AutoFill Everywhere session at WWDC20! Not only did Apple announce that macOS Big Sur is bringing full support for password and security code AutoFill to all apps, they also dropped this gem at the very end of the session:And one more thing that’s cool is that macOS Big Sur also supports password manager apps as a data source for AutoFill.Autofill is key to 1Password, so we rounded up our crack team of Apple developers and added support for Password AutoFill during a Friday afternoon hack-fest.Look for 1Password in the apps on your Mac this fall when macOS Big Sur launches!Sign up for 14 days free!Signup for 1Password today and get your first 14 days free.Try 1Password FREE

CorrectionIt was back in March when researchers discovered that a popular video-sharing service was accessing users’ iOS clipboard contents without permission. Apple vowed to address the problem.At last week’s WWDC 2020, Apple made good on their promise with the release of the iOS 14 developer beta which, among other great security enhancements, notifies you when an application accesses your clipboard.It’s now been revealed that a number of other apps (53, to be precise) access the iOS clipboard without consent.This has sparked a lot of conversation, questions, and concern from our customers, and I’d love the chance to address the issue.What this meansIt’s important to remember that nothing has really changed – this clipboard “scraping” has happened for some time. The only difference is that, with the release of iOS 14, you’ll know when it happens. And knowledge is power. Now that companies have been (and will be) called out for their behavior, those with legitimate business models wil

I’m excited to announce the release of a new 1Password feature designed to help businesses keep their data safe: domain breach report. Create a report to get a list of all company email addresses that have been caught in known data breaches, so you can find and close doors to your data that have been unwittingly left open.Identify risks, secure your companyOnce you have the list of exposed email addresses, you can see the kinds of data exposed in each case. This helps you prioritize next actions.Crucially, the domain breach report flags exposed passwords, so you can let affected team members know they need to change those passwords immediately. You can also invite affected users to 1Password directly from the report so they can generate strong, unique passwords to use instead.Once set up with 1Password, they can also use 1Password Watchtower to see where breached passwords have been reused, and change them to make sure those exposed passwords don’t lead to more important accounts being

Every June, our development team embarks on the great journey to sunny San Jose, California for Apple’s Worldwide Developers Conference. This year the journey was…shorter. In fact, it was just a few steps to the couch for the first remote WWDC. Amidst all the challenges facing the world, Apple did what they do best: Think different.Credit to Apple – they’ve exceeded our expectations for a remote WWDC. The keynote was entertaining and informative. The sessions were clear and concise. And even the labs were great, with one-on-one time with Apple developers from the comfort of our homes.While we’ve really missed hanging out with everyone in San Jose, this was easily a WWDC for the record books. Here are a few highlights from our week as WWDC draws to a close.macOS: This one goes to 11 👩‍🎤I immediately installed the beta of macOS 11 Big Sur, and it’s no Big Sur-prise that I’ve been loving it ever since. The new design language, SwiftUI-based Control Center and Notification Center, and br...

I’ve been using my time stuck at home to catch up on the movies and TV shows in my digital queues. While my Apple TV makes it easy to access the right streaming app to watch Grey’s Anatomy or Avengers: Endgame, having to individually enter the passwords for each app can be frustrating.ContentsHow to use 1Password to log in to Apple TVHow safe is it?Whether it’s fighting with the onscreen keyboard to painstakingly move between characters, or trying to speak clearly enough for Siri to understand, it’s challenging to enter a suitably complex password correctly on first try. But with 1Password set up on my iOS device, I can take advantage of the AutoFill feature to access my stored credentials from my phone or iPad with just a tap.How to use 1Password to log in to Apple TVAutoFill makes it easy to enter passwords on iOS without having to type out a full username and password. This makes it easier for me to use more complex generated passwords in places where I may not have before, keeping

Today we’re thrilled to announce the release of 1Password command-line tool 1.0. We’re excited to highlight some of the features the team has worked hard to build.This tool makes your 1Password account accessible entirely from the command line. It gives you robust ways to interact with and manage your 1Password account.Working with itemsThe command-line tool makes it easy to create a new item in 1Password with op create item:op create item server title=Staging [email protected] url=sftp://staging.example.comThe new op edit item command allows you to update an item directly from the command line. Now you can update dozens or even hundreds of items at once with some simple scripting.op edit item “Personal Visa” pin=8910You can also get specific field values from items using the get item command and the new --fields option. This is super convenient when you want to use information that’s stored securely in 1Password in your command-line workflows.op get item GitLab --fields passw

1Password has always been a remote-first company. But how have other organizations adapted to remote and hybrid work, especially during the Covid-19 pandemic?In the spring of 2020, we polled knowledge workers in the U.S. to find out how the opportunities and challenges of remote work were affecting companies and their employees.The responses underlined the scale of the changes that had taken place, and the role IT played in enabling it. (That’s IT both in terms of the technology itself, and the professionals that make IT happen.) Here, we’ll share some of our findings and talk about the heroic efforts we saw in IT departments.We only spoke with workers in the U.S, but have no reason to think these findings weren’t representative of other businesses around the world.Before we go any further, here are a couple of the most important stats:89% of respondents had no criticism of their company’s IT team. Given the scale of the upheaval, that’s testament to the incredible work IT teams were d

You may have heard about contact tracing apps, which are designed to help health authorities identify people who have been in contact with someone infected with SARS-CoV-2, the novel coronavirus which causes COVID-19. It’s natural to worry that such apps could be used to collect data about who you meet and where you go.Fortunately, there is some clever technology that leaves the user in control and protects privacy, while giving individuals and health authorities the information they need. Apple and Google are introducing that technology to their phones.I fully anticipate that I’ll enable the relevant app that uses this exposure notification technology when it becomes available, and that I’ll encourage others to, as well.Privacy still mattersIt’s reasonable to ask whether privacy preservation still matters when there is a pressing and compelling public health need for improved contact tracing. As we face the choice of whether to adopt privacy-preserving tracing apps, privacy-violating

If you’ve just signed up for 1Password Business, this article will help you deploy 1Password quickly and easily, regardless of the size of your organization. However you choose to roll out 1Password, it can all be done remotely.ContentsStep 1: Start smallStep 2: ScaleDeployment tipsWe’re here to helpStep 1: Start smallIt’s a good idea to start with a small group of people so you have the flexibility to tweak your setup as you go. All businesses and their password policies vary, but here’s some advice everyone can follow to get started:Add another owner. Account owners are the people with ultimate control of 1Password in your business. If an owner runs into access issues, only another owner can help out. So a great first step is adding another owner to make sure you don’t lose access to 1Password. A senior and established member of your organization is usually a good choice. While you’re at it, implement a recovery plan for your team.Add a few administrators. We recommend inviting admin

Some organizations are born with remote culture and security, some achieve it, and some have it thrust upon them. It’s important to understand that setting the wrong goals can backfire. Take a step back and look at some of the greater changes you face.1Password came into the world as a fully remote organization 14 years ago. Even though we’ve opened two offices in that time, the majority of our staff still work remotely. Although nobody has an easy time of anything these days, we were in a far better position to adapt than most when we had to suddenly shutter those offices on March 10, 2020. It didn’t require the development and implementation of new security policies and practices for remote workers.Yet we can understand what those suddenly thrust into such a change are confronted with.It is our business to help people and organizations improve their security in ways that work for those people. Security for real people in real organizations is our bread and butter. Because of that, an

The world may feel like it’s on pause, but that hasn’t stopped the team from going full steam ahead on a fantastic update to 1Password for iOS. We’ve added some new features that make it easier to stay organized and share the essentials with your family and coworkers.There’s a lot to love about 1Password 7.5, so let’s dive right in.Stay organized with tagsTags and favorites make it a breeze to keep everything organized in 1Password. You can use multiple tags on a single item, and there’s no limit to the number of tags you can create. This release rolls out a new tag editor that allows you to effortlessly apply new and existing tags to your items.Tags can now be added to an item without needing to edit first. While viewing an item, tap on the Add Tag button to unveil the all-new tag editor and make your changes.Share your itemsWe’ve made it easier than ever to securely share passwords, documents, and other items with your family and coworkers. Now when you put an item in a shared vault

The world looked very different a couple of months ago when I wrote about 1Password 7.4 for Android. Since then just about everything has changed. Grocery shopping has gotten a whole lot more strategic. Celebrating birthdays and special occasions requires a new level of creativity. And continuing with school necessitates that parents and kids alike embrace new modes of learning.Despite those and other challenges, it’s good to remind ourselves that many things remain the same. Even if we have to do it from a distance, we still love to share laughter with friends and family. We still enjoy reading a good book, we just happen to be reading a few more than usual. And we still love improving the 1Password experience for you!Here are some of the ways we’ve improved 1Password this time around.Sort your itemsWith all the time we have at home these days, there’s an extra opportunity for spring cleaning. And a good cleaning starts with sorting through your stuff. We’ve made that easier than ever

As the COVID-19 situation develops, businesses are scrambling to adjust to the new reality of remote and hybrid work. The sudden nature of this shift has meant IT teams are ill-prepared for the security implications of remote working.One such risk is shadow IT – the use of apps and services by employees without the knowledge or oversight of your IT team. In our recent look at the risks of shadow IT, we saw that a remarkable 63.5 percent of workers had created at least one shadow IT account in the 12 months prior to our survey.Right now, the use of shadow IT is only likely to increase as people find new workflows to replace old ones that are suddenly unfit for purpose. And people will be all the more tempted by extended free trials offered in the spate of home-working caused by coronavirus. Even the simple act of having a face-to-face conversation needs an app now.Banning the use of shadow IT isn’t practical, and doing so could stifle productivity and innovation in your organization. Pe

As we all adjust to our new normal and many of us are doing remote or hybrid work for the first time, it’s important to look beyond productivity advice and consider the deeper impact of this situation.There are plenty of reports that highlight the benefits of remote working, but it also has consequences for our mental and emotional health that need to be carefully considered.As an experienced remote team these are lessons we’ve been able to learn over the last 14 years, but it can’t be emphasized enough that nothing about this situation is “normal”. All of the struggles and side effects of hybrid work will be amplified by current events, so it’s more important than ever to be aware of them and to look after yourself.Stop worrying about productivityIt’s likely you’re finding it hard to be productive right now because there’s a lot going on. You might have kids at home, be working in a new and distracting environment, or just worrying more than usual – you’re not alone. A new report from

Looking for inspiration for your remote work setup? From Studio Ghibli-inspired spaces to clean, minimalist setups, our team share what makes their workstations work for them.Alex, Sales“My table is 160 cm × 80 cm and height-adjustable with four memory settings. The desk and the chair were considerable investments, but so worth it. Apart from that, there’s a camera always at the ready, my earphones, a 1Password pin on the foot of the monitor, my ever-present coffee mug, a stainless steel water bottle, and the Enterprise E (Nemesis version).” Marica, Web Development“I’m going for “Mom from Kiki’s Delivery Service” or “Alchemist next door” kind of vibes.” Alessandro, Development“The desk is a standing desk. In my opinion, having a height-adjustable desk is as important as having a good chair. I always have my thug life glasses handy as well as my horse mask (they’re useful when joking with friends on a video call during this quarantine!).“The medicine container has some Fisherman’s in it

Working from home, taking online classes, and getting together with family over video chat. We’re all living an increasingly virtual way of life, so it’s more important than ever to use the internet safely at home.ContentsPhishing scams are on the upTip 1: Check all messages carefullyWe’re signing up to more online servicesTip 2: Vet apps and software carefullyTip 3: As always, practice good password habitsTip 4: Secure your home networkTo help, we’ve looked into how scammers can take advantage and have put together some tips to help you and your family protect yourselves.Phishing scams are on the upThree percent of all global spam is now estimated to be coronavirus-related, with many messages impersonating reputable, global organizations like the World Health Organization and the United Nations. These phishing emails are designed to trick you into clicking malicious links or attachments by claiming to direct you to information about the virus, or even direct you to places to buy masks

Like many others, I’m learning what it’s like to work from home with a child in tow. Overnight, lots of us have found ourselves with three full-time jobs: parent, teacher, and the job we’re paid to do. I’ll be honest, I’ve found it overwhelming – and as I write this, my daughter is under my desk, howling that she’s bored.I’m very fortunate to be surrounded by colleagues in the same position, and some have been juggling childcare, homeschooling, and work for a while. So I reached out and asked for help. Here’s what I’ve learned. I hope it will help you too.Accept that you can’t work at full capacityOne message came through loud and clear: You are one person, and it’s simply impossible to do three full-time jobs. Even if you’re managing between two people, that’s an awful lot to ask. And, with everything that’s going on at the moment, it’s completely understandable that you’re distracted too.Be honest with yourself and your boss. Ask whether it’s possible to work flexible hours, or to fo

Workplace culture may not feel like your priority right now. But your culture is defined by how you handle difficult situations – these are the moments it’s both tested and formed. We hope our experiences will help you build a remote or hybrid culture that empowers your team to do great work.Be kind and empatheticWe recognize that our folks are all dealing with a spectrum of exceptional circumstances – family sickness, financial pressures, childcare issues, and more. Even though we’re 14-year veterans of remote work, we’re aware that right now we have to slow down and prioritize mental health, and give everyone the space and time they need.Leaders need to take the helm here. During our all-hands call, Jeff (our CEO) let everyone know it’s absolutely okay that productivity isn’t going to be 100 percent. Our focus should be staying safe and healthy. When important messages come directly from the top, there’s less room for misinterpretation and teams are more likely to take advice on boar

If you signed up for 1Password in Safari and aren’t already using one of the 1Password apps, it’s important to start today. Here’s why.Apple has always been at the forefront of the fight to protect your privacy, and the WebKit team that builds the foundation of Safari is no exception. In 2017, they introduced Intelligent Tracking Prevention, which helps prevent advertisers from tracking you when you use Safari. This was great news for privacy, and a lot of us at 1Password use Safari because of its strong commitment to privacy.Starting in Safari 13.1 for Mac and iOS 13.4, there are some additional changes to Intelligent Tracking Prevention. Information a website stores in local storage will now be erased if you don’t visit that website at least once every 7 days. This affects full-featured web apps like 1Password that use local storage for legitimate purposes. For example, 1Password stores your Secret Key in local storage. If your Secret Key is removed from Safari and you don’t have it

We’re excited to announce that after great work from the team, 1Password 7.4 for Windows is now available! We’ve streamlined the app you know and love, so it runs smoother, faster, and more intuitively.There’s a lot to like about this latest Windows release, and we’ve got you covered with an overview of the essential features. As always, you can view the release notes for a full list of all the changes and updates.Say Hello to 1PasswordWindows Hello integrates smoothly into your workflow, eliminating the need to stop and type out a passcode to open an app or sign in to an account. The built-in biometrics use fingerprint or facial recognition to give you instant access to your information.And in this release, we’ve made it even easier! In 1Password 7.4, we now automatically invoke Hello on every lock view, eliminating the button needed to gain access to the biometric systems. Removing that extra step means the app opens, and your information is available with just a tap or a glance.Move

Many businesses are having to rush to remote or hybrid working for the first time, but it’s important not to let your security slide during the transition. By taking a few simple precautions, remote work can be as secure as working from an office full-time. These tips will help your whole team do remote and hybrid work safely, wherever they are in the world.HardwareThe first thing is to make sure you work with devices set up to keep company information safe.Use the safest device available.If your computers are provided by work, use them. If they’re not, make sure you work from your own device. Don’t work from public computers, or computers belonging to friends, family or anyone else – these could be insecure in any number of ways. If it’s possible to designate a computer solely to work, it’s a good idea to do that.Set up device passwords.Make sure all devices you work with are password-protected. If someone finds one unattended, you don’t want them to be able to use it.Encrypt storage.

Our six-month free trial has ended. If your business still needs support due to the impact of COVID-19, please contact our sales team and we’ll see what we can do to help.Over the past few weeks, we’ve seen some unprecedented and frightening changes around the world as a result of COVID-19. We’ve watched as events are canceled, travel becomes restricted, and towns (and even countries) go into lockdown.In an effort to slow the spread of coronavirus and protect the vulnerable, an increasing number of companies — including Google, Twitter, Shopify and more — are asking their employees to work remote. Here at 1Password, we’re a largely remote company by nature, but even we have implemented steps to slow the spread of the virus by closing our meeting spaces and eliminating business travel.These are important steps we should all take to protect our teams and loved ones.Tips to make remote work, workWe’re big proponents of remote and hybrid work, but adjusting to it can be a challenge, especi

Testing the waters of remote or hybrid working for the first time – whether it’s due to a snow day or a worldwide pandemic – can be a daunting prospect. At 1Password, we understand the challenges all too well – we’ve been an almost entirely remote workforce for 14 years, and have learned a lot along the way.The good news is going remote could actually make your teams happier and more productive if you get it right. If your team needs to work remote or hybrid, or you’re considering trying it out for your business, here are our top tips for getting started.Communicate, communicate, communicateKeeping communication open and collaboration going can be one of the biggest challenges of remote work – loneliness can creep in and teams can begin to feel siloed. Luckily, there are some great tools that make collaborating as a remote or hybrid team a lot easier. Here are a few of our favorites:Slack. Our go-to tool for everyday collaboration. Channels are a great place to work on projects togethe

I’m thrilled to announce that, starting today, we’re partnering with OneLogin to make it easy for you to provision and manage your business accounts in 1Password. OneLogin is a leader in identity and access management (IAM), and this collaboration is something our customers have been requesting for quite some time.“We are excited to partner with 1Password by creating a powerful integration for our joint customers that significantly reduces the work required to onboard new employees through our automated user provisioning.”– Matt Hurly, VP, Global Channels and Strategic Alliances & GM, Asia PacificTogether, OneLogin and 1Password give you the controls you need to make sure everyone in your company follows your password and security policies. Here’s how it works.Seamless integration with your workflowThe 1Password SCIM bridge gives you the ability to strengthen your identity strategy and manage your teams by folding 1Password into your already-established workflows.Now, with OneLogin int

When you practice secure password habits at home, those good habits will follow you into work. That’s why, if your company uses 1Password Business, you get a free 1Password Families membership. Your family account can be shared with up to five family members to help keep everyone more secure – no matter where they are.Your family account belongs to you, not your company. Your family and business accounts work independently from each other, meaning your information is never shared between them. Here’s what you need to know about how your business and family accounts work to keep your personal information private and make sure all your data is safe.No details sharedWith multiple accounts, it’s easy to keep your personal and business data completely separate and see all your information together in the 1Password apps.Linked family accounts only share their subscription status with the business account, so business administrators can’t see what’s stored in your family account, how many ite

Congratulations on making it through January with some of your New Year’s resolutions intact! While you’ve been sticking to your new exercise routine and drinking healthy smoothies, we’ve been blending up something new for you as well. And although convenience and security don’t make very tasty drink ingredients, they sure do go well with 1Password.Now I could try to introduce the hallmark features with words, but why do that when our What’s New screen does it so much better?Create vaults on the goVaults are great for organizing the items in your account at a very high level. For example, you may want to store all your travel essentials in one vault and your tax documents in an entirely different vault. In this update, you can exercise that desire to organize even while on the go. In just a few taps from the vault menu, you can create a new vault, give it a fitting name, and choose a unique icon. And with that, it’s now ready to store your latest secrets!Preview your logins with Autofi

From project management software to plugins that correct your grammar, it seems like a new tool for supercharging workers’ productivity launches every day. While that’s great for innovation, there’s a downside: the accounts employees create without a business’s authorization or awareness, known as shadow IT.At first glance, shadow IT might appear harmless. The problem is, without the oversight and direction of IT, it’s easy for employees to unwittingly create vulnerabilities in even the tightest of security setups.How prevalent is shadow IT?There’s plenty of anecdotal evidence of how disruptive shadow IT accounts can be, but we wanted data.So, we surveyed a representative sample of 2,119 U.S. adults who work in an office with an IT department and use a computer for work (see end of post for methodology), and found that a staggering 63.5% (± 1.03) of respondents have created at least one account in the past 12 months that their IT department doesn’t know about:Yes 63.5% (± 1.03)No 36.5%

This week on Random but Memorable, we welcome Brendan Eich, Co-founder and CEO of Brave Software and Basic Attention Token. Brendan previously co-founded Mozilla, where he helped launch Firefox, and is the creator of JavaScript. Today, he works with Brave to help people protect their privacy online.If you want to know who can access your information while you surf the web, and how you can take back control, then read on.What is surveillance capitalism?Most websites you visit have ads or links with trackers that are designed to associate or identify you. These trackers then follow every move you make online, collecting more information as you browse. When you use single sign-on (SSO) options like Google, Facebook, Apple, or Twitter, they even follow you across devices. That’s why ads for coats start appearing on your mobile after you’ve been shopping for one on your PC.That information is then shared with marketers, publishers, and companies, so they can target you with ads tailored to

You’ve set up 1Password Business for your team, but how do you make sure everyone uses it? With reports, you can track how your team uses 1Password and give everyone access to what they need. If anything doesn’t look right, it’s easy to take action.Here’s how you can use reports to help your team succeed and make the most out of 1Password Business.Understand employee needsReports hone in on the heart of your company: the people. Everyone slots 1Password into their workflow in a way that best suits their needs. To learn how an employee uses 1Password, create a usage report. It tells you when they last signed in and how many vaults, groups, and items they can access. You’ll also see a list of all the shared items they’ve used and when they last used them.You can use the item list to help you decide what they need access to. To make it easier, sort the item list by vault, or focus the report around a specific vault. If they haven’t used any items in a vault, or they’ve used items they sho

We’re kicking off the new year on our podcast, Random but Memorable, by talking with Stina Ehrensvärd, co-founder and CEO of Yubico. Stina started the company in 2007 with her husband, a former white hat hacker, after realizing just how easy it would have been to hack her bank account.If you’re wondering how a security key or other external two-factor authentication (2FA) device could benefit you or your business, read on to learn more.What is a security key?A security key is a small physical device that adds a second layer of protection to your online accounts. When two-factor authentication is turned on for your accounts, you are prompted to use your second factor any time you sign in from a new device. A small security key like Yubico’s YubiKey fits in your pocket. It can be used as an extra layer of protection on 1Password, Google, macOS, Firefox, and more.Support for these keys is built in to most web browsers via Yubico’s new WebAuthn API, creating what Stina calls “the seatbelt

Lucky enough to have found a new Android device under the tree this Christmas? Here’s how to set it up so you can take it for a spin.I recently upgraded to a Pixel 4 XL, and I have a few tips and tricks to share for getting your shiny new phone up and running with 1Password 7 for Android.How to set up and use 1Password for AndroidFirst things first: If you don’t already have one, sign up for a 1Password account. With 1Password 7.1 for Android, we made it quick and easy to sign up and set up your subscription through Google Play billing.Take your time creating your Master Password. Your Master Password plays an important role in protecting your data, so you want to go with something that’s memorable to you but unguessable to anyone else.If you already have a 1Password account, scan your setup code to add your 1Password account to your new device.The perfect setupThere are a few 1Password features I’d recommend enabling or tweaking as soon as you set up.The first thing I’d suggest is get

1Password X harnesses the power of your 1Password account to fill and save passwords, view and edit items, and more – all in your browser. And with today’s release, 1Password X gets even better! Here’s what’s new in 1Password X 1.17.New filling brain written in Rust1Password’s filling brain is the technology responsible for autofilling your information. The brain analyzes webpages in the background so it can suggest relevant items to fill in the available fields.In 1Password X 1.17, we’ve completely rewritten the brain in Rust and WebAssembly. Rust gives us a boost in both speed and portability – making it smarter, faster, and more embeddable in all our apps.Not to get too technical on you, but we’re now using Rust libraries to power many parts of the extension, including all Markdown parsing and time-based one-time password (TOTP) generation. By taking advantage of Rust’s ability to compile to WebAssembly, we can now share this implementation across all of our apps.New inline menuThe

I’m excited to announce that you can now install the 1Password SCIM bridge from the DigitalOcean Marketplace! The SCIM bridge makes it simple to automate many common administrative tasks in 1Password Business while keeping your account keys within your control.This one-click install makes it easy to manage your team and control your 1Password account using the enterprise identity provider you’re already familiar with. Give your administrators a central place to:Create users and groups, including automated account confirmationGrant and revoke access to groupsSuspend deprovisioned usersGet started with just a clickWe’re thrilled to partner with DigitalOcean. They make it easy to run and scale your applications, services, and environments in the cloud. Our one-click application allows you to quickly set up and deploy the SCIM bridge to a cluster in your environment. The SCIM bridge uses the same security as the rest of 1Password, so the encryption keys for your account are only available

‘Tis the season for travel, shopping, and family visits, and this tends to leave us busy and distracted. Scammers and crooks like to take advantage of this, so here are some tips for staying safe and merry over the holidays.No holiday promo is worth risking your securityThe holiday season brings a drastic increase in emails. Phishing scams are a favorite of cybercriminals, and the lasting popularity of online shopping has made email phishing even more effective. Be wary of emails with attachments like fake receipts or invoices. These files can expose your computer and account to malware, keyloggers, and ransomware when you open the attachment.Malicious links like false purchase verifications or shipping notifications offer prime opportunities for hackers to steal your login credentials. And if you’ve reused those login credentials on multiple sites your other accounts may be vulnerable.Secure your wallet when shoppingOnline shopping saves time during the busy holiday season. But the pr

CEO fraud is a simple scam that has cost businesses USD$26 billion worldwide since 2016, according to the FBI. We’re calling for CEOs to step up to protect their business. All it takes is a conversation.What is CEO fraud?1Password (like many others) has experienced a recent spate of phishing attempts. The team received emails from an attacker pretending to be me, asking for personal information. Although the scam wasn’t successful at 1Password, businesses all over the world have been less fortunate.CEO fraud is a form of BEC (Business Email Compromise). An attacker spoofs the email address of the CEO or poses as them in an email. In the message, they ask an employee to transfer money to an account they control, or to provide personal or financial information.Often, the message will invoke a sense of urgency and put pressure on employees to act quickly. Here’s a real example that resulted in USD$8million going missing.“Hey, the deal is done. Please wire USD$8 million to this account to

I wanted to be the first one to tell you: I’m incredibly proud to announce that we’ve partnered with Accel to help 1Password continue the amazing growth and success we’ve seen over the past 14 years. Accel will be investing USD$200 million for a minority stake in 1Password. Along with the investment – their largest initial investment in their 35-year history – Accel brings the experience and expertise we need to grow further and faster.1Password is a completely bootstrapped company that’s never taken a dime of outside investment, so this announcement may surprise some of you. We’ve built the most-loved password manager and a world-class company, all while remaining profitable during our entire history. So why, after 14 years of self-funding, are we now partnering with Accel? That’s a great question. To answer it, let’s visit our founding heroes where it all began.We’ve come so farWhen Roustem and I founded 1Password in 2005, we were trying to solve a simple problem. We were developing

As a developer, I love getting different services to work together. Automating things gives me more time to focus on what matters and I want you to have that power, too. So, I’m going to show you how your business can use the 1Password command-line tool and 1Password SCIM bridge in perfect harmony to automate all sorts of administrative tasks. Let’s get to it.Speed up specific tasks using the command-line toolWith 1Password Business, it’s simple for even the biggest, most complex enterprise to manage their account using the command-line tool. Just type a command to perform common administrative tasks like adding items, granting access to vaults, managing groups, and more – all in Terminal.But what should you try first? Something we hear from a lot of large businesses is that it’s difficult to see and manage exactly who has access to what. The 1Password command-line makes it easy. I’ll show you.To find out who has access to our Directors vault, I just type:op list users --vault=Director

Working remotely gives me the freedom to work from wherever I like: the couch, a coffee shop, a plane, or a hotel room. When I’m on the move, I need a device that’s both powerful and portable, so I often work from my iPad. And while I love my iPad, I’ve recently been thinking about changing it up.I’ve spent a lot of time with our Windows team lately, hearing about the hard work they’ve put into 1Password for Windows, and it’s given me some food for thought. Now, I’m seriously considering swapping my iPad for a new Surface Pro. Here’s why.Privacy-focused browsingI’ve been using Edge on my Mac for a few months now, and I’ve been impressed by its performance and security features. Edge is faster, lighter-weight, and more secure than its predecessor, Internet Explorer. It’s the same browser I’ve come to know and love on my Mac, but feels even more intuitive on the Surface Pro.And it’s only going to get better. The new Microsoft Edge, currently in beta, is built on the Chromium engine, givi

I’ve been itching to write this post since the end of September, when we added support for Android’s newest biometric library in 1Password for Android. We’ve known for a while now that face unlock was arriving with the Pixel 4, and this update prepared 1Password for that eventuality. The only thing I was missing was the actual device so I could write about the experience firsthand.Each year, I eagerly await the Made by Google event in October when Google shows off their latest and greatest hardware. It’s like Christmas come early for me, and this year was no exception. As soon as I was able to, I pre-ordered a Pixel 4 XL from my carrier and waited impatiently for it to arrive.I’m happy to say that it arrived last week, and it was well worth the wait. I’ve since put 1Password through its paces on my new device, and here’s where we truly shine.Pixel 4 XL, meet 1PasswordOf course, the first thing I do whenever I get a new device is set up 1Password. As you might imagine, I use a long Mast

macOS Catalina launched earlier this month, and it’s chock full of fantastic new features. We’re thrilled to see the emphasis Apple has placed on user privacy and security in this latest release. I installed it on launch day and have been exploring the ins and outs ever since. Here’s what I was most excited to see – and what the 1Password team thinks you’ll love too.Lock it up tightLosing my laptop is one of my worst nightmares – all my photos, music, and writing gone in a flash. Sure, I keep backups of everything, but I don’t want anyone else getting their hands on my important information. Or my high school photos that prove I had no sense of style. That’s why the new Activation Lock feature is so incredible.With the new security feature in place, no one can access your account even if they physically have your computer. So, if your laptop is stolen from a coffee shop, the only person who can erase and reactivate it is you. It gives you peace of mind and adds an additional layer of s

Last week I was in San Francisco to attend the opening of The Glass Room, a pop-up event brought to you by Mozilla and 1Password. It’s designed to generate a global conversation about privacy and personal data, and invites us to explore how technology is shaping our lives and our interactions with the world.Our belief in your right to privacy informs every decision we make at 1Password, from how we design our product to what events we get behind. We’re delighted to support an exhibition whose mission aligns so closely with ours, and help more people make informed decisions about their privacy and personal data.Several fascinating pieces explore different aspects of technology and digital information. The space is divided into five thematic areas, all designed to shine a light on different aspects of digital technology: Deeply Personal, Invisible Labor, Trust in Us, Big Mother, and Open the Box. There’s even the Data Detox Bar, where you can find advice on how to take action to create a

Mozilla’s Recommended Extensions program rigorously vets Firefox extensions for quality and security. Out of thousands of extensions, fewer than 100 have been chosen, so we’re incredibly proud that 1Password X meets their high standards.Third-party developers build extensions to add features and customize how your browser works. There are extensions for everything from ad blockers to coupon codes, translation to social sharing, and more. 1Password X brings the full functionality of 1Password into your browser, making it easy for you to sign in to sites, use suggested passwords, and find what you need in your account.However, not all extensions are created equal. Downloading the wrong extension can pose a serious threat to your privacy and security. App add-ons and extensions require you to grant permission to read and even change your data on the websites that you visit, which gives them quite a bit of power.With that level of access, a malicious extension that’s been granted access to

At 1Password, we aim to make the online world a better, safer place. But climate change is the biggest threat to the future of our planet, and we want to make a difference there too. That’s why we chose to sponsor the Climate Fixathon.The Climate Fixathon is the world’s first online hackathon for makers to help fix the climate. If you’re not familiar, a hackathon is a coding competition, usually held over a set period. People come together to test their skills to solve a particular problem or just create something great. The Climate Fixathon is a 4-week competition, held entirely online.As someone who cares deeply about our planet (last year, I embarked on a 24-day expedition for marine conservation), I was thrilled to be one of the judges. Reviewing and testing the 43 projects from across the globe was eye-opening. It was exciting to see the tech community come together to create websites, apps, and services that aim to help restore a safe climate for our planet. Technology is a power

It’s Random but Memorable’s first birthday, and while we’re already into the third season of our security advice podcast, it feels like just yesterday we released the first episode.“Random but memorable” is good advice for creating a strong Master Password, but it also applies to the discussions Matt Davey, Michael Fey (Roo), and I have on the show. Each episode blends informative discussions with humor as we talk about what’s new in the world of security.In this post, we’re giving you a peek behind the curtain at how our podcast comes together.Planning and researchYou can’t just wing it when recording a podcast. That’s how you get long tangents about where to find the best tacos in Toronto. Which, while informative, isn’t exactly the breaking security news we want to cover. That’s why we have a list of items we need to complete before we can sit down and record.Each episode focuses on a single theme or security topic. Since our goal is to help our audience make the best security choic

Hello and happy iOS release day, everyone! We’ve been excited for this release since iOS 13 was first announced at WWDC. Now that it’s finally here, we’re excited to share 1Password 7.4 for iOS with you.There’s a bunch of stuff I’m pumped to tell you about, so let’s dive in and take a look.Dark Mode for iOSEver since Apple rolled out Dark Mode for macOS at WWDC 2018, I’ve been waiting for them to bring it to iOS. Whether I’m checking my emails first thing after waking up, or looking something up online before turning in for the night, being blasted in the face by a bright screen has never been a positive experience. Dark Mode on iOS solved this problem for me, though, and I couldn’t be happier. I’ve been using iOS 13 exclusively in Dark Mode for a while now, and I love it.We began the work to bring Dark Mode to 1Password for iOS in June and we’re really excited to show it off to you today.We’ve also added a special dark app icon that I think looks right at home in the dock on my iPhone

We’ve just launched 1Password Advanced Protection, a suite of powerful new security tools for 1Password Business, and we’re excited to show you what it can do.Join us on September 24th or October 8th at 2 p.m. EDT, when we’ll show you how to create security policies, prevent threats, and monitor your team’s access in 1Password Business.In this live webinar, you’ll learn how to:Set a Master Password policy.Turn on two-factor authentication for the team.Create and manage firewall rules.Monitor your team’s sign-in attempts.Set and manage software update requirements.We’ll also have time for a Q&A session at the end to answer all your questions about Advanced Protection.Join the webinar on either September 24th or October 8th at 2 p.m. It’s free, and it’s a great way to get to know Advanced Protection.

Today, I’m excited to announce the release of 1Password Advanced Protection, a suite of powerful new security tools for 1Password Business.With 1Password Advanced Protection, administrators have the power to create security policies, prevent threats, and monitor their team’s access. We’ve got five features to cover, so let’s get started.Master Password policyEmployee passwords are the biggest point of failure for most companies. With the Master Password policy, administrators can enforce stricter Master Password requirements to match their internal security policies.You can increase the minimum length, and require uppercase or lowercase letters, numbers, or symbols. When you update your policy, everyone on your team needs to meet those requirements when they create a new Master Password.Two-factor authenticationEver since we released two-factor authentication, administrators have asked us for the ability to manage it for their entire team. So we made it happen.Choose which second facto

The next video in our Essentials of Business Security series is ready to watch! Cat talks with Daniel Davis from DuckDuckGo about how to make digital privacy a priority.DuckDuckGo began as a privacy-focused search engine. Today, it offers a browser extension and mobile app to prevent you from being tracked as you browse the web.Here are four key points from our chat with Daniel that will help to keep your business data safe and private.Make privacy a priorityCustomers and employees want to know that their personal information is safe in your hands and on your servers. And as more companies go above and beyond to protect their customers’ privacy, competitive pressure is building for others to keep pace.With data leaks and breaches becoming more frequent, you need to show that privacy is a priority for your business. To do this, put together a privacy policy that is comprehensive, clear, and easily accessible. Be open and transparent with customers about exactly what information you’re s

A brand new video in our Essentials of Business Security series is now live! This time, Cat talks with Bennett Cyphers from Privacy Badger about tracking, blocking extensions, and what you can do to safeguard your data while browsing the Internet.Created by the Electronic Frontier Foundation, Privacy Badger is a browser extension designed to block advertisers and other third-party trackers from monitoring your web activity. It works in the background while you browse, automatically analyzing and blocking any code that seems to track you across multiple websites.Ad companies like Google and Facebook not only track you on their pages – they also use invisible pixels and cookies to follow your journey across the Internet.While we know it’s not realistic for most people to quit Google and Facebook altogether, here are five other things you can do to protect your privacy online.Switch to a privacy-focused browserGoogle Chrome may be a popular browser, but it collects quite a bit of data abo

I’m thrilled to announce the first major release of the 1Password SCIM bridge! The SCIM bridge is the best way to automate provisioning of your team in 1Password Business.We’ve spent the past year making it easier to roll out 1Password to your company. The 1Password SCIM bridge is available today, and it’s compatible with the most popular enterprise identity providers: Azure Active Directory and Okta. It’s available for one-click deployment on the Google Cloud Platform Marketplace, or it can be installed more traditionally using Docker, Kubernetes, or Terraform.The SCIM bridge makes it easy to manage your team because it brings 1Password into the workflows you already know and love. It allows you to control your 1Password account from your existing systems, so you can use the enterprise identity provider that your team is already familiar with. Your administrators can remain hands-off and manage your team from one central place to invite employees, grant them access to the correct grou

Summer may still be in full swing, but school is just around the corner. If you’re sending your child off to college for the first time, take the opportunity before they leave to instill the security habits that will keep them safe in college and beyond.With a 1Password Families membership, you can give your loved ones the tools to protect themselves – without taking away their independence.Get the basics rightStart teaching your child good password management skills by adding them to your family account. If you have an individual account, you can upgrade it on 1Password.com.1Password keeps your family safe online by helping everybody create and use strong, unique passwords for all their accounts. And, because it makes it quicker and easier to sign in to apps and websites, they’ll actually want to use it.Students starting college need to sign up for a lot of new services, like school emails and online shopping accounts. It’s a lot to take in all at once. This is the perfect time to tea

1Password 7 was released over a year ago, and thanks to all the new features we’ve added since, there’s never been a better time to upgrade. Let’s take a look at what you get with the latest and greatest version of 1Password.1Password mini1Password mini has a beautiful new design in 1Password 7. Every pixel has been reimagined to give you more information and control, so you can keep all your passwords, credit cards, and other important items right at your fingertips. It still works in your favorite browsers, and now you can fill in apps with drag and drop. The new 1Password mini is available in 1Password 7 for both Mac and Windows.Watchtower and securityData breaches happen all the time. If you use 1Password 7, Watchtower alerts you if any of your passwords have been compromised and need to be changed. It also keeps track of expiring items (like credit cards or passports) and warns you of unsecured websites.Watchtower even lets you know when you aren’t using two-factor authentication

Thought I’d go with the obvious Star Wars reference? I have to admit it was tempting, but villains monopolize the dark side in that universe. Heroes can have a dark side too, as evidenced by our friend the Dark Knight, and Dark Theme is definitely the hero feature of this release!Without further ado, and only a few more pop culture references, let’s get into what’s new in 1Password for Android 7.2.Dark ThemeThe new feature I’m most excited about in 1Password also happens to be my favourite new feature in Android Q. When it launches later this summer, Android Q will bring support for a system-wide Dark Theme. And 1Password will be ready and waiting with our new gothic stylings.I only work in black … and sometimes very, very dark greyWhile we did darken things dramatically, we didn’t quite limit our palate to Bat-approved colours. Instead, we used the contrast provided by a dark background to really make important elements pop. Look for bold shots of 1Password blue to tell you where the

As people grow more cautious of online tracking and data collection, space is opening up for privacy-conscious browsers like Brave, a relative newcomer that’s enjoying some time in the spotlight. To see what all the fuss is about, I’ve been giving Brave a spin.A quick introduction to BraveDeveloped by Brendan Eich, co-founder of Mozilla, Brave is a privacy-focused browser built on open-source Chromium.The backbone of Brave is the same as Chrome, so it shares a lot of its plus points: It has the same clean look, you can install extensions from the Chrome Store, and it syncs across devices. Brave supports Windows, macOS, Linux, Android, and iOS.Getting startedGetting Brave set up is easy. When you launch the browser for the first time, a welcome tour helps you import any bookmarks and settings from your old browser.You can install 1Password for your browser straight from the Google Chrome Web Store. Remember, when you sign in to 1Password.com for the first time in Brave, you’ll need your

The third webinar in our Essentials of Business Security series is now available! In this video, Matt talks with Alex Rosier from ProtonMail about phishing, fraud, and how you can reduce the threats to your business.ProtonMail is five years old, and Alex has been involved since the early days. He started out doing anything and everything that was needed but now focuses on working with businesses of all sizes.To help keep your business safe from phishing attacks, we’ve put together five key points from their chat.Your email is at riskDespite the rise in popularity of Slack and other messages programs, email remains the largest communication model for businesses. The data you send over email is more vulnerable than you may think. Even internal emails can be intercepted and exposed if the right malware has been put into place.If you and the recipient of your email use an encrypted email server like ProtonMail, it makes it more difficult for third parties to read or tamper with your messag

On Monday, Apple released the macOS Catalina public beta that includes a preview of Safari 13, which is set for release this fall. We’ve discovered there’s lots to love about Safari 13, but we’ve also learned that it will no longer work for customers using 1Password 6.Those already using 1Password 7 are all set; 1Password 7 is ready for Safari 13, so you won’t miss a beat.If you’re still using 1Password 6 in Safari, you don’t have to do anything immediately, but you’ll need to take action soon to prevent interruptions to your workflow when Safari 13 arrives.1Password 7 supports Safari 13The best way to experience Safari 13 is by using 1Password 7.1Password 7 is included with every 1Password membership, and contains a ton of new features to help you organize and secure your life. A few highlights:Watchtower can now tell you when items you’ve saved in 1Password – like credit cards, driver licenses, and passports – are about to expire. Plus, it can tell you what sites support two-factor a

I’ve used 1Password far longer than I’ve worked here, but until I came on board I only used the Mac and mobile apps. Although I knew that there was a browser-based option, I didn’t give it much thought until I was poking around during my new-hire training.Honestly, what took me so long? Within a few weeks of discovering that 1Password X existed, it became the primary way I use 1Password on my computer.1Password X is a full-featured version of 1Password that runs entirely within a browser. It runs on my Linux machine just as smoothly as it does my Mac. And because 1Password X connects to your 1Password account, you have access to everything you expect. That’s extremely helpful if you’re anything like a lot of us here and find yourself jumping between different computers and platforms multiple times a day.How does it work?Although I first discovered 1Password X on Linux, it quickly became my preferred way of using 1Password on Mac as well. I love having all my passwords stored in 1Passwo

WWDC, Apple’s annual Worldwide Developers Conference, happened in San Jose earlier this month. It’s an exciting opportunity for developers from all over the world to meet and talk with Apple engineers and for Apple to show off their upcoming software.The conference always kicks off with a keynote, and this year it was bursting with announcements and updates. The most exciting news for our team was the announcement of brand new versions of iOS, iPadOS, and macOS! Roo has already talked about how impressed he is by Voice Control in iOS 13 and how excited he is for Dark Mode for iOS to finally arrive.If you’re a member of the Apple Developer Program, the developer beta versions of all three pieces of software announced at WWDC are already available to download and install.All of the software previews were absolutely stunning, and we know 1Password 7 will look amazing on all of them. But the best part? If you have 1Password 7 installed, everything should work as expected on the iOS 13, iPa

As we move into the second half of 2019, it’s a great time to re-evaluate your team’s security habits. If their password management isn’t up to scratch, 1Password can help. Our next webinar will show you how to get started.On July 16 at 2 p.m. EDT, we’re hosting a repeat of our Administrators: Get Started webinar. If you’re looking to set up 1Password for your team, have just been appointed as a team administrator, or simply need a refresher, this webinar is for you.In this webinar, we’ll show you how to:Invite people to your teamShare data and manage permissionsCreate and manage groupsWe’ll also have time for a Q&A session at the end to answer all your questions about 1Password Teams and 1Password Business.To receive notifications of future webinars, sign up for the mailing list.(Editor’s note: This webinar is no longer available.)

The second webinar in our Essentials of Business Security series is now available! In this video, Matt talks with Michael Sherwood from Malwarebytes about scams, malware, and what you can do to protect your business.Michael’s journey to Malwarebytes began with an interest in technology and an Apple IIc in ‘84. From there, he joined the U.S. military, where in the mid-90s (the Windows NT era) he found his feet in cryptography. Today, he is VP of Enterprise Online at Malwarebytes, and we’re thrilled that he’s bringing his expert insight to our latest webinar.To help keep your business safe from scams and malware, we’ve put together five key points from our chat for you to take away and consider.The landscape is shiftingMichael highlights that, in the past, ransomware has been mostly an annoyance rather than malicious. However, the focus has shifted; attacks have become more advanced, and it’s all about making money.The good news is that cybersecurity solutions are keeping up and getting

We’ve kicked off an exciting new webinar series, Essentials of Business Security, designed to help your businesses stay safe online.In the first installment Matt talks with Troy Hunt, a longtime friend of 1Password and the founder of Have I Been Pwned. Troy created this site to help people find out if their passwords have been leaked on the internet, making him an expert on password-related security issues.Matt and Troy covered four key points in the webinar that will help you protect your business and employees.Use strong and unique passwords for every accountViews on passwords are always changing and evolving. Requiring employees to change their passwords every 30, 60, or 90 days has been a business standard for years, but the National Counterintelligence and Security Center (NCSC) changed their stance and now advises against password rotation as a policy.Your employees should create a strong and unique password for every account, and only change these passwords if they suspect an ac

You can now use U2F-compatible security keys as a second factor for your 1Password account.Last year we added two-factor authentication to provide another layer of protection for your 1Password account. When this is enabled, you are prompted to enter your second factor any time you sign in from a new device.Initially, that second factor was a time-based one-time password generated by an authenticator app on your phone. Today, I’m happy to announce a new option: We now offer support for Universal 2nd Factor (U2F)-compatible security keys. This is done via the new WebAuthn API, and we’re excited to be among the first services to adopt this new browser standard. WebAuthn is backwards-compatible with U2F, so all certified U2F security keys will work with our WebAuthn-enabled flow.What is a security key?Security keys are small physical devices that can be used as a second factor. Support is built into most web browsers and works with many online services like Google and GitHub.“WebAuthn bri

One of the most impressive parts of Apple’s enormous WWDC keynote on Monday was the announcement of Voice Control for iOS 13.This brand new feature is a complete game changer for users who may not have the ability to interact with their iOS device using their hands and fingers. Using simple, predictable voice commands you can control every aspect of your iOS device. We pride ourselves on providing a 1Password experience that works for all our customers and when it came time to add Voice Control support to our iOS app all that prior work paid huge dividends.Check this outSo many incredible things have been announced at WWDC this year and we’re only starting to scratch the surface of the things we can do. I can’t wait for you to try out Voice Control on IOS 13 when it launches this fall!

For those of us on the Apple team, it’s our favorite time of year: Apple’s Worldwide Developer Conference (WWDC for short, or Dub Dub if you want to go even shorter).This year Apple announced a plethora of promising updates for all their platforms. There was multi-user support on tvOS and HomePod, game-changing security announcements like Sign In with Apple, iPad officially branching off from iPhone with iPadOS, Project Catalyst, and that oh-so-incredible Mac Pro. We also got something I’ve been anticipating for quite some time: Dark Mode for iOS.Challenge acceptedEach year we watch the WWDC keynote with bated breath, waiting for the announcement that will dictate our workload for the next 3 months. We also take it as a personal challenge to see how quickly we can add Apple’s newest technologies to 1Password. This year is no different and I’m happy to report that our track record continues:See you in the fallAs always, you can expect to see 1Password ready for Dark Mode when iOS 13 lau

Last week on Random But Memorable, renowned security technologist Bruce Schneier joined me to discuss surveillance capitalism and internet security policy. Read the interview, or listen to the full podcast.Michael: Bruce, you don’t need an introduction, but I’m going to give you the opportunity to give one anyway. Welcome to the show.Bruce: Hi. People might not know that I now teach internet security policy at the Harvard Kennedy School. I’m trying to teach a little bit of tech to policy students, and internet policy to techies. I’m trying to bridge the gap between policy and tech. Our serious problems are how do we govern tech, and what is the governance of tech. We need people who can speak both languages.Michael: So often these days we have rules and laws being put in place that aren’t necessarily based in reality or practical matter.Bruce: Did you watch the Facebook hearings? If legislators ask questions like “How does Facebook make money?” we’re not going to get good internet secu

Although Microsoft Edge has been out for Windows for a few years, the beta version for Mac was only released in May. Microsoft Edge has been my go-to browser on the rare occasion I use a Windows PC, so I was excited to get a peek at how the browser, and 1Password, would work on my Mac.Solid as a rockThis new version of Microsoft Edge is built on Chromium, the same base that Chrome uses, making it more stable and reliable than the Internet Explorer of my early internet days. While it’s still only in beta, it feels speedy enough that it could easily fit into my day-to-day workflow without slowing me down or dragging my tasks out.And the best part is that on my Mac, Microsoft Edge not only looks like a native Mac application but it functions like one, too. All my go-to keyboard shortcuts work exactly as I expect them to, which means I don’t have to move my mouse to open 1Password! With just a tap of the keys, I’m able to sign in and access my saved information.Keep it secret, keep it safe

For the last several months the Design and Development team at 1Password has been hard at work on a major renovation to the smallest part of everyone’s favorite password manager: 1Password mini.Since we launched 1Password 7 last May, we’ve received more feedback about that incarnation of 1Password mini than any other part of our version 7 update. Given that it was such a significant departure from its predecessor, we anticipated this feedback. Instead of snapping into reaction mode, we took a wait-and-see approach; change is hard, and we didn’t want to jump to the wrong conclusions. Over time, we built up a wish list of improvements we wanted to bring to 1Password mini and we set off on our journey.Core competenciesBefore a single mockup or wireframe was created, we took a step back to define exactly what 1Password mini needed to do well:Show items that match the frontmost app or website.Fill your passwords, credit cards, and address information into a web page.Generate new passwords q

With several countries observing a mental health awareness week in May, now is a great time to think about how we care for ourselves and others. We are all worthy of support, encouragement, and happiness. Sometimes feeling okay is easier said than done, but by carving out a bit of time each day to focus on mental and physical health, we can work towards that reality together.Here at 1Password, a huge part of our culture is being positive and working to bring the “wow” factor to our customers – but to do that, we need to take time to recharge ourselves, too. That’s why we encourage folks to get active during the day, and spend time doing things they love. Whether we’re coding amazing new features or helping answer questions from awesome users, it’s a pretty sedentary job. Having activities outside of work – like going to the gym, yoga, a darts league, or squash – gets you moving, helps the body stay active, and feeds the brain. :)We also do a few things within 1Password to help keep peo

Welcome to the May update of 1Password X! They say April showers bring May flowers, and boy howdy do we have some incredible flowers to share with you today. 🌹🌷From a freshly redesigned pop-up, to drag-and-drop support, to some incredible speed boosts, 1Password X is lit AF better than ever.All new pop-up designThe 1Password X pop-up has been completely recreated to use a two-column layout. With one less column, things are now simpler, more responsive, and allow you to see your item details right away. Along with smart suggestions, you can quickly find your logins, credit cards, and identities when you need them.Search feels more natural in the new design and is faster than ever. Start typing and 1Password will do the rest. After you find the login you’re looking for, press Enter and 1Password will open the website and automatically fill your information.If you need to manually type a password on another device, use Large Type to make it as easy as possible. And you’re not limited to...

Since 1Password was founded in 2005, customer support has been at the heart of everything we do. I’ve been working with a small team to build CSX, a Chrome extension that makes providing support as easy as 1Password makes managing your passwords.Why do we need a tool like CSX?As 1Password grows, so do the number of customers we talk to. To make sure we have time to give every reply the thought it deserves, we wanted to automate the repetitive, more administrative parts of the process.For example, we’ll often get an email that mentions a forum thread or Twitter conversation. Finding that discussion is a repetitive, time-consuming endeavor, and it would be much better if we could spend that time crafting our reply.To give one more example, we have a collection of “Charms”, which let a new team member know how to write the perfect response for every situation. These are new to us and we’ll likely write about them in the future, but suffice it to say, they help us ensure that every custome

We are thrilled to announce that 1Password has won its first Webby award!The Webbys, hailed as the “internet’s highest honor” by The New York Times, are presented anually by the International Academy of Digital Arts and Sciences (IADAS) and have been around since the mid ’90s.We’re delighted that 1Password has been chosen by the Academy as the 2019 winner for Services & Utilities in the Apps, Mobile, and Voice category, as well as being named an honoree in Web Services for the 23rd annual Webby Awards.We take great pride in providing the best user experience not just on iOS but across all of our platforms, and we’re excited to be recognized for it.We’d also like to thank everybody who voted for us in the People’s Voice component of the award. Your support means a lot to us!Award-winning password management1Password makes it easy to keep your online accounts safe. Try our award-winning app today for free, and find out how simple secure password management can be.Try free for 14 days

Are you doing enough to keep your business secure? We’re hosting a series of webinars with prominent security experts to help you learn the essentials of keeping your business safe online.Covering everything from ransomware to password breaches, each of these 30-minute webinars will teach you something new about the threats you face and the actions you can take to stay secure.Troy Hunt from Have I Been Pwned on Thursday, April 25th, 201910 a.m. BST / 5 a.m. ESTTroy Hunt is joining us for a security chat about password breaches, data dumps, and encouraging your team to use unique passwords.Troy Hunt is a security researcher and founder of Have I Been Pwned. You can learn more about Troy and his work at troyhunt.com.Michael Sherwood from Malwarebytes on Thursday, May 2nd, 20195 p.m. BST / 11 a.m. ESTMichael Sherwood, VP of Enterprise Online at Malwarebytes, is joining us to talk scams, malware, and preventative measures.Malwarebytes proactively protects people and businesses against dang

Rolling out new business software can be a challenge. Getting everything set up is one thing, but training your team to use it can be time-consuming if you don’t have the right resources. Our webinar takes the guesswork out of onboarding.At 1Password, we want to give you the tools you need for a successful deployment. If you’re an administrator looking for the best way to train your staff, we’re here to do some of the heavy lifting for you.On May 7 at 2 p.m. EST, we’re hosting a webinar for team and business customers. This webinar is perfect for team members who are just getting started with 1Password or need a refresher.In this webinar, we’ll show you how to:Use 1Password.com to view and edit your passwords and other important informationSet up the 1Password apps and 1Password XSave, fill, and change your passwords to make them more secureWe’ll also have time for a Q&A session at the end to answer all your burning questions about 1Password.Register for the webinarTo receive notificat

Don’t worry, we haven’t completely lost our minds over here — it’s just April Fool’s day!At 1Password we take privacy and security very seriously, and we think everybody else should too. That’s why we would never really suggest ditching your password manager for a cute password book you keep on your desk.And while writing down lots of unique passwords is admittedly safer than reusing the same password for everything, it still isn’t anywhere near as safe as using a password manager, and it certainly isn’t as convenient.Password books can get lost, damaged, or accessed by other people — and, worse, they encourage people to use weak, easy-to-type passwords (because if you’re manually typing things in, you don’t want to spend forever doing it). Our password generator creates passwords like =Rw}U5Wx}cHxc)2g6-^Z#7. Imagine writing dozens of passwords like that in a notebook, and copying them out each time you need to use them. You probably wouldn’t, right?Getting started with 1Password is th

Today, Facebook revealed that 200–600 million user passwords had been stored in a plain text file on an internal server. This left the affected users vulnerable and searchable by more than 20,000 employees – with around 2000 taking advantage of this. However, Facebook did state that no passwords were shared or leaked externally.Any affected users will be directly notified, and Facebook is not advising anyone to change their password. But, given the number of employees who accessed those passwords, we’d urge you to err on the side of caution and change yours just in case.Instances like this, where passwords are stored and accessible in plain text, are a good example why you should use a unique password for each site. Having a unique password means that the bad practices of one company don’t lead to your account being compromised on other sites where you use the same password.To keep your passwords truly secure, change them any time you suspect they’ve been compromised. We know it can be

One of the challenges as a remote company is that we’re scattered all across the world, which makes it difficult to meet in person. That’s why all of us at 1Password eagerly look forward to our annual meetup, AGConf, which is held each winter on a cruise ship in the Caribbean.We met up in Fort Lauderdale, Florida. Many of us were escaping cold and snow back home, and what better way to soak up the sun than to spend a week aboard Royal Caribbean’s Independence of the Seas — with stops in Nassau, Haiti, and Jamaica?Pre-cruise hangoutsWith people coming in from overseas, one even as far as New Zealand, a lot of folks like to get to Florida a day early. It helps them adjust to the time zone and get a good night’s sleep on land before venturing onto the boat.One group met up to get dinner and drinks at a tiki bar, another group went out in search of excellent Cuban sandwiches, and a lot of people just hung out in small groups in their hotel lobbies. It was a great way to meet up with old fr

From March 4-8, RSA Conference 2019 will bring around 50,000 security professionals together in San Francisco to learn, share, and discuss the future of the industry. We’re all about improvement at 1Password, so we’re going to be there along with some of the leading lights in information security.Come and say hiThe 1Password Business and Security teams will be attending because we want to make sure that we remain at the forefront of the latest developments in the cybersecurity world. At 1Password, we firmly believe that the sharing of ideas is how we all get better at what we do, and I know our teams can’t wait to get started.If you’re making the pilgrimage to RSA Conference 2019, keep an eye out for your friends from 1Password at booth 2456. We love to meet our customers and we’ll have stickers and other goodies to hand out as well.Enjoy everything RSA Conference has to offerThere’s so much going on at RSA Conference 2019, and if you’re anything like me, you might not know where to be

After you’ve set up 1Password for your business, it’s time to take things to the next level. Our new webinar will show you that the next step is just as simple as the first.On March 26 at 2 p.m. EST, we’re hosting a webinar to help you get more from 1Password Business. Whether you need help choosing a plan, are upgrading from 1Password Teams, or simply want to learn more about the 1Password Business features, this webinar is for you.In this webinar, we’ll show you how to:Organize your team with custom groups and rolesManage access with vault permissionsAudit your team with reports and the Activity LogWe’ll also have time for a Q&A session at the end to answer all your questions about 1Password Business.Register for the webinarTo receive notifications of future webinars, sign up for the mailing list.

1Password is a fully remote company with people scattered across the globe — from New Zealand to Germany to our home in Canada.Late last month, we all met up for AGConf, our annual company gathering. It’s a chance to meet new friends, reunite with old ones, and discuss the coming year’s plans while cruising around the Caribbean.But our week at sea isn’t just for sunbathing — it’s also how we connect on a personal level with those we work with. Instead of gathering in chat rooms and on conference calls, we’re able to spend time talking in person over food, drinks, games, and even while relaxing in a hot tub.Friends and partners are welcome too, and our new Chief Customer Advocate Lynette Kontny brought her husband Nathan along. He used the opportunity to cut some footage for his daily vlog. Nathan Kontny’s YouTube channel tackles important issues pertaining to business, family, and psychology in an engaging and thought-provoking way.The installment Nathan released after the cruise, “Sla

Our Android team has been working hard to make sure 1Password for Android sticks to its 2019 resolutions. We couldn’t be happier that after many hours in the gym, it’s now bigger and better than ever. I think you’re going to love 1Password 7.1 for Android.For this update, our Android team resolved to make it even easier for new 1Password customers to get started. That informed much of their work, and I’m sure you’ll agree when I say they absolutely met their goals. With a slicker sign-up process and easier Emergency Kit creation, you can be up and running much faster.A lot of work has gone into this update, and as ever, you can see everything that’s changed by reading the release notes. There’s a lot to whet the appetite in there, and I wanted to pick out a few of the biggest changes that we’re really proud to bring to 1Password for Android.Start your 1Password membership with Google PlayIf you install 1Password from the Google Play Store, you probably want your membership to be taken

Scams that try to extract personal information via phishing sites, phone calls, or SMS are on the rise. It’s something we covered in detail in What is phishing, and how can you protect yourself?As someone who works for 1Password, security is a big focus of mine. I’m happy to admit that this job has made me far more paranoid than I used to be, and naturally I use 1Password to make sure all my passwords are strong, unique, and have never been included in any breach. I’ve read our internal security guide many times over, and I took part in a company-wide security training session just recently at our annual company get-together.You’d think all this preparation would keep me safe from phishing – but last week, I was nearly caught by an SMS phishing attempt. If I can be caught out, so can you, and so I write this post in the hope that my experience will encourage others to be cautious.The perfect time and placeIn January, the 1Password team got together in Florida for our annual AGConf, and

Earlier today, security researcher Troy Hunt announced the Collection #1 data breach and updated Have I Been Pwned with over 773 million new compromised logins. These are now available in Watchtower, so you can check if you’ve been affected by the breach right from 1Password.What is the Collection #1 data breach?Collection #1 consists of over 1 billion username and password combinations, taken from individual data breaches on thousands of different websites. The data has been circulating on the dark web and hacker forums and is the single largest breach to ever be added to Have I Been Pwned and Watchtower.Collection #1 contains:1,160,253,228 unique combinations of email address and password773,138,449 unique email addresses21,222,975 unique passwordsAround 140 million email addresses in this breach had never appeared in Have I Been Pwned before.What do attackers want with this data?Attackers use bots to try passwords stolen from breaches on many other websites with the aim of gaining a

The New Year’s resolutions we stick to have a few things in common: they’re realistic, focused, and have clear benefits. That’s why improving company-wide password habits is a great resolution for 2019.According to the most recent data from Verizon, over 70% of employees reuse passwords at work. The report also finds a staggering 81% of hacking-related breaches used stolen or weak passwords. A security breach of your own wouldn’t be a great start to the year, especially if you know it could have been avoided.1Password Business makes improving password habits an easy resolution for you and your employees to keep, both at work and at home. You get a password solution for your entire business — complete with advanced access controls and Watchtower breach monitoring — that’s compliant to the most stringent industry standards.When your employees are practicing good password habits at home, they are infinitely more likely to practice them at work. The beginning of the year is the perfect tim

When we said this release was just around the corner, we weren’t kidding! After some great work by the team over the last few weeks, 1Password 7.3 for Windows is ready, and you can download it now. There’s a lot to enjoy with this release, and we hope you love it as much as we do.With 1Password 7.3 for Windows, our teams have made some huge changes to the way the app looks and works. We’ve taken the 1Password that you all know and love and then supercharged it. With this update installed, you’re getting the best version of 1Password that Windows has ever seen.There’s so much to share that we’re just going to jump right in, and as ever the full rundown of what has changed under the hood can be found in our release notes.Watchtower and securitySecurity is always at the forefront of everything we do at 1Password, and we never miss an opportunity to make it easier for you to stay secure, too. To that end we’ve added support for Secure Desktop, giving you the option of unlocking 1Password i

1Password 7.3 for Windows is around the corner, and you can help us get it ready. There’s lots to look forward to, and we’re sure you’ll agree that this is the best 1Password that Windows has ever seen.We’ve been working on this update for some time, and we want to make sure that it’s as awesome as can be. That means we’re still a few weeks away from the release of 1Password 7.3 for Windows, but if you want to test the waters and help us create something awesome, you can download the latest beta release right now.Whenever you download 1Password 7.3 for Windows — beta or otherwise — you’re going to see plenty changes this time around. They all build on the strong foundations that 1Password 7 gave us earlier this year, and we wanted to give you a quick sneak-peak of what you can expect.We think that you’re going to love 1Password 7.3 for Windows, and here’s why.1Password gains its own desktopNow 1Password is even safer with the addition of “Unlock using Secure Desktop.” 1Password can now

Start 2019 with the goal of improving your team’s security habits. Rolling out 1Password is one of the best ways to achieve that result. Our next webinar will help you get started.On January 15 at 2 p.m. EST, we’re hosting a webinar to help administrators get started with 1Password. If you’re looking to set up 1Password for your team, have just been appointed as a team administrator, or simply need a refresher, this webinar is for you.In this webinar, we’ll show you how to:Invite people to your teamShare data and manage permissionsCreate and manage groupsWe’ll also have time for a Q&A session at the end to answer all your questions about 1Password Teams and 1Password Business.To receive notifications of future webinars, sign up for the mailing list.(Editor’s note: This webinar is no longer available.)

Australia recently passed the so-called Assistance and Access Act. This law (correctly) has many digital security and privacy experts worried. We’d like to offer some preliminary remarks on how it may impact the privacy and security of 1Password customers and how it may affect the way we work.Even at this early stage we can remind everyone that we do not currently, and will not introduce back doors into our products, and we will continue to operate in a way that would make it difficult for a back door to be inserted.Our remarks on the Assistance and Access Act (discussed under the hashtag #aaBill) must be preliminary at this point. There is a great deal of vagueness in the law in its current form, and we do not know how it will be interpreted and used when it goes into effect into effect. Nonetheless there are a number of things that we can clearly (re)state now.We don’t like back doorsA back door is a deliberate and hidden weakness in a system that is designed to allow certain people

Random but Memorable is back with an episode full of a new Watchtower Weekly, customer questions, and even a chat with Charles Arthur, author of Cyber Wars: Hacks that Shocked the Business World.Watchtower Weekly talked briefly about the Marriott breach, which potentially impacts nearly 500 million Marriott and Starwood customers. Data exposure can always leave you vulnerable, so it’s a good idea to take Marriott up on their offer for a free year of WebWatcher to monitor your information. They also brought up a rather embarrassing incident for Tesla in which a disgruntled customer complaining to their customer support forum got more than he bargained for. Instead of just an answer, a support agent ended up giving him administrative permissions for the entire forum! That’s right, he was granted full access to the entire forum. There’s going above and beyond to help your users and then there’s giving them the ability to not only edit and delete any post but also gave him access to full p

Welcome to our new blog! It’s been re-built, re-designed, and moved to a new home on 1Password.com. It’s the fastest and most efficient experience we can give readers and we really love it. Learn how we built it as a static, serverless site with Hugo and AWS.Our blog has seen many homes over the years, going all the way back to the original one nearly 13 years ago (which is impressively still live on the internet today).You may have already noticed the new blog you’re reading on now as it’s been around for a couple months, but today, we’re happy to officially announce it! As well as the retirement of our previous one at blog.agilebits.com. Be sure to subscribe via RSS and follow us on Twitter or Facebook to stay up to date with our news, announcements, security tips, and all things 1Password.The previous blog was built with WordPress, which served us well for the past decade, but we figured we could do better and build something more lightweight, fast, and secure. And of course there’s

Rolling out new business software can be a challenge. Getting everything set up is one thing, but training your team to use it can be time-consuming if you don’t have the right resources. Our new webinar takes the guesswork out of onboarding.At 1Password, we want to give you the tools you need for a successful deployment. If you’re an administrator looking for the best way to train your staff, we’re here to do some of the heavy lifting for you.On December 4 at 2 p.m. EST, we’re hosting our first webinar for team and business customers. This webinar is perfect for team members who are just getting started with 1Password or need a refresher.In this webinar, we’ll show you how to:Use 1Password.com to view and edit your passwords and other important informationSet up the 1Password appsSave, fill, and change your passwords to make them more secureWe’ll also have time for a Q&A session at the end to answer all your burning questions about 1Password.Register for the webinarTo receive notifica

The trees are turning colours and the smell of pumpkin pie is in the air. That can only mean one thing: Thanksgiving is almost here!I love this time of year for so many reasons but my favourite is being reminded of all the incredible things I have in my life.From a wonderful family to great friends to working at my dream job, I have a lot to be thankful for.All of this wouldn’t be possible without awesome customers like you. Thank you for supporting us all these years! 😘Give a free year of 1PasswordThis year I am giving you a gift for those special people in your life: give them the gift of security with a free year of 1Password and show them that you care.If you purchased 1Password 7 or have an active subscription into 2019, simply click this link to send your gift:Gifts can be sent to direct family members, extended family, friends, or someone who is doing good things in your community. Showing them that you care is sure to bring a smile to their faces.Thank you again for supporting...

People love using 1Password with their favorite apps. Other developers have integrated 1Password into their own apps because they were eager to offer their customers the very best experience. As developers ourselves, and people who use those apps, we can’t thank them enough for their work.Changes to the way iOS and Android handle password management and filling have given 1Password an opportunity to make password filling better than ever. It’s never been easier to use strong, secure passwords for every website and app you use. With support for Authentication Services and Password AutoFill in iOS 12 and the Autofill API in Android 8 (Oreo), 1Password is ready for the next step in our journey. And things will get even better as developers fully support all the new tools on offer.I’ve been using the latest autofill features on iOS and Android, and they’re brilliant. Entering passwords on a phone has never been easier. In fact, it’s downright fun. I’m a little bit in love with the work dev

1Password was born and raised in Canada, with an amazing team of people working around the world to continue development and provide support to all our customers.Last Christmas, we wanted to help provide food security to those in need, and donated $50,000 to Food Banks throughout Ontario, where our Founders are based. We’ve been fortunate to be able to help others in our community, and found a new way to continue helping.Several years ago, Dave Teare began coaching in his hometown, with the St. Thomas Soccer Club. When the City of St. Thomas decided to build a new outdoor soccer space to ensure there would be fields for kids to play on, we knew it was something we wanted to be involved with.We’re super excited to announce that in the spring of 2019, kids from all over will be able to enjoy 1Password Park - a 65 acre outdoor complex featuring soccer fields, an artificial turf football field, a playground with a splash pad and walking trails. 1Password Park will be an awesome place to pl

We’ve had a lightbulb moment and added Dark Mode to our blog. It makes it more readable, more enjoyable, and more fun than ever before. Read on to find out how we did it and how you can add it to your own website.Dark Mode in Mojave is great for apps, but until now websites didn’t have a way to participate in the fun. Apple just gave us a gift with their latest update to Safari Technology Preview, and we’ve been having fun exploring the new possibilities.Welcome to the dark side 🌗Today I’m happy to say that the 1Password blog is now 100% compatible with Dark Mode, and the experience is fantastic. 🎉Although the Safari app itself has supported Dark Mode ever since macOS Mojave debuted, websites had no way to know when their content was being presented in Dark Mode. You saw the same color scheme on each website, no matter which mode your Mac was in.Safari Technology Preview 68 changed this by adding support for the prefers-color-scheme media query. It’s exactly what websites need to sup...

Today’s Apple Event in NYC was one of my favorites in years. From the new Macs, to the new iPads, to 1Password making an awesome cameo on stage it had everything I could want in an Apple keynote.Full disclosure before we go any further in today’s post, folks: I am tapping into a deep vein of long-running Apple fanboyism. If you’d rather not hear me gush about all the stuff that was announced at the Brooklyn Academy of Music, here’s the gist: 1Password on stage, woo! Brand new iPad Pros with Face ID, incredible! New MacBook Airs (with Touch ID) and Mac minis, fantastic!Speaking of that cameo, we were super surprised and honored to show up on the screen behind Laura. Touch ID on the Mac is one of my favorite features and having Apple use 1Password to show it off to the world was just terrific. 🙏Brand New MacsNow I don’t care to engage in hyperbole, and the word “finally” is usually uttered in a wry tone, but seeing new a whole new model of Mac mini finally announced today was so great....

Last month, we launched Random but Memorable, a bi-monthly security advice podcast. Random but Memorable is named after your Master Password, but is also very appropriate for the show. The “memorable” part mainly comes from my co-host Michael Fey (Roo) not reading the show notes until we start recording, and the “random” part is a direct result of this.In our first episode, Correct Battery Horse Pilot we talk about our iOS 12 and Mojave beta releases, and discuss the security news of the week. We experimented with a few ending segments of lighthearted banter but settled on trying to pronounce odd-looking place names, starting with the British city of Loughbrough.The second installment is called Machine Factor Toaster Data and introduces our first guest, Mitchell Cohen, who works on 1Password X. We discuss what 1Password X is and how it uses machine learning in a privacy-conscious way.The third episode, Nickelback Apologist Math Bounty is my favourite so far. In it, we answer some quest

It’s fall and you know what that means: new Apple operating systems! When Apple announced macOS Mojave with Dark Mode back in June, we knew we wanted to be there on day one with an update to 1Password that looked great in the dark. So we hiked up our programmer pants and got to work.1Password has a dark sideAs soon as Tim Cook left the stage at the Worldwide Developers Conference keynote we hustled back to our hotel and got to work on some mockups for what a Dark Mode version of 1Password might look like. We started, naturally, with the lock screen:Of course we didn’t stop there. Once you unlock 1Password, you’ll be greeted with a user interface that is right at home in Dark Mode. I love how website icons pop against the dark background, making it easier than ever to spot the login you’re looking for.Safari support, baked right in1Password has had the ability to work within Safari for years, making it super easy to fill your usernames and passwords directly into websites. With 1Passwor

California just became the first state to put a cybersecurity law on the books for any internet-connected devices that are made or sold in the state. This new legislation goes into effect January 2020 and is designed to protect consumers by setting higher security standards for smart devices.To comply with this new law, companies will either need to set a unique password for the device at the time of manufacture or prompt people to set a new password during the initial device setup.This is a big step in the right direction for safety and privacy. Too often, people in a rush to get up and running will leave the default password in place rather than taking the time to set a strong password. Unfortunately, the default passwords are trivial to crack.As well as putting our privacy at risk, default passwords make it possible for hackers to take control of thousands of devices at once and use them to bring down other services. Twitter, Spotify, and Reddit have all been attacked in this way.Al

macOS Mojave launched last week, and while Dark Mode was the feature I’d been most eager to test-drive, the redesigned Mac App Store quickly proved to be a dark horse itself. Here’s what I’ve been loving about the new Mac App Store, and what the 1Password team think you’ll love too. ❤️The first voyageThe Mac App Store has never been somewhere I’ve gone to browse, exactly — I’d usually open it with the intent of downloading a specific app. I wasn’t really expecting this to change, and the first time I opened it after upgrading to Mojave I was too struck by how incredible it looked in Dark Mode to notice much else.But after my initial “ooh, Dark Mode!” reaction subsided, I realized it wasn’t just the contrast between the dark backdrop and the rich illustrations that was impressive, but the design of the Mac App Store itself. For the first time ever, the App Store feels like one of the beautifully designed apps you’d go there to purchase — as well as a platform for discovering them.Discov

It’s been a couple of weeks since iOS 12 was released into the wild, and we have loved playing with all the new features it has to offer. Screen Time has shown many of us that we perhaps spend a little too much time on our iPhones, but one thing that has definitely sped up our mobile interactions is Password AutoFill.To recap, Password AutoFill opened up the filling technology included with iOS to third-party developers, meaning that we could make autofilling your passwords even easier.When iOS 12 was announced back in June, we were there in the audience of WWDC, and were thrilled to learn that we could now integrate 1Password directly into iOS. As soon as the keynote was finished, our developers jumped to work, and by dinner we already had a working demo.Skip forward three months and that demo has turned into a fully fledged feature, ready to transform how password filling works on iPhone and iPad.Love and praise from 1Password usersAs soon as our customers began to update their devic

Over the past year alone, we’ve seen a 172% increase in non-English-speaking visitors to 1Password.com. We want everyone to feel completely at home using 1Password, so today we’re excited to announce an important step toward a truly global service.For the first time ever, all of 1Password – the apps and 1Password.com – is available in 11 languages:EnglishFrançaisDeutschItaliano日本語한국어PortuguêsРусскийEspañol简化字繁體字Whether you’re using 1Password on your own, with your family, or for business, you’ll find that everything has been translated: pricing pages, account-related emails – everything in your account on 1Password.com. View every button, field name, email, and vault item in the language you choose.Many of the most popular articles on our support website have already been translated, and we continue to translate more every day. Our in-house customer support team is also multilingual, spread around the world, and growing fast. We’re here to help you every day of the week.When you sign u

New goodies abound, plus a treat for Linux users.1Password X is a 1Password experience that works entirely within your web browser, independent of a desktop app. It brings all the power of 1Password to Chrome and Firefox, and it works great on Linux, Mac, Windows, and Chrome OS.What’s new in version 1.10It’s been an incredibly busy summer for the 1Password X team, starting with our Independence Update in July. September brings some of our biggest features yet — and we mean that literally.Large TypeLarge Type is a beloved feature in the 1Password apps, and it’s made its way to 1Password X in style. Now you can make any of your passwords big and bold, so they’re easy to copy and read. Beautiful, eh??WatchtowerWatchtower helps you proactively identify breached passwords, so you can update them and stay secure. The Watchtower interface was completely redesigned for 1Password 7 for Mac, and we knew we had to include it in 1Password X as well. Watchtower integrates with the haveibeenpwned.co

Many banking sites impose password restrictions and security measures that do little to increase user security, while ultimately making it more difficult for users to rely on password managers to fill their complex passwords.These security measures include putting a limit on maximum password length and restricting the ability to paste passwords, with some banks claiming that having to memorize and enter your password regularly makes it more secure. For those of us who rely on 1Password (and other password managers) on a daily basis, this advice is cringe-worthy. Unfortunately, it’s really not all that uncommon in the banking world.We want to help users stay safe with all of their accounts and logins, including banking. The ultimate goal would be to work hand-in-hand with banks and other financial institutions, creating passwords that meet their strict rules, and then keeping those passwords safe.To help achieve that goal, I’ve written an open letter to banks and financial institutions

We recently launched massive updates to 1Password on both Mac and Windows. Today, I’m thrilled to reveal that 1Password is getting a bold new update on the Android platform as well.1Password 7 blends the best features of 1Password with the unique style of Android to deliver the best possible experience for managing your vaults on the go. We started with a design overhaul of the screens you use the most and then packed in some great new functionality to make it easier to access and update your data. On top of the added convenience, we’ve also made it easier to up your security game with some fantastic features I know you’re going to love.Lock it downLet’s start by diving into the first thing that you’ll notice after updating to 1Password 7: the fresh new design. You’ll be greeted with a shiny new lock screen standing guard over your data.Not only does this new design pay homage to the strength of the protections around your data, but it also includes a delightful animation for those tim

A while ago, we decided it was time for 1Password to become SOC2 certified… Don’t worry, we aren’t designing socks. Protecting customers’ data has always been our highest priority, and this certification is one more way we can attest to that.SOC stands for Service and Organization Controls, a family of certifications related to others you might have heard of like ISO or FedRAMP. While there are SOC1, SOC2 and SOC3 the one relevant to 1Password is SOC2. Being SOC2 certified means that we’ve demonstrated that we follow best practices for Security and Availability.Security in this case is not about our encryption, which we all know is the best out there. 😉 In the world of SOC2, Security ensures that we have—and follow—processes and policies that keep 1Password secure from all angles- everything from the way we train our employees to how the software is developed. Availability means -you guessed it- that 1Password will be working whenever you need it to.Demonstrating our commitment to sec...

A massive release with credit card and two-factor authentication code filling, password generator history, and a whole lot more.What is 1Password X? It’s a 1Password experience that works entirely within your web browser, independent of a desktop app. It brings all the power of 1Password to Chrome and Firefox, and it works great on Linux, Mac, Windows, and Chrome OS.With today’s release, we’re closer than ever to realizing our dream of independence. In fact, there’s more than enough in this release to call it 2.0, but seeing that 1Password X is evergreen software, we decided to cut out the version inflation and go with a good ‘ol name. 🙂Just in time for Canada Day and July 4th, let me introduce you to 1Password X: The Independence Update. 🇨🇦🇺🇸🎆Redesigned on-page experienceThe signature feature of 1Password X is direct integration with webpages. It’s what people love the most, and in the Independence Update we made it even better.1Password X is now smarter, more proactive, and mor...

Each year, a bunch of us make the annual pilgrimage to GopherCon, the largest and most well attended Go developer conference in the world.We take in the sights Denver has to offer, get the best coffee around from Denver Little Owl Coffee (If you think there’s better, please tweet us 😉), and most importantly learn all about the miraculous things people are creating with Golang.This year things will be even more special as we are the headline sponsor of GopherCon 2018!The GopherCon organizers have some amazing things planned this year, with the racing theme in full effect. As this is our first time sponsoring, make sure you visit the 1Password Pitstop while attending the conference!Visit the 1Password PitstopIf you are attending GopherCon, come and get a checkup from our expert Passwordologists at the 1Password Pitstop, and find out the best ways to secure your business and family online. We also love to hear from customers already using 1Password, so do come on over and chat about your...

1Password’s Watchtower service has been helping users identify accounts that have been affected by breaches for years. Today we’re proud to announce an enhancement to how 1Password finds and identifies breached accounts.1Password can now use Have I Been Pwned to find accounts that have been compromised based on the email address associated with the account. It can even do this without needing to share your email address with anybody.Before we dive in to learn about the details, take a look at the awesome work Matt and Jasper did to bring this to life.Breach ReportThere’s actually a fair amount to unpack here, and it’s difficult to see detail on a video, so let’s break down the breach report in screenshot form.The Breach Report is split into three sections.The top most section is a list of websites where an account with your email address has been identified as having been compromised, but you don’t have any information about this website in 1Password.That’s amazingly powerful as 1Passw

Hello everyone! It’s WWDC week and a large portion of the 1Password development team is here in San Jose basking in the glow of this year’s Apple’s Worldwide Developer Conference. For me it’s my first time coming to WWDC since it was last held in San Francisco two years ago, and I absolutely love it. The conference center itself is gorgeous, and the surrounding area is wonderful. Somehow I’m finding it easier to run into folks I know, and I’ve already caught up with a bunch of old friends and made a number of new ones since I’ve arrived.WWDC is much more than a place for me to stretch the wings of my social butterfly tendencies, however; it’s all about new tech, and boy oh boy did Apple hook us up this year. Many of us are already rocking iOS 12 and macOS Mojave on our main devices and computers and they are awesome. Not only that, but 1Password is running quite happily on iOS 12 and needs just a couple small tweaks on macOS Mojave.iOS 12 and Password AutofillOn Monday afternoon, durin

Hot on the heels of last week’s 1Password 7 for Mac announcement, I’m pleased as punch to unveil the best version of 1Password for Windows ever: 1Password 7 for Windows is here! 🎉 👏This is a massive release where quite literally everything has changed. Seriously, every bit and every pixel has been recreated from scratch using the latest and greatest technologies to make 1Password the best it can be.From an incredible new design to having all your vaults in one place to a whole new architecture, 1Password 7 is the fastest, prettiest, and most powerful version of 1Password yet. In short, it’s simply the best. A bold claim but thankfully we can back it up. 😎All new modern designOur design team has been working their tails off reimagining every aspect of 1Password. We wanted to make it as powerful and beautiful as the Mac app while staying true to the Windows platform.It all added up to a breathtaking new design that you’re going to love. And it all starts with the lock screen.The steel...

Today is a momentous day! It’s time to take the wraps off something incredible that changes the world as we know it: 1Password 7 for Mac is here! 🎉🙌There’s a ton of amazing features packed into this release and I couldn’t stop myself from writing a lot about them. If you’d like to start rocking right away, feel free to jump ahead and download 1Password 7 now. For everyone else, it’s my distinct pleasure to share with you the awesome that is 1Password 7.Marvellous mini1Password mini is how most of us use 1Password on a daily basis and for version 7 we wanted to make that experience the best it could be.1Password mini has been completely reimagined and comes with so many features that we needed to give it its own window. When you bring up mini you’ll find it waiting for you with an incredibly powerful and beautiful new look.While in your browser, mini will automatically suggest the items you’re most likely to need. Select the login you want to sign in with and 1Password will do the res...

Just over a week ago, I was incredibly lucky to attend Google’s annual developer conference at the Shoreline Amphitheatre in Mountain View. I always look forward to this event because it showcases the latest and greatest technologies coming to Google’s platforms. And to make things even better, I was joined by Gene, Peri, Shiner and Michael – our largest group at I/O yet!Google I/O 2018After grabbing coffee and snacks, we took our seats and eagerly waited for the keynote to begin. Sundar Pichai opened the conference by revisiting the most pressing issue of last year: the hamburger and beer emoji fiasco! With the cheese now in the right place, he continued with the keynote and introduced one of the main themes of the conference: leveraging machine learning to solve both simple and complex problems in our daily lives.The improvements to the Google Assistant such as “continued conversations” and the new voices are fantastic. I do worry that I may fall back asleep if John Legend’s soothing

1Password Business makes it easy to monitor events that happen on your team using the Activity Log, and you can take that to the next level by adding Splunk to the mix. Using the 1Password command-line tool, you can send your team’s 1Password activity to Splunk and keep track of it there alongside other happenings within your team.One of Splunk’s most popular features is the ability to find events and trigger alerts based on them. For example, in your team you could set things up so the sysadmins are alerted whenever someone is added to the Owners group in 1Password. I’ll get into that example a bit more later in this post.Set up the 1Password command-line toolTo kick things off, let’s set up the 1Password command-line tool, if you’re not using it already:1Password command-line tool: Getting startedWhen setting up the tool, start by creating a custom group and giving it the View Admin Console permission so it can view the Activity Log, then add a user to that group. Once the tool is se

1Password 7 has been in beta for six weeks now and the feedback has been fantastic. We are getting close to the official release date and have begun final preparations, including submitting 1Password 7 to the Mac App Store. 🎉When 1Password 7 is released it will be available from the Mac App Store as well as our website, and will be available as both a subscription and a standalone license.When adding 1Password 7 to the Mac App Store we needed to answer the following two questions:Should it be a new app?Should it support both subscriptions and licenses?Ultimately we decided that 1Password 7 will be a new app in the Mac App Store, and available only as a subscription. I know that many of you will be curious about this, so I wanted to share with you why we decided on this approach.Mac App Store and upgradesThe Mac App Store is one of the most convenient ways to purchase apps for your Mac. You can purchase with confidence, pay quickly in your local currency, and updates happen automatical...

One of the top requests we’ve gotten from teams using 1Password over the past few years is a way to see what items their team’s been using. With 1Password Business, we’ve added item usage reports, a new tool for you to see how the people on your team are using 1Password.Know what your team can accessAn administrator or owner on your team can create a report for a team member to see what items they’ve used, how many vaults and items they have access to, and more. To create your first report for a team member:Sign in to your business account on 1Password.com.Click People in the sidebar.Click the name of a team member, then click Create Usage Report below their name.We’ve designed reports to focus on the vaults that matter to you, so you’ll see items from shared vaults in a person’s report.Know what’s being used in your vaultsYou can also create a report for a vault to see what people have been using in it. To create a report for a vault:Click Vaults in the sidebar.Click the name of a vau

Introducing the all new Watchtower – it is absolutely gorgeous, and appears to be rather timely!Twitter asked their 330 million users to change their password yesterday due to a security snafu, putting privacy and security at the forefront of everyone’s mind once again.1Password includes Watchtower, with its suite of security tools, making it the easiest and most comprehensive way for you to check the security of all your passwords.With a click of a button, Watchtower audits your passwords against a wide range of security vulnerabilities giving you an easy to read report with simple steps on how to fix any issues it finds.Let’s take a look at some of the defences.On the lookout for breachesWatchtower will automatically notify you if there’s been a security breach for a website you use. A bright red bar that’s pretty darn hard to miss will display across the top of the item, prompting you to change the password for that site.Please excuse me while I hop away for a sec and go change that

Just how strong should a 1Password account password be? We recommend that account passwords be generated using our wordlist generator using passwords that are four words long. This gets you something like “napery turnip speed adept”.Among other things, this gives you the chance to learn new words. My dictionary has now informed me that “napery” means household linens such as table cloths and napkins. But let me move on from obscure vocabulary to asking about 1Password account password strength: What we know about account password strength, what we would like to know about it, and how can we get expert password crackers to help us learn?That’s why we are announcing a password cracking challenge to be managed by Bugcrowd with cash money rewards. First prize earns $8192, second prize is half of that, and third prize is half again. The race will begin has begun at noon Eastern Time on World Password Day, May 3, 2018. For those who want to jump right to the contest details, without reading

The more the merrier, my mother likes to say. And why shouldn’t that apply to authentication factors? You have your Master Password and Secret Key, and they’re combined to be one amazingly strong factor via Secure Remote Password. We’ve added two more to the guest list, and you get to invite whichever you’d like.ContentsTwo-Factor AuthenticationDuo SecurityAnother layer of protectionSupported across all 1Password appsTwo-Factor AuthenticationTwo-factor authentication in 1Password is implemented with Time-based One-Time Passwords. Time-based One-Time Passwords is a mouthful, so forgive me for abbreviating it to TOTP from here on out. TOTP is a widely adopted standard and it’s a great way of adding a familiar additional factor to your authentication process.When setting up two-factor authentication, you’ll be provided with a TOTP secret that you can store in an authenticator app of your choosing. 1Password has been a TOTP authenticator for years now and storing it there is very convenien

Last week found a number of us flying out to Toronto for what we called RickConf (I swear I didn’t name it!). The weather did its best to try to get in our way as the ice storm caused some of us to arrive a day later than expected. We all made it though, and I think we all took turns assuring the Californians that this weather is not normal.RickConf was an opportunity for everyone that works on 1Password.com to get together, hang out, and prototype some ideas for the future. 1Password is a remote company, so this is one of the few times per year where the whole team gets together. We think that it’s incredibly important that we get to know each other beyond the avatars we have on Slack.I’d like to introduce you to the team, and help put faces to names you may have seen when emailing in with questions.From left to right we have Jiannine, Jasper, Jacob, Betty, Rob, Meek, Brett, Isha, Connor, Matt, and finally myself. Not pictured here are Shiner and Roustem who are an absolutely critical

Since 2015, over 30,000 businesses have signed up for 1Password Teams and discovered how 1Password can help them be secure while also increasing their productivity.We’ve learned a lot by working with these companies and found that what works for a team of 20 doesn’t necessarily work for a company of 20,000. So we got to work.Today, I am thrilled to announce the results of that work: 1Password Business. 🎉1Password Business provides the features you need as a larger team. It gives you the tools to protect your employees, secure your most important data, and stay compliant. Your administrators will love it for the control it gives them, and your employees will love how easy it is to use.Control access and be compliantGDPR, HIPAA, SOC2, PCI, PIPEDA… man, there’re enough compliance requirements to make your head spin.Thankfully, 1Password helps by keeping you in control of who has access to what. Each employee gets a place to store their private, work-related passwords. But there are times...

We all witnessed something refreshing last week when MyFitnessPal announced their data breach. They were open and honest about what happened and they should be congratulated.Many companies hide from the truth and make things much worse for themselves and their customers. Instead, MyFitnessPal did it right. Not only did they handle the disclosure with finesse, they also had excellent systems in place to limit the exposure of the leak.MyFitnessPal provides a great case study on how to handle a data breach and protect customer information. Let’s start with the announcement itself.The AnnouncementFirst it needs to be said that it was awesome that there actually was an announcement and that it was published in a timely manner. This is a very good thing!There was an in-app notification, direct emails, and a pinned Twitter post.They also posted Frequently Asked Questions that were excellent and when I emailed their support team with some questions for this post, their automated reply included

Guess what, Mac fam? 1Password 7 for Mac is on its way! 🎉👏This first beta is just a taste of what’s to come and it’s already packed full of new features and improvements. Here’s what we have so far.Beta blingThe awesome starts with the lock screen but the real magic happens when those doors open.Enhanced sidebar1Password 7 comes at you fast with its bold, beautiful sidebar. The sidebar shows more information than ever, but the dark theme and monochrome icons allow you to focus your attention on what matters most: your items.Drag and dropYou can now see all your vaults in the sidebar. This makes it easy to drag and drop items between vaults to organize them. You can even drag them between two different accounts. And if you drag items onto New Vault, a vault will be created for you right there and then. It’s never been easier to share and organize your information.Easily edit vaultsWith the new sidebar it seemed fitting to allow you to manage your vaults directly from there. So that’s ...

1Password 7 for Windows is almost here! 🎉🙌 Today marks our first beta and you’re invited to join in on the fun.This is a massive release where quite literally everything has changed. And with support for local vaults, everyone can enjoy the awesomeness that is 1Password 7 for Windows.Read on to see what all the hullabaloo is about and I think you’ll find our excitement is quite contagious. 🙂Incredible New DesignOur design team has been working their tails off making 1Password 7 for Windows the best it can be, so it seems fitting that we start by showing how great 1Password 7 looks.The awesome starts with the lock screen.Once you unlock 1Password with your Master Password (or Windows Hello), you’re in for a delightful surprise. I’ll let 1Password speak for itself here.From the typography to the rich icons to the layout, everything has changed. Yet the soul of 1Password remains, so you’re able to jump right in and find everything you need.The new sidebar is not only gorgeous but it’s ...

If you’re new to 1Password X, you’re in for a treat! 1Password X is a full featured version of 1Password that runs entirely within your web browser. It’s great if you’re using Linux or Chrome OS and has quickly become my favourite way to enjoy 1Password on the web.Since launching in November we’ve been hard at work exploring what’s possible and polishing everything else. I’d love to share with you what’s new since 1Password X blasted off! 🚀Our best password generator yetOne of the things that we wanted to explore in 1Password X was how could we make our beloved password generator even better. And we were willing to go back to the drawing board to make it happen.We started by suggesting new passwords directly within websites:Just click Use Suggested Password when signing up and you’ve secured this website. It’s incredibly easy and perfect for most sites.Some websites, however, don’t accept long passwords. Or sometimes you need a memorable password or a numeric PIN code.1Password X now ...

Ever since we launched 1Password memberships, people have been asking us how they can gift 1Password to their friends and loved ones. As you might expect, we see the most interest around the holidays, and this past holiday season was no different. I always thought it was a great idea, but we didn’t have a good answer – until now.$125 for only $99 🎉With 1Password Gift Cards, you can help anyone stay safe online. Give them to others or redeem them for yourself. You can purchase them in amounts of $25, $50, or $125. And because everyone loves to save money, we put the $125 gift cards on sale for only $99!PayPal and moreAnother request we’ve seen is the ability to pay for a 1Password membership without using a credit card. Gift cards make that easy.You can purchase 1Password Gift Cards with PayPal, and – because it’s 2018 – cryptocurrencies, like Bitcoin, Ethereum, and Litecoin. You can even use 1Password to manage your cryptocurrencies.And for those of you who are like myself – a bit old...

In 2017, the cryptocurrency market skyrocketed to over $600 billion. It’s the digital gold rush, and everyone wants their share. The lure of riches is too much to ignore, but there are also enormous risks. We can’t teach you how to make the best investments, but we can help you manage your cryptocurrencies securely.ContentsSet up 1Password before investing in cryptoHow to use 1Password to store your cryptoExchange accountsWalletsCryptocurrency addressesOrganize your crypto with tagsPay for your 1Password account with cryptoI’ve been trading crypto for a while now, and to be perfectly honest, none of it would be possible without 1Password. It helps me stay secure, and creating and managing all of my credentials – 46 and counting – is an absolute breeze.Set up 1Password before investing in cryptoBefore you invest in crypto, you need to take your security seriously. The best way to do that is with 1Password. I’ve seen people invest without using a password manager at all, and I’m seriousl

Today we’re celebrating Family Day here in Ontario and throughout other parts of Canada. It’s a great way to remind ourselves of the people in our lives who are always here when we need them. Family can mean a lot of different things – my brother-in-law Mike calling to ask if I need help shovelling snow, my aunt sharing a new card game, or a friend who needs a ride to an appointment – in the end, family means “together”.Sharing togetherMost of the time, sharing lives together is as simple as sharing a meal, sharing how your day was, and – these days – sharing Wi-Fi passwords and Netflix accounts. 1Password Families can’t cook for you or get your kids to clean their rooms, but it’s great with online accounts. In fact, it’s great for sharing a lot more than passwords, too.The Winter Olympics in Pyeongchang got me thinking about international travel, and I’m reminded of Jeff’s post about his son’s trip to Texas. He used 1Password Families to help his son prepare for his trip to the USA fo

1Password uses a multi-layered approach to protect your data in your account, and Secure Remote Password (SRP) is one of those very important layers. Today we’re announcing that our Go implementation of SRP is available as an open source project. But first, I’d like to show you the benefits SRP brings as an ingredient in the 1Password security parfait.ContentsParfaits: delicious and secureSRP: a hell of a layerHow 1Password uses SRPEnrollmentAuthenticationVerificationImplement SRP in your own appDonkey: Oh, you both have layers. Oh. You know, not everybody likes onions. Cake! Everybody loves cake! Cakes have layers!Shrek: I don’t care what everyone likes! Ogres are not like cakes.Donkey: You know what else everybody likes? Parfaits! Have you ever met a person, you say, “Let’s get some parfait,” they say, “Hell no, I don’t like no parfait”? Parfaits are delicious!Parfaits: delicious and secureThe first layer of security in 1Password, your account password, protects your data end to end

A tweet I posted a few days a go generated quite a bit of interest from people running or managing their services, and I thought I would share some of the cool things we are working on.@HashiCorp Terraform. It is like creating a brand new universe, from scratch. - @roustemView tweetThis post will go into technical details and I apologize in advance if I explain things too quickly. I tried to make up for this by including some pretty pictures but most of them ended up being code snippets. 😊1Password and AWS1Password is hosted by Amazon Web Services (AWS). We’ve been using AWS for several years now, and it is incredible how easy it was to scale our service from zero users three years ago to several million happy customers today.AWS has many geographical regions. Each region consists of multiple independent data centres located closely together. We are currently using three regions:N. Virginia, USA us-east-1Montreal, Canada ca-central-1Frankfurt, Germany eu-central-1In each region we hav...

Some of you may know Tim, our Beardless Keeper of Keys and Grounds here at AgileBits. Tim and his team keep everything running smoothly. The servers are serving happily and the networks are flowing gracefully. Tim is also the administrator of our company team on 1Password.com.Tim can script and automate with the best of them, and from the moment he got a preview of op, the DevOps team began bombarding us with feedback. One of the first things he asked for was the ability to create vaults, so we added that right away. But we knew we could still do more for Tim – after all he was on the nice list this year – so we got him some new toys to play with. If you’re too excited to read more, you can just start playing with op 0.2 now. To find out more, read on.Vault into the new yearOur first gift to Tim was more control over vault access. He can now use op to add users to vaults, remove users from vaults, and even delete vaults.So when Dave told Tim about a new project (codenamed Honey Badger)

“Wouldn’t it be cool if 1Password could do X?” is a question we often ask ourselves. The values for X are always changing, but some ideas come up again and again. Wouldn’t it be cool if…When you log in to a site, 1Password is right there on the page ready to fill?You could use 1Password without downloading the app?Linux users and Chrome OS users could join in on the fun?Now 1Password can do all these and more. We call it 1Password X, and it’s our brand new, full-featured experience that runs entirely in your browser.It’s super easy to set up, deploy, and use. It works everywhere Chrome works, including Linux and Chrome OS. And it’s a re-imagination of how 1Password works on the web.X is for extensionBefore we jump in, I want to address one thing you may be thinking: our X is a letter, not a version number. Our X is a hat tip to one of the most beloved features of 1Password, namely our 1Password extension.The extension is what allows us to have the little 1Password icon in your browser

Hello and happy November, everyone! We’ve long anticipated this day here at AgileBits. After months of hard work, 1Password 7 for iOS is now available on iOS 11.The very first step in the journey that brought us to this point was taken back in June, shortly after the Apple Worldwide Developers Conference. Before a single line of code was written, before a single new screen was designed, we set a single goal for this update: efficiency. Along the way, we also added a few more features, like support for iPhone X and Face ID, and we’re excited to finally share it all with you.As our release notes say, this is the greatest version of 1Password for iOS we have ever shipped, so let’s dive in, shall we?iPhone X and Face IDOn September 12th, like many of you, everyone here at AgileBits was glued to their screens watching Apple’s keynote from the beautiful Steve Jobs Theater at the new Apple Park campus. The announcement of iPhone X was already exciting, but the introduction of Face ID was like

I’ve long been curious about Microsoft Edge. It’s fast, light-weight, and much more secure than the Internet Explorer of my childhood. It had everything you look for in a browser … except 1Password support. Today that changes!Thanks to the hard work of the Microsoft Edge and Windows Store teams, along with our own Windows team, I’m excited to announce that 1Password now has a lovely new home right on your Microsoft Edge toolbar. 🎉Boldly go where no Login item has gone beforeTo bring your items with you to explore Microsoft Edge, first make sure you have 1Password 6.7 or later installed and set up. Then, head to the Windows Store and grab the 1Password extension. Open Microsoft Edge, enable the 1Password extension, and enjoy saving new Login items, opening and filling in Microsoft Edge from 1Password mini, filling addresses and credit card details, and easy access to the Strong Password Generator, just like you’ve come to know and love. If you’re still using an older version of 1Passwo...

Here at AgileBits, we’ve been working hard over the last few months to bring power users, developers, and administrators more powerful ways to interact with 1Password. We’re proud to announce that we have something that fits the bill. It’s called the 1Password command-line tool, and we can’t wait to see what you build with it. Let me take this opportunity to walk you through the exciting potential.Introducing opPassword apps are available on just about every platform, but they’ve always had the same dependency: a graphical interface. Now all of 1Password is available with just two characters: op.The 1Password command-line tool makes your 1Password account accessible entirely from the command line. A simple op signin will securely authenticate you with the 1Password service and give you access to a wide range of capabilities:Getting usernames and passwords from items:$ op get item OpenProxy | jq '.details.fields[] | select(.designation=="password").value'"genuine-adopt-pencil-coaster"Cr

We often get inspired to create new features based on feedback from our customers. Earlier this month, our friends at Basecamp made their Employee Handbook public. We were impressed to see they had a whole section about using 1Password, which included instructions for keeping work information off their devices when travelling internationally.We knew right away that we wanted to make it easier for everyone to follow this great advice. So we hunkered down and built Travel Mode.Travel Mode is a new feature we’re making available to everyone with a 1Password membership. It protects your 1Password data from unwarranted searches when you travel. When you turn on Travel Mode, every vault will be removed from your devices except for the ones marked “safe for travel.” All it takes is a single click to travel with confidence.It’s important for me that my personal data be as secure and private as possible. I have data on my devices that’s ultimately a lot more sensitive than my personal data thou