Today we're releasing the 1Password Device Trust MCP Server, an open-source server that connects your Device Trust data directly to the AI tools your team already uses, like Claude or ChatGPT. It's available now for all customers on Device Trust Connect.As AI agents take on more of the work across your organization, IT and security teams need visibility and control that keeps pace. The Device Trust MCP Server is part of how 1Password is extending that control to the way security teams actually work today, inside AI tools, in plain language, with every action logged and auditable.Once it's running, you can query your entire device fleet without leaving your AI client. Which devices have disk encryption off? Who owns the machines failing compliance checks? How long does it typically take to resolve a specific issue across the fleet? Instead of navigating dashboards or writing custom scripts, you just prompt.What is MCP, and why does it matter?If you use AI tools like Cursor or Claude, yo

This blog has been adapted from an excerpted section of 1Password’s ebook, Credential sprawl: How AI increases the risks. To read the complete ebook and learn more about how AI is accelerating credential sprawl, click here.In Ancient Rome, the military had a daily “watchword” that soldiers used to enter the camp. An official would inscribe the watchword on clay tablets, which were distributed throughout the various military units. If a tablet wasn’t returned, they swiftly tracked it down and punished the soldier who had failed to return it. Clearly, one thing has been true from Ancient Roman times until now: if you want to stay secure, you need to know where your passwords are. Unfortunately, keeping track of credentials is more difficult for a modern organization. Today’s companies have to manage an ever-growing number of credentials that go well beyond traditional passwords, such as developer secrets, passkeys, shared logins, API keys, SSH keys, service accounts, and SSO access token

1Password has never been more popular in the workplace. Okta’s 2026 “Businesses at Work” report reveals that, of the 8,000+ apps that Okta analyzed, “The security tool 1Password showed the highest industry-level growth, notching a 370% YoY increase in the technology sector.” This statistic refers specifically to the number of individual 1Password users on the Okta platform, indicating a sharp increase in the rollout and adoption of 1Password across business users. This growth is no coincidence. As 1Password becomes foundational to how employees build and operate AI-powered workflows, it is increasingly embedded in the critical path of the modern “AI builder.” The result is a surge in demand for secure access across tools, credentials, and agents, starting in the technology sector and expanding outward.Key findings from Okta's 2026 Businesses at Work report:1Password recorded 370% year-over-year user growth in the technology sector, the highest industry-level growth of any app on the Ok

This blog has been adapted from an excerpted section of 1Password’s ebook: Credential sprawl: How AI increases the risks. To read the complete ebook and learn more about the evolving challenges of credential sprawl, click here.The proliferation of credentials outside centralized visibility and control is known as “credential sprawl,” and attackers are eager to take advantage of it. Unfortunately, credential management is a broad problem that only grows in complexity as organizations add new tools, employees, and partners. Today’s companies have to manage an ever-growing number of credentials that go well beyond traditional passwords, such as developer secrets, passkeys, shared logins, API keys, SSH keys, service accounts, and SSO access tokens. Each of these, if exposed in an attack or breach, can have severe consequences, and developer secrets pose particular, systemic risk.Addressing credential sprawl has become especially urgent due to the rise of AI-based tools and agents. AI agent

Introducing new features in 1Password Enterprise Password Manager – MSP Edition to reduce client onboarding effort and give MSPs greater control over policies, access, and usage.Setting up and managing client environments often involves repetitive, manual work. Each new managed company requires policy setup, access configuration, and ongoing oversight. Repeating this across environments slows onboarding, introduces inconsistencies, and makes it harder to maintain control.To address this, 1Password is introducing Policy Templates, Seat Limits, and Granular Vault Permissions in 1Password Enterprise Password Manager – MSP Edition to reduce repetitive setup, enforce consistent access controls, and give MSPs greater control over client license usage. Apply consistent policies from the startSetting up policies for each client’s environment individually is time-consuming and increases the risk of inconsistencies. Policy Templates for MSPs allows owners, administrators, and MSP administrators

Listen to this episode on Apple PodcastsnullListen nowListen to this episode on SpotifynullListen nowSecurity is tied to business operations in many (often unappreciated) ways, but the connection is rarely more visible or consequential than during an acquisition or partnership. In those deals, a company stakes its reputation and finances on another company, and a lapse in security can throw the whole thing into chaos.That’s the subject of this episode of Chasing Entropy, in which Dave Lewis talks with Matt O'Leary, 1Password’s Vice President of Corporate Development and Strategic Partnerships. They discuss what changes about M&As and partnerships when security is tied directly to the product, the brand, and the deal itself.Caveat emptor in M&AsO’Leary’s core idea is simple: when a company makes an acquisition, it inherits the whole business, not just the part that looked attractive in the pitch. That includes the technology, the team, the process gaps, the legal exposure, and any secur

A password manager should make everyday tasks feel simple. Whether that's:Saving a new passwordSigning in on your phoneFinding the right itemMoving your data from another password managerWe’ve made a set of updates across 1Password in our latest release to improve exactly these moments. Let's get into it!A direct way to move your credentials into 1PasswordSwitching password managers hasn’t always felt straightforward. Exporting sensitive data into files, moving them yourself, and importing them again adds friction and risk.We’re improving that with a direct credential transfer.This work is part of the Credential Exchange Protocol (CXP), an industry effort to make credential migration more secure and interoperable. We helped author the FIDO Alliance’s Credential Exchange Format (CXF), a proposed standard that defines how credentials like passwords, passkeys, and other sensitive data can be structured and transferred safely between providers.For you, this means a simpler experience on bo

The latest National Institute of Standards and Technology (NIST) draft guidance on mobile driver’s licenses (mDLs) is about more than one use case or credential type. While the draft primarily focuses on the financial sector due to its high-assurance requirements, the bigger takeaway is that government-issued identity can be cryptographically verified and shared more selectively. This provides strong, cryptographically verifiable evidence of identity and shows what a more interoperable digital identity ecosystem could look like1Password has contributed to the work behind this draft. We believe that identity systems need to be developed through global standards and collaboration across multiple verticals. Open ecosystems scale; closed ones often fail.mDLs replace document uploads with cryptographic verificationAn mDL is a government-issued verifiable digital credential. It serves as the digital version of your physical driver’s license, defined as a highly specified mobile document (mDo

Whether you’re juggling travel bookings with friends or packing the kids’ suitcases, planning a summer vacation can be far from relaxing. And once you get to your destination, the confirmation codes and passport numbers are always buried in the group chat when you need them most. But when you have all your travel essentials saved securely in one place, you can skip the scramble and put safe travels on autopilot. Before you take off this summer, check these tips to keep your information safe and your trip on track.Before you leaveSet up strong account passwords. Your personal information lives in a host of accounts, from airlines to hotels to car rentals. Make sure all of that stays secure by using 1Password to generate and save unique passwords for every account.Securely store travel details. Shared travel information, like passport numbers and Airbnb codes, shouldn’t get lost in a group text. Store them in a shared vault in 1Password so everyone can access them safely and seamlessly.

AI has gotten very good at generating answers. The bigger opportunity now is helping people take action.That shift is already underway, and AI is moving from chat into real workflows: researching, navigating applications, and completing multi-step processes across systems. But the moment AI moves from answering questions to getting things done, one problem becomes impossible to ignore: secure access.Secure access, in this context, means ensuring the right human or AI agent can reach the right application or credential at the exact moment an action is taken without exposing sensitive data or stopping the workflow to ask someone to log in manually. Every meaningful agentic workflow depends on this, but most existing access protocols weren't designed for it.That's why we're expanding our partnership with Perplexity, by making 1Password’s secure access capabilities seamlessly integrate with Perplexity Computer.AI agents are a new kind of actor in enterprise systemsPerplexity is building an

Listen to this episode on Apple PodcastsnullListen nowListen to this episode on SpotifynullListen nowIf cybersecurity teams were rock bands, offensive security professionals would be the cool drummers; they don’t just have a fun job, they help show the rest of the team where to go.In this episode of TheChasing Entropy Podcast by 1Password, Dave Lewis speaks with a legend of offensive security, Dustin Heywood, known to many as EvilMog. Heywood is an executive managing hacker and senior technical staff member at IBM, and the conversation runs the gamut from password cracking and Active Directory abuse to AI privilege creep and quantum planning. The through line is simple: most security failures start with access, trust, and bad assumptions about how systems behave under pressure.Heywood’s background explains why he sees the problem this way. He came up through network engineering, military communications, enterprise infrastructure, and offensive security. That path matters because his vi

For security teams, credential sprawl is like dust; you don't notice it until it has accumulated.Over time, access spreads across SaaS apps, developer tools, automation workflows, and now AI agents. People sign up for tools to get work done and connect accounts using OAuth because it is fast and familiar. Credentials get reused across scripts, stored in environment variables, or passed between systems that were never meant to share a common control layer.The problem only becomes visible when you zoom out and realize that all these individual decisions have created a network of external dependencies that now sit on top of your internal access model.That is where credential sprawl turns into a supply chain risk. Add enough overpermissioned OAuth connections and suddenly, access to your internal systems is at the mercy of the security posture of every third-party service that has been granted access along the way.What is the attack chain for an OAuth-based supply chain brief?Recent incide

Listen to the episodeCyber conflict is easiest to misread when we treat it as an isolated technical event. In this episode of Chasing Entropy, Dave Lewis speaks with analyst and author Allie Mellen about her book Code War and why the cyber strategies of the United States, China, and Russia make more sense when viewed through the lens of history, doctrine, and political intent.From the Gulf War to Russia’s war in Ukraine, cyberattacks are most effective when they reinforce defined objectives within a larger campaign and help a state apply pressure, gather intelligence, or shape the environment around a conflict.History shapes cyber strategyA nation’s cyber strategy is rooted in its political history and military doctrine.Mellen traces the US approach to a culture of experimentation and technical tinkering. China’s cyber ecosystem emerged from hacktivism and state-linked talent pipelines. Russia’s path was shaped by the post-Soviet collapse, when cybercrime became tied to survival and la

AI agents are increasingly used to refactor large codebases, but many teams lack a clear understanding of where they succeed and where they fail. At 1Password, we applied agentic tooling to a multi-million-line Go monolith, and in this blog we'll share what worked, what broke, and what it means for teams adopting AI in production systems.Here’s the situation: 1Password runs a large Go monolith called B5. It has been the foundation of our product for years and continues to perform well in production, both in terms of reliability and scale.Now, Unified Access is designed to support both human and agent-driven workflows at high request rates and low latency. As we continue adding and enhancing its capabilities, we need clearer service boundaries and more independent scaling characteristics. Over time, that means evolving parts of the system in a way that preserves the privacy, performance, reliability, and security properties we have already established.Coming up with an actionable plan f

April marks Southwest Asia and North Africa (SWANA) Heritage Month, a time to recognize and celebrate the rich cultures, histories, and contributions of SWANA communities. At 1Password, we’re proud to highlight the people who bring these perspectives to life in our work and shape our culture every day.This month, we’re spotlighting Kaynat Chowdhury, Customer Success Manager and Communications Lead for our SWANA Employee Community Group. We sat down with Kaynat to learn more about her career journey, her impact in Customer Success, and how community and belonging have shaped her experience at 1Password.Meet KaynatCan you share a bit about your career journey and what led you to Customer Success? Was this a path you always saw for yourself?When I was in school in Bangladesh, I studied Science and then Commerce, then I came to Canada to get a Bachelor’s Degree in Sociology. All the while, I had no idea I was going to be in tech and in Customer Success. However, it really was the best deci

When Anthropic revealed the existence of Mythos, the frontier AI model they deemed too dangerous for public release, the security community was alarmed. And it’s not hard to see why: Mythos is capable of detecting software vulnerabilities at a previously unimaginable scale, and autonomously crafting exploits to weaponize these flaws. According to Anthropic, Mythos created 181 exploits of Firefox in testing, ninety times more than the company’s previous model (Claude Opus 4.6). The security world is facing down the prospect that soon, hordes of agents will turn the systems they rely on into Swiss cheese. But while concern is an appropriate reaction to this coming storm of vulnerabilities, panic is not. Instead, security and business leaders need to treat the next few months (which are likely all we’ll get before a Mythos-level model is widely available) as a precious gift: time to batten the hatches and prepare not just for a temporary crisis, but a permanently altered paradigm.If there

SEASON TWO HAS LANDED!Bob Lord has spent decades building and leading security programs, from early internet crypto work at Netscape to roles at Twitter, Yahoo, the Democratic National Committee, and CISA. In this episode of Chasing Entropy, he and host Dave Lewis get practical about why the security advice most people hear doesn’t match how real compromises happen.Across secure-by-design, AI systems, and software supply chains, security breaks down when organizations treat outcomes like someone else’s problem.Why secure-by-design is an incentives problemWhen Bob talks about secure by design, he is deliberately not trying to write another technical framework. Plenty exist. His question is different.If we already know how to prevent a long list of common issues, why do we keep shipping the same defects?Secure-by-design breaks down when companies treat security as a feature or a compliance exercise rather than something they are accountable for delivering as a customer outcome.Draw a lin

NIST published a concept paper stating, “Organizations need to understand how identity principles such as identification, authentication, and authorization can apply to agents to provide appropriate protections while enabling business value.”This post, and the series that follows, is 1Password’s response to NIST’s call for input on how those principles should apply to agents.At 1Password, we approach security through simplicity. We are developing an agent identity architecture to simplify and enhance the security of AI agents, ensuring interoperability with existing systems. Our approach is built in collaboration with customers, partners, and the standards community. As part of this work, we recently responded to NIST’s AI agent authorization paper. Our view is that agent identity is not a single problem. It is a set of challenges spanning identification, attestation, enrollment, authentication, and authorization for machine workloads with reasoning capabilities. The ability to reason

To support enterprise workflows like monitoring systems, triaging support tickets, and automating routine work, AI agents need access to the same sensitive systems employees use, including databases, APIs, SaaS tools, and internal infrastructure. However, many of these systems still rely on shared passwords, API keys, tokens, and other credential-based access paths that are difficult to manage and control. As organizations put agents to work for new use cases and in new environments, IT and security teams need a better way to manage the credentials and secrets agents need, without embedding them in code, configuration files, and internal tools.Together, Natoma and 1Password offer organizations a secure, scalable way to integrate AI agents into enterprise workflows where credentials are centrally managed, and agent access is governed across necessary tools and systems.Where traditional access breaks down for agentsTraditional IAM secures human access at login but doesn’t extend to the s

Most organizations already have the policies they need in place. The problem is enforcement.Employees must complete security awareness training, contractors must acknowledge updated agreements, and teams must meet compliance requirements. But the systems that track these requirements rarely connect to the systems that control user and device access. As a result, access is granted even when required conditions haven’t been met.That’s why we're excited to announce that 1Password Device Trust can now take signals from other systems into account before allowing users to reach sensitive company apps and data. External Checks in Device TrustUntil now, 1Password Device Trust focused primarily on device telemetry. That meant administrators could block employees from accessing company resources if their device failed to meet certain requirements, but they couldn’t enforce compliance based on signals that live outside of the device. With the ability to create custom External Checks, that changes

At 1Password, our mission is simple: to protect people’s most critical information, their credentials. At the time of writing this post, I personally have 291 items in my vault, so the long-term confidentiality of this data is critical to myself and every 1Password user. We are thrilled to announce the first major milestone in our post-quantum cryptography (PQC) journey, the successful deployment of PQC on 1Password’s web application. If you’re using a PQC-capable browser, such as Chrome or Firefox, your data is protected today with no action required. The threat of a large-scale quantum computer, sometimes referred to as a cryptographically relevant quantum computer (CRQC), is its potential to break the public-key cryptographic algorithms. These algorithms are used in most communication protocols and digital signature schemes. While it's unclear that a quantum computer powerful enough to break the public key cryptography will ever exist, we are not waiting for one before taking action

Most organizations can tell you which apps sit behind SSO. Far fewer can tell you what other apps teams are using, or who has access to the credentials.Shared and sensitive non-SSO logins remain some of the hardest access paths to govern. Credentials are often tied to individuals, scattered across vaults and browsers, and difficult to rotate or revoke when roles change. For many teams, this creates a gap in their Zero Trust strategy.For the last several months, we’ve been hard at work connecting 1Password Enterprise Password Manager and SaaS Manager to help close that gap. Today, we’re announcing several integrated features that help IT admins discover and govern shared and sensitive logins.EPM and SaaS Manager integration demoWant to see how these integrations work in action? Check out our self-guided, interactive demo.Try the demoExtending governance beyond SSOFor more than a decade, 1Password Enterprise Password Manager (EPM) has helped thousands of businesses securely store and man

Every year, security and tech leaders come to the RSA conference in San Francisco to take the industry’s pulse, and every RSAC tends to be dominated by a single, overarching theme. Last year, the theme was: “AI agents are coming, and governance isn’t ready.” And sure enough, the theme of RSAC 2026 was: “AI agents are here, and governance needs to catch up.”Throughout the conference, security practitioners, vendors, and analysts were all asking the same questions:How can we enable a culture of agentic AI builders, without compromising on bedrock security principles?How can we mitigate the potential for AI agents to behave unsafely, either via malicious compromise or their own nondeterministic nature?What are the most impactful safeguards every organization should be putting into place to secure AI and automation in the next year?1Password provided answers to those urgent questions at RSA. Prior to the event, we announced the release of 1Password® Unified Access, a new platform that help

If 2025 was the year of AI adoption, 2026 is when AI evolves from a software story to a people story. Katya Laviolette, our Chief People Officer, explored this idea in a recent Forbes article about how 1Password’s internal network of AI Champions is shaping this evolution and helping us set the standard for how we use AI to drive impact across 1Password.AI tools help us move faster, but it takes curiosity and judgement to unlock their full value, build new ways of working, and to deliver meaningful outcomes for our teams and customers. That’s why we’re investing in a culture of AI fluency shaped by people across the business, brought to life through our AI Champions.Who are AI Champions at 1Password?AI Champions are internal advocates for AI adoption who guide us as we make AI fluency, security, and experimentation part of our daily work. They’re critical thinkers from both technical and non-technical departments, including Product, Tech, Marketing, Go-To-Market, and Finance, who are p

Enterprise password managers (EPM) like 1Password, LastPass, Dashlane, and Bitwarden help you create, store, and fill strong passwords and credentials across different websites and apps, so you don’t have to remember or write them down. EPMs provide secure sharing, data encryption, and data breach prevention against phishing and malware, helping IT and Security teams protect and enforce policies around credentials.While there are many EPM options, choosing the best password manager can be a challenge. A side-by-side comparison helps you see which is best for your organization’s cybersecurity strategy.If you’re comparing 1Password and Keeper, it helps to start with what both products are built around: an Enterprise Password Manager (EPM). EPMs are how both platforms store, share, and enforce policies around credentials. They’re the foundation for each vendor’s broader security strategy. Below is a comparison of core features many organizations consider essential for protecting employees

Enterprise password managers (EPM) like 1Password, LastPass, Dashlane, and Bitwarden make it easy to create, store, and use strong passwords across websites and apps. With features like secure sharing, data encryption, and protection against phishing and malware, these tools help IT and security teams keep credentials safe and enforce company policies.With so many EPM options available, choosing the right one can be difficult.Comparing features, security measures, and usability side by side can help you determine which password manager best aligns with your organization’s cybersecurity requirements.If you’re comparing 1Password and LastPass, it helps to start with what both products are built around: an enterprise password manager that stores, encrypts, and helps manage credentials across your organization.Both platforms cover the fundamentals: generating strong passwords, enabling browser autofill, and securely storing sensitive information such as login credentials and credit card de

We built 1Password® Unified Access to extend identity security beyond humans to the agents and machine workloads operating across your business. In practice, that means securing not just who gets access, but how agentic systems connect to tools, services, and data.That makes the MCP gateway a critical control point. It sits between AI agents and the systems they need to reach, making it the natural place to enforce policy, visibility, and governance. But in many deployments, it also becomes the place where credentials accumulate, moving secrets out of the vault and into the platform.That is the problem 1Password and Runlayer are solving together. With this integration, enterprises can keep their machine credentials in 1Password, resolve them only at runtime, and audit every fetch and rotation without exposing the secret itself.If your team has adopted an MCP platform to centralize how AI agents access tools, you've probably solved one problem and created another.Before the MCP platform

Identity establishes trust. The next problem is how that trust is used.In June 2025, Microsoft patched EchoLeak (CVE-2025-32711), a zero-click vulnerability in Microsoft 365 Copilot that allowed an attacker to exfiltrate sensitive enterprise data, including API keys, confidential documents, and internal conversation snippets, without human intervention.The attack was deceptively simple. An attacker sent a normal-looking email with hidden instructions embedded in it. A human would not notice them, but the model could interpret them. The email remained dormant until Copilot later pulled it into context for another task. At that point, the instructions triggered, and the agent used the victim’s existing permissions to retrieve and disclose sensitive information.The specific vulnerability matters, but the broader lesson matters more. A system can authenticate correctly, authorize correctly, and still produce the wrong outcome.Microsoft patched EchoLeak before it was publicly disclosed. Sin

Hi! I'm Ollie Cheal, VP of Go-To-Market (GTM) in EMEA at 1Password.If you’re exploring your next role in GTM, I’d love to give you a look at what we’re building here and why it’s such an exciting time to join. Right now, our mission is clear, the stakes are high, and our people are all in to win. With that in mind, let me share why this moment matters and what it takes to thrive on this team.Why this moment mattersThe biggest technological shift of our lifetime is happening right now, and 1Password is perfectly positioned to bring out the best for our customers. 1Password is helping organisations around the world to unlock productivity benefits without losing trust, safety, or control, as AI reshapes how work gets done, how decisions are made, and who (or what) gets access to our customers' data.It's an enormous opportunity, and we have both the foundation and the products – from Unified Access and Enterprise Password Manager to SaaS Manager and Device Trust – to shape how the EMEA mar

Introducing our Users API for Partners in public preview and new Security Automation integrations that enable SOC teams to execute programmatic user actions within automated workflows in 1Password Enterprise Password Manager.Modern security teams increasingly rely on integrated security operations center (SOC) workflows that correlate signals and alerts, while orchestrating detection responses in real time. Behind every alert is an identity: a person, a service account, an API key, or an AI agent. However, when remediation requires manual steps, investigation and response slows, increasing security risks. Organizations are also expected to maintain continuous compliance via clearly enforced access controls and auditable processes. Today, 1Password is expanding the 1Password Enterprise Password Manager (EPM) through the public preview of the Users API for Partners, enabling security teams to respond to incidents faster during active security events. Powered by the Users API for Partners

Modern enterprises aren’t just adding employees; they’re adding subsidiaries, multiple teams, contractors, AI builders, temporary projects, and new SaaS tools every week.And every new addition to a company’s ecosystem also brings more credentials to manage. Unfortunately, not all of those credentials can be managed by solutions like single-sign-on (SSO) or privileged access management (PAM). Many of them might be stored in shared spreadsheets, developer environments, browser sessions, and automation workflows that traditional identity security systems were never designed to govern.This results in identity sprawl, operational drag, and an overall widening of the Access-Trust Gap. In the face of this ever-expanding attack surface, security leaders are left struggling to deploy credential security across every team and workflow, without having to build more infrastructure just to manage their infrastructure.In light of these issues, today we’re introducing a new evolution for 1Password En

Agentic AI is changing how work gets done inside organizations. It’s embedded in IDEs and automation tools, and it’s showing up in browsers, internal workflows, and everyday productivity apps. Developers are using AI agents to accelerate engineering work, while knowledge workers are vibe coding apps without training on developer security practices, all of which create untenable risks for organizations. That shift has real implications for identity and access control. For years, identity security centered on login: authenticating the user, establishing a session, applying policy, and assuming authority for the duration of that session. That model worked for human access, but it breaks down when credentials are used by local AI agents, automation scripts, CI/CD pipelines, and AI-native tooling. In this new reality, authority shouldn’t be decided once at login and then trusted all day. It should be confirmed right when access is requested, every time a credential or secret is used. That’s

Automating user provisioning sounds simple, until you remember everything that provisioning really touches.For most SaaS products, SCIM is “just” user and group lifecycle management. Your identity provider calls an API, accounts get created, access is assigned, and offboarding removes it. But for 1Password, provisioning intersects with something far more sensitive: the cryptographic foundation that protects every vault.1Password is end-to-end encrypted by design. We do not hold your encryption keys and cannot see your vault contents. This provides a powerful guarantee that even if 1Password’s servers were to be compromised, your data would remain unreadable, as the keys required to decrypt it are never accessible to us. That model is why customers trust 1Password with their most sensitive credentials, but it also makes automation genuinely hard. After all, how can we automate provisioning inside a zero-knowledge platform, without reintroducing trust in the server?That is the problem Au

Enterprise password managers (EPM) like 1Password, LastPass, Dashlane, and Bitwarden help you create, store, and fill strong passwords and credentials across different websites and apps, so you don’t have to remember or write them down. EPMs provide secure sharing, data encryption, and data breach prevention against phishing and malware, helping IT and Security teams protect and enforce policies around credentials.While there are many EPM options, choosing the best password manager can be a challenge. Making a side-by-side comparison can be extremely helpful for understanding which is best suited to your organization’s cybersecurity strategy. Today, the challenge is more than storing passwords securely. It’s also about reducing credential risk across everyday work, including shared logins, third-party access, and developer secrets that often sit outside of traditional SSO coverage.In this post, we’ll compare two popular password managers: Bitwarden vs 1Password. We’ll compare both head

Women’s History Month is a time to recognize the women who are not only advancing their fields, but reshaping what leadership means within them. The theme guiding this year’s Women at 1Password Employee Resource Group (ERG), Leading the Change: Women Shaping a Sustainable Future, reflects that responsibility.One of the women leading that change within 1Password is Nicole Scherbina, Senior Staff Manager of Product Operations and a leader within our Women at 1Password ERG. Her perspective on leadership, equity, and readiness reflects the kind of intentional impact we’re committed to building.Take a few minutes to get to know Nicole and the journey that shaped her leadership. Can you share a bit about your career journey and what led you into product operations? Was this a path you always envisioned?My career has been shaped by a few themes, but the most relevant one is making order out of chaos. I’ve worked across very different environments and in organizations of different sizes and st

SaaS contract renewals have a way of sneaking up on IT and Finance teams. One day, everything is running fine. The next, a renewal notice hits your inbox, usually with little context, limited time, and no clear answer to the most important questions: Who’s using this? Do we still need it? And are we paying for more than we should?For many organizations, renewals are reactive events instead of strategic decisions. That’s how SaaS spend compounds.The problem isn’t negotiation skills or vendor management. It’s that most teams don’t have the visibility they need into spend and usage when it matters most.Why SaaS renewals are so hard to manageRenewals should be straightforward. In reality, they’re anything but. It’s almost never easy or straightforward to get answers to the questions asked as part of the renewal process. There are a few simple reasons why: Usage data is fragmented or missing entirely. Finance has contracts and knows the total spend. IT knows some of the apps in use. But rar

AI and automation are embedded in daily work. Copilots draft content and pull in customer context. Agents triage tickets, update records, and trigger workflows across Slack, Salesforce, Jira, and GitHub. In engineering, this acceleration shows up in scripts, CI/CD pipelines, and infrastructure automation that depend on secrets to ship and operate software.Many organizations rely on a mix of sign-in and privileged access controls to standardize logins and secure connected apps. But these systems stop at what can be federated and do not govern the long tail of SaaS apps, shared accounts, or credentials created in automation and AI workflows. Business-led IT makes this unavoidable. Teams adopt tools quickly, often outside centralized reviews or identity provider integration.Agentic AI compounds the gap. Developers and AI builders generate API keys, tokens, service accounts, and agent secrets. Browser-based agents still use usernames and passwords. Credentials spread into browsers, spreads

Lean teams are under constant pressure to move faster: more SaaS, more automations, and more AI woven into daily work. People sign in more often, across more apps, on more devices, and they’re rewarded for speed, not caution.That’s how browsers quietly become the default place where business credentials live. Even if a business invests in a password manager or privileged access management (PAM) for its developers or senior employees, most of its workforce may still save their passwords in the browser. After all, Chrome, Safari, and Firefox make it easy to save, autofill, and sync passwords. For individuals, that’s convenient. For organizations, it’s a trap.Here’s the hard truth: Browsers aren’t strategies, they’re stopgaps. If the browser is your vault, you don’t have a credential strategy; you have a convenience default. And at business scale, convenience defaults create blind spots you can’t govern, audit, or control. Those risks are only increasing as AI expands the number of sign-i

In Formula 1® preparation isn’t optional, it’s everythingWhether you’re traveling to the circuit or hosting a watch party, race weekend means bouncing between devices, signing in fast, and clicking links quickly. The last thing you want is to reset a login at lights out. So if you share the streaming link, watch telemetry tabs on a second device, or keep the group chat on track, this blog is for you.This 10-minute security checklist is built to help you secure streaming accounts, travel info, and all your race-day devices so you can rev up to speed before the race starts.Pre-race password inspection: 2 minutesPole position accounts: 3 minutesShare smarter: 2 minutesMulti-screen test: 2 minutesVictory lap: 1 minuteStep 1: Your pre-race password inspectionScammers count on the urgency you feel to rush to the starting line, because they know that mistakes happen when you’re in a hurry. In a 1Password survey of 2,000 American adults, 89% said they have encountered phishing, and 61% said th

There’s a moment every IT and security team recognises. You’ve done the hard work: rolled out SSO, tightened access policies, and moved sensitive tools behind stronger authentication. On paper, it looks like progress.Then reality shows up in the form of a “quick login” from a personal laptop, a contractor device you don’t manage, or a machine that hasn’t been updated in months. Suddenly, your access decision is only as strong as the device behind it.In EMEA, it’s particularly challenging to be confident in your device security policies because device posture has to meet stricter expectations. Organisations need to secure unmanaged devices and manage compliance drift while also navigating privacy reviews, procurement scrutiny, and the expectation of a localized user experience that won’t trigger a flood of support tickets. But for EMEA teams, GDPR requirements and the absence of EU data hosting has created real barriers to adopting device security tools.EMEA-based teams deserve device s

For security and IT professionals, the past decade has brought a series of tectonic shifts that have toppled old assumptions and created new opportunities. First, the SaaS revolution destroyed the paradigm of an IT-governed corporate network. Next, COVID-19 forever altered how and where work gets done. Then, the biggest shockwave of them all arrived: AI-based tools that are rewriting the very definition of “identity.”Today, the traditional boundaries of the corporate network have dissolved. As organizations race to adopt cloud-native tools and integrate artificial intelligence into every workflow, the "identity perimeter" has become the primary line of defense. 1Password is working to secure this perimeter. Our framework for identity security is that the right user or AI agent gets the right access to the right app on the right device.In a recent webinar and report, Francis Odum, founder of Software Analyst Cyber Research, provided a comprehensive validation of 1Password’s strategic di

When you build a great company, a few things happen: customers trust you, they stay with you, and they bring you along as they grow. From there, revenue grows, relationships deepen, and you end up with something you can be proud of. That’s the lens I’m bringing into 2026 at 1Password.The opportunity in front of us is bigger than ever. The companies shaping our industries and culture are logging in with 1Password, and they’re trusting us with their most important business interactions. That level of trust, at scale, is what creates durable growth, and we intend to earn more of it. We have big ambitions to develop a world-class team, lead the identity security space, and keep raising the bar on how we show up for customers.We’re building lasting customer relationshipsOur growth engine is evolving. We’re leaning harder into sales-led growth, partnering across Sales and Marketing to expand relationships through the entire customer lifecycle. That requires a different type of selling: more

AI agents have crossed the line from assisting humans to acting on their behalf. In production environments, that shift changes the security model.Security leaders say that the main challenge isn’t getting an agent to do something useful. It’s knowing, at runtime, what actions are permitted, which identity it’s operating under, and how to reconstruct what happened afterward. I recently contributed to the 2026: The End of Vibe Adoptionwhitepaper with researchers from Stanford’s Trustworthy AI Research Lab, led by Professor Sanmi Koyejo, in collaboration with the AIUC-1 Consortium and enterprise security leaders including Jen Easterly (RSAC), Omar Khawaja (Databricks), Mandy Andress (Elastic), Chris Monson (Atlassian), Phil Venables (Google Cloud), Chris Sandulow (Confluent), Gagandeep Singh (Salesforce) and others across industry and government. The research and field experience converge on a simple point: before regulators or insurers can address AI-related harm, enterprises need techn

Since 1Password began, we have built security into the places where work actually happens. Security is not treated as an overlay or a separate workflow, we build directly into the browser, command lines, developer tools, and IDEs, where decisions are made and actions take place. We believe that if you want to improve security outcomes, you build where the work happens, making the secure path the simplest one. That design philosophy is even more critical in the age of AI agents.Agent architectures come in many forms. Whether you’re building with a ReAct pattern (possibly with RAG), plan-then-execute, or a multi-agent swarm, all AI agents share a common theme: a deterministic chassis. This chassis contains the client-server architecture that underpins all agent architectures. There’s a lot of buzz around AI agents today, but what often gets lost is that what seems novel is actually built on patterns we’ve relied on in software development for decades.Agentic systems predate generative AI

1Password has achieved a significant milestone in our collaboration with Amazon Web Services (AWS): We are officially the first partner globally to successfully transact through express private offers on AWS Marketplace, a new AI-driven capability that automates personalized pricing, allowing teams to bypass manual negotiations and receive a tailored quote in minutes.Coming on the heels of 1Password being named the “2025 AWS Canada Rising Star Technology Partner of the Year,” this global-first is a validation of our momentum. As Nancy Wang shared during AWS re:Invent, customers want simple, fast ways to add modern identity security to their cloud environment. As the launch partner for this capability, 1Password is transforming how organizations buy and deploy identity security at scale. Ending the procurement bottleneckTraditional software procurement processes tend to involve lengthy contract reviews, stakeholder meetings, and red-lining. This can all too easily create a bottleneck th

Rolling out new security tools across your business is rarely a “flip the switch and walk away” moment.First, there’s the setup work: policies, permissions, onboarding flows, recovery, and making sure the right people have the right access for the right reasons. Then there’s the human work of helping everyone use and benefit from the new tool day to day.That’s why we’ve launched 1Password Academy: A free, structured learning platform designed to help admins and team members build real confidence with 1Password, at their own pace.What is 1Password Academy?1Password Academy is our customer learning platform that helps you shorten the distance from “we’ve deployed 1Password” to “people genuinely know how to use it”. It includes courses for admins and end users alike, to help everyone get onboarded quickly and comprehensively.You’ll get fewer “how do I…” questions, and you’ll also see less of the credential behaviors that create risk – like storing passwords in a shared document, reusing c

The era of secrets living in fixed systems and accessed through a handful of workflows is long gone. Modern development is faster, more automated, and increasingly AI-assisted. Developers need access to secrets everywhere their code runs – across CI/CD pipelines, local environments, and AI-driven workflows. That puts developers in a familiar bind: they need secrets everywhere their code runs, but that can easily introduce more risk or friction into their workflows. That can easily feel like a choice between security that gets in the way and speed that cuts corners.One of our goals at 1Password is to remove that tradeoff by providing trusted, continuous access to secrets without slowing build or deploy cycles. Today, we’re introducing two complementary capabilities to support this model. One focuses on runtime access to secrets, and the other on user-authenticated access for desktop integrations. Together, these releases help you close the gap between security and productivity by integr

Today, researchers from the Applied Cryptography Group at ETH Zurich published a paper examining how different password managers uphold their “zero-knowledge” architecture when faced with a fully malicious server. We conducted a thorough review of the paper and confirmed that it doesn’t introduce any new attack vectors affecting 1Password beyond the architectural limitations already documented in our Security Design White Paper.We appreciated the opportunity to speak with the team about their research and value the work they’ve contributed to this area. Open scrutiny and thoughtful analysis ultimately make everyone’s products stronger, and that’s a win for customers everywhere. Attack contextZero-knowledge architectures are designed so services cannot read or access customer data. This isn’t achieved by tightening permissions or limiting administrative access; it’s accomplished by ensuring that only the customer holds the keys needed to decrypt their data. Access isn’t restricted by po

Agent swarms are having a moment. The AI headlines of early 2026 have been dominated by stories where swarms of hundreds or thousands of agents have worked together to accomplish staggeringly complex tasks. These swarms broadly fall into two types. To quote my 1Password colleague, Jeff Malnick, “There are controlled swarms, such as Cursor’s web browser demo, that operate within clearly defined boundaries. There are also uncontrolled swarms, such as OpenClaw, that run with broad, implicit access to user machines and assets.”Both types of swarms have undeniably impressive capabilities, but they also have serious limitations. Right now, many of these systems only work because they implicitly inherit access to a developer’s machine, filesystem, network, and their credentials. That level of unfettered access may work in a sandbox, but it is not viable for production.What is becoming clear is that the hardest problem with agent swarms is not prompting, planning, or model choice. It is abstra

As we embed AI agents into our lives and workflows, we’re learning the (sometimes surprising) ways in which they outperform human beings, and other ways in which they fall short. And occasionally, we find an example where agents, paradoxically, are both better and worse than their human users.Case in point: identifying and avoiding common cyberattacks. It’s well known that people are not particularly adept at spotting phishing scams; 1Password’s research found that 61% of Americans have fallen victim to such an attack. By contrast, in 2024, a research team found that GPT-4 could identify phishing websites with 98.7% precision and 99.6% recall. Near-perfect detection. Ask a modern AI model, “is this email dangerous?” and it almost always gets it right.Unfortunately, an AI model’s ability to recognize threats does not translate to an AI agent’s ability to avoid them.AI agents can read your inbox, open links, read secrets on your computer, forward emails, and fill out forms on their own.

We’re proud to celebrate Black History Month at 1Password by spotlighting the people and stories that help shape our culture every day. This month is an opportunity to recognize contributions, reflect on impact, and continue building a workplace where everyone feels a sense of belonging.For this spotlight, we’d like to introduce you to Joseph Ojelade, a member of our Security Engineering team and one of the founding members of AfroBits, our employee resource group for Black employees and allies. Joseph’s work sits at the intersection of trust, transparency, and protection, values that are central to security engineering and deeply connected to how we show up for one another.We sat down with Joseph to learn more about his journey, the perspectives he brings to his role, and the impact he hopes to make through his work. How do you usually explain what you do and what part of your work you care about most to someone who doesn’t work in security?I spend much of my time in the Governance, R

Onboarding and offboarding are two of the most important and frustrating jobs IT owns. When onboarding works, new hires are productive on day one. When offboarding is done correctly, access is removed cleanly, data remains protected, and audits are much less painful. When either breaks down, the consequences appear quickly: lost productivity, security gaps, wasted spend, and hours of manual cleanup.The problem is that the tools most teams rely on weren’t built for how work actually happens today.Watch: Onboard in minutes, offboard with confidenceSee how IT teams use SaaS Manager to automate access across every app, not just the ones behind SSO, so nothing slips through the cracks when someone joins or leaves.Watch on-demandWhy onboarding and offboarding break downModern environments run on SaaS, and not all of it lives behind SSO. Employees join with different roles and access needs. Contractors come and go. They leave with accounts scattered across dozens of apps, some managed, many n

The return on your SaaS management platform investment is very dependent on the quality of your rollout.‍ You’ve seen the demo that shows how a SaaS management platform like 1Password SaaS Manager can give your team data on the budget you’re wasting on unused SaaS licenses for Salesforce, Zoom, GitHub etc. Perhaps you played around with a workflow builder in a demo environment and defined automations for reviewing shadow IT or reclaiming unused licenses. In short, you’re seeing a solid business case for SaaS management that brings together immediate, direct cost savings with the promise of ongoing efficiency gains from the automation of IT ops. Does that mean it’s time to sign-up, turn on the new SaaS management platform, sit back and reap the SaaS optimization rewards? Unfortunately, without the right foundations, early rollout mistakes can weaken your SaaS management program, making it harder to govern access and control risk over time. Here are the 3 most common challenges we’ve see

Identity has become the defining security challenge for organizations navigating SaaS sprawl, AI adoption, and an increasingly distributed workforce.As access expands across applications, devices, and identities, customers need trusted partners who can help translate modern identity strategies into practical, scalable outcomes.At 1Password, partners play a critical role in how customers adopt, deploy, and grow with our company. As 1Password’s suite of solutions continues to evolve, so does the opportunity to support partners more intentionally. The new phase of the 1Password Partner Program reflects a focused investment in the partner ecosystem, strengthening how partners engage with 1Password and how partner-led efforts connect to long-term customer and business growth.“Partners are often the ones closest to the real-world challenges customers face around identity and access,” says Larissa Crandall, Global VP of Channel and Alliances at 1Password. “Our goal is to make it easier for pa

If one autonomous agent is useful, it is natural to ask whether many agents working together could be dramatically more effective. Over the last few weeks, the AI community has been testing this idea in practice by running large numbers of agents in coordinated swarms. The early results are clear: swarms can be far more capable than individual agents, but only under the right conditions. Two distinct patterns have emerged. There are controlled swarms, such as Cursor’s web browser demo, that operate within clearly defined boundaries. There are also uncontrolled swarms, such as OpenClaw, that run with broad, implicit access to user machines and assets.The productivity gains from swarming are real. In controlled environments, swarms demonstrate that large numbers of agents can coordinate work, iterate in parallel, and solve problems faster than any single agent or human team. At the same time, uncontrolled swarms show how easily these same techniques can bypass basic security and access e

Unsanctioned SaaS and shadow IT are problems every organization deals with. When procuring a new SaaS tool is a few clicks, an email, and a credit card away, it’s never been easier for unsanctioned apps to increase across the business. Often, this is outside IT’s line of sight, outside security controls, and outside standard provisioning/deprovisioning processes.Watch: Stop managing SaaS in the darkOur on-demand webinar shows how IT teams use SaaS Manager to continuously discover unsanctioned apps, automate offboarding, and close the access gaps that manual audits miss.Watch on-demandThis isn’t driven by bad intent. Employees and business units are bringing new tools into the business to increase their productivity, and it’s helping the business move forward. Unfortunately, modern work is happening faster than traditional controls were designed to handle. And that gap is where risk, wasted spend, and compliance issues emerge.Why uncovering unsanctioned SaaS mattersUnsanctioned SaaS too

A few days ago, I published a post about why OpenClaw feels like a portal to the future, and why that future is scary in a very specific way.The short version: agent gateways that act like OpenClaw are powerful because they have real access to your files, your tools, your browser, your terminals, and often a long-term “memory” file that captures how you think and what you’re building. That combination is exactly what modern infostealers are designed to exploit.This post is the uncomfortable, “and then it happened” follow-up.Because it’s not just that agents can be dangerous once they’re installed. The ecosystem that distributes their capabilities and skill registries has already become an attack surface. If you are experimenting with OpenClaw, do not do it on a company device. Full stop.In my first post, I described OpenClaw as a kind of Faustian bargain. It is compelling precisely because it has real access to your local machine, your apps, your browser sessions, your files, and often

Small businesses can’t afford to wait when it comes to securing their business. Still, cybersecurity can be complex, and any entrepreneur will tell you that there’s already a lot to keep track of when starting and running a company. For small businesses dealing with limited (or nonexistent) IT and security teams, it’s important that their cybersecurity tools are both simple to use and efficient.That’s why 1Password has partnered with 60 Day Hustle, a show that helps entrepreneurs turn their business dreams into reality. 60 Day Hustle vividly displays the challenges facing entrepreneurs as they launch their business. As contestants face challenges from pitch meetings to sales blitzes, it becomes clear just how fast-paced and complex it can be to start and run a small business.Season 2 of the show will also spotlight these entrepreneurs using 1Password enterprise password manager (EPM) to secure access and protect their business while building their company’s momentum. Rather than adding

This advisory describes an ecosystem-level risk that emerges when AI agents are able to autonomously read and act on untrusted content while operating with user-level permissions in a web browser.Our approach to ecosystem risks is to maintain clear, deterministic boundaries that don’t rely on an AI system interpreting “rules” correctly. To strengthen user control at this boundary, we’ve added the ability for users to disable automatic sign-in for the 1Password web app, preventing automated browser activity when 1Password is unlocked.1Password remains predictable even when the surrounding environment is not: autofill remains restricted to the right sites, sensitive data can require confirmation before being filled, and a locked extension cannot be manipulated by an AI agent or anyone else. Users can also change their extension’s lock settings – such as using shorter lock timeouts – to ensure the extension locks as frequently as fits their security preferences, especially when using AI-a

OpenClaw (formerly Clawd Bot, MoltBot), the locally running, open-source AI agent named after the Lobster workflow shell that powers its agentic loop, has rocked an AI community that, just weeks ago, was so in love with its own hype it would have yawned at literal magic.And yet OpenClaw, seemingly just a wrapper around a collection of familiar technologies, has put those pieces together in a way that feels like a portal to a future that, a month ago, still felt impossibly distant.Within an hour of setting up OpenClaw on my Mac, it had already built a fully featured kanban board where I could assign it tasks and track their state.I have seen other stories that are even wilder. One user shared an anecdote about asking it to make a restaurant reservation, and when it realized it could not do it through OpenTable, it went and got its own AI voice software and just called the restaurant, then secured the reservation over the phone.Its own author, Peter Steinberger, described joking to OpenC

Social logins like ‘Sign in with Google’ make life more convenient for employees. Employees no longer need to remember numerous passwords, and IT teams can reduce the risk of reused credentials. But there are several security risks. 1Password’s recent Annual Report found that 27% of employees have used the same passwords for both their work and personal accounts. Bad actors are aware of this; a well-known technique to compromise user accounts is to take usernames and passwords from a breached website and try them elsewhere. One potential solution to this problem are social logins, like “Login with Google,” which allow users to use their Google username and password to login to other websites. This means that they don’t have to create new usernames and passwords for every new website and application they sign up for. Social logins use a technology called OpenID Connect, or OIDC. OIDC utilizes a special protocol by which the application delegates authentication to another provider (in th

Small business (SMB) cybersecurity has never been simple, but it’s become even more complex in recent years. Today’s businesses have to deal with an ever-growing number of apps and tools to secure, and this complexity is naturally going to be far harder for small teams to manage. Particularly for very small businesses.Unfortunately, bad actors have realized this; CISA reports that “cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware.” For small teams, simplicity is key to staying secure. And while cybersecurity can feel overwhelming and riddled with technical complexities, sometimes it’s almost shockingly simple. For instance, you may currently be asking yourself, “What’s the first security tool that I should buy for my small business?” The answer to that question actually isn’t all that complicated. The first cybersecurity tool that a small business should buy is, quite simply, a password manager

Phishing attacks are everywhere these days. People encounter them while shopping, job hunting, reading work emails, and checking personal texts. Thanks to AI-powered scammers, phishing has become both more common and harder to spot, leading to disastrous consequences. A phishing attack on a business costs an average of $4.8 million, and attacks on individuals can drain bank accounts and wreck credit scores.The scary thing about phishing is that it only takes one momentary lapse in judgment for a scammer to steal a victim’s information. In one common form of the attack, the scammer will send an email or text containing a link to a fraudulent (but real-looking) website. When the victim enters their information into the site, they’re really handing it to the scammer, who can then cause chaos with the stolen information. These fake phishing sites look convincing, but they often have some tell-tale signs, such as a misspelled URL. That means a lot of phishing attacks could be prevented by a

Landing a job interview at 1Password is a big moment – for you and for us. Every time we invite a candidate to meet with us, it's because we see potential for impact. Interviews are a chance for you to both share your perspectives and learn how we work together to achieve our ambitious goal: leading the way for human-centric identity security in the AI era.At 1Password, we have a set of practices that guide how we collaborate, measure success, and create meaningful impact. We call these the 1Password Behaviors for Success.This guide will help you think like a member of our team and frame your interview around these behaviors. It will help you both gain a deeper understanding of our company and approach your interview with confidence.Behavior 1: Take full ownershipAs we enter our next chapter as a high-growth company, we're collectively raising the bar on ownership. At 1Password, ownership is about taking pride in delivering quality work and high-impact outcomes, and we’re looking for t

It’s easy to see how SaaS sprawl happens if you picture the moment it starts. A team is blocked, someone needs a tool ASAP, and the answer to their problems lies just behind a free trial, so they sign up for a new tool. No one is being careless. They’re being efficient. The problem is that follow-up rarely keeps pace with new sign-ups, especially when the card on file belongs to "the company" and the requester has already moved on to the next priority.Watch the webinarLearn how you can automate SaaS discovery, employee lifecycle management, access reviews, and renewals with 1Password SaaS Manager.Watch the webinarMonths later, you realize you are paying for services you don’t use and can’t remember how to log in to, let alone cancel. Every invitation to “try this new tool” adds another subscription, another license, and another place where company IP is stored. Over time, this SaaS sprawl creates an environment overrun with shadow IT and unmanaged apps that IT, security, and finance te

Unused SaaS licenses are a budget drain and a security risk. The need to easily track and manage SaaS licenses and identify unused ones is a challenge that every modern organization faces. Watch: Stop paying for SaaS nobody usesLicense waste is a cost problem and an access risk. Watch our on-demand webinar to see how IT teams are getting visibility and control over their SaaS stack.Watch the webinarThe problem is that most IT teams can’t confidently answer a basic question: Are we using the licenses that we’re paying for? Why? Answering this simple question is more complicated than it seems.Why tracking license usage mattersEvery inactive user account or orphaned license is wasted budget and a potential door for bad actors into your environment. Without visibility into license usage, you’re likely:Paying for licenses that no one’s usingWasting time during renewals or facing true-ups because you can’t validate user countsExposing your business to risk with accounts tied to former employ

AI-assisted development crossed the “cool demo” threshold long ago. It is now a daily workflow. Generate code. Refactor. Run tests. Spin up infrastructure. Deploy.The speed is real. And so is the expanded security surface area that comes with it. The challenge is no longer whether teams should adopt AI-assisted development, but how to do so without putting credentials and access at risk.At 1Password, we believe the answer starts with treating secure access as an integral part of the development workflow. AI can accelerate the work, but access to real systems, credentials, and secrets must remain deliberate, time-bound, and under human control.Ari Marzouk recently released a piece of research titled IDEsaster, which highlights why this moment matters. It introduces a new vulnerability class that emerges when AI agents are embedded into IDEs that were not originally designed for autonomous or semi-autonomous action. Marzouk's key insight is not that any single tool is flawed. It is that

In modern organizations, employees sometimes adopt SaaS tools and AI solutions to help them get their jobs done efficiently. But when tools are chosen without IT oversight, they’re often called shadow IT.Shadow IT isn’t inherently a problem. The key isn't to stop it, but to govern it. This is where 1Password SaaS Manager comes in, providing visibility, automated discovery, and lifecycle management to help you bridge the gaps between IT and business teams.Success starts with IT and line-of-business partnershipSuccess comes from collaboration between IT and business teams. The former brings expertise in compliance, efficiency, and security, while the latter knows the tools they need for greater productivity. With SaaS visibility, IT can see how work happens and react accordingly. With 1Password SaaS Manager, IT gets a full view of the applications being used. This gives IT the opportunity to support innovation where it makes sense and intervene where required. What is business-led IT?Bus

Developers are moving faster than ever with AI. Cursor is redefining how software gets built, and 1Password is redefining how teams secure access to SaaS and AI. Today, we are announcing a new integration that brings these two worlds together in a way that keeps development speed high and credential risk near zero.1Password has partnered with Cursor to build a Hooks Script that gives developers a secure, just-in-time way to ensure required secrets are made available to Cursor’s AI agents via 1Password Environments. The result is an AI-native development workflow where secrets are never hardcoded, raw credentials are never handled directly by AI agents, and secure access becomes a natural part of writing and running code.This functionality is available today as a first step and lays the foundation for a broader set of secure developer workflows we intend to build together.Why this mattersDevelopers should never have to paste tokens into config files or store long-lived credentials on di

Twenty-seven episodes. Dozens of CISOs and security leaders. Hours of honest conversation about what actually keeps them up at night.When I launched the show, the goal was simple. Strip out the fluff and talk about how security really works inside organizations that ship software, handle sensitive data, and carry real operational risk—just practitioners comparing scars.This season covered three big threads that kept looping back into each other. The changing reality of the CISO role. The rise of agentic AI systems. The grind of day-to-day security work in complex environments. All of it shaped by people who actually own the outcomes.The CISO job is no longer “just security”Across episodes with sitting CISOs, former CISOs, and advisors, one theme kept repeating. The role has outgrown the narrow idea of “head of security.”Guests talked about shaping product strategy, influencing M&A decisions, and acting as a translator between engineering, legal, and the board. Security decisions now to

Anthropic recently announced that the company has disrupted the first reported AI-orchestrated cyber espionage campaign. This attack used Claude Code to automate many steps, with AI handling up to 90% of the tasks, including web searches and the autonomous writing of exploit code. The attackers bypassed Claude’s guardrails by breaking each step into small tasks and role-playing as a red team member. By taking this approach, the attackers avoided having any individual Al task flagged for violating Claude guardrails. While this type of attack is new, the bad actors also relied on tried-and-true methods to maximize access. Once the AI agents obtained valid certificates, they relied on password extraction to move laterally within the target systems. Anthropic has broken down the espionage campaign into six distinct phases:Campaign initialization and target selection: Human operators chose the relevant targets to be infiltrated.Reconnaissance and attack surface mapping: AI cataloged target

Over the past year, we’ve been busy building for MSPs around the world, giving you more choice on where and how you buy our solutions. Starting today, 1Password Enterprise Password Manager – MSP Edition is available through QBS Software, a leading distributor serving MSPs across more than 20 countries in Europe, the Middle East, and Africa (EMEA). Our partnership allows 1Password to meet MSPs in the channels you already use to source SaaS solutions – keeping your processes streamlined and expanding access to enterprise-grade credential security worldwide. 1Password closes the Access-Trust GapWe know MSPs work hard to balance operational efficiency, their clients’ security posture, and long-term strategic value as service providers. That balance becomes tougher when you’re contending with unsanctioned and invisible forms of access stemming from identity sprawl, unmanaged credentials, and shadow IT. This difference between centrally governed and controlled access and the access that occu

There’s a good chance something important is missing from your IT team’s offboarding checklist, and it may be causing a steady drip of unnecessary, wasted spend. The source of this leak? No, it’s not the unreturned laptops; it’s the licenses for SaaS apps that employees use every day. The SaaS landscape is littered with apps outside IT’s direct control, and when there’s employee turnover, it’s often difficult to ensure that every license across every app is accounted for. One symptom of this problem is that former employees often retain access to apps long after they should have been revoked. In fact, 1Password’s research found that 38% of employees have accessed a prior employer’s accounts after leaving the company. That’s not so much a leaky faucet as a burst pipe.The problem here is that the average IT stack wasn’t built for comprehensive offboarding. The majority of IT teams handle offboarding through a combination of automation and manual processes, but this piecemeal approach is

This year has been one of the most transformative in our collaboration with AWS. As organizations move faster toward AI-driven development and cloud-native architectures, secure access has become a foundational requirement, not an afterthought. In just a few years, we’ve gone from experimenting with GPTs to deploying action-oriented AI agents that read, write, execute, and automate workflows across production systems. These developments unlock new levels of productivity, but they also introduce new access and security challenges.That’s why AWS and 1Password have deepened their collaboration to help customers adopt AI tools safely and still capture the benefits it offers. Together, we’re making it easier for developers to authenticate, build, and operate agents securely, and using AI to streamline the login experience itself.What began as a collaboration has evolved into real momentum and a shared vision for the future of secure identity and automation in cloud-native environments. Deli

AI-powered browsers are transforming how people use the internet. They help you move faster, automate tasks, and simplify how you operate on the web. As this innovation continues, 1Password is committed to meeting our customers wherever they are in their AI journey. That means giving you the confidence to explore new AI tools, without sacrificing the security, privacy, or ease of use you depend on. And today, that includes OpenAI’s new ChatGPT Atlas browser. In addition to making the 1Password Browser Extension available on Atlas, we’ve built a new seamless, secure, and human-friendly experience to get started with 1Password on Atlas from the moment you start browsing, no workarounds and no added friction.Using AI-powered browsers? We got you.AI-powered browsers introduce new workflows, new expectations, and new security considerations. People want to use tools like Atlas to research, plan, shop, build, and automate, but every step still depends on safe access to the accounts and infor

Beep beep. My pager goes off. Then the phone rings. Meanwhile, there is a client sitting in front of me who needs a place to sleep tonight. Looking at my schedule, the days are blocked back-to-back with clients for the rest of the week, and there’s a long list of patients waiting for an appointment in my inbox. And it’s only Tuesday.For seven years, I was a social worker in community mental healthcare, and I was passionate about helping my clients with counseling and connecting them to necessary resources. Helping folks with psychosocial needs was meaningful and important work, but I felt anxious, tired, and overwhelmed most of the time. It took some reflection, but I slowly realized that I wanted to use my skills in a different way.A friend connected me to someone who worked at a cybersecurity startup called Kolide. They asked if I would ever want to bring my people skills to a people operations role at a B2B cybersecurity SaaS startup that had recently raised a Series B round of fund

The 1Password browser extension is entering its eighth year of service, and quite a bit has changed over that time as we’ve built new capabilities and improvements. One crucial piece of the browser extension is its in-page notification system. With the ability to display a notification on a web page, it allows you to perform many important tasks.Over the last eight years, we’ve expanded the capabilities of this small but mighty piece of the user experience to inform you any time you:Save a new login credential to 1Password that you created while browsing the webUsed a passkey to sign into a website that supports the WebAuthn protocolBeen offered a suggestion to sign in with a third party provider, such as GoogleWatchtower detected a breach with one of your vault itemsWere guided through remediation because Device Trust detected a problem with your deviceWith this growing list of tasks, and the in-page notification system becoming a new way for us to surface information, we knew it was

Security leaders are under pressure to manage an expanding number of SaaS apps and shadow IT. Automation transforms the fight for visibility into a framework of continuous monitoring.Virtually every company runs on more SaaS than it can see, and spends more on it than it can control.From analytics tools to HR platforms and AI agents, every new license improved productivity while expanding the surface that IT and security must protect.For years, Identity and Access Management (IAM) and Identity Governance and Administration (IGA) systems formed the backbone of enterprise security, authenticating users, enforcing policies, and governing access. But the perimeter they were designed to protect no longer exists.In today’s open SaaS workplace, anyone with an email address can add a new application outside SSO and beyond IT’s visibility. Security’s role is shifting from rigid enforcement to managing visibility and flexibility.There are now three distinct categories of SaaS that every organiza

We’re excited to announce that today, 1Password Enterprise Password Manager – MSP Edition is now available through Renaissance, a leading IT distributor serving MSPs across the Island of Ireland. This partnership enables even more MSPs to access 1Password through local channels, streamlining their procurement and billing processes while expanding access to enterprise-grade credential security.We know that growing MSPs around the world are constantly balancing the need to:Ensure their own operational efficiency and profitabilityEmpower their clients with effortless securityExcel as their clients’ long-term, strategic IT partnerAchieving all three is a challenge, especially as MSPs face growing complexity from identity sprawl, SaaS sprawl, and unsanctioned access that can put clients at risk. 1Password Enterprise Password Manager – MSP Edition helps solve these problems by providing MSPs with the tools to securely manage their clients’ credentials, reduce risk, and strengthen their trust

In episode five of Securing the Win, Formula 1® journalist and broadcaster Chris Medland takes us inside the cockpit with Oracle Red Bull Racing’s Max Verstappen and Yuki Tsunoda to uncover what it takes to win. Through their words and the unseen organization that powers them, Medland discovers how every team member at Oracle Red Bull Racing works together to make the car go faster.After exploring leadership, security, and trust behind the scenes, Securing the Win brings us closer to the people at the center of it all: the drivers. They are the ultimate end users of Oracle Red Bull Racing’s innovation, demonstrating how a global network of people, technology, and security performs under pressure.Chemistry, culture, trust: Chris Medland on what it takes to winFew people understand the rhythm of Formula 1® quite like Chris Medland. Having covered the sport for RACER, Motor Sport Magazine, and Formula1.com, he has seen how teams operate under pressure and how the unseen efforts of thousan

If you’ve built anything with AI tools lately…You’ve probably seen a file like this sitting in your project root:{ "tools": { "github": { "endpoint": "https://api.github.com", "auth": { "token": "ghp_your-secret-token" } } } }That’s a typical mcp.json, the file many agentic development environments (like Cursor or Claude Code) use to tell an MCP server what APIs it can call and what credentials to use.It’s handy. It works. It’s also a plaintext secret waiting to leak.Push that repo to GitHub, sync it to a teammate, or even forget to .gitignore it, and your API key’s gone.Shout-out: the developer who started a trendOne of the nicest parts of working in security is seeing the community invent safe patterns before vendors even document them.A developer who goes by @codekiln wrote a great how-to showing how to secure Cursor’s mcp.json with the 1Password CLI.Their approach is simple: instead of hardcoding tokens in your config, reference them from your 1Password vault and inject them at run

IT and security leaders share a common goal: to empower teams to move fast without compromising security.Over the past year, we partnered closely with customers across industries to understand what helps them scale and where they need more flexibility and control.Their feedback shaped our latest updates to 1Password Enterprise Password Manager (EPM). Each enhancement is designed to make enterprise deployment and governance faster, simpler, and more intuitive so security teams can focus on strategic priorities instead of day-to-day administration.This release builds on three core principles:Usability that drives adoption.Visibility that strengthens governance.Control that scales with the business.Together, these improvements make it easier for companies to deploy confidently, manage effectively, and protect every user with 1Password.Security without frictionNew app unlock presets give admins more flexibility in how users unlock 1Password. Teams can align unlock settings with their organ

At 1Password, we know that a culture of belonging is essential to achieving our company’s goals. Since launching our first Employee Resource Groups (ERGs) in 2021 and expanding to Employee Community Groups (ECGs) in 2023, these communities have become so much more than spaces for connection – they’re shaping how we lead, grow, and perform together. Today, our ERGs and ECGs collectively represent more than 1,300 Slack channel members, reflecting strong engagement across communities at 1Password.Our eight ERGs and ECGs remind us that belonging and high performance aren’t competing priorities; they thrive together. They turn our values into everyday actions, helping people feel both stretched and supported as we continue evolving our high-performance culture.By keeping community at the center, our groups drive growth, learning, and impact – making belonging something we can see and feel in how we show up for each other every day.Belonging in actionEarlier this year, our Chief People Offic

Poorly managed credentials are among the most stubborn problems for security and IT teams, and authentication is one of the areas where the Access-Trust Gap is widest. But even as credential-based attacks remain a major threat to security, there are positive signs that companies are moving toward a passwordless future.This blog is part three in our series analyzing the 1Password Annual Report 2025: The Access-Trust Gap. To read part one, which addresses AI governance, click here.To read part two, on SaaS management, click here.If you haven’t had a chance to read the full report yet, download it here. In this blog, we’ll address the third section of the report, on credentials. We’ll walk through some of the report’s most eye-opening findings and how IT and security teams can translate them into actionable priorities. We’ll also explore how 1Password helps close these gaps via 1Password Extended Access Management, a suite of solutions that includes our Enterprise Password Manager, 1Passw

In Episode 4 of Securing the Win, Oracle Red Bull Racing CIO Matt Cadieux joins host Calum Nicholas at MK7 in Milton Keynes to answer a crucial question: how do you make the secure path the fastest path?For Cadieux’s team, speed is nothing without trust. Behind every lap, every call, and every win lies a digital backbone built to guard against the unseen. As threats in Formula 1® mature and proliferate, a single weak sign-in or device can compromise safety and performance. Cadieux safeguards racing, manufacturing, and logistics. His answer is simple and hard-won: design for failure, verify trust continuously, and partner where it buys speed, so when pressure spikes, the car keeps flying.Revving cyber resilienceCadieux’s resilience playbook supports Oracle Red Bull Racing’s culture of innovation, where resilience isn’t just a project, but a practice. He says, We need to anticipate that things will go wrong. We build in backup plans and factor in safety so if you have to resort to Plan C

We’ve all been there. You open your laptop, log in to your account, log in to your password manager, step away for a quick coffee break, and come back ready to get started on a project, only to be asked by your computer and password manager to log in to both all over again. It’s safe, sure, but it can also feel like one extra speed bump between you and getting work done.At 1Password, we’re always looking for ways to simplify your experience without compromising security. You should feel confident that your data is protected, while still being able to access what you need without disruption. That’s why we’ve made unlocking 1Password faster and simpler, without changing what makes it secure. Unlock 1Password when you unlock your deviceWe’ve redesigned the 1Password unlock experience to be faster and smoother while maintaining the same trusted security. The new unlock with device setting lets 1Password open right alongside your Mac or PC. It unlocks as soon as you pass your device's own l

When IT and security teams lack visibility and control over the SaaS apps employees use, the result is wasted spend, unsanctioned access, and compliance failures. Yet 1Password’s research shows that all too often, SaaS usage is evading the tools meant to govern it.This blog is part two in our series analyzing the 1Password Annual Report 2025: The Access-Trust Gap. To read part one, which addresses AI governance, click here.If you haven’t had a chance to read the full report yet, download it here. The Access-Trust Gap report lays out the issues plaguing the SaaS landscape:The SaaS explosion has long outpaced traditional IT oversight. Today, enterprises face an environment where hundreds of cloud- and browser-based applications are in active use, many without IT’s knowledge or control. Shadow IT is no longer a fringe behavior; it's a foundational threat to modern access governance. And even sanctioned apps pose risks when access is poorly managed, offboarding is incomplete, or they are n

Summary and key findings1Password surveyed 2,000 American adults to learn how people are protecting themselves from phishing scams this holiday season (“phishing” refers to all those scammy emails, shady texts, and fake ads, where hackers try to trick people into clicking a link that lets them steal money or information). What we learned is that holiday scams are getting bolder and harder to spot, thanks to the help of AI. Here are some of the other most eye-opening findings:AI is the new gift wrap for holiday scams:66% of Americans say they’ve noticed more scammy messages, phone calls, and ads since AI became more prevalent. Taking the bait: 82% of respondents have been phished, or come dangerously close to it. Younger generations are falling first: Gen Z (70%) and Millennials (67%) are more likely to be phished compared to Gen X (57%) and Boomers (46%).Duplicate passwords are a gift to hackers: A whopping 76% of Americans who've fallen victim to a shopping scam still reuse passwords

In Episode 3 of Securing the Win, 1Password’s docuseries exploring the behind-the-scenes teams powering Oracle Red Bull Racing, Nimesh Kotecha, Group Head of End User Services, takes us behind that digital command center, not into the cockpit, but into the technology ecosystem that keeps the entire organization moving.Kotecha and his team manage the infrastructure behind every device, login, and workflow, designing systems that let people move at full speed securely from anywhere in the world. Keeping that network running requires rapid innovation and constant protection.The driver might be the ultimate end-user, but everyone relies on technology that has to be both secure and seamless."End-user enginesFormula 1® teams are engineered for speed, and their digital operations must set the pace. Kotecha’s purview spans service delivery, workplace operations, and client security policies that connect teams across continents. As Oracle Red Bull Racing’s digital footprint expanded, Kotecha tu

When faced with an endless stream of SaaS bills, the temptation is to reduce costs fast. Instead of taking a slash-and-burn approach, we recommend taking a step back to look at the bigger picture. Here are some smart ways to get better value using SaaS optimization. You can reduce SaaS costs while increasing the value applications bring to your users and your business.‍If you’ve started doing some SaaS discovery in your business, you’ll be aware that a key cost-driver is the number of redundant SaaS tools in use. While there might be good reasons for keeping similar apps, there are also benefits to consolidating the number of applications in use: eliminating duplicate spend,, lower operational overhead, and reduced security and compliance risks. The right approach to understanding usage and improving SaaS optimization often depends on the type of application being used. In this blog post we’ll look at SaaS optimization in the context of project management tools, such as Monday.com, Cli

Unsanctioned AI tools. Patchy access controls. Unmanaged apps and devices. And of course, compromised credentials. These are the issues revealed in the 1Password Annual Report 2025: The Access-Trust Gap.The report is based on a survey of over 5,000 knowledge workers, IT and security professionals, and CISOs, and it captures a moment of profound technological and cultural transition. Companies are still playing catch-up to the last few years of change: the rise of hybrid work, the SaaS explosion, the blurred lines between work and personal devices, and AI. IT and security teams are discovering that their go-to tools for securing identities and managing access, such as SSO and MDM, weren’t designed for this world.The result is a widening Access-Trust Gap: the divide between the types of access that security and IT teams can control, and the reality of how people (and now AI agents) access sensitive data in practice.The survey data reveals four areas where the Access-Trust Gap is widest a

Agentic AI is a fundamentally new paradigm. AI agents can interact with various tools and act dynamically and probabilistically as they encounter new inputs. That means they end up falling somewhere between an application and a user in terms of how they operate. Indeed, the interaction with other applications is what gives agentic AI its power; however, this also has implications for identity security and access management.Given this new paradigm, we’ve found it helpful to develop a simple taxonomy for agentic AI that guides the specific security measures that must be considered for each agent. We break this down into three distinct categories:What type of AI agent is it, and how does it interact with the world?Where is the agent running?Who is the agent running on behalf of?Note: At 1Password, we have a set of AI security principles that apply across this entire taxonomy, regardless of how an agent is classified. An Identity Security taxonomy for Agentic AIWhat type of AI agent is it,

The new .env destination in 1Password environments makes it easy for developers to use and collaborate on .env files securely, right from the desktop app.1Password environments provide a secure workspace to store, organize, and manage project secrets – the same credentials you would normally handle as environment variables. Each environment acts as a dedicated space for a project or app, helping teams manage and maintain consistent credentials.With the new .env file destination, you can use those secrets – stored securely and locally – in your usual workflows. We launched this functionality in beta earlier this month, and have already had some rave reviews:“Just wanted to drop some feedback after playing around with the new Environments Beta in 1Password. Honestly, I’m loving it so far. The local .env file mounting is just brilliant. Secrets are easy to access without having to run extra commands, but still secure – exactly what I want. Makes switching between machines seamless, too.”T

In Episode 2 of Securing the Win, 1Password’s docuseries with Oracle Red Bull Racing, Chief Security Officer Mark Hazelton revisits the $100 million Formula 1® data breach that changed the sport and reshaped the way teams approach secrets and security.From the team’s headquarters in Milton Keynes, UK, Hazelton sits down with former Senior Engine Technician turned brand ambassador Calum Nicholas to offer a rare glimpse into how the team stays ahead of cyber risks, guards against insider threats, and protects its most valuable asset: information.For 22 years, Hazelton has been the quiet constant behind one of Formula 1®’s most advanced and secure organizations. From inside Oracle Red Bull Racing, he’s watched the threat landscape shift from insider threats to the relentless pressure of digital risks.Decades on the digital front line have taught him that in Formula 1®, data isn’t just valuable, it’s vulnerable.“Even the strongest teams are only as secure as their weakest point of access,”

Professional sports franchises are high-profile, global enterprises that operate at a rapid pace and rely on instant, secure access to the tools and data that keep them competitive. In this arena, speed and trust aren’t trade-offs; they’re the keys to success.The same is true for modern businesses and the millions of people behind them; everyone needs a simple, secure way to safeguard their personal identities and technology that enables access without slowing them down.That mission takes center stage through our multi-year partnership with Smith Entertainment Group (SEG), the parent company of the Utah Jazz, Utah Mammoth, and the Delta Center. As the Official Cybersecurity Partner of both teams, 1Password is redefining how elite organizations approach access and identity security.“Giving teams the tools they need to move fast while keeping them digitally protected is at the heart of how organizations win, whether in business, sports, or technology,” said David Faugno, CEO of 1Password

Technology skills are essential for thriving in today’s fast-paced digital world and for shaping its future. At 1Password, we have a vision to build a safer, simpler digital world for everyone.During October Cybersecurity Awareness Month, we gave back to communities by donating $100,000 USD to six organizations working to ensure that the next generation has access to the technology education, digital literacy, and online safety skills they need.It's one of the many ways we are helping communities through our 1Password for Good efforts, including launching a cybersecurity guide for parents with the Family Online Safety Institute.The organizations we are supporting are:ActuaChildnetDigital MomentMission BitVisions of ScienceTeam4TechRead on to learn more about each one and how we’re working together.ActuaActua is a leading Canadian organization unlocking the infinite potential of youth through STEM. Together with a national network of universities and colleges, Actua engages youth from a

In the premiere episode of Securing the Win, 1Password’s docuseries with Oracle Red Bull Racing, viewers get an exclusive look inside the mindset of Laurent Mekies, the new CEO and Team Principal.After leading the Racing Bulls in 2024 into the 2025 mid-season, Mekies steps into one of the most demanding roles in motorsport – leading a championship team where performance is measured in thousandths of a second. His mission: steward a championship legacy, navigate pressures to stay ahead, and balance the responsibilities of leading a team operating at the edge of human and technological performance.And yet, for all the data and downforce analysis, Mekies insists success begins with people. “Formula 1® is a people business,” he says. “Everything you see around here – the infrastructure, the tools, the processes – they’re just a consequence of the quality of the people we have.”Mekies’ is the story of trust at 300 km/h and learning to steer legacy, innovation, and human potential toward a s

Every team seems to be signing up for new apps every day. Licenses are everywhere; some are just collecting digital dust.If that chaos sounds familiar, you’re not alone. If you’ve thought about any of the three things below, it might be time to consider a SaaS management platform to manage SaaS sprawl effectively.SaaS has democratized access to technology. Users can sign up and start using enterprise-grade apps without formal IT or procurement approval. Most SaaS vendors encourage this behavior. When teams adopt SaaS apps outside of IT oversight, they create major visibility gaps, especially for tools that aren’t connected to SSO, so provisioning and deprovisioning becomes inconsistent and access ownership gets murky. That leads to access sprawl, unmanaged credentials, and higher security and compliance risk as sensitive data ends up in tools without governance. Operationally and financially, procurement lacks reliable usage data to optimize renewals, licenses pile up unused, and admin

AI agents increasingly are completing real tasks in the browser, acting on behalf of employees, and connecting to the same systems humans rely on to get work done. This introduces a new security problem: AI agents require credentials – passwords, API keys, and one-time codes – to operate. As agents proliferate, the risk surface increases and it brings a variety of identity and access management challenges:No single source of truth for secrets management across agentic AI and employeesDifficulty of revoking credentials/items, especially long-lived onesProliferation of untracked/out-of-date credential grantsAgentic browsers, such as headless agentic browsers or those being driven by AI models without direct human supervision, raise the stakes even higher. As AI agents execute workflows, they get paused while agentic browsers wait for humans to input credentials. In an effort to avoid agents stopping mid-workflow, users often provide credentials directly into a browser-use AI app, which i

Your password manager might be closing up shop, putting your digital security at risk. In recent months, two major tech players – Dropbox and Microsoft – have discontinued their built-in password manager features. If you’ve been relying on Microsoft Authenticator or Dropbox Password, it’s now time to decide how you’ll protect your accounts going forward.When companies discontinue their password managers, it’s more than an inconvenience. It leaves customers, both consumers and businesses, at higher risk of credential theft. Without a password manager, users are more likely to fall back on bad habits, such as reusing passwords across multiple accounts. That means that one successful phishing attack could be all it takes for criminals to have access to everything.“When password management is a side feature, it’s a future sunset. Choose a provider whose core business is protecting identities so your defences don’t change when someone else’s roadmap does,” said Dave Lewis, 1Password global