Enable DNSSEC

Question

1Password domain names are not signed with DNSSEC (at least 1password.com and 1password.eu). Customers are therefore potentially vulnerable to MITM attack. This means that when attempting to access the password manager's online services, an attacker could falsify DNS resolution responses and redirect the client to a fake server.

https://internet.nl/site/my.1password.com/3801661

https://internet.nl/site/my.1password.eu/3801663

In addition to the absence of DNSSEC, these links will inform you that certain best practices are missing from your web server configuration.

1p_dave · Answer

Hello antoinejdd​! 👋
Thanks for bringing this up! Our security white paper touches on this topic on page 52 under Transport Security- TLS:&nbsp;

Neither certificate pinning nor DNSSec have been implemented. Given the mutual authentication described in "A modern approach to authentication", the marginal gain in security provided by such measures is not something we consider to be worth the risk of loss of availability should those extra measures fail in some way.

Regarding any other concerns, please send an email to&nbsp;support@1Password.com so that the relevant&nbsp;team can take a look and address your concerns directly.&nbsp;
-Dave

Forum Discussion

Enable DNSSEC

1 Reply

Featured discussions

December 2025 at 1Password: More browser options, easier sign-in, and safer saving and filling

Recent discussions

Critical: op item move caused loss of OTP field (irrecoverable 2FA data)

1PW Safari extension repeatedly unlocking/locking

Bug: CXP export on iOS shows 0 items (Family subscription)

Migrating from one account to another on a Chromebook

When I try to Log In, 1Password says that my account has been deleted