Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
1P_Blake
Community Manager
Community ManagerIntroducing stronger phishing protection in 1Password
1Password has always protected you by refusing to autofill credentials on mismatched sites. But we know that sometimes you might not realize why autofill didn't work, so you'd manually copy and paste instead – which could still get you phished.
Now, we've added an extra layer of protection. When you try to paste a password into a site that doesn't match the URL saved in 1Password, you'll see a warning pop-up in your browser. It's a gentle nudge to slow down and double-check the URL before you continue.
Phishing attacks are everywhere right now, and thanks to AI, they're harder to spot than ever. Those fake login pages look almost perfect, and it only takes one quick moment for someone to accidentally hand over their credentials to a scammer.
This feature is rolling out to all Individual, Family, and Business customers over the next few weeks. For Individual and Family users, built-in phishing protection will be enabled by default once it rolls out to you. If you're a 1Password Admin, you can enable it for your team in Authentication Policies in the admin console as shown below.
To learn more, we've got a full breakdown in our blog post, plus a demo video showing built-in phishing protection in action. Be sure to check them out!
5 Replies
Ok, so how do I disable this? I received the update today, and I'm getting this popup constantly on my work-related legitimate sites.
- 1P_Dave
Moderator
You should only see the prompt if you try to copy and paste your password into a website that you don't have stored in 1Password. Double-check to make sure that your Login item's website address field matches the website address of the website that you're pasting your login into.
If you would like to turn off the feature then you can follow these steps:
- Open your browser.
- Right-click on the 1Password icon in your browser's toolbar and click Settings.
- Click Notifications.
- Turn off "Warn about potential phishing".
I hope that helps.-Dave
1P_Blake - what is the version number of 1Password this will be implemented so we know when we have it?
- 1P_Blake
Hey Chicago_Joe! As long as you have the latest version of the 1Password Browser Extension installed (which is currently 8.12.0) then you'll have access to this feature once we finalize the rollout to all accounts. 🙂
This is one of the best "bonus" features of 1Password for those rare occasions when we mistype a URL (as we would never click on a link in email or the like to visit a website).
Of course we should be opening (and filling) the site from the 1Password extension, not just to go to the right URL, but for the automagic login.For what little it's worth, Facebook owns both facebook.com and faceboook.com (which redirects insecurely and doesn't handle email), but not facebooook.com or faceboooook.com. facebooooook.com is up for grabs. Seasoned security professionals will understand why only the middle "o" is the problem. They also own facebook.com.
