Swiss research identifies possible high-impact weakness.

Researchers from ETH Zürich have https://ia.cr/2026/058 newly found weaknesses in a range of password managers, including 1Password. The paper includes the following quotes specifically about 1Password

1Password not only lacks authentication of public keys, but also of public-key ciphertexts. This affects not only the security of the credential-sharing feature, but also the confidentiality of the entire vault.

And

IMPACT. Complete compromise of vault confidentiality and integrity. The adversary can read and decrypt all vault contents encrypted after the attack, including passwords, creditcard information, secure notes, and other sensitive data stored in the vault. Similarly, they can inject new items into the vault after the attack.

While this sounds absolutely worrying, I know from experience that real-life danger is not always that imminent. Nevertheless, I once chose 1Password mostly for their proactive stance on security and communication about security.

My question then is: what is 1Password's reaction to this and do other readers have opinions as well?

security

Forum Discussion

Swiss research identifies possible high-impact weakness.

Featured discussions

December 2025 at 1Password: More browser options, easier sign-in, and safer saving and filling

Recent discussions

Swiss research identifies possible high-impact weakness.

Feature Request: GeneratorRecipe for Memorable Passwords

Password generator when exporting ssh keys

1Password Environments issue with VSCode and Claude Code Extension

Incorrect .tmp folder location on macOS?