Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
As a 1Password user - how to access security audits?
Hi there,
as a paying 1Password user how can I access your security audits? After the change last year I cannot access them.
As a privacy orientated user I'd like to get some insight into that.
Thx.
6 Replies
Still not possible to access those reports... Tried to register with several mail addresses. The third one was accepted - others denied.
But still got no mail. What are you hiding 1Password? Are you in fear of showing your reports??
- 1P_Dave
Moderator
I'm sorry that you're running into trouble accessing the reports. Please send an email to support@1Password.com and include a link to this thread and our team can take a look and help further. After emailing in, you'll receive a reply from BitBot, our friendly robot assistant with a Support ID that looks something like [#ABC-12345-678]. Post that here, and I'll be able to locate your message and make sure it's gotten to the right place.
-Dave
- 1P_Dave
Hello dragon1​! 👋
Thanks for the question! You can find information about accessing 1Password's security audits here: Security audits of 1Password
Our security design white paper is also available on our website: 1Password Security Design White Paper
-Dave
Have you already visited Security audits of 1Password, clicked 1Password Trust Center , clicked 🔒 Get access, filled out the form, got errors about characters it doesn't like, read the Drata Trust Center Terms of Use, wondered who or what Drata is and why their terms apply to an apparently unrelated web site, submitted the form anyway, then waited for the approval email?
- 1P_Dave
Sorry for the confusion. The 1Password Trust Center is built on SafeBase (by Drata), which we use to support disclosure of security and compliance information. That is why you'll see Drata referenced.
-Dave
That would explain the email from SafeBase <notifications@safebase.co> Invitation to Access 1Password's Trust Center and the second email Access Granted to 1Password's Trust Center with links in the email to app.safebase.io [n.b. not the same as safebase.co], since clicking links in email from senders you don't know to web sites with different domains from the sender (and 1Password) is just fine.
You might consider mentioning these names close to the request process so that we know to expect to see these names of a third party provider. While it's no surprise that 1Password uses such providers, it's a bit of a surprise for this kind of content, which would usually just be pages on your web site, and the audience for this is the cream of the paranoids.
