Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Feature request - Force 1password to sync
I would like, like many requests before, an option to force the sync. I know I can lock/unlock and everything should sync but that is not efficient. I have seen this asked before and everyone answers that it should just happen and/or lock/unlock the Mac desktop app. Please just add a sync now button! The automatic syncing is great but does not always work. It is probably related to the app going to sleep in the background such as due to time, Mac sleeping, etc.... Just add the button!Feature Request: Show Original Contributor of Items in Shared Family Vaults
Summary Please add a built-in way to display who originally created or contributed an item to a shared vault in 1Password Family. Problem In shared family vaults, it is currently not possible to see who an item originally belongs to once it has been shared. This makes it unclear who owns a specific account, even though the item is visible to everyone in the family. As a workaround, we manually add tags with the name of the person who created or contributed the item. This allows sorting and filtering by owner, but it is manual, error-prone, and easy to forget. Proposed Feature Display non-editable metadata such as: “Contributed by: Name” or “Original owner: Name” This information should remain visible in the item details after sharing or moving an item into a shared family vault. Benefit This makes it easy to understand who an account actually belongs to, even when it is shared for convenience. It improves clarity in family vaults, avoids confusion, and removes the need for manual tagging. Reference Apple Passwords already shows this information for shared items using labels like “Contributed by: Name”, which provides clear ownership at a glance.
Onboarding experience: too hard
I have used 1P for many years, and it suits my needs as a software engineer nearly perfectly. However I have suggested it to a number of friends, and done the work of getting two distinct types of user up to speed: my partner (1P Families), and as the IT manager at a smallish company (1P Business). I started both a year or more ago, and thought I would share my experiences. tl;dr After a year, people are still struggling to understand 1P, and are still failing to gain the core benefits such as reused passwords. The main challenge my users have faced is how to migrate from whatever they used before ... intentional or not. My partner uses a Mac and iPhone, and has home and work Google accounts. She doesn't really understand that Safari and Chrome are different things, but uses both at work and home. In both cases, she accepted the default password management features, with autofill in chrome, and various flavors of Apple password managers. At any given time, without reconfiguration, all of these PW managers are competing to manage a password, and the result is confusion, and inevitable password resets "just to get in". So, the user ends up with multiple possible passwords saved in multiple places: Google, Apple, and now 1P. The same has been an issue for my co-workers, who are also at varying levels of technical awareness. The first thing I did for my partner, mainly to make her feel confident, was to import all the passwords from Google and Apple PW managers. This turns out to have been a really bad idea, and also, it's really a great deal harder than it should be -- not very well documented, hard to find on the site, and some parts of it didn't seem to work. This is a terrible idea because Google, at least, saves a new password for any different URL it finds, so there can be multiples just for one site. I am not sure about the Apple version, but the result was that we had at least two, often many more saved passwords imported into 1P. Finally, unless these PW managers are turned off, they keep adding their confusion to the mix. Suggestion: build an importer that figures out how to actually migrate to 1P. There may not be APIs that allow this to be automated, but at least you could build a step-by-step process, and a checker that sees the status and warns users. Ideally the tool would merge (or offer to) sites at the same domain, would identify a suitable name for the 1P entry, would retain history (archive) of old logins, and would coach the user through confirming the result on computer and phone. Passkeys and MFA are both great when 1P gets them right. But I am still regularly assaulted with the option to use passkey with my Amazon account, as well as my AWS accounts. The MFA process is kind of klunky
Best practice for user terminations?
Hi 1Password Community! Long time lurker first time poster here. We've been using 1Password Business at our company for a little under 3 years and love it. Our team has been debating on how best to handle user terminations in the scope of 1Password. Currently all users are manually managed (we're not using SSO with AD or anything). Two goals for user terminations: Goal 1: restrict access so the terminated user cannot access their company 1Password data Goal 2: no loss of any shared 1Password data So far we've simply been disabling users' 1Password accounts when they leave the company, achieving Goal 1, and leaving their 1Password data intact to set the potential stage for Goal 2. We're thinking we might have to just spend some time setting up dummy accounts and learning/testing behaviors, but I thought I'd try to shortcut that process and ask you good folks of the community :) The questions we have are: If the user created a shared vault, how can we reappropriate ownership of that vault and its items to someone else? We don't want to lose the information/passwords in the shared vault. If the user was a member of a shared vault and submitted items to it, are those items "owned" by the vault, or are they still tied to the user? (More specifically, if we delete a user's account, will all their submissions to a shared vault also be deleted?) If the user didn't follow training and was saving data to their "Employee" vault instead of a correct vault location, what is the best way to access their account to get at this data? We do have access to the user's email and company phone after termination, so impersonation comes to mind, but we're not convinced that's the best option to use. Are there any other things we should be considering when terminating a user from our environment? Thanks for reading :)
How to Migrate 1Password Vaults to Bitwarden Folders (With Passkeys!) using iOS 26 CXP
I just finished migrating my credentials from 1Password to a fresh Bitwarden setup, and I wanted to share a workaround for a major pain point regarding vault organization and Passkeys. Those who used 1Password v7 will remember that exporting by vault was standard. In v8, this has been reduced to an "all-at-once" account export. If you want to maintain your organization during a move, this creates a mess. The Challenge: Maintaining Structure If you have multiple vaults (Work, Personal, Shared, etc.) and want them to land in specific Bitwarden Folders, an "all-at-once" export creates a massive, unorganized pile. Plus, standard file exports (CSV/1PUX) usually break Passkeys. The Solution: The "Single-Vault Pipeline" (iOS 26 CXP) By using the newly introduced Credential Exchange Protocol (CXP) on iOS 26, you can move your data app-to-app, vault-by-vault, and keep your Passkeys intact. (Note: I used a 1Password Family account and a free Bitwarden account for this). The Migration Manual: Prep 1Password (Web Browser) Log into 1Password.com on a desktop. Go to Manage Account > People > Select your account > Manage Vaults. The Trick: Deselect all vaults until only one is left visible to your user. Now, your mobile app will only "see" that specific vault. The CXP Transfer (iOS Device) Open the 1Password app on your iPhone/iPad. Navigate to Settings > Advanced > Start Export. Enter your account name (there is a hint at the bottom) and approve. Select Bitwarden as the destination. It will open Bitwarden and securely transfer everything from that one visible vault—including Passkeys and TOTP seeds. Assign to Folders (Bitwarden Desktop) Open the Bitwarden Web Vault on your computer. Click on "No Folder" (this shows all the items you just imported that don't have a folder assignment). Click the "Select All" checkbox at the top. Click the three dots (⋮) above the list > Add to Folder. (Note: You’ll need to create the folder first by pressing the + New button). Rinse and Repeat Go back to the 1Password web interface. Deselect the vault you just finished and select the next one. Repeat the iOS export. Because Bitwarden treats these as new "unassigned" items, you can neatly move the next batch into the correct folder. Why this is the optimal way: Passkeys & 2FA: Unlike file exports, CXP moves the actual cryptographic keys for Passkeys and your TOTP seeds. Shared Protocol: Because it uses a modern exchange protocol, misc info and custom fields transfer much more accurately than a messy CSV. Organization: You don't have to manually sort 1,000 items at once. You do it in controlled, vault-to-folder chunks. Hope this helps someone else stuck in the migration process!1Password’s new benchmark teaches AI agents how not to get scammed
In 2024, a research team found that GPT-4 could identify phishing websites with near-perfect accuracy. Ask a modern AI model, “is this email dangerous?” and it almost always gets it right. Unfortunately, an AI model’s ability to recognize threats does not translate to an AI agent’s ability to avoid them. AI agents can read your inbox, open links, read secrets on your computer, forward emails, and fill out forms on their own. The problem is what they could do next: open the phishing link, pull your real password from the vault, and type it into the attacker’s fake login page. That’s not a hypothetical. In our testing, one of the most capable AI models available today did exactly that, ten seconds after being asked to check the inbox. To address this risk, we’ve built the Security Comprehension and Awareness Measure (SCAM): an open-source benchmark that tests whether AI models can stay safe when they’re actually doing things like reading emails and filling in passwords. Read the full post and explore SCAM here: https://1password.com/blog/ai-agent-security-benchmark https://1password.github.io/SCAMFeature Request: Optionally allow sharing recipients to edit/update entries
Hi I love 1Password, cannot live without it in my personal and professional life. But one thing I struggle with is helping my customers maintain a safety first demeanor when it comes to sharing secrets. With 1Password it is easy enough for me to share secrets with them securely, but the inverse is not true UNLESS they also have 1Password, or similar. [2025.10.09 - Update] After looking into WHY this doesn't exist I now understand the problem that allowing an external non vault member to write directly into my vault would break the security model as that external non vault member would need my keys to write into my vault. So instead it could be something like this You initiate a “Secret Request” from 1Password: It generates a unique, signed URL. Optionally, you can label it (“Please send me your API key for X”). The recipient (your customer): Opens that link in their browser. Enters their secret (password, API key, etc.). Their browser encrypts it locally with a one-time symmetric key before upload. The key is only embedded in the returned “Send” link that comes back to you. You receive the “return link”: You open it once, decrypt locally, and copy the secret into your own vault. Optionally, the link auto-expires after one view or a set time. 1Password’s servers never see plaintext, they just store encrypted blobs. Full disclaimer, some AI servant came up with the above summary after I was trying to figure out why it may not be secure to just have people write directly into my vault and what the alternatives were. [Original not so secure feature request below] The feature I am looking for and would be willing to pay for, would be to allow sharing an entry, blank or otherwise, and then to optionally indicate that the sharing recipient may update the values or create new ones. Basically I want to allow someone external to be able to populate an entry in my vault as a mechanism for them to securely share secrets with me. Use case: I need to do an integration project with my customer's ERP system and I need a secret from them. They need to share this secret with me and may not have a great way to do that securely. So if I could securely send them a link to an entry in my vault with edit permissions, then they could easily just drop the secret in there. From a feature point of view, I guess it doesn't have to be limited to Update only, you could send someone a "Please create a new entry in my vault request", and then the entry would not have to exist prior to them getting the create request. Let me know what you think
[SOLVED] Browser support error on Gentoo Linux
I finally solved the problem of disabled communication between the browser extensions (Firefox and Google Chrome) and the desktop app on my Gentoo Linux system, so I want to share how I solved and what I learned. First of all, I'm not using Flatpak or Snap. As official document says, you should install browsers and 1Password app via your system's package manager. Also, I'm using supported browsers, so I don't need "/etc/1password/custom_allowed_browsers" or "~/.SOME_FORKED_BROWSERS/native-messaging-hosts/com.1password.1password.json". But if you are using such browsers, it will be worth trying. OK, there was two problems. The first problem was `BrowserVerificationFailed` or `BrowserProcessVerification(BinaryPermissions)`. This happens when `/opt/1Password/1Password-BrowserSupport`'s group owner is not `onepassword`. In my case, it was `1password`. I noticed when I changed the name by editing /etc/group directly and it solved the problem. (BTW, we can check if this problem is solved or not by executing `/opt/1Password/1Password-BrowserSupport ~/.mozilla/native-messaging-hosts/com.1password.1password.json {d634138d-c276-4fc8-924b-40a0ea21d284}` in a terminal; it shows something like BrowserVerificationFailed if not solved, but shows UnknownBrowser if solved.) The other problem was that 1Password-BrowserSupport returns `AppQuit` message. This was probably caused by the inappropriate group id of the `onepassword` group. According to this ebuild (https://github.com/jaredallard/overlay/blob/f738e3c74940a4352cd96c6d95a40eb1b444653f/acct-group/onepassword/onepassword-0.ebuild#L10), it needs to be greater than 1000. In my case, the group ID 1010, with which package manager try to create `onepassword` group, was already occupied by another group, and different number 973 was assigned to `onepassword` group. I manually fixed the problem by correcting `onepassword`'s group ID. Sorry for my poor English, but I don't have enough time to write better English for the moment. I hope my sharing the experience will help other people in the Linux community. Good luck!
