Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Password filling twice
When I use the browser extension with the fingerprint activation to unlock, and if there is only one entry for the site in question, the password field fills twice. As far as I can tell, this happens on every site. I don't know if it happens if/when I'm forced to activate the extension by typing my password. Works fine on mobile I think. 1Password Version: 1Password for Mac 8.10.3 (81003012) Extension Version: Not Provided OS Version: macOS 11.7.4 Browser:_ Firefox 110.0.1 Referrer: forum-search:https://1password.community/search?Search=password%20enters%20twice
1password input focus lag with lots of inputs
I'm running into an issue where 1password seems to significantly slow down interaction with the webpage I'm working on. There's a ton of input fields of which most are hidden, I cannot lower the amount of inputs, in fact I have to increase the amount of inputs due to how the system works. Every time I click on an input, the focus is delayed by ~200ms or so. The next time I select the same input field it's instant. 1password seems to do something that slows down the focus event. I made a performance recording in firefox. I selected 3 inputs and after the 3rd on selected the same 3 in the same order with no slowdown. I've tried adding data-1p-ignore and autocomplete="off" but it didn't solve anything.
Autofill does not count as filled in
I'm trying to use 1Password on the site https://plynniepopolsku.thinkific.com/users/sign_in . If I autofill the credentials it fills in the ID and password with a blue background but when I hit the Sign in button nothing happens. If I type or manually paste into the fields the Sign in button works. The Create a New Account page has the same problem: https://plynniepopolsku.thinkific.com/users/sign_up This happens on Chrome, Firefox, and Arc on MacOS. It does not happen with Chrome on Windows. For testing, you can create a made-up entry in 1Password, as incorrect values should return an error but don't when autofilled. Versions: 1Password: 8.12.4 Extension: 8.12.2.37 MacOS: 26.3February 2026 at 1Password: Benchmarking AI security & helping developers access secrets everywhere
February was all about AI agent security and developer workflows. From benchmarking model behavior to expanding programmatic access in 1Password Environments and SDK authentication, we continued strengthening how teams build and secure with 1Password. In case you missed it An ongoing conversation on OpenClaw and AI agents OpenClaw exploded in popularity this month, sparking curiosity across AI and tech circles. In short, OpenClaw is an AI agent that runs locally and performs personal assistant-style tasks such as managing your calendar, checking your email, or prioritizing tasks in your GitHub repository. From making reservations to building custom integrations, users have been quick to push the boundaries of OpenClaw. But with the excitement has also come concern. Agent gateways, such as OpenClaw, have access to the systems where they’re installed, making them a prime target for malicious actors. Since the beginning of the year, we’ve already seen skills that secretly instruct AI agents to deliver malware. As the use of tools like OpenClaw expands, it’s increasingly important to understand how to use them securely, and where the potential threats lie. Interested in the whole story? Our VP of Product, Jason Meller, has penned two recent write-ups on the topic: It’s incredible. It’s terrifying. It’s OpenClaw From magic to malware: How OpenClaw's agent skills become an attack surface Security Comprehension and Awareness Measure benchmark You might know how to spot and avoid phishing attacks, but can AI agents navigate the same scenarios? In our testing, even the most capable AI models were susceptible to common phishing strategies. As AI agents take on more tasks for us, and begin to act like employees, how they handle phishing is becoming a significant security concern. That’s why we built the Security Comprehension and Awareness Measure (SCAM). It’s a benchmark that tests how AI models handle phishing attacks when performing tasks like scanning your inbox or filling credentials. Security Comprehension and Awareness Measure (SCAM) Demo Alongside the benchmark, we also created a security skill. that serves as a phishing crash course for AI models. Introducing this skill improved the likelihood that each model we tested would detect and avoid a phishing test by as much as 59.9%. Programmatic access to 1Password Environments beta and desktop SDK authentication general access Building on last year’s introduction of 1Password Environments, we’re now adding programmatic read-only access. This release allows you to programmatically fetch secrets via CLI and SDKs when those secrets are needed, and only for the time that they are needed. Secure your secrets at runtime with the 1Password CLI and Environments With many thanks to our developer community for testing and feedback, we’re also introducing an update to 1Password SDKs. SDK integrations can now authenticate through the 1Password desktop app with a biometric, or password prompt. This supports workflows such as vault management, vault permissions, and batch item operations. Secure your desktop apps with 1Password SDKs Read the full launch post Evolving our partner ecosystem The 1Password Partner Program enables MSPs and other partners to help their customers adopt the familiar security solutions we provide. This program includes access to sales and technical training, as well as go-to-market resources to support onboarding and growth. We’re now focusing on simplicity, transparency, and consistency to best serve our mutual customers, and help partners scale their businesses. If you’re interested in becoming a partner, or learning more about the program you can read more in our blog post, or check out our partner program site. Random but Memorable February marks the start of a new season for Random but Memorable, our award-winning cybersecurity podcast! In this month’s episodes you can learn about practical security for the people you care about most, as well as guiding children to securely adopt AI tools. How security professionals actually protect their own families AI security tips for modern families with Childnet Release note highlights 1Password in the Browser 1Password items are now immediately cleared from the browser extension when a user is suspended. We’ve fixed an issue where 1Password could get stuck in a loop of repeatedly unlocking in Safari. We now correctly detect GitHub redirect URLs in the “Sign in with” flow. We’ve fixed an issue where 1Password could unexpectedly reload on a new tab in Firefox. Mac, Windows, and Linux We’ve fixed an issue where a prompt to turn on two-factor authentication couldn’t be selected. We’ve fixed an issue where the multi-factor authentication prompt could be missing when trying to unlock the app. We’ve added a new developer setting to enable SDK integrations, so you can authenticate SDKs with authorization prompts from the 1Password desktop app. If you load an empty .env file in Developer > Environments, it will now show a message saying no variables were found. [Windows only]: 1Password now supports a wider set of custom trusted browsers. [Windows only]: We’ve fixed an issue where the Windows Hello prompt could appear behind other windows or seem unresponsive. [Linux only]: We’ve updated our Flatpak Freedesktop dependencies to version 25.08. iOS, and Android [iOS only]: We’ve fixed an issue where Secure Note text would be cut off. [iOS only]: We’ve fixed an issue where exporting through Credential Exchange could fail for items with empty or incomplete website addresses. [iOS only]: We’ve fixed an issue where fields were intermittently visible when switching apps on iOS 26 if “Lock on Exit” was set to “Immediately”. [iOS only]: When a file attachment preview screen is dismissed in search results, it no longer re-appears automatically.
:autofill CSS not being used?
Same title and body as a request put out four years ago. I'm a bit shocked you haven't fixed this yet. I've just noticed that 1Password does not use `:autofill` CSS, but instead adds a custom `data-com-onepassword-filled="light"` attribute. I'm trying to style the filled field properly. 1Password changes the background color and that breaks the visual design here. The readability of my page is totally compromised by your styling. Any particular reason why I cannot use `:autofill` (or `:-webkit-autofill`) to style the field? Regards, JakeChrome-plugin breaks hovers
Hi, sinds a while I notice that the 1Password Chrome-plugin breaks hovers on websites. After I use the plugin to autofill a password (automatically or after clicking) there seems to be an issue with the focus, causing hover-effects to not work in all open tabs and windows. The inspector in the web developer tools also breaks because of this. When I restart Chrome it works again, but as soon as I use the 1Password plugin, it breaks. I find this very frustrating because I have to restart the browser a few times a day, not ideal when having a lot of tabs and windows open. MacOS Tahoe 26.3 1Password for Mac 8.12.4 Chrome plugin version 8.12.4.46
Invalid pop-up asking for a passkey
I'm on macOS 26 using the Safari web browser. Every time I go to chase.com, (and a few other web sites) 1Password presents the following pop-up. As far as I can tell, searching through chase.com's security settings, they do not yet support passkeys. My 1Password entry for chase.com does not give me the banner that chase.com supports passkeys, offering for me to use passkeys. How do I get 1Password to stop presenting this dialogue for websites that do not support passkeys?
1Password Safari extension causes cumulative performance degradation — 50%+ loss
1Password Version: 1Password for Mac 8.12.2 (81202037) Extension version: 8.12.2.37 Host Machine: M4 Pro Macbook Pro 16 I've been investigating 1Password extension performance on WebKit browsers and found a significant issue: the Safari extension leaks state across page navigations, causing performance to degrade sharply after the first page load cycle. Baseline: Speedometer 3.1 (browserbench.org/Speedometer3.1/) in a single Safari window, fresh profile, no extensions. - Run 1: 50.1 ± 3.3 - Run 2: 51.43 ± 0.36 With 1Password: - Run 1: 41.6 ± 0.95 (~18% loss) - Run 2: 21.0 ± 1.9 (~59% loss) - Run 3: 22.9 ± 1.3 (~55% loss) After restarting Safari (Cmd+Q): - Run 1: 46.0 ± 2.4 (~10% loss) - Run 2: 24.9 ± 2.3 (~51% loss) Key findings: 1. First run after a fresh Safari launch shows a modest 10-18% hit — not great, but roughly expected for a password manager extension. 2. Second run onward, performance collapses to ~50-59% degradation and stays there. 3. Restarting Safari resets the issue, confirming it's accumulated state that isn't being cleaned up between page loads. 4. Variance also increases dramatically (±0.36 baseline vs ±1.9-2.4 with the extension), which explains the jittery/sluggish feel. Why this matters beyond synthetic benchmarks: This isn't just a synthetic benchmark issue. Speedometer works by rapidly creating and destroying DOM elements with input fields — which is exactly what happens during normal browsing as you navigate between pages. The extension appears to attach observers or event listeners that don't get torn down on navigation, causing cumulative overhead. This directly explains why Safari feels increasingly sluggish during a browsing session with 1Password enabled. This also applies to other webkit based browsers like Orion. This issue has also been widely reported in the Orion browser community (orionfeedback.org/d/11861), where users see 60%+ degradation with the Chrome version of 1Password running through Orion's Web Extensions bridge. The assumption has been that Orion's compatibility layer is at fault. My testing shows the Safari native extension exhibits the same degradation pattern in Safari itself, which means the root cause is in 1Password's extension code, not in any specific browser's extension runtime. Reproduction steps: 1. Open Safari with only the 1Password extension enabled 2. Navigate to browserbench.org/Speedometer3.1/ 3. Run the benchmark — note the score (~40-45 on M4 Pro MBP) 4. Without restarting Safari, immediately run it again — note the score (~21-25) 5. Restart Safari and repeat — first run recovers, second run degrades again I've been a happy user of 1Password for years and I think the security model of the Vaults is near perfection, but the extensions REALLY need work. And to stave off any "Just use `Cmd+\`" comments: that is not a solution. I'm a heavy user of passcodes and I cannot use them in a browser without the extension.
