Protect what matters – even after you're gone. Make a plan for your digital legacy today.
The Access-Trust Gap: Annual Report 2025
Unsanctioned AI tools. Patchy access controls. Unmanaged apps and devices. And of course, compromised credentials. These are the issues revealed in our latest 1Password Annual Report 2025: The Access-Trust Gap. Based on a survey of over 5,000 knowledge workers, IT and security professionals, and CISOs, the report captures a moment of rapid technological and cultural change. The rise of hybrid work, SaaS sprawl, personal device use, and generative AI have all stretched identity and access tools like SSO and MDM beyond their limits. The result is what we call the Access-Trust Gap — the divide between the access that IT and security teams can govern, and the reality of how people (and now AI agents) actually access sensitive data. The report highlights four areas where that gap is widest: AI tools: High enthusiasm, low policy compliance. SaaS apps: Shadow IT and unmanaged access remain rampant. Credentials: Weak and reused passwords still drive breaches. Devices: MDM alone can’t keep pace with today’s hybrid workforce. Together, these findings paint a picture of an enterprise world struggling to keep up with how (and where) work happens today. The good news? There’s a clear path forward. We outline how organizations can close the Access-Trust Gap by pairing stronger governance with modern tools like 1Password Extended Access Management, Trelica by 1Password, and 1Password Device Trust — helping companies embrace AI and modern work securely. 📘 Read the full report: 1Password Annual Report 2025 📰 Read the blog post: The enterprise AI crisis: Unsanctioned tools and unenforced policies
Feature Request: Optionally allow sharing recipients to edit/update entries
Hi I love 1Password, cannot live without it in my personal and professional life. But one thing I struggle with is helping my customers maintain a safety first demeanor when it comes to sharing secrets. With 1Password it is easy enough for me to share secrets with them securely, but the inverse is not true UNLESS they also have 1Password, or similar. [2025.10.09 - Update] After looking into WHY this doesn't exist I now understand the problem that allowing an external non vault member to write directly into my vault would break the security model as that external non vault member would need my keys to write into my vault. So instead it could be something like this You initiate a “Secret Request” from 1Password: It generates a unique, signed URL. Optionally, you can label it (“Please send me your API key for X”). The recipient (your customer): Opens that link in their browser. Enters their secret (password, API key, etc.). Their browser encrypts it locally with a one-time symmetric key before upload. The key is only embedded in the returned “Send” link that comes back to you. You receive the “return link”: You open it once, decrypt locally, and copy the secret into your own vault. Optionally, the link auto-expires after one view or a set time. 1Password’s servers never see plaintext, they just store encrypted blobs. Full disclaimer, some AI servant came up with the above summary after I was trying to figure out why it may not be secure to just have people write directly into my vault and what the alternatives were. [Original not so secure feature request below] The feature I am looking for and would be willing to pay for, would be to allow sharing an entry, blank or otherwise, and then to optionally indicate that the sharing recipient may update the values or create new ones. Basically I want to allow someone external to be able to populate an entry in my vault as a mechanism for them to securely share secrets with me. Use case: I need to do an integration project with my customer's ERP system and I need a secret from them. They need to share this secret with me and may not have a great way to do that securely. So if I could securely send them a link to an entry in my vault with edit permissions, then they could easily just drop the secret in there. From a feature point of view, I guess it doesn't have to be limited to Update only, you could send someone a "Please create a new entry in my vault request", and then the entry would not have to exist prior to them getting the create request. Let me know what you thinkZscaler and 1Password Device Trust integration available now
1Password is proud to announce a new integration with Zscaler, a leading cloud-based solution for Zero Trust network access (ZTNA). This marks a shared commitment to helping our customers secure access, reduce their attack surface, manage AI app sprawl, and practice the principles of Zero Trust. The 1Password® Extended Access Management platform is designed to support Zero Trust initiatives by securing every sign-in to every application from any device, including unmanaged devices and apps. Now, 1Password has built an integration between Zscaler and 1Password Device Trust to help mutual customers secure access and reduce risk. With this integration, customers using 1Password and Zscaler can be confident that critical applications are only accessible from trusted, healthy devices where Zscaler is installed and configured. Available to all 1Password Device Trust and Zscaler joint customers! Learn more about the integration announcement
Close the Access-Trust Gap: Secure every sign-in, to every app, from every device with 1Password
Register for this event here Date: Tuesday, May 13th Time: 9 AM PDT / 12 PM EDT Today’s enterprises face a widening Access-Trust Gap: the security risks posed by all of the devices, apps, and AI agents that can company resources without proper governance controls. 1Password® Extended Access Management closes the gap by helping organizations secure every sign-in, to every app, from every device. Now, new capabilities of the platform extend visibility and control even further, providing employees with seamless access while ensuring the highest level of security. Join us for a discussion of these exciting new capabilities, including: 1Password Access Governance: Gain full visibility and control over SaaS apps. Extended Device Compliance: Enforce device health before granting access to web and AI apps. App Launcher: Provide secure, one-click access to both managed and unmanaged apps. XAM Console: Unified hub to manage and govern access for all of their company’s users, apps, and devices. 1Password SDK for AI Agents: Allow developers to build AI workflows that securely read, write, share, and rotate secrets.Close the Access-Trust Gap: Secure every sign-in, to every app, from every device with 1Password
Register for this event here Date: Wednesday, May 14th Time: 11 AM BST / 12 PM CEST / 1 PM EEST Today’s enterprises face a widening Access-Trust Gap: the security risks posed by all of the devices, apps, and AI agents that can company resources without proper governance controls. 1Password® Extended Access Management closes the gap by helping organizations secure every sign-in, to every app, from every device. Now, new capabilities of the platform extend visibility and control even further, providing employees with seamless access while ensuring the highest level of security. Join us for a discussion of these exciting new capabilities, including: 1Password Access Governance: Gain full visibility and control over SaaS apps. Extended Device Compliance: Enforce device health before granting access to web and AI apps. App Launcher: Provide secure, one-click access to both managed and unmanaged apps. XAM Console: Unified hub to manage and govern access for all of their company’s users, apps, and devices. 1Password SDK for AI Agents: Allow developers to build AI workflows that securely read, write, share, and rotate secrets.Share Your Experience with Device Trust and Get a $100 Gift Card
Hey 1Password community 👋 Whether you’re using 1Password Device Trust today, have evaluated it, or decided not to use it, we’re running 30-minute research interviews to learn more about your experience. Your feedback will help us better understand real-world access management challenges and shape how Device Trust evolves in 2025. Plus, you’ll get a $100 gift card for your time! Who we’re looking for: Current users of 1Password Business who have used, trialed, or considered Device Trust Admins, IT, or Security leads at companies of any size in North America, Europe, or Australia Decision-makers, or those with hands-on experience managing access tools What to expect: A 30 minute live interview with a member of our Product Marketing or UX Research team Flexible scheduling of interviews A $100 gift card from popular retailers as a thank-you We have limited spots available, so if you’re interested, please sign up here! Thanks for helping us make Device Trust even better, we’re excited to learn from your experiences!Research opportunity: Help shape the future of 1Password + gift card for your time
Hey 1Password community 👋 Our team is running 1:1 research interviews with current 1Password Business customers, and we’d love your insights. We’re especially interested in hearing from folks using the 1Password Enterprise Password Manager (with or without 1Password Device Trust or Trelica by 1Password), and who are involved in managing access, identity, and device posture at their company. Our goal with this research is to better understand how access is managed in the real world, especially in places where SSO, IdPs, and MDMs may not reach. Your feedback will directly influence how we evolve our products and features going into 2025. Who we’re looking for: Admins, IT, or Security leads at companies with 500–3,000 employees in North America, Europe, or Australia Decision-makers, or those with hands-on experience managing access tools Current users of 1Password Business and/or Extended Access Management What to expect: A 60-minute live interview Flexible scheduling between August 4th and 15th A $100 gift card from popular retailers as a thank-you We only have 10 slots available, so if you’re interested, please fill out this short screener survey. Thanks for being part of the community, we’re excited to learn from you!
Approval process for elevated access
Hi, I have a use case for our business that is to address PAM issues when it comes to platforms that do not have granular access controls. As an example: Our end users are have access to 1 or more vaults. The IT team has access to all vaults, except Accounts (AR/AP). Our IT team uses a highly privileged service account to manage the implementation in a CRS or CRM. The details are stored in an IT Vault, for which the IT team has continuous access to. Sometimes a member of the IT team needs to use a service account to amend the implementation. Instead of reactively addressing access through audit logs or manually assigning and unassigning vault access, the feature request would be to have an approval process - much like Microsoft's PIM approval - to access a certain item or vault in 1Password. This way, the access request is passed to designated users or groups, that may approve the access. The access approval could be contingent on either all designated users approving, or 1 elevated users approval.Q2 2025: 1Password Security Spotlight & Roadmap Review
Hey everyone 👋 Thanks for joining us for our Q2 Security Spotlight and Roadmap Review — our quarterly look at what’s new (and what’s coming next) in 1Password. 🔍 In this session, we covered: The top 3 access management challenges today: Application sprawl Device sprawl Identity sprawl Real-world use cases for 1Password Extended Access Management New features like device posture enforcement across web apps – whether they’re behind SSO or not. Upcoming support for AI agents 🎙️ Your speakers: Marc von Mandel – Director, Solutions & Channel Product Marketing Evan Sandhu – Product Marketing Associate Marc and Evan will be keeping an eye on this thread over the next few days and jumping in to answer questions. Feel free to tag them directly! 💬 Have a question? We’d love to hear it. Whether you’re looking for more context, curious how something might apply to your setup, or have ideas to share — post them below. We’re all ears. Thanks again for being part of the 1Password Community!
Hide password for employes
Hi everybody, i'm new on 1password, and already searching for a moment how to make that my employees don't see the password when they use 1Password but can't find it. So in fact, I have some employees for who i prefer that they don't see the password when using it to logging to some website. Is there any possibility on 1password on auto-completion without any possibility to display the password? Thanks a lot for any answers! Regards, Yannick
