Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Domain Migration/Merge
I am not sure if there was an option, may of the settings became unavailable once 1P was connected to an IDP(Rippling). 1- We are rebranding and migrating from domain W to domain A, is there a way to rename users from user @ w.com to user @ a.org while keeping their access and accounts? 2-I've also seen a few users having both a.org and w.com accounts, is there a way to merge the two under a.org? 3-When a user is offboarded they may have passwords not saved in a shared vault, I would manually login as the user to access those. Is there an admin tool/function to transfer those vault items to their manager? Thanks!April 2026 at 1Password: Post-quantum protection, External Checks close the access gap, and AI-era security
In April, we began rolling out new protections that will keep your data safe in a world with quantum computers, we expanded how teams can enforce access with External Checks in 1Password Device Trust, and shared new thinking on AI agents, credential sprawl, and what it takes to secure systems in a faster-moving threat landscape. In case you missed it A first step toward post-quantum security Introducing the first major milestone in our post-quantum cryptography (PQC) journey: as post-quantum protection in the 1Password web app! 1Password now supports hybrid post-quantum key exchange in PQC-capable browsers like Chrome or Firefox. It all happens automatically – no user action required. This helps protect against "harvest now, decrypt later" attacks, where adversaries capture encrypted traffic today in the hope that future quantum computers will be able to decrypt it. This is the first phase of a broader post-quantum roadmap focused on protecting your data against the threats of today and tomorrow. Read more about our first step toward post-quantum security. Building a Mythos-ready security program AI is accelerating how quickly vulnerabilities can be found and exploited, and security programs need to keep up. We looked at what security leaders can do now to prepare for a world where AI-driven vulnerability discovery happens at machine speed. The takeaway: patching still matters, but it can't be the entire strategy. Teams also need to limit the blast radius by controlling access, isolating agentic identities, replacing long-lived secrets, and making it harder for a single exploit to escalate into a larger breach. Read the full post on building a Mythos-ready security program. External Checks in Device Trust 1Password Device Trust can now factor in signals from other systems before allowing access to protected apps. With External Checks, access decisions can include more than device posture. Admins can pull in things like security training completion, policy acknowledgments, MFA enrollment, active employment status, and other verification signals from external systems. External Checks closes the gap between having a policy in place and actually enforcing it when someone tries to reach company apps and data. Learn more about External Checks in 1Password Device Trust. What we learned using AI agents to refactor a monolith We shared a behind-the-scenes look at how 1Password used AI agents to help refactor a large Go monolith. The work demonstrated how agents can be genuinely useful, especially for analyzing large codebases, building deterministic tools, and executing well-scoped changes. It also showed where they still need strong constraints, clear specifications, and human judgment. Read more about what we learned using AI agents to refactor a monolith. Protecting against OAuth-based supply chain breaches Credential sprawl continues to spread across SaaS apps, developer tools, automation workflows, and AI agents. OAuth makes it easy to connect new tools, but those connections can quietly become supply chain risks when permissions are broad, long-lived, or poorly tracked. We looked at how OAuth-based supply chain attacks happen, how Google Workspace admins can check which third-party apps currently have access, and why ongoing discovery is more effective than a one-time audit. Read more about protecting against OAuth-based supply chain breaches and credential sprawl. Chasing Entropy (Season 2) Season two of Chasing Entropy kicked off in April with three new episodes: Why secure-by-design is an incentives problem, with Bob Lord. Dave Lewis and Bob Lord get into secure-by-design principles, AI systems, software supply chains, and why security outcomes need to be owned at the organizational level. What cyber conflict reveals about power and doctrine, with Allie Mellen. Dave talks with analyst and author Allie Mellen about cyber conflict, attribution, geopolitics, and why defenders need to understand intent, not just indicators. Why friction is a security risk, with Dustin Heywood. Dave and IBM's Dustin Heywood (aka EvilMog) get into agentic AI, machine identity, quantum planning, and why security controls that add friction tend to get bypassed. Listen to Chasing Entropy wherever you get your podcasts. Random but Memorable April brought three new episodes of Random but Memorable to catch up on: What it takes to protect – and break into – data centers with Deviant Ollam Are you oversharing with AI? Author Jamie Bartlett has thoughts What to do if you’ve been hacked, with Glenn Wilkinson This month covered the physical side of security, safer AI habits, what to do after a compromise, and how supply chain attacks are feeding into one another. Release note highlights Browser extension Added settings that let you choose which item types appear as autofill suggestions in the inline menu. Reorganized Autofill settings for easier navigation. Fixed an issue where the browser extension didn’t unlock with the 1Password app. Fixed issues with the sign-in banner and Quick Access suggestions in Chrome and Chromium-based browsers on Mac. Fixed several autosubmit and website-specific autofill issues. Mac, Windows, and Linux Improved localization across supported languages. Updated the wording for unlock preset options. Fixed an issue where a LastPass import could fail if the account had multi-factor authentication enabled. Improved how 1Password recovers drafts of items. App icons shown in SSH, CLI, and SDK authentication prompts now display more quickly. [Mac only] Improved handling for shortened Apple Maps links. [Windows only] Fixed an issue where 1Password couldn’t be used as the Windows passkey manager when installed on an external drive. [Linux only] Added a “Start at login” setting, enabled by default in Settings > General. iOS and Android Improved localization across supported languages. Updated the wording for unlock preset options. Improved how 1Password recovers drafts of items. [iOS only] Fixed an issue that could cause excessive background battery use after using AutoFill. [iOS only] Fixed an issue that could prevent 1Password for Safari from unlocking. [Android only] Fixed a crash that could occur when first launching the app. 1Password CLI Added Shell Plugin support for Claude Code CLI, Scaleway CLI, AWS SAM CLI, AWS eksctl, AWS awslogs, and OpenAI Codex CLI. The AWS CDK shell plugin now supports AWS profiles that assume a role with the --profile flag. op run now properly terminates subprocesses when cancelled. 1Password CLI commands now support the Account Trust Log when authenticating with the 1Password desktop app.
Adding New Client's Account to Current Account?
Hello, I have 1Password where I have a Personal account and a Business account. My new client wants me to join her account. When I click the "accept invite" button, it doesn't give me a choice to sign in - only to register. Is there a way that I can add the client's 1Password account to my current 1Password? That way I won't have to sign in and out again. I'm on a MAC. Thank you!Upcoming 1Password webinars
Hi folks, Here's an overview of all the webinars we have coming up in the next several weeks. I hope we'll see you there! Wednesday, March 4th at 9 AM PST / 12 PM EST (60 minutes): What's new? The 1Password quarterly security spotlight and roadmap review Join us to learn how Alliants uses 1Password Enterprise Password Manager (EPM) and 1Password SaaS Manager to simplify SaaS management, enhance security, and align IT operations with business goals. Plus, hear the latest 1Password news, product updates, and releases to help you get the most out of the 1Password platform. Thursday, March 5th at 11 AM GMT / 12 PM CET / 1 PM EET (60 minutes): What's new? The 1Password quarterly security spotlight and roadmap review This is the same webinar, but scheduled to be more convenient for Europe, the Middle East, and Africa. Wednesday, March 11th at 9 AM PDT / 12 PM EDT (60 minutes): How IT and finance can collaborate to take control of SaaS spend Join us for a live webinar designed for IT and finance leaders who want to regain visibility, reduce waste, and align SaaS investments with business value. Thursday, March 19th at 10 AM GMT / 11 AM CET / 12 PM EET (60 minutes): What's new? The 1Password quarterly security spotlight and roadmap review This is the same webinar, but scheduled to be more convenient for Europe, the Middle East, and Africa.
Moving Chrome passwords to 1P, with a catch......
Hi all, I am having issues with moving my Chrome passwords to 1P (I'm on WIN11). I've read the standard blurb about going to chrome://settings/passwords. I have a different situation. At work, we have many different test environments that we use, and each environment has multiple 'users'. I currently have multiple (think 40 or so) Chrome profiles set up. Now, I DON'T log in to Chrome as you normally would. By not logging in, I can have these multiple Chrome profiles to use and I don't have any conflicts. I'm thinking I want to move these Chrome profiles over to 1P, but short of going in to each profile>Bookmark Manager (and copy/paste each URL with each user and that users password), I'm drawing a blank as to how to move these over. Any thoughts here? Cheers JimUpcoming 1Password webinars
Hi folks, Here's an overview of all the webinars we have coming up in the next several weeks. I hope we'll see you there! Thursday, January 22nd at 10:30 AM PST / 1:30 PM EST: Best practices for uncertain times: A new framework for identity security Join Abe Ankumah, Chief Product Officer at 1Password, Francis Odum, cybersecurity analyst and founder of Software Analyst Cyber Research, and Blaine Carter, Global CIO at FranklinCovey as they share how forward-thinking companies are preparing for the identity security challenges of the year ahead. Wednesday, March 4th at 9 AM PST / 12 PM EST: What's new? The 1Password quarterly security spotlight and roadmap review Join us to learn how Alliants uses 1Password Enterprise Password Manager (EPM) and 1Password SaaS Manager to simplify SaaS management, enhance security, and align IT operations with business goals. Plus, hear the latest 1Password news, product updates, and releases to help you get the most out of the 1Password platform. Thursday, March 5th at 11 AM GMT / 12 PM CET / 1 PM EET: What's new? The 1Password quarterly security spotlight and roadmap review This is the same webinar, but scheduled to be more convenient for Europe, the Middle East, and Africa.Research opportunity: Help shape the future of 1Password + gift card for your time
Hey 1Password community 👋 Our team is running 1:1 research interviews with current 1Password Business customers, and we’d love your insights. We’re especially interested in hearing from folks using the 1Password Enterprise Password Manager (with or without 1Password Device Trust or 1Password SaaS Manager), and who are involved in managing access, identity, and device posture at their company. Our goal with this research is to better understand how access is managed in the real world, especially in places where SSO, IdPs, and MDMs may not reach. Your feedback will directly influence how we evolve our products and features going into 2025. Who we’re looking for: Admins, IT, or Security leads at companies with 500–3,000 employees in North America, Europe, or Australia Decision-makers, or those with hands-on experience managing access tools Current users of 1Password Business and/or Extended Access Management What to expect: A 60-minute live interview Flexible scheduling between August 4th and 15th A $100 gift card from popular retailers as a thank-you We only have 10 slots available, so if you’re interested, please fill out this short screener survey. Thanks for being part of the community, we’re excited to learn from you!The Access-Trust Gap: Annual Report 2025
Unsanctioned AI tools. Patchy access controls. Unmanaged apps and devices. And of course, compromised credentials. These are the issues revealed in our latest 1Password Annual Report 2025: The Access-Trust Gap. Based on a survey of over 5,000 knowledge workers, IT and security professionals, and CISOs, the report captures a moment of rapid technological and cultural change. The rise of hybrid work, SaaS sprawl, personal device use, and generative AI have all stretched identity and access tools like SSO and MDM beyond their limits. The result is what we call the Access-Trust Gap — the divide between the access that IT and security teams can govern, and the reality of how people (and now AI agents) actually access sensitive data. The report highlights four areas where that gap is widest: AI tools: High enthusiasm, low policy compliance. SaaS apps: Shadow IT and unmanaged access remain rampant. Credentials: Weak and reused passwords still drive breaches. Devices: MDM alone can’t keep pace with today’s hybrid workforce. Together, these findings paint a picture of an enterprise world struggling to keep up with how (and where) work happens today. The good news? There’s a clear path forward. We outline how organizations can close the Access-Trust Gap by pairing stronger governance with modern tools like 1Password Extended Access Management, 1Password SaaS Manager, and 1Password Device Trust — helping companies embrace AI and modern work securely. 📘 Read the full report: 1Password Annual Report 2025 📰 Read the blog post: The enterprise AI crisis: Unsanctioned tools and unenforced policies
Feature Request: Optionally allow sharing recipients to edit/update entries
Hi I love 1Password, cannot live without it in my personal and professional life. But one thing I struggle with is helping my customers maintain a safety first demeanor when it comes to sharing secrets. With 1Password it is easy enough for me to share secrets with them securely, but the inverse is not true UNLESS they also have 1Password, or similar. [2025.10.09 - Update] After looking into WHY this doesn't exist I now understand the problem that allowing an external non vault member to write directly into my vault would break the security model as that external non vault member would need my keys to write into my vault. So instead it could be something like this You initiate a “Secret Request” from 1Password: It generates a unique, signed URL. Optionally, you can label it (“Please send me your API key for X”). The recipient (your customer): Opens that link in their browser. Enters their secret (password, API key, etc.). Their browser encrypts it locally with a one-time symmetric key before upload. The key is only embedded in the returned “Send” link that comes back to you. You receive the “return link”: You open it once, decrypt locally, and copy the secret into your own vault. Optionally, the link auto-expires after one view or a set time. 1Password’s servers never see plaintext, they just store encrypted blobs. Full disclaimer, some AI servant came up with the above summary after I was trying to figure out why it may not be secure to just have people write directly into my vault and what the alternatives were. [Original not so secure feature request below] The feature I am looking for and would be willing to pay for, would be to allow sharing an entry, blank or otherwise, and then to optionally indicate that the sharing recipient may update the values or create new ones. Basically I want to allow someone external to be able to populate an entry in my vault as a mechanism for them to securely share secrets with me. Use case: I need to do an integration project with my customer's ERP system and I need a secret from them. They need to share this secret with me and may not have a great way to do that securely. So if I could securely send them a link to an entry in my vault with edit permissions, then they could easily just drop the secret in there. From a feature point of view, I guess it doesn't have to be limited to Update only, you could send someone a "Please create a new entry in my vault request", and then the entry would not have to exist prior to them getting the create request. Let me know what you thinkZscaler and 1Password Device Trust integration available now
1Password is proud to announce a new integration with Zscaler, a leading cloud-based solution for Zero Trust network access (ZTNA). This marks a shared commitment to helping our customers secure access, reduce their attack surface, manage AI app sprawl, and practice the principles of Zero Trust. The 1Password® Extended Access Management platform is designed to support Zero Trust initiatives by securing every sign-in to every application from any device, including unmanaged devices and apps. Now, 1Password has built an integration between Zscaler and 1Password Device Trust to help mutual customers secure access and reduce risk. With this integration, customers using 1Password and Zscaler can be confident that critical applications are only accessible from trusted, healthy devices where Zscaler is installed and configured. Available to all 1Password Device Trust and Zscaler joint customers! Learn more about the integration announcement
