Protect what matters – even after you're gone. Make a plan for your digital legacy today.
January 2026 at 1Password: Taking on credential sprawl and advanced phishing scams
We kicked off 2026 with a big step forward for access governance with 1Password Unified Access, rolled out stronger phishing protection, and shipped a steady stream of fixes and improvements across every platform. In case you missed it Governing access beyond SSO with 1Password Unified Access In January, we announced the public preview of 1Password Unified Access, a new capability that helps organizations discover and govern company-owned credentials — including shared and non-SSO accounts that often fall outside traditional identity systems. Unified Access combines 1Password Enterprise Password Manager and 1Password SaaS Manager to give admins a clearer view of which apps rely on traditional credentials, who has access, and when that access should be rotated or revoked. When someone changes roles or leaves, you can revoke access and rotate credentials with a single action. For employees, the App Launcher brings both SSO and non-SSO apps into one place, making it easier to get work done without hunting for logins scattered across portals and vaults. The public preview is available to 1Password EPM Business customers in US-hosted environments with at least 100 users. 👉 Read the announcement and learn how to join the public preview. Introducing extra protection against phishing attempts 1Password has always protected you by refusing to autofill credentials on mismatched sites. But we know that sometimes you might not realize why autofill didn't work—so you'd manually copy and paste instead, which could still get you phished. Now, we've added an extra layer of protection. When you try to paste a password into a site that doesn't match the URL saved in 1Password, you'll see a warning pop-up in your browser—a gentle nudge to slow down and double-check the URL before you continue. Phishing attacks are everywhere right now, and thanks to AI, they're harder to spot than ever. Those fake login pages look almost perfect, and it only takes one quick moment to accidentally hand over your credentials to a scammer. This feature is rolling out to all Individual, Family, and Business customers over the next few weeks. For Individual and Family users, built-in phishing protection will be enabled by default. If you're a 1Password Admin, you can enable it for your team in Authentication Policies in the admin console. 👉 Learn more about phishing protection. Random but Memorable We kicked off the new year with an episode focused on cybersecurity resolutions that are actually worth sticking to! This episode turns advice from last season's guests into a practical checklist, covering small, ten-minute wins like freezing your credit, using passkeys, turning on MFA, cleaning up your digital junk drawer, and adopting a "politely paranoid" mindset to spot scams before they do damage. "If your heart rate increases, your caution should too. If a situation is urgent, contact the sender through a trusted channel, NOT the website, email, or phone number you see in the message." – Dave Lewis, Global Advisory CISO 👉 Listen to the episode Release note highlights 1Password in the Browser When setting up the 1Password extension in Firefox, you now see the permissions page first. We've improved localization for a number of our supported languages. We've fixed an issue where a scrollbar could appear unexpectedly on webpages. We've fixed an issue where the 1Password extension could break syntax highlighting for code blocks on some websites. Mac, Windows, and Linux We've fixed an issue where you couldn't interact with the prompt to turn on two-factor authentication when signing in to the app. We've improved localization for a number of our supported languages. We've fixed an issue where one-time password fields from Bitwarden login items didn't import correctly. We've updated the account icon shown in the authentication prompt when using the CLI or SDK desktop app integrations to have rounded corners. We've fixed an issue where the step to download the 1Password extension was missing from Guided Setup for individual and family accounts. We've fixed an issue where selecting the Create vault button multiple times could cause multiple vaults to be created. We've fixed an issue where items containing files could be duplicated or moved into accounts where file storage was turned off. [Mac only]: We've added Dark Mode and clear 1Password icons for macOS Tahoe. [Windows only]: You now only see the Windows Passkeys setup prompt if an unlocked account has the setting "Passkey item support" enabled. [Windows only]: We've added settings to reduce lag and choppy performance on some high refresh rate G-SYNC monitors. [Windows only]: We've fixed intermittent connection issues between the MSIX version of 1Password for Windows and the browser extension. [Windows only]: We've fixed an issue where op-ssh-sign-wsl.exe could fail to translate Windows Subsystem for Linux (WSL) paths to Windows paths, causing Git commit signing to fail in WSL. [Windows only]: We've fixed an issue that prevented ADMX templates from being ingested and applied in Microsoft Intune. [Linux only]: We've improved error messages and made restarting device enrollment smoother when it fails. [Linux only]: The Linux import callouts now point to the correct support article. [Linux only]: Pressing the Alt key now focuses the 1Password menu icon instead of showing the legacy menu bar. iOS and Android We've made improvements to item import and export functionality. We've improved localization for a number of our supported languages. We've fixed an issue where one-time password fields from Bitwarden login items didn't import correctly. We've fixed an issue where the step to download the 1Password extension was missing from Guided Setup for individual and family accounts. We've fixed an issue where items containing files could be duplicated or moved into accounts where file storage was turned off. [iOS only]: We've fixed an issue where search would dismiss when a recent search was selected on iPadOS 26. [iOS only]: We've fixed an issue in Guided Setup where the Autofill step couldn't be marked as complete. [iOS only]: We've fixed a visual issue with the item list menu on iOS 18. [iOS only]: We've fixed an issue where the "Pull down to search instantly" search tip was dismissed too quickly on first sign in. [iOS only]: We've fixed an issue where the search field didn't work when linking a related item, and the full list of items was shown regardless of your search. [Android only]: We've improved the password autofill experience and added passkey support for Vanadium on GrapheneOS. [Android only]: We've fixed an issue where the bottom navigation didn't restore the last selected tab after restarting the app. [Android only]: We've improved autofill in Android apps where username fields were hard to fill or didn't show suggestions.
Unable to access Our Family account
My wife had an individual !Password account. Later I subscribed to a Family account. I invited my wife to join the Family account. She received the invite and used the same username and password she had on the individual account for the family invitation. She received the secret key for the family account which is different from her individual account. I am using an IPhone and she is using a Samsung. I have confirmed/verified her account on my app. When she logs in to 1Password app using her password, which is the same for both account, it enables her individual account and shows the family account as "locked". The only way to unlock the family account is by using the organizer password and then she has access to ALL passwords including the organizer private vault. If she logs in to 1 Password by scanning her fingerprint, the app enables both her individua and family accounts, but she has access to all folders of the family account including the private vault of the organizer. Is it how the family account is supposed to work?
Fastmail masked email creation in iOS app
There is too much friction when you need to create a new login for an iOS app (not website) and want a masked email for the username. I understand iOS restrictions make this difficult but I should be able to open the 1pw app and have a button to generate new app login with new masked email and new generated password 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Require account password reminder on mobile
Hello, My problem: In mobile app I’m using the „Require Account Password” set to 7 days. My assumption is that this setting increases the security of my 1Password on mobile. However, I always face the password prompt in the least secure places. You know, 1Password on mobile is used on mobile. So it’s quite often that I need to fill in some random password to a service in a hurry. I’d say 90% of the times when I really need my password to be filled in, the app is locked and requires my master password. I do want however to keep that setting on. Having it to 30 days or „never” doesn’t solve the issue though - it makes it either less secure or just less frequent. My proposal. Send a push notification X hours before the password prompt will kick in. Having that, I’ll be able to find a secure place to type my quite long password instead of stressing out when typing password with errors in front of strangers because the ticketing service logged me out 🫠 (or there is any other „rush” situation).
Feature Request - Version Control
Pretty much as the title says, a way to have version control of credentials. This would benefit both users like myself who use 1Password for machine-to-machine secrets when for example using automation to rotate credentials but they for some reason fail to update properly, as well as users who update a password on a website but for some reason the website didn’t accept the new password. Both scenarios have happened to me multiple times and I wish there was an easy way to fetch old credentials. I am aware of the security implications, but if the version history is stored equally as secure as the current object this should be mitigated.
Why do I have to constantly authenticate my iOS app with 2FA code?
I got a new phone and ever since then, I have to enter the 2FA code from Authy every few days, otherwise the app is "offline" and nothing gets synced. It's extremely frustrating, why is it not authenticating me once and then keeping my account in sync?
