Protect what matters – even after you're gone. Make a plan for your digital legacy today.

linux

641 Topics

Use TPM 2.0 PCR binding to allow password-less unlock after reboot on Linux
The Problem: Windows/macOS: Users can reboot and immediately use Windows Hello or Touch ID to unlock. The Master Password is rarely needed. Linux: Even with "System Authentication" enabled, we are forced to type the full Master Password at least once after every reboot or app restart. The Proposal: I would love to see 1Password for Linux implement native TPM 2.0 support to securely store the vault decryption secret, bound to the system's hardware state. Since modern Linux distributions (like Arch, Fedora, Ubuntu) now have mature TPM support (e.g., via systemd-cryptenroll), the infrastructure is ready. How it could work: 1.Secret Sealing: 1Password could seal the necessary decryption key into the TPM chip. 2.PCR Binding: Bind this key to specific Platform Configuration Registers (PCRs), such as PCR 7 (Secure Boot state) and PCR 0 (Firmware). The Result: On boot, if the system hasn't been tampered with (Secure Boot is valid), the TPM releases the key, and 1Password unlocks automatically—or just asks for a fingerprint—without needing the Master Password. Why this matters: Parity: It brings the Linux client up to par with the "magic" experience on other platforms. Security vs. Convenience: It encourages users to set incredibly long, complex Master Passwords because they won't have to type them daily. I know many power users in the Linux community are already using TPM for disk encryption (LUKS). It would be amazing to see 1Password leverage this same hardware capability. Does anyone else in the community want this? Please vote or comment if you do! Thanks
Lira
2 hours ago Place 1Password at home
3Views
0likes
0Comments
debsig package signing issue for 1password & 1password-cli
Problem: I have already raised this issue by email (no response from 1password yet), and BitBot has given this matter reference CKQ-37366-878. 1Password uses the weak, deprecated algorithm SHA1, with debsig, to sign its Debian packages (this affects both 1password [gui app package], and 1password-cli, each in their deb package form). Way back in Nov-2021, debsig v0.24 deprecated SHA1 as an acceptable way to sign packages. This is because a practical collision attack for SHA1 was first demonstrated in 2017. debsig release announcement: https://lists.debian.org/debian-dpkg/2021/11/msg00006.html#:~:text=*%20reject%20weak%20ripemd160%20and%20sha1%20algorithms Any Ubuntu or Debian distro using debsig >= v0.24 will by default not verify 1password or 1password-cli packages, due to the use of weak SHA1 packages. To further prove it is use of weak SHA1 algo for signing that is root cause of debsig-verify failing, and nothing else, you can put "allow-weak-digest-algos" (without quotes) into /etc/gnupg/gpg.conf and then debsig-verify command will confirm that latest 1password or 1password-gui deb package was signed appropriately in "_gpgorigin" file. Yes, an SHA1 collision is still hard, and so SHA1 signing is still better than nothing, and Debian packages is a smaller subset of an already small linux user base for 1password, but it still disappoints me that 1password appears not on top of ensuring all of it crypto algorithm use, are strong, secure, not depricated ones! It makes me wonder and worry where else depricated crypto cyphers are in use, and should I switch to something with more open source code that I can check for myself, like Proton or Bitwarden. Fix required: Please restore my faith in 1password by switching your signing algorithm for all Debian packages, from using SHA 1 (digest algo 2) to SHA 256 (digest algo 8), or even better, SHA 512 (digest algo 10), for debsig. This does not need to change the keys you use, and changes nothing about the underlying packages for 1password or 1password-cli. It is just a change to the deb packages. Steps to reproduce and analyse the issue: (1) Fire up an Ubuntu or Debian instance with debsig >= v0.24 (I used Debian 13 Trixie) (2) wget -O "1password-latest.deb" https://downloads.1password.com/linux/debian/amd64/stable/1password-latest.deb This gets you a suitable package to test the problem on. (3) debsig-verify -d 1password-latest.deb This runs debsig-verify, with debug output visible, on the just downloaded deb package. You can see the signature failure message on the final output line. Higher you can see complaints about an invalid digest algorithm as the root cause (4) Add "allow-weak-digest-algos" (without quotes) into /etc/gnupg/gpg.conf and then re-run the debsig-verify command from step 3 above. Now that we move away from default secure config to reject old, weak depriecated algorithms, such as SHA1, the 1password deb package successfully shows as signed. You could keep all the same keys, and just switch the signing algorithm used by debsig, to SHA256 or even better SHA512 (SHA512 is 64-bit words, so no slower on 64-bit architectures than SHA256, but larger and more secure), and you would fix this problem. If you are still using SHA1 here, and had not noticed until user pointed it out, you should probably (re-)audit where else you are using weak, old, deprecated cyphers in your codebase too, as a good step to continuously improve 1password security!
phil-gg
10 hours ago Place 1Password at work
24Views
0likes
1Comment
1Password Beta + SSH Agent + Hyprland
I’m seeing an issue on 8.11.12_26.BETA where the SSH agent window opens at only ~400x100, making it difficult to use. This problem does not occur on earlier builds — after downgrading to 8.11.10-32.BETA, the window renders normally and everything works fine again. I also noticed a mention of a fix in 8.11.12_26.BETA-26, which seems like it might be related and potentially introduced a regression. [Fixed] We’ve fixed an issue that prevented rich SSH and CLI prompts from appearing on Wayland. Environment: Omarchy v3.0.2 Hyprland 0.51.1 (Wayland) Linux 6.16.8-arch3-1 Happy to provide logs or run additional tests if helpful. Thanks for looking into this! Omarchy issue for additional context: https://github.com/basecamp/omarchy/issues/2016
johanns
22 hours ago Place 1Password at home
174Views
1like
4Comments
Mouse/window handling issues on Ubuntu
Hi, my 1password developed a weird window mgmt issue -- it's as if all mouse left button events are being remapped to right button events for window mgmt. So e.g. clicking on the close 'x' button on the window doesn't close the app but produces the context menu. Mouse buttons within the app itself work as they should, it's only the window mgmt that's affected. 1password ver 8.11.16 Ubuntu 25.10 Weird bug?
chrome0
4 days ago Place 1Password at home
1View
0likes
0Comments
Support for Zen browser
Hi! There's this new browser called "Zen browser" It's based on Firefox but the 1password extension doesn't work with the desktop app 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided
Solved
l4kr
5 days ago Place 1Password at home
16KViews
56likes
179Comments
1password input focus lag with lots of inputs
I'm running into an issue where 1password seems to significantly slow down interaction with the webpage I'm working on. There's a ton of input fields of which most are hidden, I cannot lower the amount of inputs, in fact I have to increase the amount of inputs due to how the system works. Every time I click on an input, the focus is delayed by ~200ms or so. The next time I select the same input field it's instant. 1password seems to do something that slows down the focus event. I made a performance recording in firefox. I selected 3 inputs and after the 3rd on selected the same 3 in the same order with no slowdown. I've tried adding data-1p-ignore and autocomplete="off" but it didn't solve anything.
Linaori
5 days ago Place Developers
20Views
0likes
2Comments
Latest beta doesn't show in app tray
The latest 1Password beta appears to have an error on launch and won't show in the system tray in Linux. All previous betas did not have this issue and the current release version also doesn't have this issue so it appears to be a regression. Version: 1password-beta-8.11.16_30 Console output when launching 1Password: INFO 2025-10-16T07:09:49.078+00:00 ThreadId(34) [1P:op-settings/src/store/json_store.rs:75] Settings file created @ 2024-10-23 19:22:28.731374786 UTC and last modified @ 2025-10-16 07:04:03.841979318 UTC INFO 2025-10-16T07:09:49.079+00:00 ThreadId(34) [client:typescript] Client starting. INFO 2025-10-16T07:09:49.137+00:00 ThreadId(34) [1P:op-localization/src/lib.rs:239] system locale detected as 'en-US' INFO 2025-10-16T07:09:49.137+00:00 ThreadId(34) [1P:op-localization/src/lib.rs:265] selected translations for EN_US based on detected locale en-US INFO 2025-10-16T07:09:49.137+00:00 ThreadId(34) [status:app/op-app/src/app.rs:1030] App::new(1Password for Linux/81116030 (EN_US), /home/<redacted-username>/.config/1Password) INFO 2025-10-16T07:09:49.139+00:00 ThreadId(34) [1P:data/op-db/src/common/mod.rs:186] Core DB Integrity Check Succeeded INFO 2025-10-16T07:09:49.139+00:00 ThreadId(34) [1P:data/op-db/src/core_db/db.rs:145] Starting Core DB at version: 46 INFO 2025-10-16T07:09:49.139+00:00 ThreadId(34) [1P:data/op-db/src/common/mod.rs:155] Core DB Table Integrity Check Succeeded INFO 2025-10-16T07:09:49.146+00:00 ThreadId(34) [1P:data/op-db/src/common/mod.rs:186] Resources DB Integrity Check Succeeded INFO 2025-10-16T07:09:49.146+00:00 ThreadId(34) [1P:data/op-db/src/common/mod.rs:155] Resources DB Table Integrity Check Succeeded INFO 2025-10-16T07:09:49.146+00:00 ThreadId(34) [1P:data/op-db/src/resources_db/db.rs:110] Starting Resources DB at version: 1 INFO 2025-10-16T07:09:49.146+00:00 ThreadId(34) [1P:ssh/op-ssh-config/src/lib.rs:380] agent not configured INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/google-chrome/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/google-chrome-beta/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/google-chrome-unstable/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/chromium/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/microsoft-edge-dev/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/vivaldi/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/vivaldi-snapshot/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.mozilla/native-messaging-hosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 ThreadId(34) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:83] Successfully installed all native messaging manifests. INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(31)) [1P:op-global-shortcuts/src/node.rs:38] Global shortcut registration is not available on this system. INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(25)) [1P:op-global-shortcuts/src/node.rs:38] Global shortcut registration is not available on this system. INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/google-chrome/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/google-chrome-beta/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/google-chrome-unstable/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/chromium/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/microsoft-edge-dev/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/vivaldi/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.config/vivaldi-snapshot/NativeMessagingHosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /home/<redacted-username>/.mozilla/native-messaging-hosts/com.1password.1password.json INFO 2025-10-16T07:09:49.149+00:00 runtime-worker(ThreadId(24)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:83] Successfully installed all native messaging manifests. INFO 2025-10-16T07:09:49.151+00:00 ThreadId(34) [1P:app/op-app/src/app.rs:1688] initializing Developer Environment mount handler INFO 2025-10-16T07:09:49.152+00:00 runtime-worker(ThreadId(27)) [1P:app/op-app-common/src/unlocked_session_keepalive.rs:70] Starting unlocked session keepalive INFO 2025-10-16T07:09:49.152+00:00 runtime-worker(ThreadId(27)) [1P:native-messaging/op-native-core-integration/src/lib.rs:428] Starting IPC listener on 1Password-BrowserSupport ERROR 2025-10-16T07:09:49.152+00:00 runtime-worker(ThreadId(3)) [1P:native-messaging/op-native-core-integration/src/lib.rs:618] Listener on SETTING_STATUS has been dropped, unable to communicate changes made to browser SLS setting ERROR 2025-10-16T07:09:49.152+00:00 ThreadId(34) [1P:ffi/op-core-node/src/lib.rs:558] Io(Os { code: 2, kind: NotFound, message: "No such file or directory" }) INFO 2025-10-16T07:09:49.153+00:00 runtime-worker(ThreadId(31)) [1P:native-messaging/op-native-core-integration/src/lib.rs:440] Active native core integration is awaiting messages INFO 2025-10-16T07:09:49.153+00:00 runtime-worker(ThreadId(27)) [1P:ssh/op-agent-controller/src/lib.rs:573] Starting filesystem watcher for SSH agent configuration directories... ERROR 2025-10-16T07:09:49.153+00:00 runtime-worker(ThreadId(27)) [1P:/mnt/ephemeral/builds/dev/core/core/ssh/op-agent-controller/src/lib.rs:574] Io(Os { code: 2, kind: NotFound, message: "No such file or directory" }) (node:18057) UnhandledPromiseRejectionWarning: ReferenceError: self is not defined at Object.<anonymous> (/opt/1Password/resources/app.asar/552.js:1:14) at Module._compile (node:internal/modules/cjs/loader:1714:14) at Module._extensions..js (node:internal/modules/cjs/loader:1848:10) at Module.load (node:internal/modules/cjs/loader:1448:32) at Module._load (node:internal/modules/cjs/loader:1270:12) at c._load (node:electron/js2c/node_init:2:17993) at TracingChannel.traceSync (node:diagnostics_channel:322:14) at wrapModuleLoad (node:internal/modules/cjs/loader:244:24) at Module.require (node:internal/modules/cjs/loader:1470:12) at require (node:internal/modules/helpers:147:16) (Use `1password --trace-warnings ...` to show where the warning was created) (node:18057) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1) INFO 2025-10-16T07:09:49.351+00:00 runtime-worker(ThreadId(25)) [1P:app/op-app/src/app/backend/lock_screen.rs:96] System unlock is enabled: false INFO 2025-10-16T07:09:49.351+00:00 runtime-worker(ThreadId(25)) [1P:app/op-app/src/app/backend/lock_screen.rs:124] Sys auth status Disabled INFO 2025-10-16T07:09:49.537+00:00 1p-enable-crash-reporter(ThreadId(37)) [1P:op
tannerellen
8 days ago Place 1Password at home
31Views
0likes
3Comments
October at 1Password: Defining new standards, empowering communities, and securing the future
Welcome to your monthly roundup of what’s new in the world of 1Password! 1Password helps author a new open standard for secure credential transfer We’re proud to have helped author a new standard called Credential Exchange Format (CXF), a major step forward in secure, privacy-preserving credential transfer between password managers. CXF will enable people to move their data between password managers safely and consistently, without exposing sensitive details in the process. It’s an open standard developed with other industry leaders to promote portability without compromise. Read the announcement 1Password for Good donates $100k during Cybersecurity Awareness Month During October Cybersecurity Awareness Month, we gave back to communities by donating $100,000 USD to six organizations working to ensure that the next generation has access to the technology education, digital literacy, and online safety skills they need. It’s one of the many ways we are helping communities through our 1Password for Good efforts, including launching a cybersecurity guide for parents with the Family Online Safety Institute. Read the announcement Securing the Win: Our new docuseries with Oracle Red Bull Racing We teamed up with Oracle Red Bull Racing to explore how world-class organizations balance performance and protection. Our new Securing the Win docuseries takes you behind the scenes with the team’s leadership and IT experts. Episode 1: Inside Oracle Red Bull Racing with CEO and Team Principal Laurent Mekies Episode 2: Speed and Security with CIO Mark Hazelton Teaming up with the Utah Jazz and Utah Mammoth We’re excited to announce that we've partnered with Smith Entertainment Group (SEG) — the parent company of the Utah Jazz, Utah Mammoth, and the Delta Center as their Official Cybersecurity Partner. Professional sports franchises depend on speed, trust, and instant, secure access to stay competitive, and 1Password’s Extended Access Management suite will help SEG’s teams protect what matters most both on and off the field. Read the announcement Closing the credential risk gap for AI agents with Browserbase Together with Browserbase, we launched Secure Agentic Autofill, an integration that delivers end-to-end encrypted credentials to AI agents in the browser, only when authorized by a human. This partnership helps developers and AI researchers use LLMs securely by keeping raw credentials out of the model context. Learn more about the Browserbase partnership Introducing .env file support in 1Password environments We’ve added support for .env files in 1Password environments, now available in public beta. This update makes it easier for developers to securely load environment variables directly into local development setups, without exposing secrets in plaintext. You can import, edit, and share .env files across teams while keeping everything fully encrypted and managed in 1Password. Introducing new .env file support in 1Password environments | 1Password Random but Memorable episodes in October Episode 15.7 - The state of passkeys in 2025 Episode 15.8 - What you need to know about car hacking “When you think about the convenience of passkeys, it’s easy to forget how much work goes on behind the scenes to make them secure and interoperable.” – Random but Memorable, Episode 15.7 Release note highlights Browser Extension Fixed an issue where websites with many fields and dropdowns could crash in Chromium browsers. Localization improvements across multiple languages using new translations from Crowdin. On Safari, when you type into a field on a website, you now see a “Save in 1Password” button in the suggestions dropdown. Icons now load significantly faster throughout 1Password. Mac, Windows, and Linux Added breadcrumb navigation to the SSH Agent and CLI pages for easier navigation. Improved localization using new translations from Crowdin. Icons now load significantly faster across all apps. Fixed an issue that could prevent unlocking if the app was closed during sign-in. Improved Guided Setup with a more accurate progress bar. Visual and performance fixes, including smoother launches and rounded window corners on Mac. [Windows only]: Added group policy support using ADMX templates. [Linux only]: Fixed visual issues with prompts and app icons on Wayland. iOS and Android Improved localization using new translations from Crowdin. Icons now load significantly faster. Guided Setup now shows a more accurate progress bar. Fixed an issue that could prevent unlocking if the app was closed during sign-in. [iOS only]: Added a new keyboard shortcut to open in-app settings (Ctrl + Command + ,). [Android only]: Fixed an issue where “Lock 1Password and pause biometrics” didn’t properly lock 1Password.
1P_Blake
9 days ago Place Announcements
351Views
0likes
6Comments
Improved date formatting in the 1Password desktop app
Hello 1Password Community! With the next update to the 1Password desktop app (version 8.10.80), we have improved how date formats are handled when viewing and editing an item. Leading up to this update, there has been some inconsistency with how the desktop application has handled date formats when viewing and editing items. In some cases, date formats were being determined by the display language set in 1Password whereas in other cases, date formats were being determined by the language set against the device. This has led to some users seeing different date formats within the desktop app causing confusion. With this update, we've made things consistent by ensuring that dates saved against items always appear in a format determined by the locale set against your device (both when viewing and editing items) and never by the display language set in 1Password. This way, the desktop application can support more date formats than just the ones tied to the display languages that we support. Along with the recent improvements that we made to the date picker, we are hoping that you enjoy a much improved experience with dates in the 1Password desktop application! Thank you!
1P_justin
10 days ago Place Announcements
888Views
4likes
25Comments
1Password no longer offering to fill in locally hosted http service
On my local LAN, I have an instance of a news feed reader program, tt-rss, running. It's recently moved to new management after its original author dropped the open source project. As it's not externally accessible, I can't easily give it something like an LE SSL certificate, so it runs over plain HTTP. I run Ubuntu, and at the moment use the 1Password Beta 8.11.22.25 plugin in Firefox 145.0.2-canonical-002-1.0 snap, so due to the ongoing sandboxing issues, 1Password browser plugin cannot communicate with the local 1Password instance, and phones home to 1Password servers instead. The URL of the internal-only service is something like: http://ttrss.internal.external.tld.country/ ... and it resolves to something in RFC1918 range. When I tell the plugin to "Collect Page Structure", the JSON it returns is: { "unparsedUrl": "http://ttrss.internal.external.tld.country/", "title": "Tiny Tiny RSS : Login", "frames": [] } ... so it seems like 1Password browser plugin is not even giving me the option to ignore the HTTP warning (like it does on my Android device), rather it's fully blocking auto-fill from the page (why isn't it parsing the URL?)? At the moment, my workaround is to click on 1Password icon in browser, and them manually copy username and password. Is this a deliberate removal of support for autofill of HTTP support in latest versions? Could this perhaps still be supported for RFC1918 IPs?
adfhogan
11 days ago Place 1Password at home
52Views
0likes
2Comments