1Password

2026-01-05T10:39:49Z

2001:A61:12AD:C101:5ED3:B86A:C267:3FB4: Explain Okta incident

{{ProductCargo
|Company=Agilebits
|ProductLine=1Password
|InProduction=Yes
|ArticleType=Product
|Category=Software,Password Managers
|Website=https://1password.com/
|Description=1Password is a secure password manager that stores and encrypts passwords, login details, and other sensitive information in a digital vault
|Logo=1Password-logo.png|ReleaseYear=2006}}1Password is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.

1Password, in addition to passwords, is capable of storing myriad site credentials including one-time codes, emails / user names, and additional notes.<ref>{{Cite web |title=Password Manager for Individuals & Families |url=https://1password.com/product/password-manager |url-status=live |archive-url=https://web.archive.org/web/20251030021958/https://1password.com/product/password-manager |archive-date=2025-10-30 |access-date=2025-10-21 |website=1Password}}</ref>

==Consumer impact summary==

===Freedom===
<blockquote>"You can export your 1Pasword information at any time. If you discontinue payment, your account will enter a frozen (read-only) state that still allows you to retrieve and export your information. Your export will be limited to the information you saved in 1Password. We can’t guarantee that vault permissions, group structures, and other details about relationships between people and information are included."<ref name="privacy">{{Cite web |date=2025-02-27 |title=About 1Password and your privacy |url=https://support.1password.com/1password-privacy/ |url-status=live |archive-url=https://web.archive.org/web/20250905085406/https://support.1password.com/1password-privacy/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Support}}</ref></blockquote>Users can import existing passwords from other managers and export passwords and other content in formats suitable for importing into other managers. 1Password is not a walled-garden. Allowing the subscription to expire places an account in a read-only state, where the user can still download their passwords and other saved content.

===Privacy===
From "Your Rights" section of the privacy policy:<blockquote>"'''You have the right to your information.''' We'll never lock you out of your 1Password account, but we're unable to decrypt it for you."<ref name="privacy" /> </blockquote>This implies anything inside it is hidden from the company, which is great as it is a password manager.<blockquote>"'''You have the right to know what we know.''' You have the right to know what we know about you and see how we handle that information. If you make such a request, you'll receive a screenshot of what we can see about you in our systems. To protect customer privacy, these requests will be carefully authenticated beyond demonstrating control of the registered email address."<ref name="privacy" /></blockquote>Possibly, such a request will need to contain identifying information you have to provide in order to use the service such as email, name, address, and payment information.

===User security===
Users should be aware that using password manager browser extensions increases their vulnerability to clickjacking<ref name=":0">{{Cite web |last=Toulas |first=Bill |date=2025-08-20 |title=Major password managers can leak logins in clickjacking attacks |url=https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250929091759/https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/ |archive-date=2025-09-29 |access-date=2025-09-05 |work=Bleeping Computer}}</ref> where the autofill feature of password managers is abused to trick the password manager into leaking user credentials and other sensitive details.<ref name=":1">{{Cite web |last=Naprys |first=Ernestas |date=2025-08-21 |title=Major flaw affecting password managers: they autofill credentials for attackers |url=https://cybernews.com/security/password-managers-autofill-credentials-for-attackers/ |url-status=live |archive-url=https://web.archive.org/web/20251019001532/https://cybernews.com/security/password-managers-autofill-credentials-for-attackers/ |archive-date=2025-10-19 |access-date=2025-09-05 |work=Cybernews}}</ref> It is considered best practice to copy in these elements on trusted pages manually. <ref name=":0" /><ref name=":1" /><ref>{{Cite web |last=Tóth |first=Marek |date=2025-09-11 |title=DOM-based Extension Clickjacking: Your Password Manager Data at Risk |url=https://marektoth.com/blog/dom-based-extension-clickjacking/ |url-status=live |archive-url=https://web.archive.org/web/20251020074626/https://marektoth.com/blog/dom-based-extension-clickjacking/ |archive-date=2025-10-20 |access-date=2025-10-21 |website=marektóth}}</ref>

===Business model===
Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web |title=1Password Device Trust |url=https://1password.com/product/device-trust |url-status=live |archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust |archive-date=2025-10-30 |access-date=2025-10-21 |website=1Password}}</ref><ref>{{Cite web |title=XAM: Extended Access Management |url=https://1password.com/extended-access-management |url-status=live |archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management |archive-date=2025-10-20 |access-date=2025-10-21 |website=1Password}}</ref> especially for secret management for software development (e.g., SSH keys, authentication tokens, API keys, etc.).{{CitationNeeded}} 

===Market control===

1Password claims on its website front page that it is industry leading, although it does not cite any public market researches or 3rd party audits. However, a bug bounty program exists on HackerOne.<ref>{{Cite web |date=2024-12-09 |title=1Password - CTF {{!}} Bug Bounty Program Policy |url=https://hackerone.com/1password_ctf?type=team |url-status=live |archive-url=https://web.archive.org/web/20251004161711/https://hackerone.com/1password_ctf?type=team |archive-date=2025-10-04 |access-date=2025-10-21 |website=HackerOne}}</ref> Market studies and reviews (as of October 2025) show that it has significant competitive control.<ref>{{Cite web |title=Password Management Market Size & Share Analysis - Growth Trends & Forecasts (2025 - 2030) |url=https://www.mordorintelligence.com/industry-reports/password-management-market |url-status=live |archive-url=https://web.archive.org/web/20250907113812/https://www.mordorintelligence.com/industry-reports/password-management-market |archive-date=2025-09-07 |access-date=2025-10-21 |website=Mordor Intelligence}}</ref><ref>{{Cite web |last=Bouman |first=Amber |last2=Spadafora |first2=Anthony |date=2025-09-11 |title=The best password managers in 2025 |url=https://www.tomsguide.com/us/best-password-managers,review-3785.html |url-status=live |archive-url=https://web.archive.org/web/20251012224159/https://www.tomsguide.com/us/best-password-managers,review-3785.html |archive-date=2025-10-12 |access-date=2025-10-21 |website=Tom's Guide}}</ref><ref>{{Cite web |last=Key |first=Kim |last2=Henry |first2=Alan |date=2025-10-14 |title=The Best Password Managers for 2025 |url=https://www.pcmag.com/picks/the-best-password-managers |url-status=live |archive-url=https://web.archive.org/web/20251017061423/https://www.pcmag.com/picks/the-best-password-managers |archive-date=2025-10-17 |access-date=2025-10-21 |website=PCMag}}</ref> 

==Incidents==
This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===1Password Okta instance breach, discovered (''29 Sept 2023'')===
On September 28, 2023, the Okta Help Center suffered a security incident. During the breach, the attackers were able to extract sensitive data from the customer support system.<ref>{{Cite web |last=Bradbury |first=David |date=2023-11-29 |title=October Customer Support Security Incident - Update and Recommended Actions |url=https://sec.okta.com/articles/october-security-incident-recommended-actions/ |url-status=live |archive-url=https://web.archive.org/web/20240720042135/sec.okta.com/articles/october-security-incident-recommended-actions/ |archive-date=2024-07-20 |access-date=2026-01-05 |website=Okta Security}}</ref>

1Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web |last=Canahuati |first=Pedro |date=2023-10-23 |title=Okta Support System incident and 1Password |url=https://blog.1password.com/okta-incident/ |url-status=live |archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref> 
<gallery>
File:Okta-incident-report.pdf|PDF document report of the breach (click twice to open)
</gallery>

==See also==
==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

Microsoft Office 2019 for Mac

2026-01-05T09:58:40Z

2001:A61:12AD:C101:5ED3:B86A:C267:3FB4: Fix broken Company and ProductLine fields

{{Stub}}
{{ProductCargo
|ArticleType=Product
|Category=Software
|Company=Microsoft
|Description=
|InProduction=No
|Logo=Microsoft Office logo (2019-present).svg
|ProductLine=Microsoft Office
|ReleaseYear=24 September 2018
|Website=https://www.microsoft.com/en-us/microsoft-365/microsoft-office
}}

'''Microsoft Office 2019''' update 16.78.3 (23102801) was the last functional version of Office 2019 (perpetual) for Apple macOS computers, released on 31 October 2023. If automatic updates are enabled as recommended by Microsoft, Office applications will continue to update but no longer function properly. Instead of opening documents, the user is presented with a screen display informing them that Office 2019 is no longer supported and directing them to purchase [[Microsoft Office 365]] subscription or a Microsoft Office 2021 license.<ref>{{Cite web |author=Christophe |title=End of support for office 2019 for Mac now doesn't allow me to create or edit documents anymore unless i upgrade to Microsoft 365 or buy the new office 2021 pack. |url=https://learn.microsoft.com/en-us/answers/questions/5238983/end-of-support-for-office-2019-for-mac-now-doesnt?forum=msoffice-all&referrer=answers |website=[[Microsoft]] |date=17 Nov 2023 |access-date=8 Dec 2025 |url-status=live |archive-url=https://web.archive.org/web/20251208232831/https://learn.microsoft.com/en-us/answers/questions/5238983/end-of-support-for-office-2019-for-mac-now-doesnt?forum=msoffice-all&referrer=answers |archive-date=8 Dec 2025}}</ref>

This applies to consumer perpetual (Home and Student, Business, etc.) and volume license Office 2019 which were sold as a one-time purchase (rather than the subscription-based Office 365).

Users of this application will be unable to speak with Microsoft about the issue, as the product is [[End of life product|out of support]].

==Consumer impact summary==
*'''Broken product:''' Automatic updating is enabled by default and typically left that way by the average user. Microsoft uses this to brick Office 2019, despite the user having paid for a ''perpetual'' license for the product, to motivate their customer to move to a newer product. This presents the user with two choices: Either pay up for an unwanted "upgrade" or troubleshoot reverting to the last version (if possible).

==Possible fix==
The steps below sometimes work, however one should have their original license key available in case it is required. Also note, Office 2019 update 16.78.3 is functional on Sequoia 15.2.

# Move all Microsoft Office applications to the trash<ref>{{Cite web |author= |title=Uninstall Office for Mac |url=https://support.microsoft.com/en-us/office/uninstall-office-for-mac-eefa1199-5b58-43af-8a3d-b73dc1a8cae3 |website=[[Microsoft]] |access-date=8 Dec 2025 |url-status=live |archive-url=https://web.archive.org/web/20250729063237/https://support.microsoft.com/en-us/office/uninstall-office-for-mac-eefa1199-5b58-43af-8a3d-b73dc1a8cae3 |archive-date=29 Jul 2025}}</ref>
# Locate ~/Library/Containers and move the following to the trash:
## com.microsoft.errorreporting
## com.microsoft.Excel
## com.microsoft.netlib.shipassertprocess
## com.microsoft.Office365ServiceV2
## com.microsoft.Outlook
## com.microsoft.Powerpoint
## com.microsoft.RMS-XPCService
## com.microsoft.Word
## com.microsoft.OneNote
# Locate ~/Library/Group Containers and move the following to the trash:
## UBF8T346G9.ms
## UBF8T346G9.Office
## UBF8T346G9.OfficeOsfWebHost
# Empty the trash
# Visit https://learn.microsoft.com/en-us/officeupdates/update-history-office-for-mac and download Office 2019 update 16.78.3
# Install the downloaded version of Office
# Test an office app
# If Office still redirects to purchasing Office 365, perform all the steps again, and use the License Removal Tool (https://go.microsoft.com/fwlink/?linkid=849815)
# Once an Office app is verified functional, disable automatic updates
# The Microsoft updater can also be removed by deleting the update tool located here: ~/Library/Application Support/Microsoft/MAU

==References==
{{Reflist}}

[[Category:Microsoft Office]]

Consumer Rights Wiki - User contributions [en]

1Password

Microsoft Office 2019 for Mac