1Password - Revision history

AnotherConsumerRightsPerson: http to https with AutoWikiBrowser, replaced: http: → https:

2026-02-11T17:47:47Z

http to https with AutoWikiBrowser, replaced: http: → https:

← Older revision		Revision as of 17:47, 11 February 2026
Line 25:		Line 25:

	===Business model===		===Business model===
	Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|url-status=live \|archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|url-status=live \|archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=1Password}}</ref> especially for enterprise secret management (e.g., SSH keys, authentication tokens, API keys, etc.).<ref>{{Cite web \|title=1Password for SSH & Git {{!}} 1Password Developer \|url=https://developer.1password.com/docs/ssh/ \|url-status=live \|archive-url=https://web.archive.org/web/20260202024518/https://developer.1password.com/docs/ssh/ \|archive-date=2026-02-02 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password for VS Code {{!}} 1Password Developer \|url=https://developer.1password.com/docs/vscode/ \|url-status=live \|archive-url=https://web.archive.org/web/20260208113329/https://developer.1password.com/docs/vscode/ \|archive-date=2026-02-08 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer Watchtower {{!}} 1Password Developer \|url=https://developer.1password.com/docs/watchtower/ \|url-status=live \|archive-url=https://web.archive.org/web/20260126204826/https://developer.1password.com/docs/watchtower/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password SDKs {{!}} 1Password Developer \|url=https://developer.1password.com/docs/sdks/ \|url-status=live \|archive-url=https://web.archive.org/web/20260126204850/https://developer.1password.com/docs/sdks/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer \|url=https://developer.1password.com/ \|url-status=live \|archive-url=~~http~~://web.archive.org/web/20260126204759/https://developer.1password.com/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref> <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look --><!-- I've Given a bunch of citations which could fit. Cut out what you think is irrelevant or keep it all. - L4C -->		Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|url-status=live \|archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|url-status=live \|archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=1Password}}</ref> especially for enterprise secret management (e.g., SSH keys, authentication tokens, API keys, etc.).<ref>{{Cite web \|title=1Password for SSH & Git {{!}} 1Password Developer \|url=https://developer.1password.com/docs/ssh/ \|url-status=live \|archive-url=https://web.archive.org/web/20260202024518/https://developer.1password.com/docs/ssh/ \|archive-date=2026-02-02 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password for VS Code {{!}} 1Password Developer \|url=https://developer.1password.com/docs/vscode/ \|url-status=live \|archive-url=https://web.archive.org/web/20260208113329/https://developer.1password.com/docs/vscode/ \|archive-date=2026-02-08 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer Watchtower {{!}} 1Password Developer \|url=https://developer.1password.com/docs/watchtower/ \|url-status=live \|archive-url=https://web.archive.org/web/20260126204826/https://developer.1password.com/docs/watchtower/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password SDKs {{!}} 1Password Developer \|url=https://developer.1password.com/docs/sdks/ \|url-status=live \|archive-url=https://web.archive.org/web/20260126204850/https://developer.1password.com/docs/sdks/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer \|url=https://developer.1password.com/ \|url-status=live \|archive-url=https://web.archive.org/web/20260126204759/https://developer.1password.com/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref> <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look --><!-- I've Given a bunch of citations which could fit. Cut out what you think is irrelevant or keep it all. - L4C -->

	===Market control===		===Market control===

Left4Code: archive pass

2026-02-10T15:46:21Z

archive pass

← Older revision		Revision as of 15:46, 10 February 2026
Line 25:		Line 25:

	===Business model===		===Business model===
	Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|url-status=live \|archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|url-status=live \|archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=1Password}}</ref> especially for enterprise secret management (e.g., SSH keys, authentication tokens, API keys, etc.).<ref>{{Cite web \|title=1Password for SSH & Git {{!}} 1Password Developer \|url=https://developer.1password.com/docs/ssh/ \|url-status=live \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password for VS Code {{!}} 1Password Developer \|url=https://developer.1password.com/docs/vscode/ \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer Watchtower {{!}} 1Password Developer \|url=https://developer.1password.com/docs/watchtower/ \|url-status=live \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password SDKs {{!}} 1Password Developer \|url=https://developer.1password.com/docs/sdks/ \|url-status=live \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer \|url=https://developer.1password.com/ \|url-status=live \|archive-url=http://web.archive.org/web/20260126204759/https://developer.1password.com/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref> <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look --><!-- I've Given a bunch of citations which could fit. Cut out what you think is irrelevant or keep it all. - L4C -->		Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|url-status=live \|archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|url-status=live \|archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=1Password}}</ref> especially for enterprise secret management (e.g., SSH keys, authentication tokens, API keys, etc.).<ref>{{Cite web \|title=1Password for SSH & Git {{!}} 1Password Developer \|url=https://developer.1password.com/docs/ssh/ \|url-status=live \|archive-url=https://web.archive.org/web/20260202024518/https://developer.1password.com/docs/ssh/ \|archive-date=2026-02-02 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password for VS Code {{!}} 1Password Developer \|url=https://developer.1password.com/docs/vscode/ \|url-status=live \|archive-url=https://web.archive.org/web/20260208113329/https://developer.1password.com/docs/vscode/ \|archive-date=2026-02-08 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer Watchtower {{!}} 1Password Developer \|url=https://developer.1password.com/docs/watchtower/ \|url-status=live \|archive-url=https://web.archive.org/web/20260126204826/https://developer.1password.com/docs/watchtower/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password SDKs {{!}} 1Password Developer \|url=https://developer.1password.com/docs/sdks/ \|url-status=live \|archive-url=https://web.archive.org/web/20260126204850/https://developer.1password.com/docs/sdks/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer \|url=https://developer.1password.com/ \|url-status=live \|archive-url=http://web.archive.org/web/20260126204759/https://developer.1password.com/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref> <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look --><!-- I've Given a bunch of citations which could fit. Cut out what you think is irrelevant or keep it all. - L4C -->

	===Market control===		===Market control===

Left4Code: another pass with retrieved dates & titles

2026-02-10T15:40:52Z

another pass with retrieved dates & titles

← Older revision		Revision as of 15:40, 10 February 2026
Line 25:		Line 25:

	===Business model===		===Business model===
	Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|url-status=live \|archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|url-status=live \|archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=1Password}}</ref> especially for enterprise secret management (e.g., SSH keys, authentication tokens, API keys, etc.).<ref>{{Cite web \|title=1Password for SSH & Git {{!}} 1Password Developer \|url=https://developer.1password.com/docs/ssh/ \|url-status=live}}</ref><ref>{{Cite web \|title=1Password for VS Code {{!}} 1Password Developer \|url=https://developer.1password.com/docs/vscode/}}</ref><ref>{{Cite web \|title=1Password Developer Watchtower {{!}} 1Password Developer \|url=https://developer.1password.com/docs/watchtower/ \|url-status=live}}</ref><ref>{{Cite web \|title=1Password SDKs {{!}} 1Password Developer \|url=https://developer.1password.com/docs/sdks/ \|url-status=live}}</ref><ref>{{Cite web \|title=1Password Developer \|url=https://developer.1password.com/ \|url-status=live \|archive-url=http://web.archive.org/web/20260126204759/https://developer.1password.com/ \|archive-date=2026-01-26}}</ref> <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look --><!-- I've Given a bunch of citations which could fit. Cut out what you think is irrelevant or keep it all. - L4C -->		Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|url-status=live \|archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|url-status=live \|archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=1Password}}</ref> especially for enterprise secret management (e.g., SSH keys, authentication tokens, API keys, etc.).<ref>{{Cite web \|title=1Password for SSH & Git {{!}} 1Password Developer \|url=https://developer.1password.com/docs/ssh/ \|url-status=live \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password for VS Code {{!}} 1Password Developer \|url=https://developer.1password.com/docs/vscode/ \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer Watchtower {{!}} 1Password Developer \|url=https://developer.1password.com/docs/watchtower/ \|url-status=live \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password SDKs {{!}} 1Password Developer \|url=https://developer.1password.com/docs/sdks/ \|url-status=live \|access-date=2026-02-10 \|website=1Password Developer}}</ref><ref>{{Cite web \|title=1Password Developer \|url=https://developer.1password.com/ \|url-status=live \|archive-url=http://web.archive.org/web/20260126204759/https://developer.1password.com/ \|archive-date=2026-01-26 \|access-date=2026-02-10 \|website=1Password Developer}}</ref> <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look --><!-- I've Given a bunch of citations which could fit. Cut out what you think is irrelevant or keep it all. - L4C -->

	===Market control===		===Market control===

Left4Code: added citations for "citation needed" under "Business Model" Cut what's not needed from it

2026-02-10T15:37:26Z

added citations for "citation needed" under "Business Model" Cut what's not needed from it

← Older revision		Revision as of 15:37, 10 February 2026
Line 25:		Line 25:

	===Business model===		===Business model===
	Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|url-status=live \|archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|url-status=live \|archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=1Password}}</ref> especially for secret management ~~for software development~~ (e.g., SSH keys, authentication tokens, API keys, etc.).{{~~CitationNeeded~~}} <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look -->		Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|url-status=live \|archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|url-status=live \|archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=1Password}}</ref> especially for enterprise secret management (e.g., SSH keys, authentication tokens, API keys, etc.).<ref>{{Cite web \|title=1Password for SSH & Git {{!}} 1Password Developer \|url=https://developer.1password.com/docs/ssh/ \|url-status=live}}</ref><ref>{{Cite web \|title=1Password for VS Code {{!}} 1Password Developer \|url=https://developer.1password.com/docs/vscode/}}</ref><ref>{{Cite web \|title=1Password Developer Watchtower {{!}} 1Password Developer \|url=https://developer.1password.com/docs/watchtower/ \|url-status=live}}</ref><ref>{{Cite web \|title=1Password SDKs {{!}} 1Password Developer \|url=https://developer.1password.com/docs/sdks/ \|url-status=live}}</ref><ref>{{Cite web \|title=1Password Developer \|url=https://developer.1password.com/ \|url-status=live \|archive-url=http://web.archive.org/web/20260126204759/https://developer.1password.com/ \|archive-date=2026-01-26}}</ref> <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look --><!-- I've Given a bunch of citations which could fit. Cut out what you think is irrelevant or keep it all. - L4C -->

	===Market control===		===Market control===

79.127.184.9: /* Incidents */ Add proper web-archive url citation

2026-01-23T21:30:29Z

Incidents: Add proper web-archive url citation

← Older revision		Revision as of 21:30, 23 January 2026
Line 37:		Line 37:
	On September 28, 2023, the Okta Help Center suffered a security incident. During the breach, the attackers were able to extract sensitive data from the customer support system.<ref>{{Cite web \|last=Bradbury \|first=David \|date=2023-11-29 \|title=October Customer Support Security Incident - Update and Recommended Actions \|url=https://sec.okta.com/articles/october-security-incident-recommended-actions/ \|url-status=live \|archive-url=https://web.archive.org/web/20240720042135/sec.okta.com/articles/october-security-incident-recommended-actions/ \|archive-date=2024-07-20 \|access-date=2026-01-05 \|website=Okta Security}}</ref>		On September 28, 2023, the Okta Help Center suffered a security incident. During the breach, the attackers were able to extract sensitive data from the customer support system.<ref>{{Cite web \|last=Bradbury \|first=David \|date=2023-11-29 \|title=October Customer Support Security Incident - Update and Recommended Actions \|url=https://sec.okta.com/articles/october-security-incident-recommended-actions/ \|url-status=live \|archive-url=https://web.archive.org/web/20240720042135/sec.okta.com/articles/october-security-incident-recommended-actions/ \|archive-date=2024-07-20 \|access-date=2026-01-05 \|website=Okta Security}}</ref>

	1Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web \|last=Canahuati \|first=Pedro \|date=2023-10-23 \|title=Okta Support System incident and 1Password \|url=https://blog.1password.com/okta-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ \|archive-date=2025-09-05 \|access-date=2025-09-05 \|work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf~~</ref> <!-~~- ~~An archived copy is available at~~ https://~~consumerrights~~.~~wiki~~/~~images~~/1/12/~~Okta~~-incident-report.pdf ~~by clicking the below picture, but I'm not sure it's the most intuitive way to access it for whoever CRW will be presented to as evidence as it requires clicking twice. Maybe I'm overthinking this...~~ -~~raster~~ -->		1Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web \|last=Canahuati \|first=Pedro \|date=2023-10-23 \|title=Okta Support System incident and 1Password \|url=https://blog.1password.com/okta-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ \|archive-date=2025-09-05 \|access-date=2025-09-05 \|work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>{{Cite web \|date=2023-10-27 \|title=Security incident report \|url=https://blog.1password.com/files/okta-incident/okta-incident-report.pdf \|archive-url=https://web.archive.org/web/20250920201057if_/https://blog.1password.com/files/okta-incident/okta-incident-report.pdf \|archive-date=2025-09-20 \|access-date=2026-01-23 \|website=1Password Blog}}</ref>
	~~<gallery>~~
	~~File:Okta~~-~~incident~~-~~report.pdf~~\|~~PDF document report of the breach (click twice to open)~~
	</~~gallery~~>

	==See also==		==See also==

SinexTitan: logo changed to SVG

2026-01-19T14:19:22Z

logo changed to SVG

← Older revision		Revision as of 14:19, 19 January 2026
Line 1:		Line 1:

	{{ProductCargo		{{ProductCargo
	\|Company=Agilebits		\|Company=Agilebits
Line 8:		Line 7:
	\|Website=https://1password.com/		\|Website=https://1password.com/
	\|Description=1Password is a secure password manager that stores and encrypts passwords, login details, and other sensitive information in a digital vault		\|Description=1Password is a secure password manager that stores and encrypts passwords, login details, and other sensitive information in a digital vault
	\|Logo=1Password-logo.~~png~~\|ReleaseYear=2006}}1Password is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.		\|Logo=1Password logo.svg\|ReleaseYear=2006}}

			'''{{wplink\|1Password\|1Password}}''' is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.

	1Password, in addition to passwords, is capable of storing myriad site credentials including one-time codes, emails / user names, and additional notes.<ref>{{Cite web \|title=Password Manager for Individuals & Families \|url=https://1password.com/product/password-manager \|url-status=live \|archive-url=https://web.archive.org/web/20251030021958/https://1password.com/product/password-manager \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref>		1Password, in addition to passwords, is capable of storing myriad site credentials including one-time codes, emails / user names, and additional notes.<ref>{{Cite web \|title=Password Manager for Individuals & Families \|url=https://1password.com/product/password-manager \|url-status=live \|archive-url=https://web.archive.org/web/20251030021958/https://1password.com/product/password-manager \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref>

2001:A61:12AD:C101:5ED3:B86A:C267:3FB4: Explain Okta incident

2026-01-05T10:39:49Z

Explain Okta incident

← Older revision		Revision as of 10:39, 5 January 2026
Line 34:		Line 34:

	===1Password Okta instance breach, discovered (''29 Sept 2023'')===		===1Password Okta instance breach, discovered (''29 Sept 2023'')===
	1Password published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web \|last=Canahuati \|first=Pedro \|date=2023-10-23 \|title=Okta Support System incident and 1Password \|url=https://blog.1password.com/okta-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ \|archive-date=2025-09-05 \|access-date=2025-09-05 \|work=1Password Blog}}</ref> ~~It largely appears one of~~ the attackers actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported user data was ~~not~~ exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref> <!-- An archived copy is available at https://consumerrights.wiki/images/1/12/Okta-incident-report.pdf by clicking the below picture, but I'm not sure it's the most intuitive way to access it for whoever CRW will be presented to as evidence as it requires clicking twice. Maybe I'm overthinking this... -raster -->		On September 28, 2023, the Okta Help Center suffered a security incident. During the breach, the attackers were able to extract sensitive data from the customer support system.<ref>{{Cite web \|last=Bradbury \|first=David \|date=2023-11-29 \|title=October Customer Support Security Incident - Update and Recommended Actions \|url=https://sec.okta.com/articles/october-security-incident-recommended-actions/ \|url-status=live \|archive-url=https://web.archive.org/web/20240720042135/sec.okta.com/articles/october-security-incident-recommended-actions/ \|archive-date=2024-07-20 \|access-date=2026-01-05 \|website=Okta Security}}</ref>

			1Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web \|last=Canahuati \|first=Pedro \|date=2023-10-23 \|title=Okta Support System incident and 1Password \|url=https://blog.1password.com/okta-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ \|archive-date=2025-09-05 \|access-date=2025-09-05 \|work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref> <!-- An archived copy is available at https://consumerrights.wiki/images/1/12/Okta-incident-report.pdf by clicking the below picture, but I'm not sure it's the most intuitive way to access it for whoever CRW will be presented to as evidence as it requires clicking twice. Maybe I'm overthinking this... -raster -->
	<gallery>		<gallery>
	File:Okta-incident-report.pdf\|PDF document report of the breach (click twice to open)		File:Okta-incident-report.pdf\|PDF document report of the breach (click twice to open)

2405:8100:8000:5CA1:0:0:D:4EB: Archived all website references using Internet Archive

2026-01-04T03:47:05Z

Archived all website references using Internet Archive

← Older revision		Revision as of 03:47, 4 January 2026
Line 10:		Line 10:
	\|Logo=1Password-logo.png\|ReleaseYear=2006}}1Password is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.		\|Logo=1Password-logo.png\|ReleaseYear=2006}}1Password is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.

	1Password, in addition to passwords, is capable of storing myriad site credentials including one-time codes, emails / user names, and additional notes.<ref>{{Cite web \|title=Password Manager for Individuals & Families \|url=https://1password.com/product/password-manager \|access-date=2025-10-21 \|website=1Password}}</ref>		1Password, in addition to passwords, is capable of storing myriad site credentials including one-time codes, emails / user names, and additional notes.<ref>{{Cite web \|title=Password Manager for Individuals & Families \|url=https://1password.com/product/password-manager \|url-status=live \|archive-url=https://web.archive.org/web/20251030021958/https://1password.com/product/password-manager \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref>

	==Consumer impact summary==		==Consumer impact summary==

	===Freedom===		===Freedom===
	<blockquote>"You can export your 1Pasword information at any time. If you discontinue payment, your account will enter a frozen (read-only) state that still allows you to retrieve and export your information. Your export will be limited to the information you saved in 1Password. We can’t guarantee that vault permissions, group structures, and other details about relationships between people and information are included."<ref name="privacy">{{Cite web \|date=2025-02-27 \|title=About 1Password and your privacy \|url=https://support.1password.com/1password-privacy/ \|access-date=2025-09-05 \|work=1Password Support}}</ref></blockquote>Users can import existing passwords from other managers and export passwords and other content in formats suitable for importing into other managers. 1Password is not a walled-garden. Allowing the subscription to expire places an account in a read-only state, where the user can still download their passwords and other saved content.		<blockquote>"You can export your 1Pasword information at any time. If you discontinue payment, your account will enter a frozen (read-only) state that still allows you to retrieve and export your information. Your export will be limited to the information you saved in 1Password. We can’t guarantee that vault permissions, group structures, and other details about relationships between people and information are included."<ref name="privacy">{{Cite web \|date=2025-02-27 \|title=About 1Password and your privacy \|url=https://support.1password.com/1password-privacy/ \|url-status=live \|archive-url=https://web.archive.org/web/20250905085406/https://support.1password.com/1password-privacy/ \|archive-date=2025-09-05 \|access-date=2025-09-05 \|work=1Password Support}}</ref></blockquote>Users can import existing passwords from other managers and export passwords and other content in formats suitable for importing into other managers. 1Password is not a walled-garden. Allowing the subscription to expire places an account in a read-only state, where the user can still download their passwords and other saved content.

	===Privacy===		===Privacy===
Line 21:		Line 21:

	===User security===		===User security===
	Users should be aware that using password manager browser extensions increases their vulnerability to clickjacking<ref name=":0">{{Cite web\|url=https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/\|~~title~~=~~Major~~ password managers can leak logins in clickjacking attacks\|~~work=Bleeping Computer\|~~date=2025-08-~~20\|first=Bill\|last=Toulas~~\|access-date=2025-09-05}}</ref> where the autofill feature of password managers is abused to trick the password manager into leaking user credentials and other sensitive details.<ref name=":1">{{Cite web\|url=https://cybernews.com/security/password-managers-autofill-credentials-for-attackers/\|~~title~~=~~Major flaw affecting~~ password managers~~: they~~ autofill credentials for attackers\|~~first=Ernestas\|last=Naprys\|~~date=2025-08-~~21\|work=Cybernews~~\|access-date=2025-09-05}}</ref> It is considered best practice to copy in these elements on trusted pages manually. <ref name=":0" /><ref name=":1" /><ref>{{Cite web \|last=Tóth \|first=Marek \|date=2025-09-11 \|title=DOM-based Extension Clickjacking: Your Password Manager Data at Risk \|url=https://marektoth.com/blog/dom-based-extension-clickjacking/ \|access-date=2025-10-21 \|website=marektóth}}</ref>		Users should be aware that using password manager browser extensions increases their vulnerability to clickjacking<ref name=":0">{{Cite web \|last=Toulas \|first=Bill \|date=2025-08-20 \|title=Major password managers can leak logins in clickjacking attacks \|url=https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/ \|url-status=live \|archive-url=https://web.archive.org/web/20250929091759/https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/ \|archive-date=2025-09-29 \|access-date=2025-09-05 \|work=Bleeping Computer}}</ref> where the autofill feature of password managers is abused to trick the password manager into leaking user credentials and other sensitive details.<ref name=":1">{{Cite web \|last=Naprys \|first=Ernestas \|date=2025-08-21 \|title=Major flaw affecting password managers: they autofill credentials for attackers \|url=https://cybernews.com/security/password-managers-autofill-credentials-for-attackers/ \|url-status=live \|archive-url=https://web.archive.org/web/20251019001532/https://cybernews.com/security/password-managers-autofill-credentials-for-attackers/ \|archive-date=2025-10-19 \|access-date=2025-09-05 \|work=Cybernews}}</ref> It is considered best practice to copy in these elements on trusted pages manually. <ref name=":0" /><ref name=":1" /><ref>{{Cite web \|last=Tóth \|first=Marek \|date=2025-09-11 \|title=DOM-based Extension Clickjacking: Your Password Manager Data at Risk \|url=https://marektoth.com/blog/dom-based-extension-clickjacking/ \|url-status=live \|archive-url=https://web.archive.org/web/20251020074626/https://marektoth.com/blog/dom-based-extension-clickjacking/ \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=marektóth}}</ref>

	===Business model===		===Business model===
	Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|access-date=2025-10-21 \|website=1Password}}</ref> especially for secret management for software development (e.g., SSH keys, authentication tokens, API keys, etc.).{{CitationNeeded}} <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look -->		Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web \|title=1Password Device Trust \|url=https://1password.com/product/device-trust \|url-status=live \|archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust \|archive-date=2025-10-30 \|access-date=2025-10-21 \|website=1Password}}</ref><ref>{{Cite web \|title=XAM: Extended Access Management \|url=https://1password.com/extended-access-management \|url-status=live \|archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management \|archive-date=2025-10-20 \|access-date=2025-10-21 \|website=1Password}}</ref> especially for secret management for software development (e.g., SSH keys, authentication tokens, API keys, etc.).{{CitationNeeded}} <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look -->

	===Market control===		===Market control===
	<!-- This still kinda sucks, but I did technically delete what I felt was placeholder text -Raster -->		<!-- This still kinda sucks, but I did technically delete what I felt was placeholder text -Raster -->
	1Password claims on its website front page that it is industry leading, although it does not cite any public market researches or 3rd party audits. However, a bug bounty program exists on HackerOne.<ref>{{Cite web \|date=2024-12-09 \|title=1Password - CTF {{!}} Bug Bounty Program Policy \|url=https://hackerone.com/1password_ctf?type=team \|access-date=2025-10-21 \|website=HackerOne}}</ref> Market studies and reviews (as of October 2025) show that it has significant competitive control.<ref>{{Cite web \|title=Password Management Market Size & Share Analysis - Growth Trends & Forecasts (2025 - 2030) \|url=https://www.mordorintelligence.com/industry-reports/password-management-market \|access-date=2025-10-21 \|website=Mordor Intelligence}}</ref><ref>{{Cite web \|last=Bouman \|first=Amber \|last2=Spadafora \|first2=Anthony \|date=2025-09-11 \|title=The best password managers in 2025 \|url=https://www.tomsguide.com/us/best-password-managers,review-3785.html \|access-date=2025-10-21 \|website=Tom's Guide}}</ref><ref>{{Cite web \|last=Key \|first=Kim \|last2=Henry \|first2=Alan \|date=2025-10-14 \|title=The Best Password Managers for 2025 \|url=https://www.pcmag.com/picks/the-best-password-managers \|access-date=2025-10-21 \|website=PCMag}}</ref> <!-- These are by no means amazing sources, I just skimmed through with Ctrl + F to see what they said about 1Password. Generally it's like 5 star reviews with "it's okay" as the actual review -raster -->		1Password claims on its website front page that it is industry leading, although it does not cite any public market researches or 3rd party audits. However, a bug bounty program exists on HackerOne.<ref>{{Cite web \|date=2024-12-09 \|title=1Password - CTF {{!}} Bug Bounty Program Policy \|url=https://hackerone.com/1password_ctf?type=team \|url-status=live \|archive-url=https://web.archive.org/web/20251004161711/https://hackerone.com/1password_ctf?type=team \|archive-date=2025-10-04 \|access-date=2025-10-21 \|website=HackerOne}}</ref> Market studies and reviews (as of October 2025) show that it has significant competitive control.<ref>{{Cite web \|title=Password Management Market Size & Share Analysis - Growth Trends & Forecasts (2025 - 2030) \|url=https://www.mordorintelligence.com/industry-reports/password-management-market \|url-status=live \|archive-url=https://web.archive.org/web/20250907113812/https://www.mordorintelligence.com/industry-reports/password-management-market \|archive-date=2025-09-07 \|access-date=2025-10-21 \|website=Mordor Intelligence}}</ref><ref>{{Cite web \|last=Bouman \|first=Amber \|last2=Spadafora \|first2=Anthony \|date=2025-09-11 \|title=The best password managers in 2025 \|url=https://www.tomsguide.com/us/best-password-managers,review-3785.html \|url-status=live \|archive-url=https://web.archive.org/web/20251012224159/https://www.tomsguide.com/us/best-password-managers,review-3785.html \|archive-date=2025-10-12 \|access-date=2025-10-21 \|website=Tom's Guide}}</ref><ref>{{Cite web \|last=Key \|first=Kim \|last2=Henry \|first2=Alan \|date=2025-10-14 \|title=The Best Password Managers for 2025 \|url=https://www.pcmag.com/picks/the-best-password-managers \|url-status=live \|archive-url=https://web.archive.org/web/20251017061423/https://www.pcmag.com/picks/the-best-password-managers \|archive-date=2025-10-17 \|access-date=2025-10-21 \|website=PCMag}}</ref> <!-- These are by no means amazing sources, I just skimmed through with Ctrl + F to see what they said about 1Password. Generally it's like 5 star reviews with "it's okay" as the actual review -raster -->

	==Incidents==		==Incidents==
Line 34:		Line 34:

	===1Password Okta instance breach, discovered (''29 Sept 2023'')===		===1Password Okta instance breach, discovered (''29 Sept 2023'')===
	1Password published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web\|url=https://blog.1password.com/okta-incident/\|~~title~~=~~Okta Support System~~ incident ~~and 1Password~~\|date=~~2023~~-10-~~23\|first=Pedro\|last=Canahuati\|work=1Password Blog~~\|access-date=2025-09-05}}</ref> It largely appears one of the attackers actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported user data was not exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref> <!-- An archived copy is available at https://consumerrights.wiki/images/1/12/Okta-incident-report.pdf by clicking the below picture, but I'm not sure it's the most intuitive way to access it for whoever CRW will be presented to as evidence as it requires clicking twice. Maybe I'm overthinking this... -raster -->		1Password published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web \|last=Canahuati \|first=Pedro \|date=2023-10-23 \|title=Okta Support System incident and 1Password \|url=https://blog.1password.com/okta-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ \|archive-date=2025-09-05 \|access-date=2025-09-05 \|work=1Password Blog}}</ref> It largely appears one of the attackers actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported user data was not exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref> <!-- An archived copy is available at https://consumerrights.wiki/images/1/12/Okta-incident-report.pdf by clicking the below picture, but I'm not sure it's the most intuitive way to access it for whoever CRW will be presented to as evidence as it requires clicking twice. Maybe I'm overthinking this... -raster -->
	<gallery>		<gallery>
	File:Okta-incident-report.pdf\|PDF document report of the breach (click twice to open)		File:Okta-incident-report.pdf\|PDF document report of the breach (click twice to open)

The2gingerman: Reworded lead section to come off less promotional.

2025-11-07T17:45:06Z

Reworded lead section to come off less promotional.

← Older revision		Revision as of 17:45, 7 November 2025
Line 8:		Line 8:
	\|Website=https://1password.com/		\|Website=https://1password.com/
	\|Description=1Password is a secure password manager that stores and encrypts passwords, login details, and other sensitive information in a digital vault		\|Description=1Password is a secure password manager that stores and encrypts passwords, login details, and other sensitive information in a digital vault
	\|Logo=1Password-logo.png\|ReleaseYear=2006}}1Password is a multi-platform subscription-based password manager developed by AgileBits Inc. ~~One of the unique elements of this password manager~~ is the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. ~~Conventional~~ two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan) can be added to further secure a vault. 1Password is ~~not open~~ source and not self-hostable.		\|Logo=1Password-logo.png\|ReleaseYear=2006}}1Password is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.

	~~Beyond~~ passwords, ~~1Password~~ is capable of storing myriad site credentials including one-time codes, emails / user names, and additional notes.<ref>{{Cite web \|title=Password Manager for Individuals & Families \|url=https://1password.com/product/password-manager \|access-date=2025-10-21 \|website=1Password}}</ref>		1Password, in addition to passwords, is capable of storing myriad site credentials including one-time codes, emails / user names, and additional notes.<ref>{{Cite web \|title=Password Manager for Individuals & Families \|url=https://1password.com/product/password-manager \|access-date=2025-10-21 \|website=1Password}}</ref>

	==Consumer impact summary==		==Consumer impact summary==

AnotherConsumerRightsPerson: -cat

2025-11-02T08:05:49Z

-cat

← Older revision		Revision as of 08:05, 2 November 2025
Line 44:		Line 44:

	[[Category:{{PAGENAME}}]]		[[Category:{{PAGENAME}}]]
	~~[[Category:Password managers]]~~