1Password: Difference between revisions

(5 intermediate revisions by 3 users not shown)

Line 1:

~~{{Delete|no article contents, no references}}~~

{{ProductCargo

|Company=Agilebits

Line 14:

==Consumer impact summary==

===~~User~~ Freedom===

===Freedom===

Users can import existing passwords from other managers and export passwords and other content in formats suitable for importing into other managers. 1Password is not a walled-garden. Allowing the subscription to expire places an account in a read-only state, allowing the user to download their passwords and other saved content.

"You can export your 1Pasword information at any time. If you discontinue payment, your account will enter a frozen (read-only) state that still allows you to retrieve and export your information. Your export will be limited to the information you saved in 1Password. We can’t guarantee that vault permissions, group structures, and other details about relationships between people and information are included."[https://support.1password.com/1password-privacy/]

"You can export your 1Pasword information at any time. If you discontinue payment, your account will enter a frozen (read-only) state that still allows you to retrieve and export your information. Your export will be limited to the information you saved in 1Password. We can’t guarantee that vault permissions, group structures, and other details about relationships between people and information are included."<ref name="privacy">{{Cite web|url=https://support.1password.com/1password-privacy/|title=About 1Password and your privacy|access-date=2025-09-05|date=2025-02-27|work=1Password Support}}</ref>

===~~User~~ Privacy===

===Privacy===

Extracted directly from the privacy policy,

"We’ll never lock you out of your 1Password account, but we’re unable to decrypt it for you."~~[https://support.1password.com/1password-~~privacy/] (implies anything in it is hidden from the company)

"We’ll never lock you out of your 1Password account, but we’re unable to decrypt it for you."<ref name="privacy" /> (implies anything in it is hidden from the company, which, considering this is a password manager, is a very good thing)

"You have the right to know what we know. You have the right to know what we know about you and see how we handle that information. If you make such a request, you’ll receive a screenshot of what we can see about you in our systems. To protect customer privacy, these requests will be carefully authenticated beyond demonstrating control of the registered email address." (expect to be any identifying information you have to provide in order to use the service such as email, name, address, payment information)

===User ~~Security~~===

===User security===

Users should be aware that using password manager browser extensions increases their vulnerability to clickjacking[https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/~~] [https://cybernews.com/security/~~password-~~managers~~-~~autofill~~-~~credentials~~-~~for~~-~~attackers~~/] where the autofill feature of password managers is abused to trick the password manager into leaking user credentials and other sensitive details. It is always best practice to copy in these elements on trusted pages manually.

Users should be aware that using password manager browser extensions increases their vulnerability to clickjacking<ref>{{Cite web|url=https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/|title=Major password managers can leak logins in clickjacking attacks|work=Bleeping Computer|date=2025-08-20|first=Bill|last=Toulas|access-date=2025-09-05}}</ref> where the autofill feature of password managers is abused to trick the password manager into leaking user credentials and other sensitive details.<ref>{{Cite web|url=https://cybernews.com/security/password-managers-autofill-credentials-for-attackers/|title=Major flaw affecting password managers: they autofill credentials for attackers|first=Ernestas|last=Naprys|date=2025-08-21|work=Cybernews|access-date=2025-09-05}}</ref> It is always best practice to copy in these elements on trusted pages manually.

===Business ~~Model~~===

===Business model===

Subscription based, has a strong emphasis on enterprise credential management, especially for secret management for software development (e.g., SSH keys, authentication tokens, API keys, etc.).

===Market ~~Control~~===

===Market control===

1Password claims on its website that it is industry leading.

Password managers are pretty much a dime a dozen these days, highly competitive.

Line 38:

Line 41:

This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].

===1Password Okta instance ~~break~~, discovered 29 Sept 2023===

===1Password Okta instance breach, discovered (''29 Sept 2023'')===

{{~~Main~~|~~link~~ to the ~~main article}}~~

1Password published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web|url=https://blog.1password.com/okta-incident/|title=Okta Support System incident and 1Password|date=2023-10-23|first=Pedro|last=Canahuati|work=1Password Blog|access-date=2025-09-05}}</ref> It largely appears one of the attackers actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported user data was not exfiltrated or decrypted.

File:Okta-incident-report.pdf|PDF document report

</gallery>

1Password published a blog post[https://blog.1password.com/okta-incident/] (direct to PDF)[https://blog.1password.com/files/okta-incident/okta-incident-report.pdf] disclosing an internal investigation of the breach. It largely appears one of the attackers actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported user data was not exfiltrated or decrypted.

==See also==

~~{{Ph-C-SA}}~~

*[[Bitwarden]]

*[[LastPass]]

==References==

@@ Line 1: / Line 1: @@
-{{Delete|no article contents, no references}}
 {{ProductCargo
 |Company=Agilebits
@@ Line 14: / Line 14: @@
 ==Consumer impact summary==
-===User Freedom===
+===Freedom===
 Users can import existing passwords from other managers and export passwords and other content in formats suitable for importing into other managers. 1Password is not a walled-garden. Allowing the subscription to expire places an account in a read-only state, allowing the user to download their passwords and other saved content.
-"You can export your 1Pasword information at any time. If you discontinue payment, your account will enter a frozen (read-only) state that still allows you to retrieve and export your information. Your export will be limited to the information you saved in 1Password. We can’t guarantee that vault permissions, group structures, and other details about relationships between people and information are included."[https://support.1password.com/1password-privacy/]
+"You can export your 1Pasword information at any time. If you discontinue payment, your account will enter a frozen (read-only) state that still allows you to retrieve and export your information. Your export will be limited to the information you saved in 1Password. We can’t guarantee that vault permissions, group structures, and other details about relationships between people and information are included."<ref name="privacy">{{Cite web|url=https://support.1password.com/1password-privacy/|title=About 1Password and your privacy|access-date=2025-09-05|date=2025-02-27|work=1Password Support}}</ref>
-===User Privacy===
+===Privacy===
 Extracted directly from the privacy policy,
-"We’ll never lock you out of your 1Password account, but we’re unable to decrypt it for you."[https://support.1password.com/1password-privacy/] (implies anything in it is hidden from the company)
+"We’ll never lock you out of your 1Password account, but we’re unable to decrypt it for you."<ref name="privacy" /> (implies anything in it is hidden from the company, which, considering this is a password manager, is a very good thing)
 "You have the right to know what we know. You have the right to know what we know about you and see how we handle that information. If you make such a request, you’ll receive a screenshot of what we can see about you in our systems. To protect customer privacy, these requests will be carefully authenticated beyond demonstrating control of the registered email address." (expect to be any identifying information you have to provide in order to use the service such as email, name, address, payment information)
-===User Security===
+===User security===
-Users should be aware that using password manager browser extensions increases their vulnerability to clickjacking[https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/] [https://cybernews.com/security/password-managers-autofill-credentials-for-attackers/]  where the autofill feature of password managers is abused to trick the password manager into leaking user credentials and other sensitive details. It is always best practice to copy in these elements on trusted pages manually.
+Users should be aware that using password manager browser extensions increases their vulnerability to clickjacking<ref>{{Cite web|url=https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/|title=Major password managers can leak logins in clickjacking attacks|work=Bleeping Computer|date=2025-08-20|first=Bill|last=Toulas|access-date=2025-09-05}}</ref>  where the autofill feature of password managers is abused to trick the password manager into leaking user credentials and other sensitive details.<ref>{{Cite web|url=https://cybernews.com/security/password-managers-autofill-credentials-for-attackers/|title=Major flaw affecting password managers: they autofill credentials for attackers|first=Ernestas|last=Naprys|date=2025-08-21|work=Cybernews|access-date=2025-09-05}}</ref> It is always best practice to copy in these elements on trusted pages manually.
-===Business Model===
+===Business model===
 Subscription based, has a strong emphasis on enterprise credential management, especially for secret management for software development (e.g., SSH keys, authentication tokens, API keys, etc.).
-===Market Control===
+===Market control===
+{{Incomplete section}}
+Password claims on its website that it is industry leading.
 Password managers are pretty much a dime a dozen these days, highly competitive.
@@ Line 38: / Line 41: @@
 This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].
-===1Password Okta instance break, discovered 29 Sept 2023===
+===1Password Okta instance breach, discovered (''29 Sept 2023'')===
-{{Main|link to the main article}}
+Password published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web|url=https://blog.1password.com/okta-incident/|title=Okta Support System incident and 1Password|date=2023-10-23|first=Pedro|last=Canahuati|work=1Password Blog|access-date=2025-09-05}}</ref> It largely appears one of the attackers actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported user data was not exfiltrated or decrypted.
+<gallery>
+File:Okta-incident-report.pdf|PDF document report
+</gallery>
-Password published a blog post[https://blog.1password.com/okta-incident/] (direct to PDF)[https://blog.1password.com/files/okta-incident/okta-incident-report.pdf] disclosing an internal investigation of the breach. It largely appears one of the attackers actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported user data was not exfiltrated or decrypted.
 ==See also==
-{{Ph-C-SA}}
+*[[Bitwarden]]
+*[[LastPass]]
 ==References==