1Password: Difference between revisions

(5 intermediate revisions by 3 users not shown)

Line 1:

{{ProductCargo

|Company=Agilebits

Line 8:

Line 7:

|Website=https://1password.com/

|Description=1Password is a secure password manager that stores and encrypts passwords, login details, and other sensitive information in a digital vault

|Logo=1Password-logo.~~png~~|ReleaseYear=2006}}1Password is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.

|Logo=1Password logo.svg|ReleaseYear=2006}}

'''{{wplink|1Password|1Password}}''' is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.

1Password, in addition to passwords, is capable of storing myriad site credentials including one-time codes, emails / user names, and additional notes.<ref>{{Cite web |title=Password Manager for Individuals & Families |url=https://1password.com/product/password-manager |url-status=live |archive-url=https://web.archive.org/web/20251030021958/https://1password.com/product/password-manager |archive-date=2025-10-30 |access-date=2025-10-21 |website=1Password}}</ref>

Line 24:

Line 25:

===Business model===

Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web |title=1Password Device Trust |url=https://1password.com/product/device-trust |url-status=live |archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust |archive-date=2025-10-30 |access-date=2025-10-21 |website=1Password}}</ref><ref>{{Cite web |title=XAM: Extended Access Management |url=https://1password.com/extended-access-management |url-status=live |archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management |archive-date=2025-10-20 |access-date=2025-10-21 |website=1Password}}</ref> especially for secret management ~~for software development~~ (e.g., SSH keys, authentication tokens, API keys, etc.).{{~~CitationNeeded~~}}

Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web |title=1Password Device Trust |url=https://1password.com/product/device-trust |url-status=live |archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust |archive-date=2025-10-30 |access-date=2025-10-21 |website=1Password}}</ref><ref>{{Cite web |title=XAM: Extended Access Management |url=https://1password.com/extended-access-management |url-status=live |archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management |archive-date=2025-10-20 |access-date=2025-10-21 |website=1Password}}</ref> especially for enterprise secret management (e.g., SSH keys, authentication tokens, API keys, etc.).<ref>{{Cite web |title=1Password for SSH & Git {{!}} 1Password Developer |url=https://developer.1password.com/docs/ssh/ |url-status=live |archive-url=https://web.archive.org/web/20260202024518/https://developer.1password.com/docs/ssh/ |archive-date=2026-02-02 |access-date=2026-02-10 |website=1Password Developer}}</ref><ref>{{Cite web |title=1Password for VS Code {{!}} 1Password Developer |url=https://developer.1password.com/docs/vscode/ |url-status=live |archive-url=https://web.archive.org/web/20260208113329/https://developer.1password.com/docs/vscode/ |archive-date=2026-02-08 |access-date=2026-02-10 |website=1Password Developer}}</ref><ref>{{Cite web |title=1Password Developer Watchtower {{!}} 1Password Developer |url=https://developer.1password.com/docs/watchtower/ |url-status=live |archive-url=https://web.archive.org/web/20260126204826/https://developer.1password.com/docs/watchtower/ |archive-date=2026-01-26 |access-date=2026-02-10 |website=1Password Developer}}</ref><ref>{{Cite web |title=1Password SDKs {{!}} 1Password Developer |url=https://developer.1password.com/docs/sdks/ |url-status=live |archive-url=https://web.archive.org/web/20260126204850/https://developer.1password.com/docs/sdks/ |archive-date=2026-01-26 |access-date=2026-02-10 |website=1Password Developer}}</ref><ref>{{Cite web |title=1Password Developer |url=https://developer.1password.com/ |url-status=live |archive-url=https://web.archive.org/web/20260126204759/https://developer.1password.com/ |archive-date=2026-01-26 |access-date=2026-02-10 |website=1Password Developer}}</ref>

===Market control===

Line 36:

Line 37:

On September 28, 2023, the Okta Help Center suffered a security incident. During the breach, the attackers were able to extract sensitive data from the customer support system.<ref>{{Cite web |last=Bradbury |first=David |date=2023-11-29 |title=October Customer Support Security Incident - Update and Recommended Actions |url=https://sec.okta.com/articles/october-security-incident-recommended-actions/ |url-status=live |archive-url=https://web.archive.org/web/20240720042135/sec.okta.com/articles/october-security-incident-recommended-actions/ |archive-date=2024-07-20 |access-date=2026-01-05 |website=Okta Security}}</ref>

1Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web |last=Canahuati |first=Pedro |date=2023-10-23 |title=Okta Support System incident and 1Password |url=https://blog.1password.com/okta-incident/ |url-status=live |archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf~~</ref> <!-~~- ~~An archived copy is available at~~ https://~~consumerrights~~.~~wiki~~/~~images~~/1/12/~~Okta~~-incident-report.pdf ~~by clicking the below picture, but I'm not sure it's the most intuitive way to access it for whoever CRW will be presented to as evidence as it requires clicking twice. Maybe I'm overthinking this...~~ -~~raster~~ -->

1Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web |last=Canahuati |first=Pedro |date=2023-10-23 |title=Okta Support System incident and 1Password |url=https://blog.1password.com/okta-incident/ |url-status=live |archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>{{Cite web |date=2023-10-27 |title=Security incident report |url=https://blog.1password.com/files/okta-incident/okta-incident-report.pdf |archive-url=https://web.archive.org/web/20250920201057if_/https://blog.1password.com/files/okta-incident/okta-incident-report.pdf |archive-date=2025-09-20 |access-date=2026-01-23 |website=1Password Blog}}</ref>

~~<gallery>~~

~~File:Okta~~-~~incident~~-~~report.pdf~~|~~PDF document report of the breach (click twice to open)~~

</~~gallery~~>

==See also==

@@ Line 1: / Line 1: @@
 {{ProductCargo
 |Company=Agilebits
@@ Line 8: / Line 7: @@
 |Website=https://1password.com/
 |Description=1Password is a secure password manager that stores and encrypts passwords, login details, and other sensitive information in a digital vault
-|Logo=1Password-logo.png|ReleaseYear=2006}}1Password is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.
+|Logo=1Password logo.svg|ReleaseYear=2006}}
+'''{{wplink|1Password|1Password}}''' is a multi-platform subscription-based password manager developed by AgileBits Inc. It is often used due to the combination of a master password with a second secret key generated on-device (i.e., not in the cloud). Unlocking a user's vault therefore requires '''both''' pieces of information to decrypt and access. It also supports conventional two factor authentication using either software tokens or hardware-based tokens (e.g., Yubikey, Google Titan), which can be added to further secure a vault. 1Password is closed-source and is not self-hostable.
 Password, in addition to passwords, is capable of storing myriad site credentials including one-time codes, emails / user names, and additional notes.<ref>{{Cite web |title=Password Manager for Individuals & Families |url=https://1password.com/product/password-manager |url-status=live |archive-url=https://web.archive.org/web/20251030021958/https://1password.com/product/password-manager |archive-date=2025-10-30 |access-date=2025-10-21 |website=1Password}}</ref>
@@ Line 24: / Line 25: @@
 ===Business model===
-Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web |title=1Password Device Trust |url=https://1password.com/product/device-trust |url-status=live |archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust |archive-date=2025-10-30 |access-date=2025-10-21 |website=1Password}}</ref><ref>{{Cite web |title=XAM: Extended Access Management |url=https://1password.com/extended-access-management |url-status=live |archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management |archive-date=2025-10-20 |access-date=2025-10-21 |website=1Password}}</ref>  especially for secret management for software development (e.g., SSH keys, authentication tokens, API keys, etc.).{{CitationNeeded}} <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look -->
+Subscription based, has a strong emphasis on enterprise credential management,<ref>{{Cite web |title=1Password Device Trust |url=https://1password.com/product/device-trust |url-status=live |archive-url=https://web.archive.org/web/20251030021959/https://1password.com/product/device-trust |archive-date=2025-10-30 |access-date=2025-10-21 |website=1Password}}</ref><ref>{{Cite web |title=XAM: Extended Access Management |url=https://1password.com/extended-access-management |url-status=live |archive-url=https://web.archive.org/web/20251020062352/https://1password.com/extended-access-management |archive-date=2025-10-20 |access-date=2025-10-21 |website=1Password}}</ref>  especially for enterprise secret management (e.g., SSH keys, authentication tokens, API keys, etc.).<ref>{{Cite web |title=1Password for SSH & Git {{!}} 1Password Developer |url=https://developer.1password.com/docs/ssh/ |url-status=live |archive-url=https://web.archive.org/web/20260202024518/https://developer.1password.com/docs/ssh/ |archive-date=2026-02-02 |access-date=2026-02-10 |website=1Password Developer}}</ref><ref>{{Cite web |title=1Password for VS Code {{!}} 1Password Developer |url=https://developer.1password.com/docs/vscode/ |url-status=live |archive-url=https://web.archive.org/web/20260208113329/https://developer.1password.com/docs/vscode/ |archive-date=2026-02-08 |access-date=2026-02-10 |website=1Password Developer}}</ref><ref>{{Cite web |title=1Password Developer Watchtower {{!}} 1Password Developer |url=https://developer.1password.com/docs/watchtower/ |url-status=live |archive-url=https://web.archive.org/web/20260126204826/https://developer.1password.com/docs/watchtower/ |archive-date=2026-01-26 |access-date=2026-02-10 |website=1Password Developer}}</ref><ref>{{Cite web |title=1Password SDKs {{!}} 1Password Developer |url=https://developer.1password.com/docs/sdks/ |url-status=live |archive-url=https://web.archive.org/web/20260126204850/https://developer.1password.com/docs/sdks/ |archive-date=2026-01-26 |access-date=2026-02-10 |website=1Password Developer}}</ref><ref>{{Cite web |title=1Password Developer |url=https://developer.1password.com/ |url-status=live |archive-url=https://web.archive.org/web/20260126204759/https://developer.1password.com/ |archive-date=2026-01-26 |access-date=2026-02-10 |website=1Password Developer}}</ref> <!-- A skim through the product pages, I couldn't find this particular mention. It's probably somewhere, though and that the problem is I don't understand the technology to know where to look --><!-- I've Given a bunch of citations which could fit. Cut out what you think is irrelevant or keep it all. - L4C -->
 ===Market control===
@@ Line 36: / Line 37: @@
 On September 28, 2023, the Okta Help Center suffered a security incident. During the breach, the attackers were able to extract sensitive data from the customer support system.<ref>{{Cite web |last=Bradbury |first=David |date=2023-11-29 |title=October Customer Support Security Incident - Update and Recommended Actions |url=https://sec.okta.com/articles/october-security-incident-recommended-actions/ |url-status=live |archive-url=https://web.archive.org/web/20240720042135/sec.okta.com/articles/october-security-incident-recommended-actions/ |archive-date=2024-07-20 |access-date=2026-01-05 |website=Okta Security}}</ref>
-Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web |last=Canahuati |first=Pedro |date=2023-10-23 |title=Okta Support System incident and 1Password |url=https://blog.1password.com/okta-incident/ |url-status=live |archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>https://blog.1password.com/files/okta-incident/okta-incident-report.pdf</ref> <!-- An archived copy is available at https://consumerrights.wiki/images/1/12/Okta-incident-report.pdf by clicking the below picture, but I'm not sure it's the most intuitive way to access it for whoever CRW will be presented to as evidence as it requires clicking twice. Maybe I'm overthinking this... -raster  -->
+Password, which uses an Okta instance, published a blog post disclosing an internal investigation of the breach.<ref>{{Cite web |last=Canahuati |first=Pedro |date=2023-10-23 |title=Okta Support System incident and 1Password |url=https://blog.1password.com/okta-incident/ |url-status=live |archive-url=https://web.archive.org/web/20250905070945/https://blog.1password.com/okta-incident/ |archive-date=2025-09-05 |access-date=2025-09-05 |work=1Password Blog}}</ref> According to their disclosure, the attackers' actions triggered an email to a member of the IT team who acted swiftly to contain the breach. The company reported that no user data was exfiltrated or decrypted.<ref>{{Cite web |date=2023-10-27 |title=Security incident report |url=https://blog.1password.com/files/okta-incident/okta-incident-report.pdf |archive-url=https://web.archive.org/web/20250920201057if_/https://blog.1password.com/files/okta-incident/okta-incident-report.pdf |archive-date=2025-09-20 |access-date=2026-01-23 |website=1Password Blog}}</ref>
-<gallery>
-File:Okta-incident-report.pdf|PDF document report of the breach (click twice to open)
-</gallery>
 ==See also==