Your data is safe in 1Password. Fundamental design choices were made to protect everything you store in 1Password so you can trust it with your passwords, financial information, and more. 1Password protects you and your information in three different ways:
- End-to-end encryption leaves the keys in your hands – and nowhere else.
- Smart features limit your exposure to threats outside 1Password.
- Full transparency makes sure 1Password can be and is audited by experts.
1Password security begins with your Master Password. It’s used to encrypt your data, so no one but you can read it. It’s also used to decrypt your data when you need it. Your password is never shared with anyone, even us at AgileBits, which means that you’re the only person who can unlock your 1Password vaults and access your information. Here’s how 1Password secures your data – and the password used to protect it – from all kinds of attacks:
End-to-end encryption. Everything in your 1Password account is always end-to-end encrypted. This makes it impossible for someone to learn anything by intercepting your data while it’s in transit or even obtaining it from AgileBits.
256-bit AES encryption. Your 1Password data is kept safe by AES-GCM-256 authenticated encryption. The data you entrust to 1Password is effectively impossible to decrypt.
Secure random numbers. Encryption keys, initialization vectors, and nonces are all generated using cryptographically secure pseudorandom number generators.
PBKDF2 key strengthening. 1Password uses PBKDF2-HMAC-SHA256 for key derivation which makes it harder for someone to repeatedly guess your Master Password. A strong password could take decades to crack. Learn more about how PBKDF2 strengthens your Master Password.
A secret Master Password. Your Master Password is never stored alongside your 1Password data or transmitted over the network. Taking this precaution is a bit like making sure the key to a safe isn’t kept right next to it: Keeping the two separate makes everything more secure. The same principle applies here.
Secret Key. The data in your 1Password account is protected by your 128-bit Secret Key, which is combined with your Master Password to encrypt your data. Learn more about your Secret Key.
Security doesn’t end with encryption. 1Password was designed to protect your data in other ways, too, whether it’s by automatically clearing your clipboard or making sure your Master Password can’t be stolen. Here are just some of the other ways 1Password keeps your data safe:
Clipboard management. 1Password can be set to automatically remove passwords from your clipboard. This prevents anyone from gaining access to your data by pasting a password you copied and forgot about. It also means that tools that save your clipboard history don’t store your secrets.
Code signature validation. 1Password verifies that your browser has been signed by an identified developer before filling your sensitive information. This protects you if your browser is tampered with, or if you try to use a browser that hasn’t been proven secure.
Auto-lock. 1Password can automatically lock to make sure that no one can access your data when you’re away from your desk or after closing the lid on your laptop. Learn how to set 1Password to lock automatically.
Secure input fields. 1Password uses secure input fields to prevent other tools from knowing what you type in the 1Password apps. This means that your personal information, including the password for your 1Password account, is protected against keyloggers.
Watchtower vulnerability alerts. 1Password can warn you when a website has been hacked – without ever sending AgileBits a list of the websites you visit. Learn more about how Watchtower protects your privacy.
Phishing protection. 1Password only fills passwords on the sites where they were saved. No one can steal your password by pretending to be a site you trust.
Your input, required. 1Password only displays or fills data when you tell it to. Whether you’re revealing a password or filling your shipping address in your browser, your personal information is never displayed or filled without your command.
Biometric access. You can unlock 1Password with your fingerprint on your Mac with Touch ID, iPhone, iPad, and Android devices. This makes accessing your information more convenient, and also means that someone can’t learn your Master Password by peering over your shoulder. Learn more about biometric security on Mac, iOS, and Android.
Secure Remote Password (SRP). Most websites send your password to a server when you try to sign in, leaving it vulnerable to interception. Your 1Password account uses the SRP protocol to authenticate your login details without sending your password over the internet, so it can’t be stolen while it’s in transit. Learn more about Secure Remote Password.
1Password wasn’t built in a vacuum. It was developed on top of open standards that anyone with the right skills can investigate, implement, and improve. Open tools are trusted, proven, and constantly getting better. Here’s how 1Password respects the principles behind the open tools on which it relies:
Open data formats. 1Password uses two open data formats for all your information. These data formats are available to anyone who wants to examine them to prove that they do what they say they do. Learn more about the designs of OPVault and Agile Keychain.
Trusted encryption algorithms. 1Password uses algorithms that experts have examined and verified to keep information secure.
Straightforward export tools. 1Password includes simple export tools that make it easy to move information out of 1Password. Your data is yours, and you can leave if ever you choose to. Learn more about how to export data from 1Password.
- About 1Password and your privacy
- About 1Password browser permissions
- How to keep your 1Password account secure
- How Secure Remote Password protects your 1Password account
- 1Password Security Design White Paper
If you have a security concern, contact 1Password Support with more information.