Security and privacy

Security audits of 1Password

1Password products have been reviewed by multiple independent security firms.

1Password is periodically assessed to make sure it remains a secure way for you to share all your secrets. These unaltered reports provide insight into how independent auditors view the security of our products.

We might not publish a report if we’ve recently published a report with the same or broadly similar scope. We also might hold back a report if it’s about an unreleased feature. Though we aren’t able to publish every audit, we aim to publish as many as we can.

If you have a concern, contact the 1Password Security team. 1Password doesn’t make any assurances about responses to issues.

Penetration tests

1Password regularly requests auditors to perform penetration tests on its products and services.

Secfault Security1Password Annual PentestSummer 2023Report
Secfault Security1Password CLIMay 2023Report
Recurity Labs1Password Secrets AutomationMay 2023Report
Recurity Labs1Password CLIDecember 2022Report
Recurity Labs1Password SCIM BridgeDecember 2022Report
Recurity Labs1Password Events Reporting APIDecember 2022Report
Secfault Security1Password 8 for MacNovember 2022Report
Cure531Password 8 for iOS and AndroidOctober 2022Report
Secfault Security1Password Unlock with SSOSeptember, November 2022Report
Recurity Labs1Password 8 for WindowsAugust 2022Report
Recurity LabsService accounts with 1Password CLIJuly 2022Report
Secfault Security1Password in the browserJune 2022Report
Recurity LabsWeb-based componentsApril, May 2022Report
Secfault SecurityUniversal Autofill in 1Password 8 for MacApril 2022Report
Cure531Password 7 for iOS and AndroidMarch 2022Report
Secfault SecurityDeveloper toolsMarch 2022Report
Cure531Password 8 for Mac, Windows and LinuxDecember 2021Report
Cure53Web-based componentsOctober 2021Report
Cure53AutomationsJune 2021Report
Cure53Web-based componentsOctober 2020Report


1Password is SOC 2 type 2 certified. SOC, or Service Organization Control, is an independent auditing process that makes sure that 1Password securely manages data to protect customers’ interests and privacy. You can find a copy of the SOC 2 report on 1Password’s Conveyor profile.

Learn more about SOC 2 certification of 1Password.


Bugcrowd, Inc. is engaged in an ongoing, private bug bounty program targeting the 1Password service and web-application. Testers are provided with details of the API. Check out the program details.

This program is currently open to the public and has received submissions from hundreds of unique researchers. Issues submitted range in scope and severity. Despite the presence of findings no user secrets were at risk.

Full details are available in the Bugcrowd security review  


Independent Security Evaluators (ISE) was engaged to perform a penetration test and code review of the 1Password system. The assessment was performed during April and June, 2020.

Full details are available in the ISE security assessment report  


Onica was engaged to perform an assessment and audit of existing 1Password security architecture, infrastructure configurations, tools, and practices.

The review of the current AWS environments showed evidence that the AgileBits teams have undertaken significant research and gained a solid understanding of best practices from a platform level. The fundamentals of security best practices are being executed in the implementation.

Full details are available in the Onica security audit report  

Learn more

Still need help?

If this article didn't answer your question, contact 1Password Support.