Get started

Use system authentication to unlock 1Password on your Linux computer

Learn how to set up and use system authentication to unlock 1Password on your Linux computer.

In 1Password for Linux, system authentication lets you unlock 1Password the same way you log in to your Linux user account.

With system authentication turned on, you can unlock 1Password with:

  • your Linux user password, instead of your 1Password account password
  • your fingerprint or other biometrics
  • a security key
1Password for Linux lock screen with fingerprint icon

If you have more than one 1Password account, system authentication also lets you unlock multiple 1Password accounts at the same time, even if they have different passwords.

Set up system authentication

To set up system authentication:

  1. Open and unlock 1Password.
  2. Click your account or collection at the top of the sidebar and choose Settings.
  3. Click Security, then turn on “Unlock using system authentication”.
  4. Click your account or collection at the top of the sidebar and choose Lock.
  5. Enter your account password to unlock the app.

Now you can use system authentication to unlock 1Password. But don’t forget your 1Password account password. Sometimes you’ll need to enter it instead of using system authentication.

Use system authentication

After setting up system authentication, open 1Password. If 1Password is locked, you’ll see an authentication prompt. To unlock 1Password, authenticate your user account.

If you don’t see the authentication prompt, click the fingerprint icon on the lock screen.

Get help if you don’t see the fingerprint icon.

Authenticate to unlock 1Password

About system authentication security

System authentication uses access control mechanisms built into your Linux user account. It relies on two Linux standards: polkit and PAM (Pluggable Authentication Modules). Together they provide a secure authentication service:

  • a polkit action to unlock 1Password is registered in /usr/share/polkit-1/actions/com.1password.1Password.policy
  • a PAM user authentication challenge according to the configuration in /etc/pam.conf

When system authentication is turned on, 1Password for Linux creates a secret for each unlocked 1Password account. This secret can be used to unlock the account again if you pass a user authentication challenge.

The secret is not saved to disk and can’t be read by unprivileged processes. It stays in the memory while 1Password is running (including when it runs in the system tray) and is lost when you quit 1Password.

By delegating authentication to PAM, 1Password inherits support for any authentication method used by your Linux user account, including biometric authentication. 1Password does not store or access biometric data or other authentication secrets associated with your Linux user account.

Get help

Sometimes you’ll still need to enter your 1Password account password instead of using system authentication:

  • If the amount of time in Settings > Security > “Require password” has elapsed
  • If you’re turning on system authentication for the first time
  • If your fingerprint or other system authentication method isn’t recognized
  • If you’ve restarted 1Password, including after updating 1Password or restarting your computer

If you still need help, follow these steps. Try again after each step:

  1. Make sure you have the latest version of 1Password.
  2. Make sure that you are able to use system authentication to unlock your computer.
  3. Turn off system authentication in Settings > Security, then turn it back on again.

Still need help?

If this article didn't answer your question, contact 1Password Support.

Published: