In 1Password for Linux, system authentication lets you unlock 1Password the same way you log in to your Linux user account.
With system authentication turned on, you can unlock 1Password with:
- your Linux user password, instead of your 1Password account password
- your fingerprint or other biometrics
- a security key
If you have more than one 1Password account, system authentication also lets you unlock multiple 1Password accounts at the same time, even if they have different passwords.
Set up system authentication
To set up system authentication:
- Open and unlock 1Password.
- Click the account or collection at the top of the sidebar and choose Settings. Then click Security.
- Select “Unlock using system authentication”.
- Lock 1Password, then unlock it using your 1Password account password.
Now you can use system authentication to unlock 1Password. But don’t forget your account password. Sometimes you’ll need to enter it instead of using system authentication.
Use system authentication
After setting up system authentication, open 1Password. If 1Password is locked, you’ll see an authentication prompt. To unlock 1Password, authenticate your user account.
If you don’t see the authentication prompt, click the fingerprint icon on the lock screen.
Get help if you don’t see the fingerprint icon.
About system authentication security
System authentication uses access control mechanisms built into your Linux user account. It relies on two Linux standards: polkit and PAM (Pluggable Authentication Modules). Together they provide a secure authentication service:
- a polkit action to unlock 1Password is registered in
- a PAM user authentication challenge according to the configuration in
When system authentication is turned on, 1Password for Linux creates a secret for each unlocked 1Password account. This secret can be used to unlock the account again if you pass a user authentication challenge.
The secret is not saved to disk and can’t be read by unprivileged processes. It stays in the memory while 1Password is running (including when it runs in the system tray) and is lost when you quit 1Password.
By delegating authentication to PAM, 1Password inherits support for any authentication method used by your Linux user account, including biometric authentication. 1Password does not store or access biometric data or other authentication secrets associated with your Linux user account.
Sometimes you’ll still need to enter your 1Password account password instead of using system authentication:
- If you’re turning on system authentication for the first time
- If your fingerprint or other system authentication method isn’t recognized
- If you’ve restarted 1Password, including after updating 1Password or restarting your computer
If you still need help, follow these steps. Try again after each step:
- Make sure you have the latest version of 1Password.
- Make sure that you are able to use system authentication to unlock your computer.
- Turn off system authentication in Settings > Security, then turn it back on again.