To confirm the authenticity of 1Password, the app and all its updates are digitally signed and offered exclusively through the official app store for your operating system or the 1Password downloads page. Always get 1Password updates from one of these sources, and always check these sources to make sure that you have the latest version.
App store downloads and updates are automatically verified
The digital signature of the 1Password app is automatically verified before installation:
- If you install 1Password or an update from the official app store* for your operating system
- If 1Password updates itself
* Official app stores include: Mac App Store, iOS App Store, and Google Play.
Manual downloads are partially verified by your operating system
If you manually download 1Password from the 1Password downloads page, your operating system will verify that it comes from a known developer and hasn’t been tampered with.
To confirm that the installer is authentic
To confirm that the installer is authentic, you can verify the digital signature before installation.
Double-click the 1Password package (.pkg) file to open the installer. If you see “This package will run a program to determine if the software can be installed”, click Continue. This will not begin the installation.
Click the lock icon in the top right corner of the installer window. If you don’t see the lock icon, the package is unsigned, and you shouldn’t install it.
Select “Developer ID Installer: AgileBits Inc. (2BUA8C4S2C)”. If you see a different developer ID, or the certificate doesn’t have a green checkmark indicating that it’s valid, don’t install the package.
Click the triangle next to “Details” and scroll down.
Make sure that the SHA-256 fingerprint in the installer matches one of the following fingerprints from the current or earlier AgileBits certificate. If they match, the signature is verified; click OK and continue installation.
| SHA‑256 | 60 0C DD 51 9C AE 2C FF BB BB 8A DB 62 14 3E C9 E3 D8 67 48 42 DA 98 BB 02 39 36 5D 1D B9 0C 99 | | SHA‑256 | 75 74 B9 83 A6 43 7E FB 23 B9 4E B4 BE 19 F5 07 35 20 40 DB 2D 4F 99 3D 22 DA C7 6B 3B 1C 85 FF | | SHA‑256 | 82 F8 EB 3E A3 EF 22 E0 F9 08 89 19 74 6A C6 8F 74 44 34 C6 1A 05 14 A0 74 A4 F3 5A 0C 4F 46 81 |
The installer automatically verifies the files in the package. If any file has an issue, installation stops without changes to your system, and you’ll see a message that the installer encountered an error.
Right-click the 1Password setup executable (.exe) file and choose Properties.
Select the Digital Signatures tab.
Select “AgileBits Inc.” and click Details. If you see a different signer, or the installer isn’t signed, don’t install the app.
Click View Certificate. If you don’t see “This digital signature is OK”, the digital signature of the app is invalid, and you shouldn’t install it.
Select the Details tab and scroll down.
Make sure that the thumbprint in the installer matches one of the following thumbprints from the current or earlier AgileBits certificate. If they match, the signature is verified; install the app.