A first step toward post-quantum security

At 1Password, our mission is simple: to protect people’s most critical information, their credentials. At the time of writing this post, I personally have 291 items in my vault, so the long-term confidentiality of this data is critical to myself and every 1Password user. We are thrilled to announce the first major milestone in our post-quantum cryptography (PQC) journey, the successful deployment of PQC on 1Password’s web application. If you’re using a PQC-capable browser, such as Chrome or Firefox, your data is protected today with no action required. 

The threat of a large-scale quantum computer, sometimes referred to as a cryptographically relevant quantum computer (CRQC), is its potential to break the public-key cryptographic algorithms. These algorithms are used in most communication protocols and digital signature schemes. While it's unclear that a quantum computer powerful enough to break the public key cryptography will ever exist, we are not waiting for one before taking action to protect your data. 

“Harvest now, decrypt later” attacks are a practical concern where adversaries intercept and store encrypted traffic today with the intention of decrypting it in the future, once quantum computers become powerful enough. We are putting protections in place now to ensure the long-term confidentiality of our customers’ data well into the future.

This is the first step in our long-term plan to protect customer data and withstand harvest-now, decrypt-later attacks. We will provide updates in the future as we migrate other parts of our infrastructure to support PQC, as we firmly believe that cryptographic designs should be done in the public. 

What we delivered 

We began our PQC rollout where it matters most for long-term confidentiality: internet-facing traffic. When a browser connects to 1Password, it establishes a TLS session using public-key cryptography to negotiate encryption keys. Historically, that key exchange relied solely on classical algorithms like elliptic curve cryptography. While secure against today’s computers, those algorithms may be vulnerable to sufficiently powerful quantum computers.

With this launch, 1Password now supports hybrid post-quantum key exchange (X25519MLKEM768) for all 1Password web application connections. When a compatible browser connects, it negotiates a TLS handshake that combines classical cryptography with a quantum-resistant algorithm (such as ML-KEM). This hybrid approach preserves compatibility while adding protection against future quantum adversaries. This all happens automatically; there are no configuration changes or performance penalties.

How to verify PQC in your browser

If you’re using a modern browser, such as Chrome, you can verify this yourself.

1. Open your browser and navigate to your 1Password account (for example, https://my.1password.com).

2. Under settings, navigate to More Tools -> Developer Tools.

3. Select the Privacy and Security tab.

4. View the Security Overview and note the connection uses X25519MLKEM768

If PQC is being used, you’ll see a hybrid key exchange (X25519MLKEM768).  PQC depends on browser support, so results may vary depending on version and configuration. If you do not see PQC being negotiated, please update your browser and double-check other test websites such as https://pq.cloudflareresearch.com/ 

Conclusion

This milestone represents the first phase of a broader post-quantum roadmap at 1Password. We are focusing on the parts of our architecture that are most at risk of HNDL attacks to preserve long-term confidentiality. We will provide future updates and more technical details as we expand our PQC coverage across our products.  

At 1Password, our responsibility is to protect your data, not just against today’s threats but tomorrow’s as well.