The information you store in 1Password is encrypted, and only you hold the keys to decrypt it. 1Password is designed to protect you from breaches and other threats, and we work with other security experts to make sure our code is rock solid. We can’t see your 1Password data, so we can’t use it, share it, or sell it.
Only you have access to your 1Password data.
Your 1Password data is end-to-end encrypted to keep it safe at rest and in transit. Our security recipe starts with AES 256-bit encryption, and we use multiple techniques to make sure only you have access to your information.
Your Account Password protects your data on your devices.
Only you know your Account Password: it’s never stored alongside your data or sent over the network. It protects your data if someone has access to your device.Learn more
Your Secret Key protects your data off your devices.
Your Secret Key is created locally on your device. It’s combined with your Account Password to authenticate you with our server and encrypt your 1Password data.Learn more
Secure Remote Password protects your data in transit.
Your 1Password account uses SRP to authenticate your credentials without sending them over the Internet. It also encrypts all traffic sent to our server.Learn more
1Password is private by design.
All data saved in your vaults is end-to-end encrypted using secrets that only you know.
We only collect the information necessary to provide our services and build you a better 1Password.
1Password protects you from breaches and other threats.
1Password security begins with encryption, and we’ve taken additional steps to limit your exposure to threats outside of 1Password.
Alerts you to security breaches
Watchtower alerts you about password breaches and other security problems with your 1Password items.
Protects you from phishing
You can fool a human, but you can’t fool 1Password. It only fills your account details on the sites where you saved them.
Only works in verified browsers
1Password only fills your details after it verifies that your browser has been signed by an identified developer.
Removes secrets from your clipboard
To prevent people or clipboard tools from learning your secrets, 1Password regularly removes item details from the clipboard.
1Password securely fills credentials directly into websites, so you don’t have to type or paste your password.
Always requires your input
To protect your data from shoulder surfers and browser-based attacks, 1Password only displays or fills data when you tell it to.
We describe our security design in our white paper.
We’ve documented our entire security design for experts to review. Here are just a few of the processes we cover:
- Tamper-proof, authenticated encryption
- Brute-force protection with PBKDF2
- Secure vault sharing
- Account recovery
We use open standards that are scrutinized by the experts.
1Password wasn’t built in a vacuum. It was developed on top of open standards that anyone with the right skills can investigate, implement, and improve. We collaborate with other security experts to make sure 1Password is rock solid.