Passkeys, which use biometrics for authentication, are gaining traction as a more secure alternative to traditional passwords. 1Password reports significant growth in passkey adoption, with over 4.2 million passkeys saved and 206 companies offering passkey login options. Despite this progress, widespread adoption depends on more services supporting passkeys. Users are encouraged to use password managers to store both passwords and passkeys securely.
1Password and Google are advocating for the adoption of passkeys, a more secure and user-friendly alternative to traditional passwords. Passkeys, which are based on FIDO and WebAuthn standards, offer enhanced security by using a public-private key system that is resistant to phishing and hacking. Adoption of passkeys is growing, with 1Password reporting significant increases in usage among its users and major companies like Amazon and Walmart implementing them. Despite their advantages, widespread adoption is hindered by users' familiarity with passwords, necessitating public education on passkey benefits.
1Password is investigating reports of users unable to log in to the app, with issues impacting sign-ins to the web interface in Europe, the US, Canada, and elsewhere. Problems with sign-in, syncing items across devices, and saving passwords are affecting users in all regions, but the outage may be receding as reports on Downdetector show a decline.
Password manager 1Password is expanding its passkey beta program to the public, allowing users to secure their accounts with a passkey instead of a master password or secret key. Passkeys utilize public-key cryptography, with a private key kept secure and encrypted, and a public key stored on the company's servers for authentication. This method offers a safer and easier way to protect login credentials. The feature is currently available for new accounts only, but will be extended to existing accounts next year.
1Password confirms that it was targeted by cyber criminals following a breach of Okta's systems. The attack was detected when an email was received indicating an order for a report of all 1Password admins, which was not authorized. The investigation found that the attacker accessed 1Password's Okta instance with admin privileges but did not exfiltrate data or access other systems. The attacker attempted to lay low and gather intelligence for a potential future attack. 1Password has taken measures to secure its systems and protect user data. This incident is part of a larger campaign targeting high-profile customers of Okta, including BeyondTrust and Cloudflare.
Cloudflare and 1Password have reported that their systems were briefly targeted by hackers following a recent breach of Okta's support unit. However, both companies stated that the incidents did not impact their customer systems or user data. Okta confirmed that about 1% of its corporate customers were affected by the breach, which involved the theft of files containing sensitive user credentials. Cloudflare and 1Password both revealed that the hackers used session tokens stolen from Okta's support unit to gain limited access to their systems. Okta's stock price dropped over 11% following news of the breach.
Password management solution 1Password detected suspicious activity on its Okta instance following a support system breach, but confirmed that no user data was compromised. The breach involved a threat actor attempting to access an IT team member's user dashboard and manipulating authentication flows. 1Password has implemented additional security measures, including denying logins from non-Okta IDPs and tightening multi-factor authentication rules. The incident shares similarities with a known campaign targeting super admin accounts. Okta recently disclosed a breach where threat actors stole sensitive HAR files, impacting about 1% of its customer base.
Password management platform 1Password experienced a security incident after hackers gained access to its Okta ID management tenant. The breach, linked to Okta's support system breach, involved threat actors compromising an IT employee's credentials and attempting to manipulate authentication flows. 1Password confirmed that no user data was accessed, but has taken steps to enhance security measures, including credential rotation and tighter rules on multi-factor authentication for administrative users.
Password manager 1Password has announced the general availability of passkey support, a new login technology that replaces passwords with authentication systems built into a user's own device. Users can now create, manage, and sign in to supported websites with passkeys via 1Password's mobile apps and web browser extensions. The update does not yet include the ability to replace the master password with a passkey, but that feature is expected to arrive later this year. Passkeys work by utilizing the device's authentication methods, such as Face ID or fingerprint sensors, and are built on WebAuthn technology. While passkeys are stored on the device, backup options are available in case of loss or damage. Other password managers and platforms have also added passkey support, but 1Password's Universal Sign On is touted as superior due to its cross-platform compatibility and syncing capabilities.
1Password, a popular password manager available across multiple platforms, can now be downloaded directly from the Microsoft Store. This move enhances the platform's security as Microsoft subjects applications to thorough scrutiny before adding them to the store. 1Password allows users to create, store, and autofill login credentials across devices, and offers features such as sharing individual items, organizing stored items, receiving security alerts, and more. The platform aims to improve security practices, particularly among burned-out employees who may neglect security policies.
1Password has launched public beta versions of its browser extensions for Safari, Chrome, Firefox, Edge, and Brave, adding passkey support for the web. The company has been working on full passkey support since it was first announced by the FIDO Alliance, and has been instrumental in helping websites adopt the more secure authentication standard with its Passage developer tool. Through its Watchtower feature, 1Password will also notify users when websites they use have been updated to support passkey.
Password manager 1Password has launched its public beta for passkeys, a new login technology that allows users to replace passwords with authentication systems built into their devices. Passkeys are a new type of passwordless login technology developed by the FIDO Alliance, designed to provide better security and convenience compared to traditional passwords and user verification methods like 2FA or SMS. Passkeys allow users to replace traditional passwords when logging into websites and services with their device’s own authentication methods.
1Password has launched Passage, a developer resource to add passkey support to apps and websites with just a few lines of code. Passage includes two different tools: Passkey Complete and Passkey Flex. Passkey Complete completely replaces the existing authentication flow or builds from scratch with a robust solution for passwordless authentication and customer identity management. Passkey Flex upgrades the existing authentication flow so users have the flexibility to sign in with passkeys or their traditional username and password. Pricing is based on the website/app's needs.
Password manager 1Password has launched Passage by 1Password, a service that enables businesses to integrate passkey authentication into their apps and websites without having to maintain their own security infrastructure. The service includes two products: Passkey Complete and Passkey Flex, which are free for up to 1,000 monthly active users. Passkeys are a biometric-based login solution that can replace passwords and verification systems like two-factor authentication or SMS verification entirely, providing better protection against hacking and phishing attacks.
1Password has officially added support for passkeys, allowing users to manage passkeys for services where they have them set up, making accounts even safer against malicious actors. Passkeys remove the step of entering a password from the login process of a website or service, replacing it completely with in-device authentication. Passkeys are not yet available on the mobile version of 1Password, but users can download the beta version of the browser extension to try them out.
