Every design decision in 1Password begins with the safety and privacy of your data in mind. It takes a combination of policy, innovative thinking, and a deep respect for your right to privacy.
Security is not just a feature. It’s our foundation.
Encrypted from End to End.
Every time you use 1Password, your data is encrypted before a single byte ever leaves your devices. Your encryption keys are protected by your Master Password, so only you have the keys to unlock your secrets.
Encrypted Once. Twice. Thrice.
Our security recipe starts with AES-256 bit encryption and uses multiple techniques to protect your data at rest and in transit.
Not just the password you use to unlock your vault, it also plays a key role in encryption. Only you know your Master Password and it is not stored anywhere.
Also a star player in key derivation, this unique 128-bit identifier is generated locally. Only you have your Secret Key and it never leaves your devices.
Secure Remote Password
A zero knowledge protocol that encrypts all traffic over the network. It also verifies the authenticity of the remote server before sending your information over TLS/SSL.
Secret Key: Better than Two Factor.™
Security professionals recommend using multiple authentication factors: “something you know”, like your password, and “something you have”, like an authenticator app on your phone.
The Secret Key takes this idea to the next level. It doesn’t just authenticate you with our servers; it also plays a direct role in encrypting your data. That’s important, because it strengthens your Master Password exponentially. And since it never gets sent to us, your Secret Key can’t be reset, intercepted, or evaded.
Trusted. Fast. Performant. Safe.
1Password is built with modern, open source libraries and industry-proven solutions. So you get lightning-fast performance, a technology stack you can trust, and top-notch reliability.
1Password runs on Amazon Web Services, the largest and most secure infrastructure provider on the planet. Alongside great scalability and high availability, AWS also enables us to use KMS Hardware Encryption to further harden your SRP Verifier.
WebCrypto: Setting New Standards.
1Password is the first and only password manager to use WebCrypto, the next generation standard from the W3C.
WebCrypto provides direct access to the system’s secure random number generator, making truly secure cryptography possible in the browser for the first time.
And did we say it’s fast? WebCrypto is over 10x faster than traditional crypto libraries, so you don’t have to wait to get first-class security.
Lock up your data, but don't get locked in.
We believe security shouldn't be proprietary. 1Password only uses standard, documented data formats and encryption methods, so you can import and export your most important information at any time.
Made of strong stuff.
A potent cocktail of AES-256 encryption and PBKDF2 key derivation ensures that no one but you can see into your data. Everything from your passwords to the addresses of your saved websites are fully encrypted whenever you aren't using 1Password.Learn more about 1Password security.
There's a bounty out for bugs.
We have a community of security researchers working hard to make sure 1Password stays the most secure password manager. We are proud to be open and responsible in our hunt for bugs.
Learn about our Bugcrowd program and how to participate.
Transparent, Open Design.
We document our entire encryption design so security experts from across the globe can review it. Here are just a few of the processes we document:
- Tamper-proof, authenticated encryption using AES-GCM mode
- Brute force protection using PBKDF2-HMAC-SHA256
- Secure vault sharing using asymmetric cryptography
- Key creation, derivation, and splitting techniques
We cover all these (and more) in great depth in our white paper. It’s a great read and stuffed with geeky details, illustrations, and fun stories. We highly recommend it.Read the White Paper