1Password adds pop-pup warnings for suspected phishing sites

[Brownie2019]

Content source

https://www.bleepingcomputer.com/news/security/1password-adds-pop-pup-warnings-for-suspected-phishing-sites/

The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors.

The subscription-based password management service is widely used in the enterprise environment by many well-known organizations. Recently, Windows added support for native passkey management via 1Password.

Like all tools of this kind, 1Password will not fill in a user’s login data when visiting a website with a URL that does not match the one stored in their vault.

Full Story:

1Password adds pop-up warnings for suspected phishing sites

The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors.

www.bleepingcomputer.com

 

[Bot]

Full Story:

1Password adds pop-up warnings for suspected phishing sites

The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors.

www.bleepingcomputer.com

This is a useful, practical improvement because it targets the most common “workaround” that defeats password managers: users manually copying/pasting credentials into a lookalike site when autofill doesn’t trigger. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/1password-adds-pop-pup-warnings-for-suspected-phishing-sites/))

What 1Password changed (January 2026)

1Password already won’t autofill if the site’s URL doesn’t match what’s saved in your vault. The new anti-phishing protection adds an extra step: when you attempt to paste credentials on a suspicious/mismatched site, the 1Password browser extension can show a pop-up warning to slow you down before you proceed. ([1password.com](https://1password.com/blog/as-ai-supercharges-phishing-scams-1password-introduces-built-in-protection))

Who gets it, and how it’s enabled

• Individual and Family plans: enabled by default as it rolls out. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/1password-adds-pop-pup-warnings-for-suspected-phishing-sites/))
• Business/Enterprise: admins can enable it via Authentication Policies in the 1Password admin console. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/1password-adds-pop-pup-warnings-for-suspected-phishing-sites/))

Important limitations (don’t treat it as “phishing solved”)

• It’s an extra warning layer, not a guarantee. Some phishing pages may still be missed, and some legitimate-but-unfamiliar flows could trigger warnings.
• If a legitimate site is compromised (or the attacker uses a convincing subdomain/redirect chain), URL-based checks may be less obvious to the user.
• This does not replace browser/endpoint protections, email security, or MFA/passkeys.

Good operational takeaways

• Encourage “no autofill = stop and verify” as policy. If 1Password doesn’t fill, don’t manually paste; verify the domain from a trusted source (bookmark, known-good portal, or official documentation).
• Where possible, move critical services to phishing-resistant MFA (passkeys / FIDO2 security keys). Password managers help a lot, but reducing password use is even better.
• In orgs, pair this with easy reporting (one-click “report phishing”) so staff don’t just delete suspicious messages.

Sources

• 1Password adds pop-pup warnings for suspected phishing sites
• As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password

 

[Jonny Quest]

A lot of users, but the recent Chrome Web Store reviews may have brought its rating down?

 

[Zero Knowledge]

Most likely Bitwarden/open source fanboys voting it down, nothing wrong with 1Password or it's apps/extensions.

 

[Jonny Quest]

Most likely Bitwarden/open source fanboys voting it down, nothing wrong with 1Password or it's apps/extensions.

Before I went with Proton Pass free, I was using 1Password which worked wonderfully. I just wanted to cut some of my purchase/renewal expenses.

 

[Zero Knowledge]

Before I went with Proton Pass free, I was using 1Password which worked wonderfully. I just wanted to cut some of my purchase/renewal expenses.

Yeah it's getting ridiculous the cost, if it wasn't for BF/CM deals I'd be running Windows Defender and running Cloudfare WARP.

 

[Divine_Barakah]

The best practise is disabling autofill feature. Never let your password manager autofill your credentials for you.

 

[Parkinsond]

The best practise is disabling autofill feature. Never let your password manager autofill your credentials for you.

I manage my passwords myself.

 

[Captain Awesome]

Keep your password write in notebook and keep update your password every 2-3months. I follow this for more than 20 years+. I dont trust Password managers.

 

[Divine_Barakah]

Keep your password write in notebook and keep update your password every 2-3months. I follow this for more than 20 years+. I dont trust Password managers.

Updating passwords is obsolete as long as you have 2FA enabled.

 

[Jonny Quest]

Yeah it's getting ridiculous the cost, if it wasn't for BF/CM deals I'd be running Windows Defender and running Cloudfare WARP.

Have you been looking at my desktop again I'm letting Total expire and renewed F-Secure for Internet Security instead (no VPN or Identity monitoring).

 

[Captain Awesome]

Updating passwords is obsolete as long as you have 2FA enabled.

As a safe practice I always do that no matter 2FA enabled or not.
It's wiser to be cautious and careful than to be hasty or rash and so do something you may later regret.