Overview
- The extension withholds autofill on non-matching URLs and now displays a pop-up before users paste credentials into those pages.
- 1Password began rolling out the feature on Jan. 22, with availability expected to reach all users over the next several weeks.
- It is enabled by default for individual and family plans, while business deployments require admins to turn it on in the Admin Console under Authentication Policies.
- 1Password and security outlets caution the alert can be bypassed, so organizations should pair it with MFA, unique passwords, and ongoing phishing training and reporting.
- The launch responds to increasingly convincing AI-enabled scams, with company research finding 89% of Americans encountered phishing and 61% surrendered credentials at least once.