1Password Adds Copy-Paste Phishing Protection to Warn on Credential Entry to Lookalike Sites
1Password introduced a new phishing protection capability aimed at stopping users from entering credentials into fraudulent lookalike sites, particularly when users bypass autofill and instead copy/paste passwords. The feature checks whether the site a user is interacting with matches the saved login’s expected URL; if it does not, 1Password can warn the user before credentials are submitted, adding deliberate friction to reduce “momentary lapse” credential theft.
Reporting highlights that phishing kits and AI-assisted site creation are making realistic fake login pages easier to produce at scale, increasing the likelihood of users being tricked into credential entry. 1Password’s approach is to detect URL mismatches (e.g., typosquatted domains) and present an explicit warning/confirmation step when a user attempts to paste credentials into a site that doesn’t align with the vault record; pairing this with multi-factor authentication (MFA) is recommended to further reduce account takeover risk.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
1Password details rollout and admin controls for the new feature
1Password said the protection is planned to be enabled by default for individual and family users when released. For enterprise environments, administrators must turn it on through the Authentication Policy in the 1Password management console.
1Password announces anti-phishing paste/autofill protection
1Password announced a new security layer that checks whether a website’s URL matches the saved login record before allowing autofill or credential pasting. If the domain does not match, the product blocks autofill and shows a warning requiring explicit user confirmation before credentials can be pasted.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
1Password's new anti-phishing feature targets your most inescapable vulnerability - here's how | ZDNET
zdnet.com
Open source1Password’s New "Genius" Defense: A Shield Against the Sneaky Copy-Paste Phishing Trap
securityonline.info
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


