1Password has introduced a new security feature designed to reduce the risk of phishing attacks by warning users before they enter credentials on suspicious websites.
The update adds visible pop-up alerts when users visit URLs that appear risky, including domains that closely resemble legitimate sites but may be controlled by attackers.
Why 1Password Added The Warnings
Password managers already offer some built-in phishing protection by refusing to autofill credentials on websites that do not match saved login URLs. However, this protection is not foolproof.
Users may still manually enter credentials if they believe the password manager failed to load correctly or if the domain name looks convincing at a glance. Typosquatted domains, which rely on subtle spelling differences, remain especially effective at bypassing user awareness.
According to 1Password, this gap is large enough to justify an additional warning layer.
How The New Alerts Work
When a potentially malicious page is detected, 1Password displays a pop-up warning that prompts users to slow down and double-check the site before continuing. The alert does not block access outright but aims to interrupt risky behavior at the moment it matters most.
The feature is enabled automatically for Individual and Family plan users. Business and enterprise customers can enable it through Authentication Policies in the 1Password admin console.
Phishing Remains A Widespread Problem
1Password says the change is a response to the growing effectiveness of phishing campaigns, especially those assisted by AI tools that help attackers scale and polish their scams.
In a survey conducted by the company, more than 60 percent of respondents said they had been successfully phished at least once. Three out of four admitted they do not routinely check URLs before clicking links. In workplace environments, password reuse and unreported phishing attempts remain common.
These behaviors increase the risk of account compromise, even when technical safeguards are in place.
A Small Change With Practical Impact
The new warning system does not replace existing protections, but it adds a timely visual signal that many users were previously missing. By calling attention to suspicious domains before credentials are entered, 1Password is attempting to reduce mistakes caused by habit, haste, or overconfidence.
The feature is rolling out now and does not require manual activation for most personal users.