Create and share vaults

Get help

1Password X works on Linux, Chrome OS, Mac, and Windows. It’s available for Chrome and Firefox. The Chrome extension also works in other Chromium-based browsers, like Opera and Brave.

To get help with 1Password X, right-click in your toolbar and choose Get Help.

To share feedback about 1Password X, join the discussion in the 1Password Support forum.

If you use different Master Passwords for additional accounts

When you unlock 1Password X with your Master Password, only accounts with the same password will be unlocked. To unlock an account that has a different password, lock 1Password X, then unlock it using the password for that account. If you’ve turned on integration, unlock 1Password for Mac to view all your accounts in 1Password X.

To ensure you always have access to your accounts, use the same Master Password for all of them. If you signed up for accounts with different passwords, you can change them.

1 KeePass


  • Создание записи.
  • Дублирование записи.
  • Сортировка записей — по столбцам, по тегам.
  • Группы записей — дерево и сортировка.
  • Поиск по записям — быстрый или расширенный.
  • Копирование данных записи — двойной клик по полю для копирования, удаление из буфера обмена скопированной информации через определенный промежуток времени.
  • AutoType для автоматического ввода данных в браузерах и других программах.
  • Хранение дат.
  • Генератор паролей, в том числе, с заданными параметрами.
  • Кнопка блокировки — при повторном входе программа снова запрашивает мастер-пароль.
  • Настройки базы и программы.
  • Смена мастер-пароля.
  • Триггеры.
  • Файлы экспорта: TXT, HTML, XML, CSV.
  • Файлы импорта: 35 форматов.
  • Перенос базы данных.

Общее впечатление: все круто, но внешний вид — явно для любителей олдскула.


AgileBits, we, our, Service Provider
AgileBits Inc., a Canadian company located at Suite 303, 49 Spadina Ave, Toronto, Ontario, M5V 2J1, Canada. Owners and operators of 1Password. As Data Processors, we include AgileBits’ employees and subcontractors appointed by AgileBits.
Data Processor
Data Processor as defined by the GDPR. We and the subprocessors (hosting services, payment processors) we appoint are the Data Processors.
Master Password
A user secret that, along with the user’s Secret Key, is necessary to decrypt Secure Data.
AgileBits staff, staff
Our Directors, employees, and subcontractors
European Union’s General Data Protection Regulation
Decryption transforms encrypted data back to its original form. It cannot be performed without the appropriate cryptographic key.
Encrypt, Encryption
Encryption transforms usable data into a form that conceals all information contained in the original data. This day transformation uses a cryptographic key.
Owner, Organizer
Business and Family accounts, which allow for multiple members, will have Owners or Organizers. Owners and Organizers have some rights over the data belonging to members of the Business or Family.
Personal Data
As defined under the Canadian privacy laws and the GDPR.
Secret Key
A user secret typically stored on the user’s device that is necessary, along with the user’s Master Password to decrypt Secure Data.
Anyone other than us who we have appointed to process customer data. Subprocessors can see no more data than we can see. Examples include our data hosting providers and payment processors.
Supervisory Authority
A local regulator under the GDPR which has the job of seeing that we protect your data properly.
Secure Data
Data encrypted with keys derived from the user’s Master Password and Secret Key. This data cannot be decrypted by AgileBits.
Service Data
Data about a user account, which is available to AgileBits.
You, Data Subject
You are the Data Subject as defined in the GDPR. In general, we are addressing “you” as the Owner or Organizer of an Individual, Family, Team, or Business account.

Change log

  • 2019-07-03:

    Added clarifying language related to GDPR.

  • 2018-10-26:

    We changed our office address.

  • 2018-05-11:

    List GDPR Supervisory Authority.

  • 2018-04-04:

    Typographical error corrected. No change in meaning.

  • 2018-03-15:

    • More explicity include data processing agreement (GDPR)
    • Status of AgileBits contractors and employees wrt to data processing (GDPR)
    • More GDPR terms in the glossary.
    • Open with a statement of purpose of this document
    • Business accounts
    • Explicitly discuss philosophy that customer has rights to their own data (spirit of GDPR)
    • Right of Erasure (GDPR)
    • Right to Access (GDPR)
    • Breach notification (GDPR)
  • 2017-09-07:

    • We clarified how we help you keep your data when we part ways.
    • We also expanded on how your Secure Data is handled on our end.

Создание и управление элементами

Когда вы запустите 1Password, вы увидите список своего избранного (если вы добавили туда элементы). Если вы ещё этого не делали, то вы увидите список категорий, таких как пароли или банковские карты.

Чтобы увидеть список всех своих элементов, нажмите на

, затем выберите Категории и нажмите на Все элементы. Нажмите на элемент, чтобы увидеть подробную информацию:

Чтобы добавить элемент в 1Password, нажмите на и выберите тип элемента, который вы хотите создать. Введите необходимую информацию и нажмите Сохранить.

Чтобы редактировать элемент, нажмите на него и выберите . Как только вы вы внесёте все необходимые изменения, нажмите Сохранить.

Чтобы увидеть элементы одного типа, нажмите на , а затем выберите категорию из списка. Нажмите на Все элементы, чтобы увидеть всё, что находится в данном сейфе.

Restore a backup

  1. Create a folder called on your desktop:

    1. Right-click your desktop and choose New > Folder.
    2. Name the folder .
  2. Open Start, type to search, then press Enter. You’ll see a list of folders, one for each vault 1Password has backed up.
  3. Open the folder for the vault you want to restore. You’ll see a list of .zip files with names corresponding to the date and time of each backup.
  4. Right-click the .zip file you want to restore and choose Extract All.
  5. Click Browse, choose the folder on your desktop, and click Select Folder.
  6. Click Extract. If you see “There is already a file with the same name as the folder name you specified”, contact 1Password Support.

To add the vault to your existing 1Password data, open 1Password and choose 1Password > “Open vault on this PC”.


The file has a similar structure to a band file, and each folder listed has a structure very similar to an item in the band file. For security purposes, it is worth noting that the folder name and the search query for defining a smart folder are encrypted with the overview key. In this version, other than the actual encrypted data, there is no MAC for each folder nor for the list of folders themselves.

Here is a sample entry:

The is encrypted with the overview keys, and contains the name of the folder for ordinary folders.

In this sample, it is clear that this folder was created and last modified at the very beginning of time itself. (Or it was merely created in the pre-beta version of 1Password used to create this data sample.)

Some folders may also contain , indicating that it is a smart folder. The overview in those cases will contain, in addition to its name, a definition of the search predicate used to define the smart folder. The specification of those is still in flux and is not, at this point, expected to be portable.


Attachment files are named with the UUID of the item that they are attached to followed by an underscore and then followed by the UUID of the attachment itself. The file is then given the extension .attachment.

The contents can be divided into four sections.

  1. The header
  2. The meta-data (up to 2^16^ bytes)
  3. The encrypted icon (up to 2^32^ bytes)
  4. The encrypted data (up to 2^32^ bytes)


Counting from zero

Bytes 0-6 The literal
Byte 7 Version (0×01 for this first version)
Bytes 8-9 Metadata size in bytes
Bytes 10-11 Junk
Bytes 12-15 Icon size in bytes


This is then followed by a JSON object containing the meta data (displayed here with whitespace for legibility, but there is no whitespace in the actual attachment file).


And individual item within a band file may look like:

The item is labeled by its UUID which is also one of the elements within the data. The MAC is calculated over all of the items (in C lexicographic order) except for itself and . The folder is excluded because there may be legitimate instances of an item changing its folder when the MAC key is unavailable.


Item category indicates whether the item is a Login (“100”), Secure Note (“003”), Credit Card (“002”), etc. These are three digit decimal numbers.

Category Code
Login 001
Credit Card 002
Secure Note 003
Identity 004
Password 005
Tombstone 099
Software License 100
Bank Account 101
Database 102
Driver License 103
Outdoor License 104
Membership 105
Passport 106
Rewards 107
SSN 108
Router 109
Server 110
Email 111


Unix time of item creation. All time stamps are Unix time and are written as an ASCII decimal number. Internal representation of Unix time stamps involves data types that are based on 64-bit integers and so will handle dates beyond January 2038.


The presence of indicates that the item is to be listed among “favorites”. The value, an ASCII representation of an unsigned long integer is used as a sort index, with lower numbers sorted first.

It is useful to have large gaps in the sort indices, so that items added later to favorites can be inserted in the sort order without having to renumber existing items. For example, the item to be sorted first may have a sort index of 1000 and the item to be sorted second may have a sort index of 2000. The allows someone to add a new favorite item to be sorted be sorted between those two, sort index 1500, without having to modify the existing items.


, like , is left unencrypted so that a list of favorites can be displayed without having to decrypt the overviews of every item in the keychain. If were to be among the overview data, then the overviews of all items would need to be decrypted to identify which items are favorites.


This MAC (HMAC-SHA256) is computed over all of the elements of the item with the exception of the hmac itself. It’s computed over the item elements and their values. Very pseudo code:

The HMAC is computed using SHA256 using the overview MAC key, and it is base64 encoded.


This is the encrypted item and MAC keys. It is encrypted with the master encryption key and authenticated with the master MAC key.

The last 32 bytes comprise the HMAC-SHA256 of the IV and the encrypted data. The MAC is computed with the master MAC key. The data before the MAC is the AES-CBC encrypted item keys using unique random 16-byte IV.

The decrypted object is defined by:

This is base64 encoded.


One reason to provide a separate key for each item is to ensure that only a safe amount of data is encrypted under one key. Although we don’t expect item details to grow particularly large, any attachment to an item is also encrypted under the item key.


This is the encrypted overview for the item. It is base64 encoded , encrypted with the overview encryption and MAC keys.

There are still cases where we need to find items without having to decrypt all of the data. So we separate the data in each item into “overview data” and “encrypted data”. In the clients, the overview data may remain unencrypted (in memory) for the entire time that 1Password is unlocked, whereas the restricted data for any item is only briefly decrypted.

The decrypted overview data includes the URLs (yes, that is plural) associated with an item, the Title associated with the item, and some additional information depending on the category of an item. For a Login, the username for the item is included. For a Password, the creation time is included. For a secure note, the first 80 bytes of the note are included. For an Identity, the full name is included. For a Credit Card, the masked credit card number is included.

If appears in the item, it indicates that the item has been moved to the Trash. The default for trashed is , so the absence of it indicates that the item is not in the Trash.


This is the “transaction timestamp” (Unix time) indicating when this particular item was last modified or added to the current database through syncing. When an item is modified or added to the database through syncing, this item will be updated to reflect that. This along with the updated timestamp are used to manage syncing.

This is the of the item. Its inclusion within the item ensures that it is included when the hmac is calculated.


Every family or team member has a current status. Here are the available statuses and what they mean:

  • Invited: Summoned to join your family or team but not yet created an account.
  • Pending Confirmation: Completed account setup and needs approval by a or .
  • Active: Permitted to sign in and access family or team .
  • Recovery Started: Initiated the process following a request to a family organizer, admin, or .
  • Recovery Pending: Awaiting a family organizer, admin, or owner to confirm the changes to allowing access back into an account.
  • Suspended: Revoked of access to any new items or changes to existing ones temporarily caused by suspension by a family organizer or team administrator. Suspension is required prior to permanent deletion.
  • Deleted: Revoked of access permanently to any family or team vaults caused by deletion by a family organizer or administrator. Past activities appear in the . To return to the family or team, they must be invited again.

Building blocks


We handle a variety of keys, the purpose and derivation of which will be described in later sections.

  1. Master Password (OK, this one isn’t a “key”).
  2. Derived encryption key.
  3. Derived MAC key.
  4. Master encryption key.
  5. Master MAC key.
  6. Overview encryption key.
  7. Overview MAC key.
  8. Item encryption key (item specific).
  9. Item MAC key (item specific).

As an overview of the role of these various keys, the secret content of each item is encrypted a unique pair of keys (encryption and MAC) for that item. The relationship between an item key and the Master Password can be summarized in song:

All of the encryption keys are 256-bit keys for use with AES. This has been a highly requested change. Although 128-bit keys remain more than sufficiently resistant to any brute force attack, moving to 256-bit keys has the side effect of leading us to use a SHA512 in our which may add meaningful strength defenses agains password crackers. Additionally, as the systems that 1Password normally runs on are much more powerful than they were years ago, the additional overhead of using 256-bit keys is no longer a reason not to.

We are aware of the key schedule concerns surrounding 256-bit AES keys, and we will continue to keep an eye on attacks against it. We can modify our format and cipher suites to return to 128-bit keys if necessary. The MAC keys are also all 256-bit keys.

All keys (other than the key encryption keys derived from the Master Password) are created using .


As in the Agile Keychain format, each item is associated with a universally unique identifier, the UUID. These are 128-bit numbers that are chosen as RFC 4122 Version 4 UUIDs when an item is first created. In what follows, we will often use the term “UUID” to refer to the uppercase hexadecimal representations of a UUID. It should be clear from context when we mean the hexadecimal representation and when we mean the number itself.

Because each UUID is chosen at random, it contains no information about the content of an item. These UUIDs reveal no information about the creators system other that than the fact that they are RFC 4122 Version 4 UUIDs. When a user modified information in an item the UUID remains the same, although the time stamp associated with it will change.


All encrypted data with the exception of some encrypted keys is a specific format we are calling “opdata01”.

The first 8 bytes of the data are the string “opdata01”. The next 8 bytes contain the length in bytes of the plaintext as a little endian unsigned 64 bit integer. The next 16 bytes are the randomly chosen initialization vector.

The plaintext is padded using the following scheme.

If the size of the plaintext is an even multiple of the block size then 1 block of random data is prepended to the plaintext. Otherwise, between 1 and 15 (inclusive) bytes of random data are prepended to the plaintext to achieve an even multiple of blocks.

The data – excluding the IV but including the prepended padding – is encrypted using AES in CBC mode with a 256-bit encryption key.

The HMAC-SHA256 is computed over the entirety of the opdata including header, length, IV and ciphertext using a 256-bit MAC key. The 256-bit MAC is not truncated. It is appended to the ciphertext.

Depending on where opdata is stored within data files it may be base64 encoded.


On the Mac and on iOS we use the CommonCrypto libraries, using kCCHmacAlgSHA256 and kCCAlgorithmAES128. We set up the cryptor with and the MAC with


We perform authenticated encryption for the reasons described in the . CommonCrypto does not, at this time, offer any direct authenticated encryption modes, so we use Encrypt-then-MAC composition.

We do not use kCCOptionPKCS7Padding as this can lead to padding oracle CCAs (although our use of Encrypt-then-MAC should prevent all CCAs). Instead we do our own random padding as described above. By putting the padding up front, this has the effect of acting like a smaller, additional, IV.

The IETF draft for authenticated encryption with associated data was not available in time for our first version of this, but we will certainly consider the simpler padding proposed there in the future.

1Password uses the Cryptographically Secure Pseudo-Random Number Generators (CSPRNG) provided by the respective operating systems for all its random number needs. On Mac and iOS, that is SecRandomCopyBytes(), on Windows that is CryptGenRandom(), and on Android that is SecureRandom(). These are used to create the master keys (encryption and MAC), overview keys (encryption and MAC), and PBKDF2 salt when a new vault is created. Subsequently, random numbers are used for item keys (encryption and MAC), initialization vectors for CBC encryption, random CBC padding, and UUIDs.

Create a backup

Open and unlock 1Password on your iOS device, then tap Settings > Advanced > Create Backup.

If you’re using macOS Catalina or later

  1. Connect your iOS device to your computer using the USB cable that came with your device.
  2. In Finder, click your device in the sidebar. Get help if you can’t find it.

    If it’s the first time you’ve connected this device, click Trust on your Mac. Then unlock your iOS device, tap Trust, and enter your passcode.

  3. Click the Files tab, then click next to 1Password.

  4. Drag the Backups folder to your Desktop or other folder on your Mac.

If you’re using an earlier version of macOS or a Windows PC

  1. Open iTunes on your Mac or PC.
  2. Connect your iOS device to your computer using the USB cable that came with your device. If you see “Trust This Computer?” on your iOS device, tap Trust.
  3. Click your device in iTunes. Get help if you can’t find it.
  4. Click File Sharing in the sidebar, then select 1Password in the list of apps.
  5. Select the Backups folder from the 1Password Documents list and click “Save”.
  6. Find the folder on your computer to which you want to copy the files and click “Save” or “Select folder”.

4 LastPass


  • Поиск.
  • Автозаполнение.
  • Вход одним кликом.
  • Настройки — общие, безопасность и т.д.
  • Многофакторная аутентификация.
  • Одноразовые пароли.
  • Проверка безопасности для поиска ненадёжных паролей.
  • Автоматическая защита учетных данных от кражи на фишинг-сайтах.
  • Поиск незащищенных объектов на компьютере.
  • Импорт из предыдущего менеджера паролей.
  • Запрещенные адреса.
  • Обмен паролями (управление доступом).
  • Автоматическая синхронизация пользователей.
  • Администрирование: отчеты и управление пользователями.
  • Закладки.
  • Экранная клавиатура.
  • Программа бесплатна, но за дополнительные функции вроде выявления слабых паролей, экранной клавиатуры, защиты от фишинга придется платить.

Общее впечатление: стойкий механизм шифрования, удобная работа с паролями в браузере.

Appendix: Session management

will prompt you for your Master Password and output a command that can save your session token to an environment variable:

To set the environment variable, run the command manually, or use to set it automatically:

You can sign in to multiple accounts at once.

Use with multiple accounts

Commands that you run will use the account you signed in to most recently. To run a command using a specific account, use :

You can also pass the session token using standard input (). Use to output only the session token, which can be piped into any other command:

To pass a session token as a command-line flag, use with any command:

Remove account details from your computer

You can remove account details from your computer at any time.

To sign out of an account and remove its details from your computer:

If you’re already signed out, you can specify an account by subdomain:

Manage your settings

To manage your settings, click > and choose Settings. You’ll be able to:

* If you’ve turned on integration with 1Password for Mac, you can manage these settings in the app.

** If you’ve turned on integration with 1Password for Mac, 1Password X will use the default system language.

To integrate with 1Password for Mac

If you use the 1Password for Mac beta, the 1Password X beta can integrate with it. Click in the toolbar, then click > Settings, and turn on “Integrate with 1Password for Mac”.

When you turn on integration, 1Password X will use 1Password for Mac to:

  • lock and unlock (supports Touch ID)
  • create and edit items
  • sync your accounts and preferences

You can also fill logins in your browser directly from 1Password for Mac.

Manage your subscription

You can start your subscription at any time, including when your account is frozen.

Start your subscription

To start your subscription, click Billing in the sidebar and choose the plan you want.

If your account is on: Pricing is in: USD CAD EUR

You can pay with Visa, Mastercard, or American Express. If your account is on, you can pay with a 1Password Gift Card. Taxes are collected where required by law and are listed on your . Your 1Password subscription will renew automatically.

Change your subscription

To change an active subscription, click Billing in the sidebar, then click Billing Settings. Choose monthly or annual billing, then click Save.

If you have a team account, you can also upgrade to 1Password Business.

Your new subscription will begin immediately.

Cancel your subscription

To cancel an active subscription, click Billing in the sidebar, then click Billing Settings. Click Unsubscribe from Plan.

Your canceled subscription will remain active until the end of the current billing period, then your account will be frozen. You can again at any time.

Manage objects

To get details about an object:

The option will allow for items in the Trash to be returned.

Create an item

  1. Get the template for the category of item you want to create. See for a list of categories.

  2. Edit the JSON template with the values for the item.

  3. Encode the JSON for your item:

  4. Save the item:

When you create an item, its UUID is returned.

To move an item to the Trash:

See also .

Create or remove a vault

To create a vault:

When you create a vault, its UUID is returned. Use the option to specify whether administrators can manage the vault or not. If not provided, the default policy for the account applies.

To remove a vault:

See also .

Work with documents

To create a document:

When you create a document, its UUID is returned.

To download a document and save it to a file:

See also .

View and edit items

To view an item’s details, click it. Or use the arrow keys to select it.

To mark an item as a favorite, click .

To copy any field, click it.

To open the pop-up in a new window, click .

To show a field in large type, click to the right of it, then click Large.

To reveal a password, click to the right of it, then click Reveal. Or press Control-Option (or Ctrl + Alt) to reveal all passwords in the item details.

To edit an item, click Edit. The item will open in a new tab,* where you can add tags or custom fields, move it, or delete it.

* If you’ve turned on integration with 1Password for Mac, the item will open in 1Password for Mac.

Скачать программу1Password

v7.1.4   Pro

13.04.2019 — Изменения не указаны.

v7.1   Pro

13.02.2019 NEW
Наслаждайтесь удобством использования Google Play, чтобы подписаться на членство в 1Password. {312}
Организуйте свои элементы на ходу, добавляя теги при создании или редактировании элементов. {121}
Быстро удаляйте теги при редактировании элементов всего несколькими нажатиями. {377}
Переименуйте теги для ваших элементов, просматривая их на вкладке тегов. {358}
Легко перемещаться по иерархии тегов с помощью вложенных тегов. {306}
Наслаждайтесь тем, что одноразовые пароли автоматически копируются в буфер обмена после заполнения. {5}
Используйте автозаполнение 1Password для входа на веб-сайты в стабильной версии Firefox. {354}
Удобно перемещать элементы между хранилищами без необходимости выполнять отдельные операции копирования и удаления. {7}
Создавайте диагностические отчеты на экране настройки, чтобы мы могли помочь вам с настройкой приложения. {270}
Используйте уникальную ссылку для настройки, чтобы быстро войти в свою учетную запись 1Password с экрана настройки. {368}
Защитите свой секретный ключ, сохранив ваш аварийный комплект сразу после регистрации новой учетной записи 1Password. {190}
Просмотрите комплект Emergency Kit для каждой из ваших учетных записей 1Password на экране сведений об учетной записи. {190}
Названия категорий и шаблоны элементов теперь локализованы для учетных записей {135}
Богатые значки загружаются в экран сведений об элементе после сохранения нового элемента. {418}
Автозаполнение автоматически синхронизирует последние изменения с других ваших устройств. {292}
Списки товаров загружаются намного быстрее при поиске и просмотре категорий или тегов. {72}
Генератор надежных паролей обеспечивает соблюдение требований к рецепту при создании паролей. {350}
Проверка секретного ключа при входе в учетные записи 1Password обновлена. {254}
Поля даты, соответствующие пустым значениям даты, удаляются при сохранении элементов. {342}
Метка поля адреса легче отличить от метки раздела. {145}
Обновлены локализации от наших фантастических переводчиков на Crowdin.
Для некоторых веб-сайтов были обнаружены неправильные URL-адреса при использовании автозаполнения с Firefox. {369}
Несоответствующие действия панели инструментов иногда отображались после завершения поиска. {386}
Pro функции не были доступны в автономных хранилищах, если учетная запись 1Password была заблокирована. {384}
Отображены неверные имена выбора для типа счета в позициях банковского счета. {218}
Избранные и удаленные действия не были отключены для замороженных учетных записей {385}
Теги не были включены при копировании элемента из отдельного хранилища в учетную запись {229}
Копирование элементов в замороженную учетную запись не было отключено. {387}
Субтитры отображались в несовместимом формате для некоторых элементов пароля. {313}
Изменение имени пользователя не было сохранено после редактирования элемента с определенными полями. {363}
Грамматически неправильная форма «вход в систему» ​​использовалась в нескольких местах в 1Password. {252}
Разделы с пустыми полями были скрыты при просмотре элемента. {144}
Редактирование элементов в автономных хранилищах приведет к созданию дублирующих тегов. {367}
Запрос о миграции и настройках отображался при возврате к экрану приветствия вместо завершения настройки. {361}
Внешние веб-сайты не могут загружаться в браузере справки. {333}

v7.0.BETA-11   Pro

2.06.2018 — Исправлены ошибки

v7.0.BETA-9   Pro

23.05.2018 — Исправлены ошибки


Encrypted container for items. Can be shared with some or all family or team members. Can be created for a variety of different audiences and purposes.

Private vault

A vault for 1Password accounts that contains items only you can see. It can’t be renamed or deleted. Everyone has their own. In some accounts, this vault is called the Personal vault.

Shared vault

Family and team accounts have access to a Shared vault that contains items shared with everyone in the family or team. Only and can create new vaults.

Primary vault

Default vault if you don’t have a 1Password account. Created when you set up 1Password. The password for this vault is your Master Password, which unlocks your other vaults (even if you add a 1Password account later).

Standalone vault

Vault outside your 1Password account stored locally on your device and not automatically synced. Can be synced with iCloud, Dropbox, or the WLAN server.

Ссылка на основную публикацию