1Password has introduced a new phishing prevention feature designed to reduce the risk of successful phishing attacks for both businesses and individual users. IBM research indicates that a successful phishing attack can cost businesses an average of $4.8 million.
This new feature operates by monitoring website URLs. When a 1Password user clicks a link and navigates to a website whose URL does not match the one saved with their login credentials, the 1Password browser extension will activate. It will prevent the automatic autofill of login information and display a pop-up warning, notifying the user that the current website's URL is not linked to a stored login in 1Password.
While the feature aims to make users aware of potential phishing scams, prompting them to exercise caution, it does not entirely prevent attacks. Users retain the option to manually copy and paste their credentials into a suspicious website.
Rollout of the new phishing prevention feature began today, with availability expected to reach all users over several weeks. For individual and family plan users, the feature will be enabled by default upon availability. Business users will require manual activation by 1Password Administrators.