The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors.

The subscription-based password management service is widely used in the enterprise environment by many well-known organizations. Recently, Windows added support for native passkey management via 1Password.

Like all tools of this kind, 1Password will not fill in a user’s login data when visiting a website with a URL that does not match the one stored in their vault.

While this provides intrinsic protection against phishing attempts, some users may still fail to recognize that something is wrong and attempt to enter account credentials on dangerous pages.

As 1Password admits, relying on this protective layer alone is incomplete from a security perspective because users may still fall for typosquatted domains, where the threat actor registers a misspelled or similar-looking domain name.

Users may still think they landed on the correct site, but their password manager glitched out, or that their vault is still locked, and proceed to enter the credentials manually.

To address this security gap, 1Password users will benefit from an extra layer of protection in the form of a pop-up alerting them of potential phishing risk.

"It's easy for a user to miss that extra 'o' in the URL, especially if the rest of the page looks convincing," the vendor explains under a Facebook domain typosquatting example.

The vendor says that "the pop-up reminds [users] to slow down and look more closely before proceeding."

The new feature will be enabled automatically for ‘individual’ and ‘family plan’ users, while Admins may activate it manually for company employees through the Authentication Policies in the 1Password admin console.

In its announcement, the password management company highlights that the phishing threat has increased with the proliferation of AI tools that help attackers perpetrate more convincing scams at a higher volume.

A 2000-person survey conducted by 1Password in the U.S. showed that 61% had been successfully phished and that 75% do not check URLs before clicking links.

In corporate environments, where a single account compromise is enough to allow external actors to move laterally across networks and systems, 1Password found that a third of the employees reuse passwords on work accounts, with nearly half of them having fallen victim to phishing attacks.

Almost half of the survey participants responded that phishing protection is the responsibility of the IT department, not theirs, and 72% admitted they had clicked suspicious links.

Finally, more than 50% of the respondents said that it is more convenient to just delete suspicious messages than report them.