How 1Password Extended Access Management is Securing the Future of Work

1Password is the leader in Extended Access Management, a new category of security that addresses the gaps in access management created by app, identity, and device sprawl. Our platform is composed of three products: our Enterprise Password Manager, Trelica by 1Password, and 1Password Device Trust. In this presentation, Jason Meller and Leya Leydiker explain the Access-Trust Gap facing modern organizations, and explore how our password manager acts as the foundation for our suite of solutions. This “Access-Trust Gap” is defined as the combination of unmanaged devices, shadow IT applications, and sprawling identities that fall outside the purview of traditional security tools like Identity Providers (IDPs) and Mobile Device Management (MDM). Because 1Password is used to store credentials that these other systems don’t cover (like API keys), the company has unique visibility into this growing problem. Their Extended Access Management platform aims to close this gap by providing unified visibility and complete control. The presentation demonstrated this by showing how 1Password Device Trust could detect an unencrypted SSH key on a developer’s laptop, block access to a sensitive app like GitHub, and then seamlessly guide the user to secure that key within their 1Password vault, thereby fixing the issue and training the user simultaneously.

The foundation of this strategy is 1Password’s Enterprise Password Manager (EPM), which secures every step of the user journey, not just the initial login. The platform’s success is rooted in its user-first design philosophy, which stems from its origins as a consumer application. This focus on making the secure way the easy way drives user adoption and reduces friction, which in turn minimizes help desk tickets for things like password resets. The EPM handles not only passwords but also API keys, SSH keys, passkeys, and one-time passcodes (OTPs), allowing it to serve as a single, secure vault for all types of credentials. This capability enables secure sharing among teams, such as a social media team sharing a single login with MFA. Crucially, all of this is built on a “zero knowledge” security model, meaning user data is encrypted locally on their device, and 1Password itself cannot access it, ensuring credentials remain secure even in the event of a breach.