1Password is the password manager that teams trust to access every other service they use. When it goes down, the knock-on effect is severe: employees can't log into internal tools, SSO-backed apps become inaccessible, and the support queue fills with "I can't get into Slack / GitHub / AWS" tickets. Unlike most SaaS outages, a 1Password incident can effectively lock your team out of their entire stack.
Here's how to check 1Password's status right now, understand exactly what's broken, and make sure you're always the first to know.
Is 1Password Down Right Now?
Check these sources in order:
- Statusfield — 1Password status — real-time monitoring, updated continuously.
- Twitter/X — search
1Password downsorted by Latest. Security engineers and developers are quick to report sync failures and extension errors. - Downdetector — aggregates user reports; useful for a second opinion, but lacks component detail.
What Actually Breaks During a 1Password Outage
1Password is a distributed platform. Sync, authentication, and the browser extension all operate independently — a failure in one component doesn't mean your vault is inaccessible everywhere.
| Component | What it does | Impact when down |
|---|---|---|
| Sync service | Keeps vault items current across devices and team members | New passwords, edits, and shares don't propagate; stale credentials used |
| Browser extension | Auto-fills credentials in Chrome, Firefox, Safari, Edge | Auto-fill stops working; users must copy-paste from the app manually |
| 1Password.com web app | Browser-based vault access at 1password.com | Cannot access vault from an unfamiliar device |
| Teams / Business vaults | Shared vaults and group-based access for organizations | Employees can't retrieve shared credentials or shared SSH keys |
| SSO / SCIM integration | Connects 1Password to Okta, Azure AD, Google Workspace for provisioning | New hires can't be provisioned; deprovisioned users may retain access |
| 1Password Secrets Automation | CLI and SDK access for DevOps workflows (op inject, Kubernetes operator) | CI/CD pipelines that pull secrets at deploy time break |
| Emergency Kit recovery | Account recovery for Business plans | Admins can't recover locked-out team members |
| Events API | Audit log streaming for compliance workflows | SIEM integrations stop receiving events; compliance gaps in audit trail |
1Password Error Symptoms and What They Mean
| What you see | What it usually means |
|---|---|
| "Unable to sync your vault" banner in the app | Sync service degraded — your local vault is intact; work offline until sync recovers |
| Browser extension shows spinner on auto-fill | Extension can't reach 1Password servers; try unlocking from the desktop app and re-enabling fill |
ERR_CONNECTION_REFUSED on 1password.com | Web app infrastructure degraded; check Statusfield |
| SSO login fails with "Authentication error" | SAML/OIDC integration between your IdP and 1Password is broken; check both ends independently |
op signin returns 401 Unauthorized | CLI auth tokens may have expired or the auth service is degraded; try op signin --raw to re-auth |
| Shared vault items show "Access denied" | Teams permission service degraded; team vault access is temporarily blocked even for admins |
Secret references (op://vault/item/field) not resolving | Secrets Automation service degraded; CI/CD pipelines that inject secrets at runtime will fail |
| Watchtower alerts stop appearing | Watchtower background service is down; your credentials are still secure, monitoring is just paused |
How 1Password's Architecture Affects Outage Scope
Understanding 1Password's architecture helps you predict which incidents affect your team vs. just some users:
- Vault encryption is end-to-end. Your vault data is encrypted locally before it reaches 1Password's servers. An infrastructure incident never exposes your credentials — the risk is availability, not confidentiality.
- The desktop app caches your vault. The native Mac, Windows, iOS, and Android apps maintain a local encrypted copy. Sync outages affect new items and edits — not existing credentials you've previously unlocked.
- The web app (1password.com) has no local cache. If you or your team members exclusively use the web app, a server-side outage means full loss of access.
- Secrets Automation is a separate service. The
opCLI and Connect server communicate with a different API surface than the consumer app. A consumer sync outage may not affect your CI/CD pipelines — and vice versa. - SSO is your identity provider's problem as much as 1Password's. When login fails via Okta or Azure AD, the root cause is often an IdP misconfiguration or certificate renewal. Always check your IdP's status independently.
TypeScript Error Codes and SDK Failures
If you use 1Password Secrets Automation in your CI/CD pipeline or application code, here are the common error patterns and what they mean:
| Error / Exit Code | What it means |
|---|---|
[ERROR] 401: Unauthorized | Service account token is expired or invalid — regenerate in the 1Password admin console |
[ERROR] 403: Forbidden | Service account lacks permission to access this vault or item — check vault access policies |
[ERROR] 429: Too Many Requests | You've exceeded the API rate limit — reduce polling frequency or cache resolved secrets |
[ERROR] 503: Service Unavailable | 1Password Secrets Automation API is degraded — retry with exponential backoff |
connect ECONNREFUSED | Network issue or 1Password Connect server (self-hosted) is down |
secret reference could not be resolved | The vault/item/field path in your op:// reference doesn't exist or the service account can't see it |
op: command not found | 1Password CLI not installed in the runtime environment — add to your Docker image or CI setup |
Exit code 1 from op inject | Generic failure — check stderr for the specific error; usually a missing field or auth failure |
Retry Pattern for Secrets Automation
When you detect a transient 503 from the 1Password API, a simple retry with backoff prevents a full pipeline failure:
# Wait for 1Password Secrets Automation to become available
RETRIES=3
for i in $(seq 1 $RETRIES); do
op inject -i config.tpl -o config.json && break
echo "Attempt $i failed. Waiting before retry..."
sleep $((i * 10))
doneThis keeps your pipeline running through brief 1Password degradations without manual intervention.
1Password's Reliability Track Record
1Password targets 99.9%+ uptime for its core sync and authentication services. Most outages are partial — a specific component (browser extension CDN, sync API, or SSO integration) degrades while the desktop app and web vault remain functional.
Notable patterns:
- Sync delays during high-traffic windows — New device activations or large team onboarding events can slow sync propagation for 15–30 minutes without a full outage.
- Browser extension update rollouts — Extension auto-updates occasionally introduce auto-fill regressions that are fixed within hours in a follow-up release.
- SSO integration incidents — SAML assertion errors during IdP certificate renewals are a common source of login failures that look like a 1Password outage but originate upstream.
- Secrets Automation rate limits — Aggressive secret fetching in CI/CD (pulling fresh secrets on every step rather than once per pipeline run) can trigger 429s that look like an outage. Cache resolved secrets within a single pipeline run.
- Mobile sync on restricted networks — Corporate firewalls that block
*.1password.comsubdomains cause the mobile app to show stale data. The desktop app and browser extension typically use different CDN paths and may be unaffected.
The component breakdown above helps you distinguish a 1Password infrastructure problem from a local configuration issue — always check Statusfield before filing a support ticket.
Hardening Your Team Against 1Password Outages
The best time to prepare for a 1Password outage is before it happens. A few steps that take under an hour and eliminate most emergency scrambling:
1. Ensure every team member has the desktop app installed and recently unlocked
The desktop app caches your vault locally. If sync is down but the app is unlocked, existing credentials are still accessible. A web-only workflow (relying entirely on 1password.com) leaves you fully exposed during a web app outage.
2. Document your emergency fallback credentials outside 1Password
For your most critical services — production cloud console, primary email, domain registrar — maintain an offline Emergency Kit (the PDF 1Password generates during setup). Store it in a secure physical location or an encrypted drive. This is for true break-glass scenarios, not routine access.
3. Connect 1Password alerts to your engineering Slack channel
When a sync failure starts affecting your team, the first 5 minutes matter most. An automated alert via Statusfield to your engineering channel means your team knows it's a known issue — not a breach, not a misconfiguration — before the first confused DM arrives.
4. For Secrets Automation: build retry logic into your pipeline
Pipelines that pull secrets at deploy time should handle transient 1Password API errors gracefully. A 3-attempt retry with 10-second backoff prevents a 2-minute 1Password blip from killing a production deployment.
5. For Teams / Business: review your SSO fallback
If your organization uses 1Password with Okta or Azure AD SSO, ensure a subset of admins retain the ability to authenticate with their Master Password (not SSO). If your IdP goes down during a 1Password incident, SSO-only admins can't recover the situation.
How to Stay Ahead of 1Password Outages
When 1Password degrades, you need to know before your team does — ideally before the first "I can't log in" Slack message arrives.
Statusfield monitors 1Password continuously and delivers alerts to Slack, Discord, email, or webhook the moment a degradation is detected. On the free plan you get 3 monitors and 10 alerts/month — no credit card required. The Pro plan ($29/mo) covers up to 20 services with unlimited alerts, so your entire security toolchain is covered in one place.
→ Monitor 1Password on Statusfield — free, no credit card required
FAQ
Why is my 1Password browser extension not auto-filling?
The most common causes are: (1) 1Password sync service is degraded — check Statusfield; (2) the extension needs re-authorization after a browser update — open the 1Password app, lock and unlock, then try the extension again; (3) a Content Security Policy on the site you're visiting is blocking the extension's injected scripts. Open the 1Password extension popup to see if there's an explicit error message.
Is 1Password down for everyone or just me?
Check Statusfield for known incidents. If it shows operational, the issue is likely local: try signing out and back into the extension, disabling and re-enabling the extension, or testing on a different browser or network. VPNs can occasionally interfere with 1Password's sync endpoints.
How long do 1Password outages typically last?
Most 1Password sync and browser extension incidents resolve within 30–90 minutes. SSO-related incidents can last longer if they involve third-party identity providers. Monitor via Statusfield for real-time status and incident history.
What should my team do if 1Password is down and we're locked out?
1Password stores an encrypted copy of your vault locally on each device. If sync is down but you've recently unlocked your vault, you can still access existing credentials offline. For new logins or shared vault items, ensure every team member has exported an Emergency Kit or uses biometric unlock — these work without a network connection to 1Password's servers.
Will 1Password's Secrets Automation recover after an outage?
Yes — once the Secrets Automation service recovers, op inject and SDK calls will succeed normally. Pipelines that failed mid-deploy during the outage will need to be re-triggered manually. If you rely on secrets injection in CI/CD, add a health check step that retries on transient failures rather than aborting the entire pipeline.
Know the moment a tool you depend on goes down
Statusfield watches 2,000+ services your business depends on and alerts you the moment they break.
Free plan · No credit card
Related Articles
Is ActiveCampaign Down? How to Check ActiveCampaign Status Right Now
ActiveCampaign not sending emails? Automations stuck or CRM not loading? Learn how to check if ActiveCampaign is down, which components fail first during an outage, and how to protect your campaigns.
Is Box Down? How to Check Box Status Right Now
Box not loading or sync failing? Learn how to check if Box is down, which components fail first during an outage (web app, desktop sync, API, Box Sign), and how to protect your team's workflow when it does.
Is Contentful Down? How to Check Contentful Status Right Now
Contentful not loading content? CDA returning errors or timing out? Learn how to check if Contentful is down, which components fail first during an outage (CDA, CMA, Preview API, Webhooks), and how to protect your applications when it does.