Is 1Password Down? How to Check 1Password Status Right Now

1Password not syncing? Vault locked after a network error? Learn how to check if 1Password is down, what breaks during an outage (sync, browser extension, Team vaults, SSO), and how to get instant alerts before your team is locked out.

·12 min read

1Password is the password manager that teams trust to access every other service they use. When it goes down, the knock-on effect is severe: employees can't log into internal tools, SSO-backed apps become inaccessible, and the support queue fills with "I can't get into Slack / GitHub / AWS" tickets. Unlike most SaaS outages, a 1Password incident can effectively lock your team out of their entire stack.

Here's how to check 1Password's status right now, understand exactly what's broken, and make sure you're always the first to know.

Is 1Password Down Right Now?

Check these sources in order:

  1. Statusfield — 1Password status — real-time monitoring, updated continuously.
  2. Twitter/X — search 1Password down sorted by Latest. Security engineers and developers are quick to report sync failures and extension errors.
  3. Downdetector — aggregates user reports; useful for a second opinion, but lacks component detail.

What Actually Breaks During a 1Password Outage

1Password is a distributed platform. Sync, authentication, and the browser extension all operate independently — a failure in one component doesn't mean your vault is inaccessible everywhere.

ComponentWhat it doesImpact when down
Sync serviceKeeps vault items current across devices and team membersNew passwords, edits, and shares don't propagate; stale credentials used
Browser extensionAuto-fills credentials in Chrome, Firefox, Safari, EdgeAuto-fill stops working; users must copy-paste from the app manually
1Password.com web appBrowser-based vault access at 1password.comCannot access vault from an unfamiliar device
Teams / Business vaultsShared vaults and group-based access for organizationsEmployees can't retrieve shared credentials or shared SSH keys
SSO / SCIM integrationConnects 1Password to Okta, Azure AD, Google Workspace for provisioningNew hires can't be provisioned; deprovisioned users may retain access
1Password Secrets AutomationCLI and SDK access for DevOps workflows (op inject, Kubernetes operator)CI/CD pipelines that pull secrets at deploy time break
Emergency Kit recoveryAccount recovery for Business plansAdmins can't recover locked-out team members
Events APIAudit log streaming for compliance workflowsSIEM integrations stop receiving events; compliance gaps in audit trail

1Password Error Symptoms and What They Mean

What you seeWhat it usually means
"Unable to sync your vault" banner in the appSync service degraded — your local vault is intact; work offline until sync recovers
Browser extension shows spinner on auto-fillExtension can't reach 1Password servers; try unlocking from the desktop app and re-enabling fill
ERR_CONNECTION_REFUSED on 1password.comWeb app infrastructure degraded; check Statusfield
SSO login fails with "Authentication error"SAML/OIDC integration between your IdP and 1Password is broken; check both ends independently
op signin returns 401 UnauthorizedCLI auth tokens may have expired or the auth service is degraded; try op signin --raw to re-auth
Shared vault items show "Access denied"Teams permission service degraded; team vault access is temporarily blocked even for admins
Secret references (op://vault/item/field) not resolvingSecrets Automation service degraded; CI/CD pipelines that inject secrets at runtime will fail
Watchtower alerts stop appearingWatchtower background service is down; your credentials are still secure, monitoring is just paused

How 1Password's Architecture Affects Outage Scope

Understanding 1Password's architecture helps you predict which incidents affect your team vs. just some users:

  • Vault encryption is end-to-end. Your vault data is encrypted locally before it reaches 1Password's servers. An infrastructure incident never exposes your credentials — the risk is availability, not confidentiality.
  • The desktop app caches your vault. The native Mac, Windows, iOS, and Android apps maintain a local encrypted copy. Sync outages affect new items and edits — not existing credentials you've previously unlocked.
  • The web app (1password.com) has no local cache. If you or your team members exclusively use the web app, a server-side outage means full loss of access.
  • Secrets Automation is a separate service. The op CLI and Connect server communicate with a different API surface than the consumer app. A consumer sync outage may not affect your CI/CD pipelines — and vice versa.
  • SSO is your identity provider's problem as much as 1Password's. When login fails via Okta or Azure AD, the root cause is often an IdP misconfiguration or certificate renewal. Always check your IdP's status independently.

TypeScript Error Codes and SDK Failures

If you use 1Password Secrets Automation in your CI/CD pipeline or application code, here are the common error patterns and what they mean:

Error / Exit CodeWhat it means
[ERROR] 401: UnauthorizedService account token is expired or invalid — regenerate in the 1Password admin console
[ERROR] 403: ForbiddenService account lacks permission to access this vault or item — check vault access policies
[ERROR] 429: Too Many RequestsYou've exceeded the API rate limit — reduce polling frequency or cache resolved secrets
[ERROR] 503: Service Unavailable1Password Secrets Automation API is degraded — retry with exponential backoff
connect ECONNREFUSEDNetwork issue or 1Password Connect server (self-hosted) is down
secret reference could not be resolvedThe vault/item/field path in your op:// reference doesn't exist or the service account can't see it
op: command not found1Password CLI not installed in the runtime environment — add to your Docker image or CI setup
Exit code 1 from op injectGeneric failure — check stderr for the specific error; usually a missing field or auth failure

Retry Pattern for Secrets Automation

When you detect a transient 503 from the 1Password API, a simple retry with backoff prevents a full pipeline failure:

# Wait for 1Password Secrets Automation to become available
RETRIES=3
for i in $(seq 1 $RETRIES); do
  op inject -i config.tpl -o config.json && break
  echo "Attempt $i failed. Waiting before retry..."
  sleep $((i * 10))
done

This keeps your pipeline running through brief 1Password degradations without manual intervention.

1Password's Reliability Track Record

1Password targets 99.9%+ uptime for its core sync and authentication services. Most outages are partial — a specific component (browser extension CDN, sync API, or SSO integration) degrades while the desktop app and web vault remain functional.

Notable patterns:

  • Sync delays during high-traffic windows — New device activations or large team onboarding events can slow sync propagation for 15–30 minutes without a full outage.
  • Browser extension update rollouts — Extension auto-updates occasionally introduce auto-fill regressions that are fixed within hours in a follow-up release.
  • SSO integration incidents — SAML assertion errors during IdP certificate renewals are a common source of login failures that look like a 1Password outage but originate upstream.
  • Secrets Automation rate limits — Aggressive secret fetching in CI/CD (pulling fresh secrets on every step rather than once per pipeline run) can trigger 429s that look like an outage. Cache resolved secrets within a single pipeline run.
  • Mobile sync on restricted networks — Corporate firewalls that block *.1password.com subdomains cause the mobile app to show stale data. The desktop app and browser extension typically use different CDN paths and may be unaffected.

The component breakdown above helps you distinguish a 1Password infrastructure problem from a local configuration issue — always check Statusfield before filing a support ticket.

Hardening Your Team Against 1Password Outages

The best time to prepare for a 1Password outage is before it happens. A few steps that take under an hour and eliminate most emergency scrambling:

1. Ensure every team member has the desktop app installed and recently unlocked

The desktop app caches your vault locally. If sync is down but the app is unlocked, existing credentials are still accessible. A web-only workflow (relying entirely on 1password.com) leaves you fully exposed during a web app outage.

2. Document your emergency fallback credentials outside 1Password

For your most critical services — production cloud console, primary email, domain registrar — maintain an offline Emergency Kit (the PDF 1Password generates during setup). Store it in a secure physical location or an encrypted drive. This is for true break-glass scenarios, not routine access.

3. Connect 1Password alerts to your engineering Slack channel

When a sync failure starts affecting your team, the first 5 minutes matter most. An automated alert via Statusfield to your engineering channel means your team knows it's a known issue — not a breach, not a misconfiguration — before the first confused DM arrives.

4. For Secrets Automation: build retry logic into your pipeline

Pipelines that pull secrets at deploy time should handle transient 1Password API errors gracefully. A 3-attempt retry with 10-second backoff prevents a 2-minute 1Password blip from killing a production deployment.

5. For Teams / Business: review your SSO fallback

If your organization uses 1Password with Okta or Azure AD SSO, ensure a subset of admins retain the ability to authenticate with their Master Password (not SSO). If your IdP goes down during a 1Password incident, SSO-only admins can't recover the situation.

How to Stay Ahead of 1Password Outages

When 1Password degrades, you need to know before your team does — ideally before the first "I can't log in" Slack message arrives.

Statusfield monitors 1Password continuously and delivers alerts to Slack, Discord, email, or webhook the moment a degradation is detected. On the free plan you get 3 monitors and 10 alerts/month — no credit card required. The Pro plan ($29/mo) covers up to 20 services with unlimited alerts, so your entire security toolchain is covered in one place.

Monitor 1Password on Statusfield — free, no credit card required

FAQ

Why is my 1Password browser extension not auto-filling?

The most common causes are: (1) 1Password sync service is degraded — check Statusfield; (2) the extension needs re-authorization after a browser update — open the 1Password app, lock and unlock, then try the extension again; (3) a Content Security Policy on the site you're visiting is blocking the extension's injected scripts. Open the 1Password extension popup to see if there's an explicit error message.

Is 1Password down for everyone or just me?

Check Statusfield for known incidents. If it shows operational, the issue is likely local: try signing out and back into the extension, disabling and re-enabling the extension, or testing on a different browser or network. VPNs can occasionally interfere with 1Password's sync endpoints.

How long do 1Password outages typically last?

Most 1Password sync and browser extension incidents resolve within 30–90 minutes. SSO-related incidents can last longer if they involve third-party identity providers. Monitor via Statusfield for real-time status and incident history.

What should my team do if 1Password is down and we're locked out?

1Password stores an encrypted copy of your vault locally on each device. If sync is down but you've recently unlocked your vault, you can still access existing credentials offline. For new logins or shared vault items, ensure every team member has exported an Emergency Kit or uses biometric unlock — these work without a network connection to 1Password's servers.

Will 1Password's Secrets Automation recover after an outage?

Yes — once the Secrets Automation service recovers, op inject and SDK calls will succeed normally. Pipelines that failed mid-deploy during the outage will need to be re-triggered manually. If you rely on secrets injection in CI/CD, add a health check step that retries on transient failures rather than aborting the entire pipeline.

Know the moment a tool you depend on goes down

Statusfield watches 2,000+ services your business depends on and alerts you the moment they break.

Free plan · No credit card