惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Engineering at Meta
Engineering at Meta
The GitHub Blog
The GitHub Blog
博客园_首页
T
The Blog of Author Tim Ferriss
H
Hackread – Cybersecurity News, Data Breaches, AI and More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
腾讯CDC
I
InfoQ
量子位
J
Java Code Geeks
P
Proofpoint News Feed
有赞技术团队
有赞技术团队
Webroot Blog
Webroot Blog
Martin Fowler
Martin Fowler
D
Docker
F
Fortinet All Blogs
云风的 BLOG
云风的 BLOG
V
Vulnerabilities – Threatpost
罗磊的独立博客
P
Proofpoint News Feed
T
The Exploit Database - CXSecurity.com
Cyberwarzone
Cyberwarzone
P
Privacy & Cybersecurity Law Blog
Last Week in AI
Last Week in AI
爱范儿
爱范儿
The Hacker News
The Hacker News
S
SegmentFault 最新的问题
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 三生石上(FineUI控件)
V
V2EX
Simon Willison's Weblog
Simon Willison's Weblog
AI
AI
Y
Y Combinator Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
GbyAI
GbyAI
V
Visual Studio Blog
H
Heimdal Security Blog
S
Secure Thoughts
B
Blog RSS Feed
雷峰网
雷峰网
T
Tenable Blog
C
Check Point Blog
G
Google Developers Blog
大猫的无限游戏
大猫的无限游戏
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
About on SuperTechFans
Recent Commits to openclaw:main
Recent Commits to openclaw:main

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password What security leaders need to know about mergers and acquisitions | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
IAM stops at sign-in. Your credentials do not. | 1Password
info@1password.com (Chris Fowler) · 2026-03-05 · via Blog on 1Password Blog

AI and automation are embedded in daily work. Copilots draft content and pull in customer context. Agents triage tickets, update records, and trigger workflows across Slack, Salesforce, Jira, and GitHub. In engineering, this acceleration shows up in scripts, CI/CD pipelines, and infrastructure automation that depend on secrets to ship and operate software.

Many organizations rely on a mix of sign-in and privileged access controls to standardize logins and secure connected apps. But these systems stop at what can be federated and do not govern the long tail of SaaS apps, shared accounts, or credentials created in automation and AI workflows. Business-led IT makes this unavoidable. Teams adopt tools quickly, often outside centralized reviews or identity provider integration.

Agentic AI compounds the gap. Developers and AI builders generate API keys, tokens, service accounts, and agent secrets. Browser-based agents still use usernames and passwords. Credentials spread into browsers, spreadsheets, scripts, pipelines, and prompts, beyond the reach of traditional identity systems.

That is credential sprawl. It is a business risk that IT and security own, even when the credentials originate outside their systems. 

IAM, SSO, and PAM create a false sense of security

It’s a mistake to assume that securing sign-ins also secures credentials. IAM, SSO, and PAM govern sign-in and privileged pathways. But modern work also runs on shared logins and nonhuman credentials, such as tokens, service accounts, and secrets created and stored outside the identity provider, in the workflows where work happens.

These gaps often become visible only during an audit or incident. At that point, three questions determine whether access is governed or guessed.

  • What credentials exist

  • Who owns them

  • What can they access

If you cannot answer these questions consistently, your identity program is managing sign-ins, not access.

Teams pick and use tools quickly, often skipping central reviews. 1Password research found that 52% of employees have downloaded apps without IT approval.

This creates a shadow credential layer: access is created wherever work happens, such as in browsers, notes, SaaS admin consoles, text files, scripts, and AI prompts. When credentials are created faster than they can be governed, they are reused, shared, and left behind. This results in lingering access that is difficult to inventory, defend, or revoke confidently.

The risks of credential sprawl

Attackers don’t need to break in if they can just sign in. Verizon’s 2025 Data Breach Investigations Report found that stolen or compromised credentials are the most common way attacks start. These breaches take the longest to identify and contain, nearly 10 months. 

Credential sprawl increases credential-based risk in three key ways.

  1. It expands the attack surface. As applications multiply and workflows integrate, access extends across human and nonhuman identities. 

  2. It creates visibility gaps. Credentials end up outside the identity provider, in places like browser passwords, spreadsheets, notes, scripts, and AI prompts. Over time, this leads to orphaned credentials with no clear owner.

  3. It slows response when time is precious. Teams must track down scattered access, determine who owns it, and remove it without disrupting important work. 

Learn more: Protect every secret from sign-ins and SSH keys to sensitive documents. Enterprise password management helps employees get things done securely.

Building a credential strategy for how work happens

Without a clear strategy, credential sprawl spreads unmanaged. Teams create credentials quickly to keep work moving. Credentials persist because they work in a moment of need. Workforce change leads to drift as ownership shifts, roles change, and people leave, but automations remain. Traditional Joiner-Mover-Leaver processes are insufficient when credentials are created in browsers, scripts, and workflows.

A credential strategy is a system designed for how work really happens. Coverage, control, and lifecycle are what separate basic hygiene from real credential security.

  • Coverage means what you protect: passwords, passkeys, shared accounts, API tokens, SSH keys, service accounts, environment files, and AI agent secrets.

  • Control is about how credentials are managed: where they can be stored, how they’re shared, what rules apply, and how access is enforced where work actually happens, not just at sign-in.

  • Lifecycle covers how credentials change: creation, ownership, rotation, revocation, and proof, especially as roles change and automation continues.

A credential management strategy that lacks coverage, control, and lifecycle oversight doesn’t lower risk; it redistributes it.

Read more: Securing identities starts with 1Password.

Why credential security must extend to every employee

Securing user sign-ins isn’t enough if passwords, tokens, and secrets are still out of sight. The first step is to clearly know where credentials are, what they’re for, and who can access them. This way, you can answer who has access to what and why without a manual search.

Visibility is only the beginning.

Identity security should not slow innovation; it should make it safe. Organization-wide credential security makes that possible by creating consistent protection and a frictionless experience that people adopt across every person, tool, and workflow.

In a comprehensive model, administrators can manage every credential. Employees and developers get passwordless sign-in across devices. AI agents work securely. IT and security leaders can set standards that make autonomy safe across the business.

AI will continue to accelerate change. To support this progress without expanding the shadow credential layer, comprehensive credential security is essential. Every credential must be governed, every secret should have an owner, and every access path should be ready for audits and easy to revoke if needed.

That’s the world 1Password Enterprise Password Manager was made for.

AI accelerates credential sprawl

Passwords, developer secrets, and other credentials are already hard to control. Add AI apps and agents, and the risk grows even faster. Read the ebook to learn what’s driving credential sprawl and how to reduce the risk without slowing teams down.

SSO and PAM aren’t the whole story

Managing sign-ins is no longer enough. This on-demand webinar explores how credential sprawl compounds across SaaS, developer workflows, shared accounts, and AI agents, even when core IAM tools are in place.