Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This blog has been adapted from an excerpted section of 1Password’s ebook: Why SSO is not enough for identity security. To read the complete ebook and learn more about the issues that SSO can’t cover, click here. Sign-on (SSO) solutions are designed to manage and secure access to applications. By integrating with a company’s identity provider (IdP), SSO allows users to authenticate to multiple applications via a single log-in.

RSAC 2025 delivered an unforgettable week of cybersecurity insights and innovations. As the industry gathered to tackle the latest threats, one challenge loomed: the security risks posed by unfederated identities, unmanaged devices, applications, and AI-powered tools accessing company data without proper governance controls.

We’re making it easier for IT and security admins to deploy 1Password Enterprise Password Manager at scale with three powerful new features that improve visibility, reduce onboarding confusion, and lay the groundwork for a more unified experience across our platform. Whether rolling out to your first 50 users or your next 5,000, these updates help you move faster, support your employees, and strengthen access security across your organization.

Omdia, a global analyst and advisory leader, recently released a report called “How Extended Access Management (XAM) closes the gaps in security.” The report outlines the challenges of managing access for the modern workforce and suggests strategies for addressing those challenges. Omdia defines the challenge areas of access management as: In 2024, 1Password launched Extended Access Management (XAM), a new security category designed to close the Access-Trust Gap.

Each year on World Password Day, most password managers will remind you that sticky notes are no place for storing passwords, to avoid using “password123,” or to stop repeating passwords across multiple accounts. That is all sound advice, but we’re in 2025. Passwords are still everywhere, but our relationship with them has evolved — or rather, devolved.

Passwords remain the most widely used and weakest authentication method in the enterprise. They’re still responsible for the majority of breaches, and IT teams spend an outsized amount of time simply managing them. It’s no wonder that security leaders are shifting toward passwordless authentication, a more secure and phishing-resistant approach that replaces traditional credentials with biometrics, passkeys, and FIDO2-compliant sign-ins.