1Password has unveiled an added defence that checks a website’s legitimacy when a user tries to fill a field or use copy-paste, and issues a preemptive warning if the site is identified as a phishing attempt. According to 1Password, the feature performs a seamless validation of verified URLs and will withhold the automated login prompt if the destination URL does not match the user’s saved records.
THIS friction is designed to prevent users from unknowingly submitting credentials to fraudulent sites, nudging them to verify the address before continuing. A classic example cited is a domain such as Faceboook[.]com masquerading as Facebook[.]com, where the minor misspelling prevents autofill but requires user confirmation if they insist on proceeding.
For individual subscribers, the protection will be enabled by default upon release, while enterprise environments require administrators to activate it within the Authentication Policy of the 1Password management console. The news underscores how the approach aims to curb copy-paste phishing by forcing explicit user consent when a mismatch is detected.