What the new 1Password integration changes
The integration grants access per task, not forever. When Claude asks for a credential, 1Password shows the request and waits for biometric approval. Only the approved vault items are available during that session. The rest of the vault locks down automatically while the browser agent is in control.
The password and MFA code are injected directly into the page through 1Password's channel. Claude knows that a login happened, but it does not receive the actual secret. After autofill, 1Password checks the page for exposed values; if submission fails, it clears the filled fields before control returns to the agent.
The Verge notes that the approval is still an interruption. It is simply a smaller and safer one than manually taking over the browser. At launch, the feature is available to 1Password business, family and individual customers on Mac. It requires the 1Password desktop app and browser extension plus the Claude desktop app and Claude browser extension. Payment cards and identity details are not included yet.
The rollout question is now easier to answer
Until this release, a manager could reasonably stop at: we are not giving an AI our passwords. The new design answers that objection directly. The credential can stay encrypted and out of the model while the assistant uses it for one approved task.
The next objection is more useful: which logged-in chore is worth delegating? Start with work that is easy to inspect and cheap to undo—pulling information into a draft, checking an account for a known value, or preparing a comparison. Do not begin with purchases, deletes, payouts or account recovery because the login now feels smoother.
Also plan for the setup. Four apps or extensions on one supported desktop platform is manageable for a technical early adopter. It is not invisible to a ten-person company. Someone needs to know what Agentic Mode looks like, why the biometric prompt appeared, and how to cancel the session without guessing which window is in charge.
Two views on the first approved login
Mara Vale sees a clean security improvement with a hard limit: keeping the password out of the model protects the secret, not every click made after authentication. Her first test would use an account where a wrong move can be spotted and reversed without calling a bank, customer or vendor.
Jun Vega cares about the moment a normal user sees the request. The approval should name the site, the credential, the task and what happens when the session ends. If the screen only says Claude wants access, the user is being asked to approve a concept rather than a job.
Those views fit together. 1Password has made the credential handoff smaller and safer. Teams should use that progress to test one useful job carefully, not to turn every saved login into an invitation.