1pass

English

한국어

English

한국어

Theme

FAQ — frequently asked questions

We've collected the most common questions about 1pass (logi), split into two perspectives: developers/businesses looking to add it to their service, and the everyday users who log in with 1pass.

What is 1pass?

"Login built because even passkeys were annoying."

We were unhappy with every option — email/password and social login alike — so we built our own app-based authentication system. Users install a single 1pass app and can log into every connected service, and service developers can add login to their own service in under 5 minutes.

  • We collect nothing at sign-up — no email, name, or phone number. Installing the app is signing up.
  • You authenticate with your phone. Logging in on the web is handled by QR or SSO push approval.
  • The app is about 5 MB.

For people building services (B2B / developers)

Q. How do we add 1pass login to our service?

Following the Quickstart guide, a single curl gets you to your first login in 5 minutes. You can also hand llms-full.txt to your AI assistant and say "add 1pass login."

Q. Does it work for web services too?

Yes. We support both web and app.

  • Web: QR code + SSO (Single Sign-On) push approval
  • Mobile app: direct communication with the 1pass app via Universal Links / App Links
  • Desktop: QR login, same as the web

Q. How does SSO work?

When a user taps the "Log in with 1pass" button on your service:

  1. An authentication request is made to the 1pass server (OAuth 2.0 + PKCE).
  2. A push goes to the 1pass app on the user's phone — "There's a login request from ○○. Is this you?"
  3. The user taps Approve, and login completes right there.

For the detailed flow, see the OAuth Authorization Code Flow.

Q. Can we get the user's email on the server?

By default, only an anonymous identifier (UUID + device-unique value) is passed. If you need email, name, or contact info, you can request additional scopes, and the user can consent to or deny each field individually.

Because you ask for re-consent only when a new field is needed, the "consent to everything up front and never use it" pattern disappears.

Q. How are users distinguished?

Each installed 1pass app is issued a unique identifier (sub) built from an app UUID + device-unique value + random number. As long as the user does not delete the app, the same identifier persists.

If the user deletes and reinstalls the app, they're recognized as a new user. Guide them toward an SSO link / backup codes in case they need to recover.

Q. Can we show only "Continue with Google" on the login screen?

Yes, there are two ways.

  1. URL parameter — add &provider=google to the authorize URL. It takes effect instantly with a one-line URL change.
  2. Console setting — check only Google under login method restriction in the app settings at start.1pass.dev. This not only hides the others on screen but also blocks the other login entry paths on the server.

You can restrict other combinations — Apple/Kakao/email/logi app — the same way. For details, see login method restriction.

Q. We have to make users install an app — will they actually do it?

This is the question we get most often, and here's the honest answer.

  • You always need exactly one way to authenticate — a passkey, an email, or an OTP app. 1pass just consolidates that into a phone app.
  • The app is a 5 MB single-purpose app, so you avoid drop-offs like "Google login → blocked in the in-app browser → abandons sign-up."
  • The more services adopt 1pass for B2B, the bigger the payoff: install it once, use it across N services.

Q. Does it also fix Google/Kakao login being blocked in in-app browsers (Instagram/Threads, etc.)?

Yes. 1pass doesn't depend on in-app browser policy. Because the flow is push → native app → approval, it works regardless of the browser.

On the affected device, first open https://api.1pass.dev/diagnose (no authentication needed). It checks the User-Agent, whether you're in an in-app browser, the AASA path claim, and a test deep-link button — all on one screen — for a first-pass diagnosis of where the handoff broke. For scenario-by-scenario fixes, see Troubleshooting.

Q. What about pricing / cost?

It's free during the alpha (v0.1) phase. The official pricing policy will be announced in the changelog.

For people who use 1pass (everyday users)

Q. What do I enter when I sign up?

Nothing. The moment you install the 1pass app, your sign-up is complete.

When you log in with 1pass to a service that needs your email, name, or phone number, you choose and consent to only the fields that service asks for, then and there.

Q. You collect so little personal data — is it safe?

Actually, the less we store, the safer it is.

  • Sensitive data like your legal name or national ID number is never stored on the 1pass server.
  • Authentication is handled by your phone's Face ID / Touch ID / device authentication.
  • Two-factor authentication (TOTP) and one-time backup codes are issued too — see the security guide.

Q. What if I lose my phone?

You can recover on a new device with the backup codes issued at sign-up. For the detailed steps, see the security guide — backup codes.

Q. iPhone only? What about Galaxy (Android)?

Both work. iOS and Android are both officially supported.

Q. How do I log in with 1pass on a website?

When you tap the "Log in with 1pass" button on a website, one of two methods runs:

  • QR login — scan the on-screen QR with the 1pass app
  • SSO push — a "There's a login request from ○○" notification arrives on your phone; tap Approve and you're done

Q. What happens if I delete the 1pass app?

You lose the login data for every connected service. Reinstalling registers you as a new user, so grab your backup codes before deleting the app.

Yes, you can link it via the SSO link feature. Just tap "Connect 1pass" in a service you've already signed up for.

Learn more

Identity가 제품의 신뢰를 만듭니다.

© 2026 Dcode Labs · logi by 1pass