1Password Acquires Apono to Expand Identity Security Beyond Passwords

1Password has acquired Apono, an identity security company focused on just-in-time and just-enough access governance for cloud infrastructure, databases, Kubernetes environments, and other critical systems.

The acquisition brings together 1Password's Extended Access Management strategy and Apono's expertise in granting temporary, contextual access rather than relying on standing privileges that often become security liabilities. The deal value was not officially disclosed, although industry reports have estimated the transaction at approximately $250M–$300M. The acquisition was announced on June 15, 2026.

The bigger story is not the acquisition itself. The bigger story is that identity security is rapidly expanding beyond passwords and human users. Machines, workloads, service accounts, automation systems, and AI agents are becoming active participants inside enterprise environments, creating an access governance challenge that traditional security models were never designed to solve.

What Happened

1Password has acquired Apono, marking the company's latest move deeper into identity security and access governance.

Founded in 2005 by Dave Teare, Sara Teare, Roustem Karimov, and Natalia Karimov, 1Password built its reputation helping individuals and enterprises manage credentials securely. Over time, the market evolved. Password management became table stakes, and enterprise buyers started asking bigger questions about who has access, who should have access, and who still has access after nobody remembers granting it. Under CEO David Faugno and CTO Nancy Wang, 1Password has increasingly positioned itself as a broader identity security platform rather than simply a password manager. The company reported more than $400M in ARR in 2025 and serves more than 180,000 business customers globally.

1Password is headquartered in Toronto, while Apono operates across New York and Israel, making this a notable North American-Israeli cybersecurity transaction. Founded by CEO Rom Carmel and CTO Ofir Stein, Apono developed technology that allows organizations to grant temporary, contextual access to infrastructure and sensitive systems. Instead of giving users permanent privileges and hoping governance processes keep up, Apono enables organizations to provide access only when needed and only for the required duration.

The companies were not strangers prior to the acquisition. Apono and 1Password had previously announced an integration partnership focused on access governance workflows, making the strategic fit easier to understand.

Why This Matters

Cybersecurity has a strange relationship with human nature. Nobody notices access controls when they work. Everybody notices them when they fail.

For years, organizations accumulated permissions the same way garages accumulate old furniture. Employees changed roles. Contractors completed projects. Service accounts multiplied. Cloud environments expanded. Nobody intentionally created risk. Risk simply accumulated one permission at a time. The result became one of the industry's most persistent security challenges: standing privileges.

Apono built its business around addressing that problem directly. The company's customer base includes enterprises such as Hewlett Packard Enterprise and American Airlines, validating demand for more dynamic approaches to access management. From 1Password's perspective, the acquisition is less about adding another product and more about extending control deeper into enterprise environments.

Passwords may open doors, but access governance determines who is allowed to walk through them.

Market Context

Identity security has become one of the most important battlegrounds in enterprise technology. Historically, security vendors concentrated on authentication. The goal was proving that a person was who they claimed to be.

Today's challenge is significantly more complicated. Modern enterprises operate across cloud platforms, SaaS applications, databases, containers, APIs, automation systems, and increasingly AI-powered workflows. The question is no longer limited to verifying identities. The question is determining what those identities should be allowed to do.

The acquisition sits at the intersection of Identity Security, Privileged Access Management (PAM), Identity Governance and Administration (IGA), Cloud Infrastructure Entitlement Management (CIEM), and Extended Access Management (XAM). Enterprises are simultaneously managing human users, machine identities, service accounts, and emerging AI agents, dramatically increasing access complexity.

For 1Password, the acquisition reflects a broader industry reality: identity security and access governance are increasingly becoming inseparable disciplines. According to IDC security research, organizations continue to increase investment in identity-centric security architectures as cloud adoption and machine identities proliferate.

Competitive Landscape

The acquisition also highlights a larger competitive shift occurring across cybersecurity. Security vendors are racing toward platform strategies because customers are tired of managing dozens of disconnected tools that each solve a narrow problem while creating new operational complexity.

The companies gaining momentum are increasingly those capable of connecting authentication, authorization, governance, visibility, and policy enforcement into cohesive experiences. 1Password's acquisition strategy reflects that trend. Adding Apono strengthens the company's ability to address access governance challenges that extend beyond credential management and positions the company more aggressively in conversations traditionally dominated by identity governance vendors, privileged access management providers, and cloud entitlement management platforms.

Enterprise buyers rarely purchase security products because they are interesting. They purchase them because complexity becomes expensive.

What This Signals

The most important signal from the acquisition may have little to do with passwords. The future of identity security is not exclusively human.

Machines request access. Workloads request access. Automated processes request access. AI agents are beginning to request access. An enterprise may eventually have thousands of autonomous systems interacting with infrastructure, applications, and data. Managing access for those systems using legacy approaches quickly becomes unrealistic.

Organizations need governance models capable of operating at machine speed. Apono's technology addresses part of that challenge, while 1Password's platform provides a broader identity foundation. The combination reflects where enterprise security appears to be heading.

The Bigger Industry Shift

David Faugno and Nancy Wang have been steering 1Password toward a larger vision of identity security. Executive Chairman Jeff Shiner helped establish the foundation that enabled that expansion. Meanwhile, Rom Carmel and Ofir Stein built Apono around a problem many enterprises quietly struggle with every day: excessive access that nobody intended to become permanent.

Viewed through that lens, this acquisition feels less like a traditional consolidation play and more like a market signal. Identity security is moving beyond credential storage. Access governance is becoming a strategic priority. AI systems are accelerating complexity, and enterprise infrastructure is becoming more dynamic.

The organizations that can answer a simple question consistently, securely, and at scale will be increasingly valuable: who should have access right now? That question sounds small. The next decade of cybersecurity may depend on the answer.