Skip to main content

1Password bets $100,000 that security experts can't break into its systems

1password bug bounty 100k teamspresskitadminpanel
Image used with permission by copyright holder
AgileBits, the developer behind 1Password, just upped the ante for bug hunters, putting up $100,000 for anyone who can break into a 1Password vault and obtain a plain text file full of “bad poetry.”

Previously, the “capture the flag” bug bounty was a mere $25,000, but in order to push security researchers to find vulnerabilities in the 1Password platform — and to demonstrate its effectiveness — AgileBits raised the bounty fourfold.

The bug bounty is up on BugCrowd, a platform for crowdsourcing bug hunts, where companies can easily reward security researchers for discovering security vulnerabilities in their products. It’s the biggest bounty currently on the platform, and AgileBits claims the bounty is a measure of how seriously it takes the security of 1Password users.

“We owe it to our customers to do everything in our power to keep them and their information secure. This means using the ingenuity of real people to help us continually improve the security of 1Password. It was important to us to demonstrate how seriously we take this contribution and have increased the prize to prove it,” said Jeff Shiner of AgileBits, speaking with Tom’s Hardware.

The bug bounty specifies a particular account which researchers will have to breach in order to access the bad poetry file. It’s a more focused attack than most users would ever be subjected to, but it’s a good way to stress test the 1Password platform’s overall security.

Password managers are getting more popular every day, and they’re a great way to add an extra layer of security to your digital life, but they’re only as secure as the password you use to access your password manager.

If you use your master password elsewhere, hackers could get into your password manager indirectly. Still, this bug bounty is an excellent way to test how well 1Password works as a platform, without having to compensate for user error.

Editors' Recommendations

Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
Use this trick to make your online accounts super secure
A group of people sitting at a desk looking at 1Password displayed on a screen.

We do just about everything online today, and in the digital age, having good passwords for your accounts isn’t sufficient anymore — and if you’re still using the same login credentials for multiple accounts, then it’s definitely time to upgrade your security setup. An easy way to do that is with a password manager that makes it simple to create and organize secure access codes for all of your accounts, but even that might not be enough to guard your sensitive personal and financial information from prying eyes. Instead, we recommend 1Password, a unique account manager that does more than just organize your logins. It also takes online security to a whole new level by letting you keep all of your accounts completely separate.

Your typical password manager can generate and organize unique credentials for your accounts (sort of like a digital key ring), but 1Password takes things a step further. With 1Password, you get not only a unique, strong passcode for every account, but the app also generates a unique email address as well. When signing up for a new account somewhere or updating some you already have, you simply create a new 1Password-generated email string and password, set up two-factor authentication, and use this new “sock” email and passcode to register. Your real information is kept private, and access codes are securely backed up in your 1Password account, for which you have a master password — the only one you need to remember.

Read more
LastPass is scaling back its free tier. Find out if you need to pay
LastPass

LastPass currently offers a free tier that lets a single user access its password manager service on all their mobile devices and computers. But that’s about to change.

Starting March 16, the company will limit its free tier to only one device type, either mobile or computer. So if you select to keep the free tier for mobile, you’ll be asked to pay a fee to continue using the service on computers, and vice versa.

Read more
Leaving LastPass? Here’s how to take all your passwords with you
LastPass

If you, like many of us, have been happily using LastPass's excellent free tier for the last few years, you're probably dismayed that LastPass is moving to change the way its free access works. From March 16, you'll only be able to sync your LastPass database between mobile devices or computers -- but not both. So if you want to keep accessing the same passwords on your phone and laptop, you'll have to pay up and join LastPass's premium subscription for $3 a month.

Of course, not everyone is wild to pay a subscription fee -- or has the free cash to do so. If that's you, you're probably looking for a password manager to replace LastPass. But you won't want to leave all your collected passwords and logins behind. Thankfully, you can quickly and easily export your LastPass passwords and login information and import them into your new password manager of choice. So go check out our list of the best password managers, then dive into our guide on how to leave LastPass and take your passwords with you.
Export your LastPass database
Now that you know you're moving from LastPass, the first step is to make sure you take everything with you. Thankfully, exporting your database from LastPass is simple. Unfortunately, there's no way to export your passwords from the mobile app, so you'll have to use a PC or Mac to complete this action.

Read more