Skip to main content

1Password bets $100,000 that security experts can't break into its systems

1password bug bounty 100k teamspresskitadminpanel
AgileBits, the developer behind 1Password, just upped the ante for bug hunters, putting up $100,000 for anyone who can break into a 1Password vault and obtain a plain text file full of “bad poetry.”

Previously, the “capture the flag” bug bounty was a mere $25,000, but in order to push security researchers to find vulnerabilities in the 1Password platform — and to demonstrate its effectiveness — AgileBits raised the bounty fourfold.

The bug bounty is up on BugCrowd, a platform for crowdsourcing bug hunts, where companies can easily reward security researchers for discovering security vulnerabilities in their products. It’s the biggest bounty currently on the platform, and AgileBits claims the bounty is a measure of how seriously it takes the security of 1Password users.

“We owe it to our customers to do everything in our power to keep them and their information secure. This means using the ingenuity of real people to help us continually improve the security of 1Password. It was important to us to demonstrate how seriously we take this contribution and have increased the prize to prove it,” said Jeff Shiner of AgileBits, speaking with Tom’s Hardware.

The bug bounty specifies a particular account which researchers will have to breach in order to access the bad poetry file. It’s a more focused attack than most users would ever be subjected to, but it’s a good way to stress test the 1Password platform’s overall security.

Password managers are getting more popular every day, and they’re a great way to add an extra layer of security to your digital life, but they’re only as secure as the password you use to access your password manager.

If you use your master password elsewhere, hackers could get into your password manager indirectly. Still, this bug bounty is an excellent way to test how well 1Password works as a platform, without having to compensate for user error.

Editors' Recommendations

Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
LastPass is scaling back its free tier. Find out if you need to pay

LastPass currently offers a free tier that lets a single user access its password manager service on all their mobile devices and computers. But that’s about to change.

Starting March 16, the company will limit its free tier to only one device type, either mobile or computer. So if you select to keep the free tier for mobile, you’ll be asked to pay a fee to continue using the service on computers, and vice versa.

Read more
Leaving LastPass? Here’s how to take all your passwords with you

If you, like many of us, have been happily using LastPass's excellent free tier for the last few years, you're probably dismayed that LastPass is moving to change the way its free access works. From March 16, you'll only be able to sync your LastPass database between mobile devices or computers -- but not both. So if you want to keep accessing the same passwords on your phone and laptop, you'll have to pay up and join LastPass's premium subscription for $3 a month.

Of course, not everyone is wild to pay a subscription fee -- or has the free cash to do so. If that's you, you're probably looking for a password manager to replace LastPass. But you won't want to leave all your collected passwords and logins behind. Thankfully, you can quickly and easily export your LastPass passwords and login information and import them into your new password manager of choice. So go check out our list of the best password managers, then dive into our guide on how to leave LastPass and take your passwords with you.
Export your LastPass database
Now that you know you're moving from LastPass, the first step is to make sure you take everything with you. Thankfully, exporting your database from LastPass is simple. Unfortunately, there's no way to export your passwords from the mobile app, so you'll have to use a PC or Mac to complete this action.

Read more
1Password comes to Microsoft Edge as an extension, but you still need software
Microsoft Edge

If you’re looking for a good way to manage your multiple passwords, the popular 1Password extension is now available for Microsoft Edge. It joins 70 other extensions offered through the Windows Store, including competing password management solutions such as LastPass, Advance Password Manager, and OneLogin. Support for extensions in the Microsoft Edge browser arrived with Anniversary Update in 2016.

To install 1Password, click on the three dots located in the top-right corner of the browser to activate the Settings panel. Click on “Extensions,” and then “Get extensions from the Store" to pull up all extensions officially sanctioned by Microsoft. Locate 1Password, click the “Get” button, and it’s installed. After that, you should be good to go: the button now parks next to the three-dot Settings button.

Read more