1Password Is So Sure of Its Security That It Will Offer You $100,000 to Crack Its Vault
1Password to ready to put bug hunters in charge of its security. The developer behind the password manager has raised the maximum possible reward in its bug bounty program from $25,000 to $100,000. The timing couldn't be any more perfect, since 1Password was mentioned in at least two security incidents last month.
The app managed to save itself from Cloudflare's Cloudbleed disaster despite being one of the services affected by the Cloudflare exposures. The app was also mentioned in a report released last month that made us all rethink the "military grade" security that password management apps offer. Cloudflare, on a side note, offers a maximum reward of a t-shirt in its bug bounty program...
1Password just upped the ante for bug bounty programs
AgileBits, the developer behind 1Password, is now matching the rewards offered by the likes of Apple and Google and luring in top-of-the-line hackers to break into 1Password. The company is way smaller than Cloudflare, Apple or the other tech giants. However, the latest announcement will renew customer trust as bug bounty rewards are another way of companies saying how seriously they take customer security.
"We owe it to our customers to do everything in our power to keep them and their information secure," AgileBits' Jeff Shiner said. "This means using the ingenuity of real people to help us continually improve the security of 1Password."
"It was important to us to demonstrate how seriously we take this contribution and have increased the prize to prove it."
If you want to earn the full reward, you will have to prove to the company that you can crack the secure vault technology and get the credentials that are stored in the vault by 1Password. The company has created a researcher vault containing "bad poetry," that the hackers will have to target to demonstrate any vulnerabilities, so users don't need to worry about their data being exposed in the process. Researchers will need to opt-in to receive an invite to get access to this researcher vault.
The company has also listed four other flags that can get you the financial rewards of $100 up to $5,000. More details can be found on Bugcrowd.