Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on March 10, 2017

    1Password will pay you $100,000 to crack its vault

    1Password will pay you $100,000 to crack its vault
    Matthew Hughes
    Story by

    Matthew Hughes

    Former TNW Reporter

    Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twi Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twitter.

    AgileBits, which owns the Password manager 1Password, has announced that it has raised the maximum possible reward in its bug bounty program from $25,000 to $100,000.

    The quadrupling of its prize money puts it within reach of other programs offered by Apple, Microsoft, and Google.

    In order to earn the full reward, researchers must demonstrate an ability to crack the secure vault technology used by 1Password to store credentials. The company has created a special researcher vault, containing bad poetry, which researchers are to target.

    To assist further, 1Password provides supplemental documentation containing real recent issues, in order to give direction to where more issues may be present.

    The timing couldn’t be more perfect, as in recent weeks, bug bounty programs have soared in visibility in the wake of the disastrous CloudLeak incident.

    CloudFlare was widely pilloried, both in the media and within the security community, for having a bug bounty program with a maximum reward of a t-shirt.

    Although AgileBits is a measurably smaller company than CloudFlare – and indeed, Apple, Microsoft, and Google – it’s encouraging to see they recognize the importance of engaging with the wider security community in order to protect their users.