1Password increases bug reward to $1Mn

Password manager 1Password has announced it has increased its maximum bug bounty reward to $1 million. The Toronto-based firm revealed it is offering the huge financial incentive, which is the current highest figure offered by programs managed by Bugcrowd.

Since beginning the bug bounty program in 2017, 1Password has paid out $103,000 to security researchers, averaging $900 per reward. Researchers were previously offered a maximum payout of $100,000.

Jeff Shiner, CEO of 1Password, said, “Increasing our bug bounty to $1 million will attract another layer of outside expertise to make sure our systems are as secure as possible. Together, we will deepen our security leadership so our customers can live their lives online with ease and confidence.”

The company said that all detected bugs have been “minor” and showed “no threat to the secrecy of sensitive customer data”.

Ashish Gupta, CEO of Bugcrowd, said that the researcher community is “especially important today as hackers become savvier with their techniques and threats escalate from Russia. 1Password has held our top bug bounty reward spot since 2017, and their new top prize of $1 million underscores their respect for the value our community provides.”

Adam Caudill, Director of security at 1Password, said that protecting customers is the main driver behind the increase. “It’s our top priority, so we’ve put enough money on the table to give researchers a reason to dig deep and look for serious issues. If they exist, we want to know. Our goal is to set this bounty high enough that we are motivating researchers, as well as being the most profitable buyer for exploits in our products. If a researcher finds an issue, we want them to come to us, not a broker that will pass it on to adversarial parties,” Caudill said.