AgileBits, the developer behind 1password is ready to pay you a bug bounty of $100,000 if you can break into their vault nd obtain a plain text file of “bad poetry.”
Earlier, a “capture the flag” bug bounty like this has a mere $25,000. Even though that sum is quite high when it comes to bug bounties, it feels like a pocket change when compared to the new one.
The AgileBits through all means necessary, seems to want, to demonstrate that its service is safe, taunting security researchers to find any vulnerabilities if they can.
You can find the bounty program on Bugcrowd, which is a general platform for crowdsourcing bug hunts. Any companies can reward security researchers for their discoveries. This is the biggest bounty that is currently on the platform because AgileBits wants to prove a point – that it takes security seriously.
Of course, that is how it should be given how 1Password is a popular password manager, keeping all the user login credentials in the same place. If that is cracked, it could pose a very serious security problem to all of its users.
“We owe it to our customers to do everything in our power to keep them and their information secure. This means using the ingenuity of real people to help us continually improve the security of 1Password. It was important to us to demonstrate how seriously we take this contribution and have increased the prize to prove it,” AgileBits’ Jeff Shiner told Tom’s Hardware.
So how does all this all work? The bug bounty specifies a specific account which white hats will have to breach to get the bad poetry file in it. Of course, most of the users would not be facing an attack like the one normal on their account, but it is a good test for the service. With the increased popularity of password managers, 1password wants to prove its service is safe.