The very high bounty of the company will attract many white hat hackers to attempt and discover new bugs and hence strengthen the security of 1Password in the even there are such. The company also aims to show that what they provide in their service is safe.
White Hats Expected to Be Drawn by the Offer on BugCrowd
The offer can be located on a the website BugCrowd which works in similarity to Kickstarter, a crowd-sourcing website where bounties for bug discovery are offered, instead.
The company has stated that they are doing this to display that they have invested a great deal of efforts to prove that the service they provide is safe.
The offer with $100 000 bounty is very simple. There is an account on a user profile on 1Password and what attackers must do is break in and retrieve the “bad poetry” file. Since this is a user account, the company will provide a good test for the services of password management they provide online.
The service of the company works very simple. After a registration, the user receives a unique secret key, which they call “Account Key”. This key is different for every account and users must write it down somewhere. Once this key is entered, users will be able to log into their personal account from any device or browser, at their own risk. The privacy element is that if this key is lost, even the company itself won’t be able to recover it for the user.
The second element of 1Password is to create a master password – a second layer of identification, which you can use to log in to your account.
From there, the service, generates a .pdf file with the unique recovery key which is only available for the user to interact with and save. The main interface of the software includes the ability to add an app of the service to your device as well as the feature to create a unique locked “vault” in which password information can be stored:
There have been many bug bounties offered for thousands of dollars, but never one that is publicly announced for such situation for 100 thousand big ones. The company must be really certain in what they are doing and only time will tell whether the bad poetry file will be recovered by bounty hunters or not.