1Password

1Password is the world's best password manager. Perfect for protecting your business, team, and family.

  • $50 – $30,000 per vulnerability
  • Safe harbor
Submit report

Changes to AgileBits/1Password Bug Bounty Program

Greetings Security Researchers,

As of today, AgileBits (DBA 1Password) made a change to the structure of our bug bounty program within the BugCrowd platform. Our main program page will be used solely for security research and bug hunting related to our full suite of products, while the CTF Competition has been moved to a new BugCrowd program page. Please read on for full details.

Important: Researchers with Accounts at bugcrowd-test.1password.com
If you previously emailed our team and were given an account on bugcrowd-test.1password.com, you have the appropriate access to participate in the CTF competition. But please note that you’ll need to access your account by navigating to a new URL (bugbounty-ctf.1password.com) moving forward.

About the Core Program
We've recently made some updates to the existing program brief to bring clarity to the target list and scope of the program. The most important change to note is that you may only conduct testing on an account you own. You are welcome to create as many trial accounts as needed under this program.

New BugCrowd Program for the Existing CTF Competition
Some of you may also be aware of our $1 million bug bounty Capture The Flag (CTF) Competition launched in 2022. The CTF competition remains the same, however we moved the specific details into a separate BugCrowd program to help researchers differentiate between the two programs.

What is the CTF Competition?
The CTF competition target (or flag) is a secure note that lives in a vault on the bugbounty-ctf.1password.com account. This account was formerly bugcrowd-test.1password.com but was updated to coincide with the program changes. If you want to participate in the CTF challenge, please see additional details in the CTF program brief.

Use Separate Accounts

Can I use my CTF account for the core program research?

Access to the Bug Bounty CTF account is intentionally limited to the scope of the CTF competition. Please use an account you own for general bug bounty program research.

Questions
Please email us at bugbounty@agilebits.com if you have any questions related to our programs.

Thank you, and happy hunting!

The 1Password Security team

kristinav
kristinav