Crack 1Password’s Vault to Win up to $100,000

AgileBits, the developers of 1Password app for iOS and Mac, have quadrupled the maximum possible reward in their bug bounty program from $25,000 to $100,000 (via TNW). In order to earn the full reward, researchers must demonstrate an ability to crack the secure vault technology used by 1Password to store credentials.


A special researcher vault has been created by AgileBits, which contains some bad poetry, which the researchers are to target. To assist further, 1Password provides supplemental documentation containing real recent issues, in order to give direction to where more issues may be present.

Reward Guidelines

Only capturing the unencrypted “bad poetry” flag is eligible for the $100k reward. See below for more details. All other findings will be prioritized as per the Bugcrowd Vulnerability Rating Taxonomy.

Priority – Reward Amount (*up to)

  • P1 –  $5,000
  • P2 –  $1,000
  • P3 –  $200
  • P4 –  $100
1Password will also accept flaw-hypothesis submissions, without penalty, and will work with you to develop a reasonable hypothesis into a working exploit, should one be possible.

Users can opt-in by emailing with their Bugcrowd username, after which they’ll be provisioned account access to the vault where 1Password provides supplemental information for testing against the application, including documentation on real issues that were recently found, and more.

For more information, click here.