Security and privacy

Security audits of 1Password

1Password hosted services have been reviewed by multiple independent security firms.

1Password is periodically assessed to ensure it remains a secure way for you to share all your secrets.

Bugcrowd

Bugcrowd logo

Bugcrowd, Inc. is engaged in an ongoing, private bug bounty program targeting the 1Password service and web-application. Testers are provided with details of the API.

This program is currently open to the public and has received submissions from 218 unique researchers ‐ these issues ranged in scope and severity, with nine high priority issues being discovered during this timeframe. Despite the presence of these high priority findings no user secrets were at risk. Additionally, please note that as of 10/31/17, all the high priority submissions from this program were confirmed to be resolved.

None of the identified issues resulted in a loss of Confidentiality, Integrity or Availability.

Full details are available in the Bugcrowd security review  

Prior reviews are also available for:

CloudNative

CloudNative logo

CloudNative, Inc. was employed to analyze 1Password and provide best-practices guidance. The assessment was performed during September and October, 2015 prior to the public beta period.

Full details are available in the CloudNative security review  

nVisium

nVisium logo

nVisium LLC was employed to perform a security assessment of the 1Password infrastructure. The assessment was performed during October and November, 2015.

"It is nVisium's estimation that the current overall risk to AgileBits through the Cloud Infrastructure is low."

Full details are available in the nVisium security review  


Published: