Feedback regarding future features

turbostar
turbostar
Community Member
edited February 9 in Lounge

To folks at 1Password: Be careful about adding too many new features (I’m thinking about linking passwords to locations now). I believe it is better to have a product that has high quality security, written in a programming language that is secure, a product that is as free from bugs as possible, that has been exposed to the most capable of hackers and come up roses and one that been hardened over time, than a product that needs to keep up with the Joneses. In the case of security, many times, LESS is MORE. We need to be DECREASING rather than INCREASING our attack surface as we go forward into these challenging times of AI and future quantum computing. I don’t mean to be insulting to anyone here, but I really am interested in what others reading this who are working in the security industry think.


1Password Version: 8.10.24
_Extension Version:
Not Provided
_OS Version: macOS Sonoma 14.3.1
_Browser: Safari, Firefox, DuckDuckGo, Tor

Comments

  • Hello @turbostar! 👋

    Thank you for the feedback! I agree that making sure that new features are secure, and reviewing them thoroughly before release, is vital in making a secure app like 1Password.

    We have multiple teams that carefully review proposed new features along the entire development cycle. Not only is security/privacy considered in detail throughout the entire process but the final code is reviewed again and isn't approved until we're sure that there is no compromise to security. This process is long and elaborate and involves the participation of many different specialists and experts. There are many features that have not been built even though they are heavily requested by our customers. When our team isn't able to build a feature without compromising security, we don't build that feature. Period.

    Because security is our number one priority we undertake regular independent security audits, which you can read about here: Security audits of 1Password

    We also engage with the wider security community by encouraging security researchers to try to find vulnerabilities in 1Password, report them to us so that we can fix them, and rewarding the researchers. Our largest bug bounty is $1 million and you can read more about the program here: Strengthening our investment in customer security with a $1 million bug bounty

    -Dave

This discussion has been closed.