AgileBits in Toronto offers 1Password, a password manager available to both private individuals and businesses, touting a unique approach to multi-factor authentication to improve security.
$2.99
per month
Bugcrowd
Score 8.0 out of 10
N/A
San Francisco-based Bugcrowd offers a bug bounty platform, for vulnerability management.
I've described how I use it to manage confidential client logins for the websites I develop for them. Every site has a myriad of things that need logins - from setting up their domain name and hosting, to building the WordPress site, to getting them set up with email and maintaining their sites. When I need to provide IT support to our staff, I have my phone right there to log in to their computers to address the issues. When I want to order cookies from Amazon or check my home's security camera settings, it's there for personal needs as well. There are sharing features that I haven't explored enough to be comfortable with setting up for staff. They may be just great, but it is a place where I personally don't make use of the program.
Bugcrowd is great for bug bounty programs and as a cheaper alternative to a full-blown penetration test. Small to medium-sized companies who are serious about security, but don't have the budget for a $40,000 penetration test, this is a great solution. Bugcrowd isn't going to be able to do much of the white-box penetration testing (code reviews), as they are more suited for grey-box and black-box. A program like this will need at least one dedicated person to work with the moderator, verify findings, and decide on the severity of the finding.
1Password's Watchtower service is a real value add - 1Password monitors the security news for evidence of security breaches containing your credentials and alerts you if you have been impacted. That is a huge value as it enables you to get out in front of a security breach and be proactive in protecting yourself.
1Password's core strength is that it makes it easy to practice good security hygiene by using strong, unique passwords for each site you interact with. This is something that all password managers do now, but offering an easy experience is key.
1Password's password sharing features makes it easy to share team credentials with other team members, and to decide who amongst the team gets access to the designated credentials.
1Password is so secure, that it lacks a self-managed "forget your password" functionality which means that as a manager, I have to approve password resets which may slow down some users.
On Chrome, the extension sometimes stops working when the browser is updated.
The success of your program highly depends on the moderator that is assigned to your project. A good moderator will continue to find researchers until the quota is full. Less than stellar moderators will send out one invite and sees what sticks.
Not all researchers are as professional as one might hope. This can ruin the experience.
The 1Password app design is top notch, much better than a couple other password managers I've looked at. The app and service are very flexible, allowing for many different types of data storage. The browser extensions generally work very well, allowing for easy access to login information while using pretty much any modern web browser.
I have never had any issues with 1Password and they have always been able to answer my questions adequately resolve my issues. Furthermore, they have a robust peer forum that can be accessed. They have helpful "Get to know Apps", videos and many articles to assist in the process of using the product.
I don't know any of the software in the list, but normally, I used to save logins in Chrome - whether work or private, in separate accounts of course. Chrome stores information, even credit card info in plain text, that is easy to crack. 1Password is a step up, or even, several steps up from there. The Master key is stored in a Google service though, that 1Password gave me in a pdf format, but I consider that safe
Budget was ultimately the reason we went with Bugcrowd initially. Bugcrowd allowed for us to come up with our own bounty scale to fit out budget. Most other companies had a fixed scale, or the scale was not as flexible as we wanted it. Traditional penetration testing companies were very expensive.
1Password has empowered me to meet the stringent security demands of my organization without having to resort to complex, time-intensive encryption setups to store all of my various credentials. Instead of wasting time on building, configuring, and maintaining such infrastructure, 1Password manages it for me.
1Password's annual subscription pricing model is reasonable, given a great deal of value, it has provided me, both personally and in my business operations. I don't need to invest capital into secure storage infrastructure to ensure that I always have my credentials at my fingertips, and I prefer to have a dedicated, focused security company own the hardware behind this great service.
The fact that I control my 1Password account means that I can get double the use out of it: personal and professional account credentials sit side-by-side in my secure vault. Because I do not need to rely on my internal IT department to provide access, I am confident in storing whatever I need to store.
We have received some great results for a great price. We've also received some poor results at the same price.
Bugcrowd is not always recognized as a "real" penetration test, but for the most part, we have not had any problems with customer accepting our reports.
Overall, Bugcrowd has been an overall good experience, but we have had a poor moderator from time-to-time that has resulted in less than ideal results.
