The fact that we do so should give some idea of just how important the Secret Key is for security. Burdening users with an additional task that is hard to understand is really not our style. Not only is it difficult to understand, it places an additional burden on users. However, its uniqueness makes it difficult to understand. It offers our users exceedingly strong protection if our servers were to be breached. The Secret Key is central to what makes 1Password’s security uniquely strong. Instead of thinking in terms of “is it like a second factor” or “is it like a key file” it’s best to explain it in terms of what it actually does: It protects you if we were to be breached. It changes everything.A unique feature of 1Password’s security is the Secret Key, but its value is often misunderstood by users and security experts alike. As someone who’s been in this game for a while, that’s exciting. It enables organizations not just to move faster without compromising security, but to move faster precisely because you’re enhancing security. But by making it easier to do the secure thing than to do the insecure thing, you enhance security and eliminate bottlenecks. There are always competing priorities, and security is usually the first thing to be cut in the pursuit of speed and agility. Unfortunately, 96 percent of developers recognize that there’s a fundamental disconnect between security and productivity, according to a 2020 ShiftLeft report.Īnd they’re right. More importantly, the philosophical stars aligned, too.ġPassword believes that good security starts with making the most secure thing to do the easiest thing to do. We knew what 1Password was: an exceptional user experience built on an uncompromising security architecture. We’d been a 1Password business customer for years. If you build a company that focuses on solving developer problems with simple, elegant command-line tools, but dream of having the resources to build a world-class user experience, who better to join forces with than 1Password? Not to mention drastically reducing incident response time. By simplifying and standardizing, you free up a lot of time that IT would’ve otherwise spent doing training, integration, and maintenance. How do you deliver a secret from a central store to the application itself in a way that requires almost no changes or implementation effort? How do you do it in a way that’s consistent across all your environments, whether it’s development or production, or whether you’re working locally or in CI/CD, or on AWS?Ĭreating a consistent experience wasn’t just about usability it also saved a ton of resources. That focus allowed us to think like developers, and for the questions we were asking to evolve. By focusing on developers, we could forego the visual experience and build great command-line tools. That required more resources than we had at the time, so we focused instead on building a great tool for people who don’t particularly need an interface: software engineers. To accomplish that, SecretHub needed a killer user experience, including a proper interface. Our mission was to bring great secrets management to every business, of every size and every budget. So, much like Dave Teare and Roustem Karimov built 1Password to solve their own password management problem way back in 2005, we scratched our own itch and built the secrets management platform we desperately needed ourselves. I didn’t like having to choose between speed and security, so I started looking for solutions… only to realize that what I was looking for didn’t exist at the time. Or we could restrict access to one person (me) and manually input the credentials each time we deployed.Ĭhoosing security over speed, we opted for the manual route. We could put the secrets in our code (or somewhere else where they would be visible to a number of people) but that would leave them exposed. And like every cloud application, our software needed a handful of credentials to access a database and a few APIs. Like everyone else, we were deploying more frequently than ever before, sometimes multiple times a day. While working on that application, we ran into an interesting problem. The first product we built at SecretHub was a secure, end-to-end encrypted file syncing service. I’ve shared my thoughts and next steps with SecretHub customers – without whom I wouldn’t be here – but today I want to address you, 1Password customers.īoy, it’s good to be here. SecretHub, the company I founded in 2014, is joining 1Password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |