Jeffrey GoldbergDec 28, 2022

I and my employers, #1Password, have never directly criticized a competitor before. But #LastPass's claim that it would take "millions of years" to crack the data made available from the breach needed to be addressed explicitly.

I also take the opportunity to explain why 1Password's distinct security architecture would keep users safe if we were to be breached.

https://blog.1password.com/not-in-a-million-years/

Not in a million years: It can take far less to crack a LastPass password | 1Password

How 1Password goes above and beyond to protect you in the event of a data breach.

1Password Blog
Show threadBen AdidaDec 29, 2022

@jpgoldberg huge respect for what you've built and all the care you've taken to build a great product. I love 1password.

But this blog post is not a good look. Kicking a competitor when they're down for security reasons... Oof.

Show threadJeffrey GoldbergDec 29, 2022

@ben, we would never do this for a breach or bug. But have you read their announcement?

Sure vendors understate the impact on users of security problems (and researchers overstates it). Human psychology leads to that, so it isn't even insincere.

But their statement goes well beyond that normal tendency.

Show threadBen Adida
@jpgoldberg I'll read it again to make sure ... But still, don't you think plenty of folks are legitimately beating up on them already? Opens the door to them hitting back the moment you misstep in your marketing or even during a breach. I don't think folks will see the subtle difference you lay out.
Dec 29, 2022 at 12:19amWeb
Show threadJeffrey GoldbergDec 29, 2022

@ben That is a very real risk.

As you might imagine our marketing people, CEO, and others were very heavily involved in the decision. Yes, it might open the doors for mud slinging in ways that merely confuse the public, as they may not be able to differentiate.

We will see.