Jeffrey Goldberg

Jeffrey Goldberg

Security and Privacy

Biography

Jeffrey Goldberg followed the old-school path of academic to Unix system administration and information security and privacy. He brings his familiarity with things as disparate as Linguistics, Behavioral Decision Making, Statistical Inferencing, and more to trying to help people have more control over their data. He also never passes up an opportunity to either teach or learn.

Interests
  • Security & Privacy
  • Mathematics History
  • Cognitive Science
  • Linguistics & Anthropology
Education

  • PhD (not completed) Linguistics, 1987

    Stanford University

  • BA Linguistics, 1984

    University of California, Santa Cruz

Skills

Programming languages
Primary developer of apps, packages, crates

I’ve developed apps or components in Go, Rust, Python, C, R

Contributed code to projects using

Objective-C, Java, Kotlin in addition to above

Reviewed code

Typescript, Javascript in addition to the above

Taught

I have taught C and Unix utilities

Other technical
Cryptography

Not a cryptographer, but can read many primary sources

Secure Development

Advised and encouraged practices that lead to more secure code

Statistical inferencing

Not only can I compute p values, I know when not to use them.

TeX/LaTeX

Have produced complicated documents using LaTeX and am the author of several LaTeX packages.

Unix (software development) tools

Make, git, etc; GitHub actions

Experience

 
 
 
 
 
Principal Security Architect, Chief Defender Against the Dark Arts, Support
1Password
April 2010 – June 2023 Remote
  • Assisted in Security design of OPVault format (introduced 2012)
  • Assisted in Security design of 1Password service (introduced 2015)
  • Managed team responsible for all aspects of product and organization security (2013–2022)
  • Developed internal and external security documentation
  • Developed first security manual and incident response plan
  • Reviewed code (Rust, Go, Swift, Typescript, Kotlin, Java, Objective-C)
  • Primary developer of SRP and password generator modules
 
 
 
 
 
Freelance system administration
September 2000 – October 2008 Riverside, California; Plano, Texas
  • Installed and managed network services for small and medium sized enterprises
  • Linux and FreeBSD system setup, firewalls (m0n0wall, iptables), mail transport (exim, sendmail, UW imapd, spamassassin)
 
 
 
 
 
Asst. Information Officer, Network Programmer
Cranfield University Computing Centre
April 1994 – June 2000 Cranfield, Beds., UK
  • Cranfield University (UK) was among the very first UK universities to enable staff and students to create personal web pages.
  • Taught Introduction to C Programing to Masters students in the Applied Mathematics and Computing Department (Autumn 1999)
  • Set up and managed email system (exim, uw-imapd)
  • Trained staff and students in web technology, PGP, and \LaTeX
  • Assisted information officer in developing and maintaining university website
  • Unix system (OSF, Linux) administration, DNS (bind), NTP, general scripting
 
 
 
 
 
Researcher
Research Institute for Linguistics, Hungarian Academy of Science
September 1988 – November 1993 Budapest, Hungary
  • Taught Syntax and Computing in Theoretical Linguistics Department
  • Unix system administration work

Recent Posts

Pictured Posts
The people named Post in the blog post featured image
Jeffrey Goldberg
Last updated on May 27, 2024 5 min read Meta
Pictured Posts
Rationalizing threat models
Threat models are often tacitly defined in terms of what we can or can’t defend against. This practice should be made explicit instead of creating bogus rationales for excluding the threats we can’t defend against.
Jeffrey Goldberg
Last updated on May 23, 2024 8 min read
Rationalizing threat models
Leaving 1Password
In June 2023 I left 1Password after 13 years. I love 1Password and its people. Here I discuss why and speculate about what is next
Jeffrey Goldberg
Last updated on May 30, 2024 5 min read
Leaving 1Password
Game theory and “Stand your ground”

When it’s best to attack first

During the Cold War, before the day of the ABM treaty, the situation between the United States and the Soviet Union was extremely dangerous, as each country was coming close to acquiring what was called “First strike capability”. If you had first strike capability it meant that you could launch a surprise “first strike” on the enemy which would be so devastating that they could do little harm to you in retaliating. If the your enemy had first strike capability, that would mean that they could launch a surprise attack against you that would be so devastating that you could not effectively retaliate.

Jeffrey Goldberg
Last updated on May 30, 2024 5 min read
Game theory and “Stand your ground”
In praise of the TAKS
The 2017 math TAKS (Texas Assessment of Knowledge and Skills) test surprised me in very positive ways. It seemed like a far better test than I had anticipated.
Last updated on May 30, 2024 5 min read
In praise of the TAKS

Projects

Learning Python
I have been playing with Python recently.
Learning Python
Security Training Bookclub
Material developed from Security Team book club at 1Password
Code Slides
Security Training Bookclub

Featured talks

Can a password management service safely learn about users' passwords?
On TOTP standards

Publications & Presentations

Quickly discover relevant content by filtering publications.
Jeffrey Goldberg, Mitchell Cohen (2021). ``Add '!' at the End to Make It Secure'': Observing Users' Desire for Control of Password Generation (Industry Report). Who Are You?! Adventures in Authentication Workshop.

Cite URL

Jeffrey Goldberg (2019). On TOTP Standards. PasswordsCon.

Cite URL

Jeffrey Goldberg (2018). What does “MFA” mean?. PasswordsCon.

Cite URL

Rob Yoder, Pilar García, Jeffrey Goldberg (2016). A uniform password generator with required character sets. PasswordsCon 2016.

PDF Cite

Jeffrey Goldberg, Julie Haugh, Jessy Irwin (2015). Rethinking factors: Or how now to store oracles. PasswordsCon UK 2015.

Cite

See all publications

Find me