Leaving 1Password

I am extremely proud of what we have built at 1Password, both a company and services to our users. In many ways this has been my dream job. As I like to say, I have a pathological compulsion to explain things to people (in my household it is called “Jeffsplaining”), and that is really how I started out 13 years ago in Customer Support and in presenting our thinking about Security and Privacy to the world. As great as this has all been, my last day at 1Password will be June 1, 2023. Even though I am leaving, 1Password and AgileBits will remain a very important part of who I am. I made the transition once from enthusiastic customer to member of the company, and now I do the same in the other direction.

Thirteen years is a long time. And I am not the same person now as I was then. Neither is AgileBits (then Agile Web Solutions). In terms of employees we are about 100 times larger than we were in April 2010. Obviously I could write about the enormous changes since then, but I would like to mention what hasn’t changed:

• Our commitment to bringing top-notch security and privacy to ordinary people
• Our utmost respect for our customers
• Our genuine care for one another

As I’ve said before and will say again, the math and technology behind building a secure system is hard and I love it. But that is the easy part compared to making it work for real people. Having been part of an organization that is committed to taking on both the hard and the harder parts human centric security has been an enormous privilege. While I will miss it dearly, I really do need a break.

But really, the best times were the best times because of people. I am much better talking about how I love ideas than talking about how I love people. I am not going to mention these because I know I will leave people out. I really do love my fellow ’Bits.

Security in recent and coming years

I want to talk a little bit about how Security at 1Password has advanced in recent years. We have had enormous advances that may be more subtle than what we built into the 1Password architecture and into our culture long ago. Under the leadership of Adam Caudill and Daed Latrope, the Security Team at 1Password has been able to grow and mature to meet the needs of an organization of nearly 1,000 people. The Security Team has not only grown in numbers of people, but it has grown in structure, depth, breadth, and in talent. The talent on the 1Password Security Team really is extraordinary.

Another way in which 1Password has made advances in Security over the past several years is through adopting certain software development practices. Some of our long-time developers will recall that I preached about parsing and using type systems and more functional and defensive programming. But if I couldn’t provide usable tools for developers, citing theorems in Formal Language Theory and Computability didn’t really do a lot of good. I remain bad at trying to explain the way of thinking that I advocated, but independently of anything I did or said, more of our development teams think in these terms and understand the tools that put our code and our protocols on far more solid foundations. We’ve always had exemplary code quality; it’s nice to be closer to having it provably so.

And, as I am sure anyone still reading this can imagine, we’ve also matured enormously in terms of our code development procedures. When we were just the handful of people we were when I joined, testing was sometimes along the lines of “well, it seems to work on my machine.” Sure, I have missed the freedom that comes from such a development cycle, but that doesn’t mean that we all didn’t know that we needed more formal procedures. I don’t want to suggest a picture “cowboy coding” in our early days. For one thing, security was never an afterthought. It was baked in from the moment (years before I arrived) Dave and Roustem started working on 1Password (or 1Passwd, as it was once known), and impact on users was always very strongly considered with any change to be deployed.

Through all of this I have learned so much from our new people as well as from those who I’ve worked beside for more than a decade. I honestly don’t know how to thank them.

What’s next for me?

I do not know what is next for me. But I know that I need a break and to shift gears, probably into neutral for at least some time. I do want to further develop some of the security and cryptography training material I’ve developed over the past few years.Perhaps, I will get into more volunteer and educational activities. Or perhaps, after taking a break, I will end up in some tech organization or other. But whatever I end up doing, I will treasure my time with the people at AgileBits and take pride in what we’ve built and in the company as it continues to move forward.