Tuesday, February 20, 2024

1Password Acquires Kolide

Jeff Shiner:

Why would 1Password acquire a device health and contextual access management solution? The reality is that access isn’t secure if the device doing the access isn’t secure. This is part of the complexity of the modern way we work. Every device, regardless of location, must be secure – just as every log-in, regardless of location, employee, or type of device used, must be secure.

This is where Kolide fits into the 1Password story. Kolide is a leader in device health and contextual access management, and companies need a way to ensure that both the device used and every access request are secure. What also makes Kolide particularly compelling is how the company has taken a similar approach to 1Password and works to enlist employees to deliver better security. This is only possible by providing employees with tools that make security easy to use and adopt, enable them to secure their own activities, and provide them with the context to make the right decisions at the right time.


Kolide is a powerful tool to help your company reach its compliance goals through the power of end-user self-remediation. We leverage the principles of Zero Trust to block a device from accessing your company’s SaaS apps and other resources if it isn’t running the Kolide agent or passing specific requirements.

Jason Meller:

Kolide’s product isn’t going anywhere. More importantly, we (the humans of Kolide) aren’t going anywhere. As part of 1Password, we expect our roadmap to both accelerate and become more ambitious. As a fully intact team, we are continuing to build, iterate, support, and sell Kolide within 1Password.


It’s been clear since the launch of Device Trust that we need to get these capabilities into everyone’s hands. 1Password shares the same spirit and heart that made it possible for us to create a product like Kolide in the first place. Together, we can get the best way to secure devices and apps into everyone’s hands, no matter who you are.


We will continue to support and sell the Okta integration to existing and new customers. We have no plans to stop offering Device Trust via Okta, only to grow and expand it, including adding support for Okta’s newly released features.

10 Comments RSS · Twitter · Mastodon

“Kolide’s product isn’t going anywhere.”

Who at this point isn’t weary enough to not believe this?

Almost as credible as “we (the humans of Kolide) aren’t going anywhere”.

@Billy @Moose Not sure why you are saying that since products seem non-overlapping…

Well, it’s nice to see the 1Password marketing team is still feeling peppy. I really need to finalize my family’s move to BitWarden and cancel that subscription.

Is there any reason why I, an individual (not corporate) user of 1Password, would care about this?

Because we've seen this story a million times. "We're not going anywhere!" followed by growth-at-all-costs feature bloat that fulls the product ever further away from the thing people loved about it. Then price increases or some other bad bargain to justify all that growth. 1Password itself has been corrupted by VC money. They didn't buy Kolide just to leave it to its own specialties. It's the same old story, overlap or not.

A match made in heaven.

I've made the move to Strongbox and the KeePass ecosystem. Could not be happier. Truly. If you feel trapped in an abusive relationship with 1P, that's because you are. Jump!

1Password gets a lot of hate (just look at the comments here!). I don’t think it’s warranted.

Sure, they aren’t perfect. the Mac app isn’t *quite right* since it became an Electron based thing. But they support all the platforms I care about, it’s well architected, super secure, integrates well with the OS and browsers, and their Family account / shared vaults are incredibly convenient. Also, their support is fantastic.

> Is there any reason why I, an individual (not corporate) user of 1Password, would care about this?

It seems like Kolide allows organizations to specify 'checks' on a device's status that — if not passed — deny access to an organization's resources. I'm not sure if 1Password intends to deploy this technology to all users, or reserve it as an option for enterprise accounts.

A purely speculative example: One of the 'checks' that Kolide offers is to see if SIP in enabled on macOS. Based on 1Password's messaging, I could envision them having the option to prevent the unlocking of a vault if a check like this fails.

I would expect quite a bit of customer pushback if this were implemented in a non-configurable way, so my guess at the moment is that this is just going to be an option for enterprise accounts.

@Marcos If you're happy and you know it, great. Wouldn't take that away from you. I don't think 1P is a bad product for what it is, if you're happy with the model they use.

But it's not clear to me why you'd use 1P when you have two great choices, namely BitWarden for the client-server approach, and Strongbox (or other apps) for the file-based (KeePass) approach of local vaults. Both Open Source, both self-hostable. For BitWarden you don't pay a premium for what is essentially a thick client web app, because there's nothing Apple-specific about 1P anymore. The only distinction 1P has now is a legacy of support for custom fields and labels, IMO.

But, y'know, it's up to you. People wouldn't sell if there were no-one to buy.

Leave a Comment