How Reddit strengthened security for a remote workforce of 3,000

Reddit users are passionate about discussing what they care about with others who share their interests. This high level of dedication can also be felt internally at the company, especially when it comes to security. 1Password has played a critical role in the organizationʼs efforts to implement more effective security tools and processes company-wide. Switching password managers to 1Password has allowed Reddit to:

Reddit is one of the largest social networks in the world, with millions of users around the globe. Like any large, well-known company, it has been a target of sophisticated phishing attacks. Criminals hope these will trick employees into sharing work-related credentials and access to internal documents, code, and systems.

Reddit had a different password manager before switching to 1Password but it was only used by a small number of engineering teams. The rest of the company had inconsistent habits. For example, some employees were using browser-based password managers to store their credentials, while others werenʼt. Many people also were sharing passwords over Slack and email.

As Nick Fohs, Redditʼs corporate technology systems and infrastructure manager says: “It was sort of all over the place.ˮ

When its previous password manager suffered a security breach, Reddit knew it was time to get password management under control. The challenge: make it simple and convenient for all 3,000 Reddit employees and independent contractors to follow best practices.

What was the company looking for? An easy-to-use solution that could be rolled out more broadly to prevent attacks and encourage everyone to create, use, and securely share strong passwords.

A password manager is most effective when everyone uses it. Reddit wanted widespread protection, which meant selecting a tool that non-technical employees could use with ease. “You can't count on people to make themselves more secure or improve their own practices unless you give them the tools and help them,ˮ Fohs says.

Fohs ultimately chose 1Password because of his experience deploying it successfully at several other companies. He knew firsthand that the password manager was thoughtfully designed and would be far simpler for non-technical employees to understand, use, and integrate into their workflows.

This has proven to be the case: Reddit has rolled out 1Password to all of its employees, empowering everyone to create, use, and share strong passwords. A bonus was 1Passwordʼs seamless integration with other security services and support for on-device features such as Touch ID. These streamline access to important work-related tools and systems, making employeesʼ daily lives just a little bit simpler.

Before 1Password, Reddit didnʼt have a full picture of what employees had access to and where secrets were being stored. The company also lacked an efficient way to give people the credentials they needed when they joined the company – and similarly, revoke access when they left.

"There were a lot of teams that when somebody left, we had to go in and reset passwords or trigger password reset flows on different systems,ˮ Fohs says. Making sure employees who left no longer had access to Redditʼs systems or sensitive information was a lot of work for the support team.

Reddit is a mostly remote company which creates some additional challenges for onboarding and offboarding: “You don't have the ability of people to come to a help desk and, depending on how messed up their computer is, they may not be able to join a Zoom and do a screen share.ˮ

1Password is installed by default on employeesʼ work-issued computers. Once theyʼve created an account, managers can streamline onboarding by remotely granting and managing what they have access to, rather than having to ask for IT support.

When an employee leaves, managers can easily revoke or close the departing employeeʼs account, blocking access to company passwords and other data saved in 1Password. This level of control ensures former employees donʼt accidentally access or share confidential information after their last day at work.

1Password doesn't just make everyone at Reddit more secure – it also saves them precious time. For the support team, this means fewer hours spent doing password resets and checking that troubleshooting efforts were successful.

Fohs says: “You have to think about things from the perspective of ‘How easily can someone self-remediate problems?ʼˮ

1Password lets employees focus on their work by streamlining access to what they need without having to remember or find passwords. It also reduces occurrences of getting locked out due to mistyped passwords. This is important, as individual delays can affect whole teams. Waiting for a team member to finish their part of a project can extend overall project timelines.

For Reddit, it was also critical that their new password manager work seamlessly with macOS in particular. "Our fleet of desktops is 95% Mac, so that's an important thing," Fohs explains.

Fohs also wanted to be confident that the chosen password manager would be ready to support the latest versions of macOS and Apple Silicon at launch. “Knowing that 1Password is going to exert the time and energy to be ready for anything new with Apple on ‘day oneʼ is important when we evaluate software,ˮ he emphasizes.

Reddit uses Okta, a single sign-on (SSO) solution, to help secure its business. 1Password was a perfect fit because the two platforms could be connected together, allowing admins to automate provisioning and other tasks that would otherwise be time consuming.

Thanks to the 1Password SCIM bridge, Reddit can save time by mirroring its existing Okta groups in 1Password. “For the initial deployment, we hooked into Okta so we would be able to populate users based on group membership,ˮ Fohs explains. That meant team members were automatically added to the correct 1Password groups and shared vaults.

As a result, Reddit was able to roll out 1Password to 100% of its employees within weeks.

Now, says Fohs, “shared vaults are completely managed by memberships in Okta groups. You request access to the Okta group, which means you're added to the correct shared vault (in 1Password). Inside of (those vaults), you're not able to share any of the credentials. So we have a pretty good chain of custody for the actual secrets.ˮ

The ability to mirror Okta groups in 1Password is also helpful when employees are promoted or change departments. If necessary, Reddit can move them to the most appropriate Okta group, and any related changes in access are automatically made in 1Password as well.

Giving team members access to individual vaults is simple too. “The concept that a person requests access to a shared vault, it goes through our approval processes, through our IGA (Identity Governance and Administration), and then the vault just magically appears on their computer, was huge,ˮ Fohs explains.

1Password's integration with Okta, combined with its ease of use, has increased Reddit's overall security while also saving time for employees. It has delivered exactly what the company needed: a way to get password management under control in a hybrid work environment and ensure confidential data is always protected.