Is the future passwordless?
Ben Hillman Oct 12 2022
How many passwords do you know off the top of your head? To tell you the truth I couldn’t even tell you what my Netflix password is. From banking accounts to online games, and even the hair salon, it's estimated that the average person has 100 passwords.
Passwords are supposed to be long, unique, and complicated all to prevent hackers from breaking in. And don’t forget to change all of them at least once every three months. It would be nice if the world didn’t need passwords. That future might come to fruition, especially with the advent of the password manager.
But which one should you choose? There are a plethora of options like LastPass, Dashlane, Bitwarden (and I’m sure you’ll let me know which one is best), etc. But to me one company seems to stick out.
1Password is a juggernaut in the password management space being one of Canada’s most valuable tech firms at $6.8 Billion as of January 2022. 1Password has all the resources at its disposal to take over the entire market, but is it ready for a passwordless future? The winner in this space is going to be the company that best balances security with convenience. We'll walk through the origins of the password space, 1Password’s rise as a certified SaaS legend, and finally, whether or not our future truly is passwordless.
Passwords are a necessary evil. And there really is no way around them if we want to keep our information safe. However, with the average person having around 100 passwords, remembering them all is likely impossible — for most of us. Luckily, we don't have to.
1Password understood this inconvenience all too well, and today is a juggernaut in the password management space. Through its commitment to improvement and customer satisfaction, it became one of Canada’s most valuable tech firms at $6.8 billion as of January 2022. What we can, and should, take away from 1Password's story, is that it takes a village to grow. Alignment across your entire company is key.
- Commitment to continuous improvement
1Password's mission is to ease the tension between security and convenience. And though it’s done a phenomenal job with a powerful product, 1Password knows the job is never done. The company continues to invest in the areas that make the greatest impact based directly on the feedback received from customers.
- Company-wide focus on customer satisfaction
Ensuring your customers are satisfied is something every company strives for; however, 1Password goes beyond having a specialized customer support team. The entire company is directly involved in understanding its customer needs. Every employee at 1Password, including directors, spends time each week to answer customer support queries. Development of its product is directly based on this feedback.
Making this focus a company-wide effort ensures every department, thoroughly and personally, gains a deep level of understanding. And in turn, they’re able to sell better, market better, develop better, etc.
- Thinking ahead
Things are ever changing in technology. So you have to be able to evolve along with it, and if possible stay ahead of it. 1Password has adapted to touch ID and face ID technologies. They’re also forming key partnerships for a possible passwordless future, even as threatening as that may sound for a password company. It’s preparing — now — to ensure it stays in the game.
A password is defined as: something that enables one to pass or gain admission, such as a sequence of characters required for access to a computer system. And believe it or not, passwords have been around for a while — at least 2,000 years.
Early uses included ciphers, wax seals, and mask letters in order to protect information. American Prohibition saw the rise of “speakeasy” bars where alcohol was distributed illegally. Patrons who obtained a card or phrase could offer the password in order to get inside and imbibe to their heart’s content.
But perhaps no person is more important to the modern use of passwords than the American computer scientist known as Fernando J Corbató. While at MIT in the 1960s, Corbató and other researchers built a time-sharing computer called Compatible Time-Sharing System (or CTSS). CTSS is responsible for many foundational tools that tech and SaaS folks use today like e-mail, instant messaging, and file sharing. The issue to be solved for CTSS was that there were multiple terminals used by multiple people who all had their own set of files.
At the time, there were methods like knowledge-based authentication (information only the user would know like, “what is your mother’s maiden name?”), but this would require the computer to store personal information which users may not want to share. So instead, users were assigned a username and password.
The one fatal flaw, that Corbató himself has admitted, is security was not put at a premium. This gave way to careless hacks and break-ins, like one user requesting files to be printed offline, which meant one could simply reveal all of the passwords and log in as his colleagues. They probably could have used a password manager… While this didn’t result in a major security breach, it’s indicative of one of the core issues with passwords themselves. They rely on the individual’s memory, and also, not accidentally giving up their secret code in a phishing attack (a fraudulent practice used to reveal personal information). In order to win in the space, the companies that would arise would have to focus on ensuring password managers were secure.
Today, all password managers must use high-level encryption standards, meaning all your information is converted into secret code in order to mask its true meaning (kind of like how cyphers were used in the times before computers). Additionally, password managers rarely, if ever, store your master password. This means even the employees of a major firm cannot access your master key.
Security was important, but in the early days it wasn’t the number-one priority. Convenience was key. In 2000, Siber Systems released their flagship product: RoboForm. RoboForm first started out as an automatic form filler, but soon after implementation, the founders realized that users were typically using the product to fill out a very specific form: passwords. This provoked them to go all in on the space and just like that, the password manager race was off.
Dave Teare and Roustem Karimov got into the game shortly thereafter. In 2005, the two founded AgileBits a company which helped folks build websites. While doing this, they realized how difficult it was to keep up with passwords. On May 19th, 2006, they uploaded the first-ever version of 1Password for Mac.
Shortly after launch, users started sending feedback. Teare and Karimov couldn't have been more excited. They regularly pushed out new versions of 1Password with bug fixes and additional features, which resulted in more downloads and even more feedback. They took that information and refined the tool further and further, releasing 1Password for iOS and Windows in 2010. There is perhaps no better indicator of 1Password’s success than the fact that for the first 14 years of existence, they were entirely customer-funded.
In order to accelerate growth, 1Password finally decided to raise $200-million in 2019 and another $100 million in 2021. This took the company's valuation to $2 billion. With 90,000 paying customers and $120 million in annual recurring revenue, the sky was the limit for 1Password…
And then, in January of 2022, they closed another round of funding that brought in $620 million. Investors included superstars like Robert Downey, Jr., Scarlett Johansson, and Ryan Reynolds. Their valuation was pumped to $6.8 billion.
Reasons for success
1Password's mission is to ease the tension between security and convenience. It has recently added powerful capabilities to an already sterling product offering — a testament of its commitment to continuous improvement. Over the past year alone, the platform has launched Psst! (a secure way to transfer items within 1Password), Events API (a way to give security and IT teams greater visibility), and 1Password for Safari.
But perhaps no greater element to 1Password's success is its focus on customer satisfaction. 1Password receives all feedback, good and bad, in good faith. Today, every employee at 1Password, including its directors, spends time each week answering customer support queries. The entire company makes an effort to understand what people like about the product, what needs improvement, and how people use 1Password. The product team takes a closer look at the results and quantifies it. Developers then make judgements and decisions based on that feedback. If the product and design teams need specific or pointed feedback, or if the problem is more pronounced, the company interviews people who use 1Password the most. It even hosts customers in its offices to demonstrate new and upcoming features.
An interesting wrinkle in all of this is that 1Password does not offer a freemium tier. Frequent viewers of the show know that pretty much every successful company we’ve discussed thus far has had a free offering. It’s a massive opportunity to grow your company if you do it right. In fact, competitor LastPass came under fire recently for downgrading their free offering. Users were forced into choosing to access LastPass on their mobile or desktop device. Additionally, support was kneecapped. Customers became so upset that in an Android Authority poll of over 8000 users said that four out of five folks would move to a competitor.
It’s important to remember that freemium, while effective, is an acquisition channel, not a monetization strategy. 1Password wasn’t suffering from restricted growth, so they didn’t really need freemium. For more, check out our own research on the matter.
Being close to customers, developing a powerful product, and remaining true to founding values are the ingredients that have contributed to 1Password's success. 1Password is well positioned to drive continued growth. The company said it plans to triple its engineering and customer support teams, build out the Events API functionality, and finance more acquisitions. Ultimately 1Password will thrive as long as it dances that line between security and convenience.
And this line is an important one to focus on. According to Ann Johnson, Corporate VP of Security at Microsoft, “The user and the password is the weakest link in your security system.” she also says 70% of phishing attacks today are caused by stolen passwords. It’s why certain protocols must be put in place that can sometimes result in a dip in convenience.
You might already be familiar with 2 Factor Authentication, but in simplistic terms, 2FA is an extra step used to verify if a user is who they say they are. This is done with a text code, an authenticator app, or verification in another app. 1Password employs this, and it’s pretty much industry standard for all password managers. But while 2FA adds a layer of security, it also adds extra friction to logging in. While this friction is inherently good, it can get annoying. So how does 1Password stay secure but eliminate these extra steps?
In June 2022, CEO Jeff Shiner announced that 1Password had joined the FIDO Alliance. FIDO is essentially a consortium of leading tech companies, government agencies, and other industries that was launched in 2013 with the goal of eliminating the use of passwords on websites, devices, and apps.
Users can already use Touch ID to unlock 1Password on their mac computer or Face ID to unlock 1Password on their mobile device. Additionally, 1Password has formed strategic partnerships with folks like Yubico where users can insert a “Yubikey” or USB device that you then touch to complete 2FA. Other password managers have followed suit and with this trend, maybe the future is passwordless afterall.
Picture a world where you don’t have to wrack your brain in order to log in to any account. It’s even simpler than using your password manager. Imagine if you didn’t even have to remember one? All you do is touch a finger pad here or look into an eye scanner there. Some banks have even started using voice recognition software.
I believe we will get there some day and security experts agree. But there is still a lot of ground to make up. According to Bitwarden, over half of 2000 consumers surveyed said they rely on their memory to manage passwords. And a third said they use a pen and paper.
While I may not lose any personal information if I fall victim to a phishing attack while resetting my password for Netlfix, it’s in my best practices, for the sake of my other passwords, to have some sort of security. It’s more important for SaaS companies to ensure password security is top of the line especially considering how detrimental a customer data leak can be.
It's still too early to predict how long 1Password's reign will last. But if Jeff Shiner and company really want to remain at the top, then they have to keep innovating to fend off competitors. Facing off against juggernauts like Apple and Google who provide their own free offerings, can only last so long without moving the needle.
Ultimately, any company that wishes to topple 1Password has to be, at the very least, capable of matching 1Password's core offering. And most importantly, it has to be adequately prepared for a passwordless future. Which company do you think that will be? Or will 1Password remain on top? Let us know what you think.
Who's up next week?
Next week: How Shopify commoditized Main Street.
Do us a favor?
This is a Paddle production—the first media network dedicated entirely to the SaaS and subscription space.
By Ben Hillman
Senior Show Producer at Paddle. Ben is a YouTube fanatic, contributing videos to the platform for 15 years, and amassing 2,000 subscribers to his personal channel. Prior to Paddle, Ben headed up the video team at Boston-based sports firm, CoachUp.