Is the future Passwordless? 1Password's Success

1

00:00:00,180 --> 00:00:01,230

- Two-factor authentication.

2

00:00:01,230 --> 00:00:02,460

- Auto fill as a login.

3

00:00:02,460 --> 00:00:04,380

- Too many passwords for

all your different systems.

4

00:00:04,380 --> 00:00:05,730

- So how many passwords do you know

5

00:00:05,730 --> 00:00:07,350

off the top of your head?

6

00:00:07,350 --> 00:00:09,300

To tell you the truth,

I couldn't even tell you

7

00:00:09,300 --> 00:00:11,070

what my Netflix password is.

8

00:00:11,070 --> 00:00:13,290

From banking accounts to online games,

9

00:00:13,290 --> 00:00:14,970

and even the hair salon,

10

00:00:14,970 --> 00:00:18,180

it's estimated that the average

person has a 100 passwords.

11

00:00:18,180 --> 00:00:20,910

It'd be nice if the world

didn't need passwords.

12

00:00:20,910 --> 00:00:23,190

And that future might

come to fruition soon,

13

00:00:23,190 --> 00:00:25,590

especially with the advent

of the password manager.

14

00:00:25,590 --> 00:00:27,030

I mean, there's a plethora of options,

15

00:00:27,030 --> 00:00:29,760

whether it's LastPass,

Dashlane, Bitwarden.

16

00:00:29,760 --> 00:00:31,080

I'm sure you'll let me

know which one's best

17

00:00:31,080 --> 00:00:32,760

in the comments down below.

18

00:00:32,760 --> 00:00:35,160

But to me, one company seems to stick out.

19

00:00:35,160 --> 00:00:36,899

- And it's called 1Password.

20

00:00:36,899 --> 00:00:37,749

- 1Password.

21

00:00:37,749 --> 00:00:38,977

- The 1Password App.

22

00:00:38,977 --> 00:00:40,560

- 1Password is a juggernaut

23

00:00:40,560 --> 00:00:41,970

in the password management space.

24

00:00:41,970 --> 00:00:44,040

Being one of Canada's

most valuable tech firms

25

00:00:44,040 --> 00:00:47,340

at $6.8 billion as of 2022.

26

00:00:47,340 --> 00:00:49,860

1Password has all of the

resources at its disposal

27

00:00:49,860 --> 00:00:52,350

to take over the entire market,

28

00:00:52,350 --> 00:00:54,540

but are they ready for

a passwordless future?

29

00:00:54,540 --> 00:00:56,430

The winner in this space

is going to be the company

30

00:00:56,430 --> 00:00:59,070

that best balances

security with convenience.

31

00:00:59,070 --> 00:01:00,420

And we're gonna walk through the origins

32

00:01:00,420 --> 00:01:02,190

of the password space,

33

00:01:02,190 --> 00:01:03,810

1Password's rise as a

certified SAS legend,

34

00:01:03,810 --> 00:01:06,450

and finally, we'll talk

about if our future truly

35

00:01:06,450 --> 00:01:08,040

is passwordless.

36

00:01:08,040 --> 00:01:10,293

I'm Ben Hillman, and this is Verticals.

37

00:01:11,253 --> 00:01:14,107

(upbeat music)

38

00:01:14,107 --> 00:01:16,500

A password is defined as

something that enables one to pass

39

00:01:16,500 --> 00:01:17,610

or gain admission,

40

00:01:17,610 --> 00:01:19,740

such as a sequence of characters required

41

00:01:19,740 --> 00:01:21,270

for access to a computer system.

42

00:01:21,270 --> 00:01:24,690

Early uses included ciphers,

wax seals, and mask letters

43

00:01:24,690 --> 00:01:26,700

in order to protect information.

44

00:01:26,700 --> 00:01:29,310

American Prohibition saw

the rise of speakeasy bars

45

00:01:29,310 --> 00:01:31,770

where alcohol was distributed illegally.

46

00:01:31,770 --> 00:01:33,720

Patrons who obtained a card or phrase

47

00:01:33,720 --> 00:01:36,270

could offer the password

in order to get inside

48

00:01:36,270 --> 00:01:38,040

and imbibed to their heart's content.

49

00:01:38,040 --> 00:01:40,830

But perhaps no person is more

important to the modern use

50

00:01:40,830 --> 00:01:43,080

of passwords than the

American computer scientist

51

00:01:43,080 --> 00:01:45,150

known as Fernando J. Corbató.

52

00:01:45,150 --> 00:01:47,370

- Dr. Corbató, maybe you

can put this whole business

53

00:01:47,370 --> 00:01:48,630

in perspective for us.

54

00:01:48,630 --> 00:01:51,780

- While at MIT in the 1960s,

Corbató and other researchers

55

00:01:51,780 --> 00:01:53,520

built a time sharing computer

56

00:01:53,520 --> 00:01:57,210

called Compatible Time

Sharing System, or CTSS.

57

00:01:57,210 --> 00:01:59,760

CTSS is responsible for

many foundational tools

58

00:01:59,760 --> 00:02:02,130

that tech and SAS folks

use today, like email,

59

00:02:02,130 --> 00:02:03,930

instant messaging, and file sharing.

60

00:02:03,930 --> 00:02:05,730

The issue to be solved for CTSS

61

00:02:05,730 --> 00:02:07,080

was that there were multiple terminals

62

00:02:07,080 --> 00:02:10,290

used by multiple people who

all had their own set of files.

63

00:02:10,290 --> 00:02:11,670

At the time, there were methods

64

00:02:11,670 --> 00:02:13,620

like knowledge-based authentication,

65

00:02:13,620 --> 00:02:15,270

information only the user would know,

66

00:02:15,270 --> 00:02:17,460

like what is your mother's maiden name.

67

00:02:17,460 --> 00:02:19,170

But this would require the computer

68

00:02:19,170 --> 00:02:20,760

to store a personal information,

69

00:02:20,760 --> 00:02:23,214

which users may not wanna share.

70

00:02:23,214 --> 00:02:25,470

(indistinct)

71

00:02:25,470 --> 00:02:29,640

- So instead, users were assigned

a username and a password.

72

00:02:29,640 --> 00:02:32,190

The one fatal flaw that

Corbató himself has admitted

73

00:02:32,190 --> 00:02:34,440

is security was not put at a premium.

74

00:02:34,440 --> 00:02:36,360

This gave way to careless

hacks and break-ins,

75

00:02:36,360 --> 00:02:39,360

like one user requesting

files be printed offline,

76

00:02:39,360 --> 00:02:41,730

which meant they could simply

reveal all the passwords

77

00:02:41,730 --> 00:02:43,650

and log in as their colleagues.

78

00:02:43,650 --> 00:02:45,690

Probably could have used a

password manager back then.

79

00:02:45,690 --> 00:02:48,060

While this didn't result

in a major security breach,

80

00:02:48,060 --> 00:02:50,070

it is indicative of one of the core issues

81

00:02:50,070 --> 00:02:51,810

with passwords themselves.

82

00:02:51,810 --> 00:02:54,090

It relies on an individual's memory,

83

00:02:54,090 --> 00:02:56,760

but also not accidentally

giving up their secret code

84

00:02:56,760 --> 00:02:59,700

whether it's written down

or in a phishing attack,

85

00:02:59,700 --> 00:03:01,440

otherwise known as a fraudulent practice

86

00:03:01,440 --> 00:03:03,360

used to reveal personal information.

87

00:03:03,360 --> 00:03:04,770

In order to win in this space,

88

00:03:04,770 --> 00:03:06,570

the companies that would

arise would've to focus

89

00:03:06,570 --> 00:03:09,213

on ensuring password managers were secure.

90

00:03:10,380 --> 00:03:12,060

Today, all password managers

91

00:03:12,060 --> 00:03:14,280

must use high level encryption standards,

92

00:03:14,280 --> 00:03:18,150

meaning all your information

is converted into secret code.

93

00:03:18,150 --> 00:03:20,940

Security is important,

but in the early days,

94

00:03:20,940 --> 00:03:23,550

it wasn't really the number one priority.

95

00:03:23,550 --> 00:03:24,750

Convenience was key.

96

00:03:24,750 --> 00:03:28,255

In 2000, Siber Systems released

their flagship product,

97

00:03:28,255 --> 00:03:29,088

RoboForm.

98

00:03:29,088 --> 00:03:30,210

- And you just click fill form.

99

00:03:30,210 --> 00:03:31,380

- Look at that. Whoa.

100

00:03:31,380 --> 00:03:33,930

- RoboForm first started out

as our automatic form filler.

101

00:03:33,930 --> 00:03:36,720

But soon after implementation,

the founders realized

102

00:03:36,720 --> 00:03:38,610

that users were typically

using their product

103

00:03:38,610 --> 00:03:42,150

to fill out a very

specific form, passwords.

104

00:03:42,150 --> 00:03:44,130

This provoked them to

go all in on the space.

105

00:03:44,130 --> 00:03:47,313

And just like that, the

password manager race was off.

106

00:03:48,330 --> 00:03:50,580

Dave Teare & Roustem

Karimov got into the game

107

00:03:50,580 --> 00:03:51,750

shortly thereafter.

108

00:03:51,750 --> 00:03:54,180

In 2005, the two founded AgileBits,

109

00:03:54,180 --> 00:03:56,640

a company which helped

folks build websites.

110

00:03:56,640 --> 00:03:58,920

While doing this, they

realized how difficult it was

111

00:03:58,920 --> 00:04:00,570

to keep up with passwords.

112

00:04:00,570 --> 00:04:04,200

On May 19th, 2006, they

uploaded the first ever version

113

00:04:04,200 --> 00:04:06,270

of 1Password for Mac.

114

00:04:06,270 --> 00:04:09,210

Shortly after launch, users

started sending feedback.

115

00:04:09,210 --> 00:04:12,150

Teare and Karimov couldn't

have been more excited.

116

00:04:12,150 --> 00:04:14,460

They regularly pushed out

new versions of 1Password

117

00:04:14,460 --> 00:04:16,830

with bug fixes and additional features,

118

00:04:16,830 --> 00:04:20,400

which resulted in more downloads

and even more feedback.

119

00:04:20,400 --> 00:04:22,560

They took that information

and refined the tool

120

00:04:22,560 --> 00:04:23,880

further and further,

121

00:04:23,880 --> 00:04:26,853

releasing 1Password for

iOS and Windows in 2010.

122

00:04:27,810 --> 00:04:30,960

There's perhaps no better

indicator of 1Password success

123

00:04:30,960 --> 00:04:33,960

than the fact that for the

first 14 years of existence,

124

00:04:33,960 --> 00:04:36,180

they were entirely customer-funded.

125

00:04:36,180 --> 00:04:37,500

In order to accelerate growth,

126

00:04:37,500 --> 00:04:41,310

1Password finally decided to

raise $200 million in 2019,

127

00:04:41,310 --> 00:04:44,220

and another $100 million in 2021.

128

00:04:44,220 --> 00:04:47,400

This took the company's

valuation to $2 billion.

129

00:04:47,400 --> 00:04:50,550

With 90,000 paying

customers and $120 million

130

00:04:50,550 --> 00:04:52,110

in annual recurring revenue,

131

00:04:52,110 --> 00:04:53,910

the sky was the limit for 1Password.

132

00:04:54,780 --> 00:04:56,220

And they didn't stop there.

133

00:04:56,220 --> 00:04:58,800

In 2022, they closed

another round of funding

134

00:04:58,800 --> 00:05:00,663

that brought in $620 million.

135

00:05:01,500 --> 00:05:03,960

Investors included superstars

like Robert Downey Jr.

136

00:05:03,960 --> 00:05:06,030

Scarlett Johansson, and Ryan Reynolds.

137

00:05:06,030 --> 00:05:09,480

- Okay, well, how many of you

have downloaded 1Password?

138

00:05:09,480 --> 00:05:12,843

- Their valuation was

pumped to $6.8 billion.

139

00:05:14,670 --> 00:05:17,130

The reason 1Password has

found so much success

140

00:05:17,130 --> 00:05:19,320

comes down to its mission

to ease the tension

141

00:05:19,320 --> 00:05:21,810

between security and convenience.

142

00:05:21,810 --> 00:05:24,300

Over the past year alone,

the platform has launched

143

00:05:24,300 --> 00:05:27,240

a secure way to transfer

items within 1Password,

144

00:05:27,240 --> 00:05:30,060

Events API, a way to give

security and IT teams

145

00:05:30,060 --> 00:05:31,500

greater visibility,

146

00:05:31,500 --> 00:05:33,330

and 1Password for Safari.

147

00:05:33,330 --> 00:05:36,120

But perhaps no greater

element to 1Password success,

148

00:05:36,120 --> 00:05:38,490

it's its focus on customer satisfaction.

149

00:05:38,490 --> 00:05:41,820

Today, every employee at

1Password, including its directors,

150

00:05:41,820 --> 00:05:44,700

spends time each week answering

customer support queries.

151

00:05:44,700 --> 00:05:47,190

The product team then takes

a closer look at the results

152

00:05:47,190 --> 00:05:48,240

and they quantify it.

153

00:05:48,240 --> 00:05:50,370

Developers then make

judgements and decisions

154

00:05:50,370 --> 00:05:51,510

based on that feedback.

155

00:05:51,510 --> 00:05:53,520

If the product and design

teams need specific

156

00:05:53,520 --> 00:05:56,670

or pointed feedback, or if the

problem is more pronounced,

157

00:05:56,670 --> 00:06:00,300

company interviews people

who use 1Password the most.

158

00:06:00,300 --> 00:06:02,070

An interesting wrinkle in all of this,

159

00:06:02,070 --> 00:06:05,520

is that 1Password does

not offer a freemium tier.

160

00:06:05,520 --> 00:06:06,630

Frequent viewers of the show

161

00:06:06,630 --> 00:06:08,550

know that pretty much

every successful company

162

00:06:08,550 --> 00:06:11,580

who we've discussed thus

far has had a free offering.

163

00:06:11,580 --> 00:06:13,800

Competitor LastPass

came under fire recently

164

00:06:13,800 --> 00:06:15,570

for downgrading their free offering.

165

00:06:15,570 --> 00:06:17,040

Users were forced into choosing

166

00:06:17,040 --> 00:06:19,200

if they could access

LastPass on their mobile

167

00:06:19,200 --> 00:06:20,400

or their desktop device.

168

00:06:20,400 --> 00:06:22,050

Customers became so upset

169

00:06:22,050 --> 00:06:25,560

that in an Android Authority

poll of over 8,000 users,

170

00:06:25,560 --> 00:06:27,420

four to five folks said

that they would move

171

00:06:27,420 --> 00:06:28,293

to a competitor.

172

00:06:29,130 --> 00:06:31,050

So wonder what competitor that might be.

173

00:06:31,050 --> 00:06:33,330

It's important to remember

that freemium, while effective,

174

00:06:33,330 --> 00:06:36,720

is an acquisition channel,

not a monetization strategy.

175

00:06:36,720 --> 00:06:39,060

1Password wasn't suffering

from restricted growth,

176

00:06:39,060 --> 00:06:40,890

so they didn't really need freemium.

177

00:06:40,890 --> 00:06:44,310

For more, you can check out

our own research on the matter.

178

00:06:44,310 --> 00:06:46,860

Being close to customers,

developing a powerful product,

179

00:06:46,860 --> 00:06:48,810

and remaining true to founding values

180

00:06:48,810 --> 00:06:50,430

are the ingredients that have contributed

181

00:06:50,430 --> 00:06:51,580

to 1Password success.

182

00:06:52,652 --> 00:06:55,230

1Password is well positioned

to drive continued growth.

183

00:06:55,230 --> 00:06:57,300

The company said it plans

to triple its engineering

184

00:06:57,300 --> 00:06:58,890

and customer support teams,

185

00:06:58,890 --> 00:07:00,930

build out the events API functionality,

186

00:07:00,930 --> 00:07:02,910

and finance more acquisitions.

187

00:07:02,910 --> 00:07:04,620

Ultimately, 1Password will thrive

188

00:07:04,620 --> 00:07:07,560

as long as it dances that

line between security

189

00:07:07,560 --> 00:07:09,060

and convenience.

190

00:07:09,060 --> 00:07:11,490

So let's talk a little bit

more about that convenience,

191

00:07:11,490 --> 00:07:14,280

because this line is an

important one to focus on.

192

00:07:14,280 --> 00:07:16,710

According to Ann Johnson,

Corporate VP of Security

193

00:07:16,710 --> 00:07:17,610

at Microsoft-

194

00:07:17,610 --> 00:07:19,740

- The user and the password

are the weakest link

195

00:07:19,740 --> 00:07:20,760

in your security system.

196

00:07:20,760 --> 00:07:22,920

- It's why certain protocols

must be put in place

197

00:07:22,920 --> 00:07:25,350

that can sometimes result

in a dip in convenience.

198

00:07:25,350 --> 00:07:26,520

You might already be familiar

199

00:07:26,520 --> 00:07:28,050

with two-factor authentication.

200

00:07:28,050 --> 00:07:31,830

But in simplistic terms, 2FA

is an extra step used to verify

201

00:07:31,830 --> 00:07:34,050

if a user is who they say they are.

202

00:07:34,050 --> 00:07:35,520

This is done with a text code

203

00:07:35,520 --> 00:07:39,060

and authenticator app, or a

verification in another app.

204

00:07:39,060 --> 00:07:40,260

1Password employs this,

205

00:07:40,260 --> 00:07:41,850

and it's pretty much industry standard

206

00:07:41,850 --> 00:07:43,440

for all password managers.

207

00:07:43,440 --> 00:07:46,140

But while 2FA adds a layer of security,

208

00:07:46,140 --> 00:07:48,990

it also adds extra

friction when logging in.

209

00:07:48,990 --> 00:07:50,700

So how does 1Password stay secure

210

00:07:50,700 --> 00:07:52,860

but eliminate these extra steps?

211

00:07:52,860 --> 00:07:55,620

Well, in June of 2022, CEO Jeff Shiner

212

00:07:55,620 --> 00:07:58,890

announced that 1Password had

joined the FIDO Alliance.

213

00:07:58,890 --> 00:08:01,800

FIDO is essentially a consortium

of leading tech companies,

214

00:08:01,800 --> 00:08:04,020

government agencies, and other industries

215

00:08:04,020 --> 00:08:06,690

that launched in 2013 with

the goal of eliminating

216

00:08:06,690 --> 00:08:10,200

the use of passwords on

websites, devices, and apps.

217

00:08:10,200 --> 00:08:11,820

Users can already use their fingerprint

218

00:08:11,820 --> 00:08:14,130

to unlock 1Password on their computer,

219

00:08:14,130 --> 00:08:17,760

or face ID to unlock 1Password

on their mobile device.

220

00:08:17,760 --> 00:08:20,070

Additionally, 1Password has

formed strategic partnerships

221

00:08:20,070 --> 00:08:23,100

with folks like Yubico, where

you can insert a Yubikey,

222

00:08:23,100 --> 00:08:26,490

or a USB device, that you

then touch to complete 2FA.

223

00:08:26,490 --> 00:08:28,350

Other password managers

have followed suit.

224

00:08:28,350 --> 00:08:30,090

And with this trend,

225

00:08:30,090 --> 00:08:33,270

maybe the future is

passwordless after all.

226

00:08:33,270 --> 00:08:34,350

I want you to picture a world

227

00:08:34,350 --> 00:08:35,760

where you don't have to rack your brain

228

00:08:35,760 --> 00:08:37,530

in order to log into any account.

229

00:08:37,530 --> 00:08:40,320

Imagine if you didn't

even have to remember one.

230

00:08:40,320 --> 00:08:42,150

All you do is touch a finger pad here,

231

00:08:42,150 --> 00:08:44,340

or look into an eye scanner there.

232

00:08:44,340 --> 00:08:45,690

Some banks have even started using

233

00:08:45,690 --> 00:08:47,730

voice recognition software.

234

00:08:47,730 --> 00:08:49,740

But there's a lot of ground to make up.

235

00:08:49,740 --> 00:08:52,980

According to Bitwarden, over

half of 2,000 consumer surveys

236

00:08:52,980 --> 00:08:55,950

said they relied on their

memory to manage passwords.

237

00:08:55,950 --> 00:08:58,770

A third said they still use pen and paper.

238

00:08:58,770 --> 00:09:00,480

It's more important for SAS companies

239

00:09:00,480 --> 00:09:03,330

to ensure password security

is top of the line,

240

00:09:03,330 --> 00:09:04,980

especially considering how detrimental

241

00:09:04,980 --> 00:09:07,200

a customer data leak can be.

242

00:09:07,200 --> 00:09:10,050

Ultimately, any company that

wishes to topple 1Password

243

00:09:10,050 --> 00:09:13,410

has to be adequately prepared

for a passwordless future.

244

00:09:13,410 --> 00:09:15,000

Which company do you think that'll be?

245

00:09:15,000 --> 00:09:17,400

Let us know what you think

in the comments down below.

246

00:09:17,400 --> 00:09:19,860

From Paddle, I'm Ben Hillman,

247

00:09:19,860 --> 00:09:22,363

and I think the future

might be passwordless.

248

00:09:22,363 --> 00:09:25,113

(dramatic music)