Thesis
Passwords are the primary authorization method used by online services to protect people’s personal and professional lives. Many internet users have dozens of usernames and passwords to manage, including email, social media, banking, utilities, productivity tools, and shopping sites. In 2016, Intel Security found that 37% of people forgot at least one password every week and that an average person has 27 discrete online logins. That number has increased 25% between 2019 and 2020. An average person now has to remember 100 passwords in 2023.
While re-using the same passwords is a good way to remember passwords, it exposes users to potential data breaches. A weak password compromised on one application makes every other application that uses the same password vulnerable to compromise. A 2019 survey found that 72% of people use the same passwords for their personal accounts and 49% of respondents just changed or added a digit or character to their company password when updating it every 90 days. Meanwhile, 37% of respondents had over 20 passwords for their personal accounts, and 19% of respondents had over 10 passwords in their work life.
Companies of all sizes understand that passwords remain a major security threat since many rely on easy-to-guess passwords such as birthdays, pet names, or nicknames. Furthermore, people often use the same password for business and personal accounts and sometimes even share credentials on sticky notes. The proliferation of cloud-based services and the rise in online security breaches have prompted Chief Information Security Officers (CISOs) and IT teams to take action. Single-sign on (SSO) and multi-factor authentication (MFA) are now commonplace in workplaces. However, many enterprises remain vulnerable. SSO covers limited applications, and MFA adds difficulty for users.
1Password is a password manager providing businesses and consumers with a safe way to store and share passwords. It keeps important information secure with Advanced Encryption Standard (AES) 256-bit encryption. With 1Password, users can keep information organized with tags and find what they need with a customizable search. 1Password securely stores and organizes passwords in one central location it calls the vault. The vault is only accessible through a master password or biometric authentication. 1Password’s password manager creates strong, unique passwords for each online account and has a browser plug-in to fill in login credentials on websites and applications automatically.
Founding Story
1Password was founded in 2005 by Dave Teare and Roustem Karimov. Karimov used to be a developer at Sony, and Teare used to work at IBM Canada. In 2005, Teare and Karimov were running a web development consultancy where they struggled with managing multiple website logins. Determined to find a solution, they embarked on a three-month project to build a tool that could streamline their internal password use. It wasn't until they started showing the project to friends in the field that they realized they had created something promising. Recognizing the potential of their creation, Teare and Karimov made a pivotal decision and left their day jobs to focus entirely on developing 1Password.
Around the same time, Apple's OS X and the iPod were gaining popularity. Immersed in the OS X and Cocoa world, the founders saw an opportunity to test the initial beta version of 1Password on the Mac platform. On May 19th, 2006, they uploaded the first version of 1Password to MacUpdate and VersionTracker.
When the team grew to 20 people, Teare and Karimov felt it was time to hire a full-time CEO. Teare gave a Çingleton talk on why he believed 1Password couldn’t continue to grow without someone acting in this capacity. Teare was close friends with Jeff Shiner from IBM and believed he was the right person for the role, given his B2B experience. Jeff Shiner joined as CEO in 2012.
The team grew the company without venture capital — it was profitable since day one and did not raise capital until 2019, when it raised a $200 million Series A round led by Accel. This was the company’s first outside investment after 14 years of organic growth and profitability to scale its Enterprise Password Manager (EPM) globally.
Product
Master Password
The 1Password master password is a crucial component of the security architecture in 1Password. The primary key protects the user's password vault, containing all the stored passwords and sensitive information. When users set up a 1Password account, they are prompted to create a master password. The user can choose a strong and unique password that they can remember.
The master password is not stored anywhere on 1Password's servers or databases. Instead, it is a passphrase to encrypt the user's password vault locally on their device. This means that only the user knows their master password, and it's not accessible to 1Password or anyone else. To access the password vault and view or use stored passwords, the user must enter their master password. The 1Password application uses the entered master password to decrypt the encrypted vault locally on the user's device.
Source: 1Password
Login Autofill
1Password offers an autofill feature that allows users to fill in their login details on websites and applications. When users create or update a login account on a website or application, 1Password prompts them to save the login details. Users can choose to store the username and password within their 1Password vault. When users visit a website or launch an application where they have previously stored login details, 1Password indicates that login details are available for autofill.
Source: 1Password
Security Watchtower
Users can get a 360-degree view of their security through 1Password’s Security Watchtower offering. 1Password's Security Watchtower continuously monitors known data breaches and security incidents and checks if any of the user's stored passwords have been compromised in these breaches by comparing them to a database of leaked credentials. Security Watchtower also scans the user's passwords for potential weaknesses and identifies passwords that are commonly used, easily guessable, or have known security vulnerabilities. Its duplicate password detection feature alerts users if they have multiple accounts with the same password.
Source: 1Password
Business
With 1Password Business, security admins can get a centralized view of their businesses’ security posture. This allows them to manage their team, generate reports, and track important information from one dashboard. The platform provides an Insights dashboard that helps the admin monitor the health of passwords, identify potential breaches, and track team usage.
Integrating with SSO providers, 1Password Business protects logins for approved applications covered by the users' SSO provider. Users can automate common administrative tasks when they connect their identity provider (IdP) to their 1Password Business account. This integration simplifies onboarding new team members and streamlines removing access for offboarding employees.
1Password Business offers advanced protection features that allow users to customize password policies and sign-in rules according to their organization's specific needs. They can define specific requirements for password complexity, expiration, and other security measures. Additionally, users can monitor access events such as sign-in attempts, helping them detect and respond to any potential security threats.
Source: 1Password
Enterprise
1Password gives IT and security teams at large enterprises the visibility they need to protect their businesses. It integrates with the existing security stack and provides granular admin controls and actionable insights. Admins can generate reports and integrate with tools like Splunk to create custom alerts and logs for enhanced security monitoring. 1Password streamlines workforce security by offering features like autofill for credentials and payment cards, sync across devices for access, and information sharing among team members. Organizations can unlock 1Password with an SSO provider, stream events to its security information and event management (SIEM) tool for custom dashboards and visualization, and automatically provision employees with identity management solutions like Azure and Okta.
Developer
1Password streamlines how developers manage SSH keys, API tokens, and other infrastructure secrets throughout the software development life cycle. It enables developers to manage secrets directly within their development environment. By scanning their fingerprint, developers can use and manage secrets across devices, systems, and platforms, ensuring consistent access and synchronization. With 1Password, developers can store secrets in encrypted vaults, eliminating the need for plaintext secrets in code. Secrets can be accessed in code using references that are replaced at runtime. Integration with popular integrated developer environments (IDE) like VS Code is meant to further enhance the development workflow.
1Password Shell Plugins allow developers to sign in to any command line interface (CLI) without typing credentials in the terminal. API access tokens can be stored in 1Password, and third-party CLIs can be authenticated using biometrics. Additionally, developers can build their own plugins through the open-source community project, expanding the capabilities of 1Password for CLI authentication.
Source: 1Password
Market
Customer
1Password has offerings for consumers, companies, and developers. Customers include IBM, Slack, PagerDuty, Dropbox, GitLab, and Roche.
Third-party research suggests companies using 1Password are predominantly in the United States and are in the technology industry. In terms of size, typical business customers have 50-200 employees and revenue ranging from $1-10 million dollars.
Market Size
In 2016, Intel Security found that 37% of people forgot at least one password every week and that an average person has 27 discrete online logins. That number has increased 25% between 2019 and 2020. An average person now has to remember 100 passwords in 2023.
With the growing number of data breaches and cyber-attacks, more and more people are becoming aware of the importance of password management. The demand for password managers is increasing, with individuals and businesses looking for solutions to keep their online accounts safe. The global password management market was valued at $1.5 billion in 2021 and is expected to reach $7.1 billion by 2028, growing at a CAGR of more than 25%.
Competition
NordPass: NordPass is a password management solution developed by NordVPN, a virtual private network (VPN) service provider. NordPass offers secure password storage, password generation, and autofill functionality. NordVPN was founded in 2012 and bootstrapped for 10 years. The company announced its first round of venture funding — $100 million at a $1.6 billion valuation — in 2022, in a Series A round led by Novator. Like 1Password, it serves both consumers and businesses. As of April 2023, its product portfolio had 15 million users.
LastPass: LastPass securely stores and manages user passwords. It offers features like password generation, autofill, and multi-factor authentication. Like 1Password, LastPass enables users to access their passwords across different devices and platforms, with options for personal and business use. The company was founded in 2008 and acquired by LogMeIn for $110 million in 2015. In December 2021, it was reported Elliott Management and Francisco Partners would spin off LastPass after taking its parent company, LogMeIn, private for $4.3 billion. LastPass had 30 million users at the time. Unlike 1Password, LastPass does not have a local storage option.
Dashlane: Dashlane is another password manager focusing on providing users with a secure password management experience. Like 1Password, it offers password storage, autofill, and password generation. Dashlane also provides additional functionalities like a digital wallet and secure note storage for managing sensitive information. Dashlane was founded in 2009 and has raised $211 million in funding.
Keeper Security: Keeper Security, founded in 2011, is a cybersecurity platform for preventing password-related data breaches and threats. Its differentiators include dark web monitoring, secure file storage, single-sign-on integration, compliance reporting, and detailed event logging. In 2020, the company announced the close of a $60 million minority investment by Insight Partners. This was Keeper Security's first equity raise since its inception. As of August 2020, it said it has over 1 million paying customers.
Business Model
1Password operates on a SaaS business model. There is no free version of 1Password, and after a 14-day free trial, all users must subscribe monthly or yearly to continue accessing the password management service.
The company offers five subscription packages: Individual, Family, Teams, Starter Pack, Business, and Enterprise. Each plan provides users with features such as unlimited password creation, autosaving and auto-filling, two-factor authentication, and 24/7 email support, with varying levels of functionality and pricing.
The pricing plans for 1Password are as follows: Individual at $2.99 per month, Family at $4.99 per month for up to 5 family members, Business at $7.99 per month per user, and Teams at $19.95 per month for up to 10 team members.
The business plan unlocks adoption on the consumer side as every 1Password Business subscription comes with family plans — meaning the families of every employee can also use 1Password at home. This is intended to build product stickiness and make families are more likely to purchase 1Password themselves if they switch employers.
Source: 1Password
Traction
As of January 2022, 1Password had 100K enterprise customers and millions of end users. Businesses accounted for 60% of 1Password’s revenue at the time. In January 2021, 1Password said it had doubled its customer base and grown its team by more than 300% in the prior two years due to tailwinds from the COVID-19 pandemic. In 2021, the company had annual recurring revenue north of $150 million. Its initial business product, 1Password for teams, was launched in 2015 and was not even built for company-wide use. However, it saw 30K businesses sign up in three years. 1Password Business was launched in 2018 with a wider set of business-focused features.
Valuation
In January 2023, the company announced a $620 million Series C round at a $6.2 billion valuation. The investment was led by ICONIQ Growth with participation from Tiger Global, Lightspeed Venture Partners, Backbone Angels and Accel. Previously, Accel led the company’s $200 million Series A and $100 million Series B rounds. Numerous individual investors also took part in the Series C, including LinkedIn executive chairman Jeff Weiner, General Motors CEO Mary Barra, CrowdStrike CEO George Kurtz, and Robert Iger, the CEO of The Walt Disney Company. Its Series C brought the total funding amount raised by 1Password to $920 million.
Key Opportunities
Universal Sign On
The 1Password team intends to build a future experience called “Universal Sign On.” Shiner said that the company would use the Series C funding to make “big bets” to help users sign on to websites and applications automatically. He also said 1Password would aim to do this “regardless of what the authentication is beneath the covers—whether that authentication is username and password, whether the authentication is an SSO, whether it’s a passwordless authentication through WebAuthn.” With this, 1Password has the opportunity to bridge the old world of application-specific passwords and the new world of single sign-on. This could enable 1Password to become the end-to-end sign-on management tool for businesses and consumers.
Partnerships and Integrations
Through partnerships, 1Password could enhance the user experience by offering a unified solution that integrates with popular platforms, applications, and browsers, thus increasing user acquisition and fostering customer loyalty. Current partners include Slack, Okta, Rippling, and OneLogin. Strengthening relationships with channel partners and resellers could expand the company's sales channels, providing new avenues for reaching a broader customer base. Overall, partnerships may empower 1Password to capitalize on fresh opportunities, improve the user experience, drive customer acquisition, and expand its market presence.
Acquisitions
Acquisitions present a significant opportunity for 1Password to drive its growth goals. The company can strategically acquire other businesses or technologies to expand its capabilities and offerings. For instance, in November 2022, 1Password strategically acquired Passage, allowing it to build an end-to-end solution for passwordless authentication. This acquisition enables 1Password to tap into the emerging trend of passwordless authentication and provide users a more secure and convenient authentication experience. 1Password's previous acquisition of SecretHub in 2021 allowed it to launch its 1Password Secrets Automation service. This acquisition expanded 1Password's portfolio to include a solution for managing secrets, keys, and other sensitive information. By integrating SecretHub's technology into its offerings, 1Password positioned itself as a provider of advanced secrets management solutions, catering to the evolving needs of organizations in terms of security and compliance.
Key Risks
Increased Competition
With the increasing awareness around cybersecurity and the growing need for secure password management, the industry has seen significant competition and the entry of new players. The emergence of new players and existing competitors enhancing their offerings could lead to price pressure or loss of market share. Customers may be more inclined to switch between different password management solutions with more options available. Currently, 1Password makes importing and exporting solutions from its platform relatively easy. Building and maintaining customer loyalty will become crucial for 1Password to retain its customer base and prevent churn.
Artificial Intelligence Password Crackers
1Password deals with sensitive user information, including passwords and other personal data. Any potential data breaches or security vulnerabilities could severely impact user trust and reputation. AI technologies can increasingly be trained to crack passwords. A study by Home Security Heroes found that an AI tool known as PassGAN could crack 81% of common passwords in less than a month, 71% in less than a day, 65% in less than an hour, and 51% in less than a minute. 1Password will need to develop increasingly complex passwords and advanced encryption techniques to combat AI-powered tools from gaining unauthorized access.
Compliance and Regulatory Challenges
As privacy and data protection regulations become more stringent globally, 1Password must ensure compliance with relevant laws and regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). Failure to comply with these regulations could lead to legal consequences, reputational damage, and loss of customer trust.
Summary
1Password is a password management tool that helps millions of internet users securely store and manage their passwords. Positioned as a solution combining convenience with security, the company aims to attract both consumer and business customers.