Matt Davey is COO at 1Password, the password management tool that has grown from a prosumer security tool to security software designed for everyone from families to enterprises. 1Password closed a $200 million Series A led by Accel in late 2019, and in Capiche's first AMA we asked Davey about security, working as a remote team, software costs over time, and the future of 1Password.
And through the questions, we learned how 1Password has navigated the changes in the software industry as they grew to becoming a major player in security software.
People are starting to realize that reusing passwords is terribly insecure (though too many people still do it!) But once individuals are past that, they still often think that generating their own complex passwords is just as secure as a random password generator. But the fact is humans are incapable of being truly random — they tend to draw inspiration from things they know or use patterns to remember the passwords they’ve created. A random generator will always be more secure than any human.
Consumers and businesses certainly have different needs, but the end user wants the same thing: a simple, easy way to protect their private information and sign into apps and websites. Individuals don’t necessarily need the same fine-tuned controls that enterprises do, but they want the same security and same assurances that their most valuable data is safe.
The way people use technology has completely changed. We used to access the internet primarily on a single household computer. Now each member of that household likely has their own computer, we often have separate computers for work and home, not to mention phones, tablets, and other devices. So not only are their more platforms to develop for, but they all need to work smoothly together. So software is more complicated, plus there’s the running costs of cloud computing services, which most cross-platform apps rely on.
If you think about the way software has historically been released, it was usually a single product version. You didn’t get updates, except perhaps for security patches, but certainly not new features. Now, most software developers release new features and overhaul products regularly.
Today’s 1Password is already an enterprise product. We help over 50,000 businesses — some with hundreds of thousands of employees — to prevent breaches and make their workforce more secure. 1Password works as the foundational layer of an IAM (Identity & Access Management) stack, complementing multi-factor authentication and SSO.
Enterprises can deploy 1Password rapidly — as an example, one business was able to onboard 50,000 employees in just two weeks, so you can make an impact on business security quite quickly. We help companies meet compliance and reporting needs, and also include 1Password Advanced Protection, which gives administrators fine-tuned controls over firewall rules, delivers sign-in attempt reports, and allows IT departments to enforce two-factor authentication and set a Master Password policy.
As a remote team, we use many tools to communicate and stay on top of tasks including Slack and Gitlab. Slack not only allows for questions to be answered quickly and knowledge shared easily, but it also allows our employees to get to know one another better despite the distance. For tasks that require more attention, Gitlab gives our team the ability to manage their workload and ensure each team member is aware of their role in the project.
For the jet-setting crowd, I'd say Travel Mode, for peace of mind. When you turn on Travel Mode, every vault is removed from your device except the ones that you've marked as "safe for travel." So even if you're asked to unlock your device at the border, you can rest easy knowing that your passwords, documents, and other information aren't accessible. When you arrive at your destination, turn Travel Mode off, and your vaults will reappear.
For iOS users, the ability to create Documents using the camera roll is a hidden gem and a big time-saver. In addition to the camera roll, you can use the camera directly, or pick a file from the Files app. And with the new document scanner in iOS 13 you can easily create PDFs from your paperwork that include optical character recognition text summaries, so you can store your sensitive information securely and make it available to all your devices.
Of course, just by virtue of the fact that the product is so much bigger and more complex than our first version! There are so many more platforms to take into account, plus business and enterprise products require more infrastructure.
1Password doesn’t provide true two-factor authentication, but it can give you time-based one-time passcodes (TOTP) for 2FA. For the vast majority of people, using 1Password’s TOTP feature is far more secure than using SMS authentication.
We have a lot of business and enterprise adoption that occurs this way. We have the most loyal customer base and the highest customer satisfaction ranking of any password manager, and our users are huge fans of 1Password. So we find they often encourage their friends, family, and workplaces to start using it.
We recently partnered with the venture capital firm Accel, and we’re going to continue to develop our enterprise offering. It’s crucial to us that we stay true to our values, which center privacy above all, and continue to take care of our customers. We don’t collect any usage data, so customer feedback has always been the primary driver of product development for us. We’re going to continue listening to what our users want from 1Password and let that shape how we improve the product.