1Password CEO: Our Competition Isn’t Just Apple and Google, It’s Bad Habits

LISBON—Competing against both Apple and Google might not seem like a comfortable spot for a smaller tech firm—especially not if the big two beat it on price. But that’s where 1Password operates, running a subscription-based password-manager service while Apple and Google offer free, if less capable, tools to create, store, sync, and auto-fill passwords.

In a conversation Thursday at the Web Summit(Opens in a new window) conference here, 1Password CEO Jeff Shiner discussed the Toronto firm’s competitive positioning, its user experience, its path to a passwordless future, and more. 

1Password vs. All of the Above

The company founded in 2005 as AgileBits(Opens in a new window) may be Canadian, but 1Password is more Switzerland in terms of device support: It maintains apps(Opens in a new window) for Mac, Windows, iOS, Android, Chrome OS, Linux and web browsers. 

Apple’s iCloud Keychain and Google Password Manager have closed much of the features gap by adding such tools as support for generating one-time login codes and warnings of compromised passwords, but the former remains largely confined to Mac and iOS devices and the latter is a browser-based tool.

“No business of almost any size has a purely Apple or purely Android or purely Windows solution,” he said. 

He also pointed to a difference in focus between 1Password, which is $35.88 a year for individuals and $59.88 for families, and the free offerings of Apple and Google. “Security and privacy are what we do,” he said. “We’re not trying to sell devices, we’re not trying to sell ads.”

After Apple and Google, Shiner said 1Password’s competition consists of other dedicated password-manager services. “On the consumer side, of course you’ve got the platforms and then you’ve got Keeper and Dashlane and Bitwarden,” he said. “On the business side, where we compete, it’s almost always going to be LastPass.”

But often, the competition at businesses is the null set: “Eighty percent of the time, there’s no previous solution.”

The same holds true with individuals, except the prevailing practices are worse. “We’re competing with bad habits,” Shiner said. “We’re replacing Post-It notes. We’re replacing people using ‘fluffycat’ for all their passwords.”

Release Notes

All of 1Password’s apps support biometric logins through authentication systems from Apple, Microsoft, and Google. But the 1Password 8 series of releases(Opens in a new window) impose a default requirement of typing in the full master password every two weeks, not just after a device restart. 

Shiner said that was the company’s attempt to ensure people don’t forget their master passwords and get locked out. “We get so dependent on biometrics, we just want to make sure that people remember that password as well,” he said, before laughingly admitting “I’ve set mine to much longer than two weeks.”

An even more common annoyance factor for password manager uses: sites that confuse or reject attempts to automatically fill passwords.

“It’s a huge challenge,” he said, saying that 1Password has to train “a rather sophisticated machine-learning model” to recognize the right fields on sites.  

The company also participates in a GitHub-hosted Password Manager Resources project(Opens in a new window) set up by Apple to share notes about glitchy sites and apps.

Passwordless Plans

The biggest development in login technology has been the move—backed by Apple, Google, and Microsoft—to support so-called passwordless logins. In this architecture, you confirm a login using your phone’s biometric security, as verified with a Bluetooth connection between the phone and browser. You can also use a USB security key in this scenario. 

After signing onto that industry initiative in June(Opens in a new window), last week 1Password bought Passage, an Austin-based company. Shiner said to look for results of that acquisition not in its apps, but on the sites of companies that today ask you to log in with a username and password. 

“It’s going to be more secure for you than username and password, but it will still actually be more convenient for you as an end user,” he said. “For businesses, removing the friction of registration and login is really important for them.” 

Over time, this also can set up 1Password to provide identity services: “It puts us squarely in authentication, which to your point can start to lead down that path.” 

Corporate Roadmap

While 1Password’s rival LastPass took a $125 million buyout offer from LogMeIn in 2015—which that Boston firm then reversed in December 2021, spinning LastPass back out to private-equity owners—1Password has remained independent. 

Shiner said it hasn’t received acquisition offers “in any significant way” and that “we’re happy to be independent.”

His company has, however, taken multiple rounds(Opens in a new window) of venture-capital funding: $200 million in November 2019(Opens in a new window), $100 million in July 2021(Opens in a new window) and $620 million in January(Opens in a new window). That’s led to some criticism of 1Password(Opens in a new window) for leaving itself beholden to investors with their own possibly diverging priorities. 

Shiner’s disagreed, saying it’s taken funding with its eyes open. “When we take the funding it’s for a purpose,” Shiner said “And the purpose is what I call courage capital: Allow us to grow, like the acquisition we made.”

He insisted that this growth will happen on 1Password’s terms, not those of investors. “We’ve been very clear through all of the rounds that that has been the case,” he said. “We’re not going to be beholden to numbers.”

(Disclosures(Opens in a new window): Since 2019, 1Password has provided free service to journalists(Opens in a new window), an offer I’ve taken since then(Opens in a new window). My airfare and lodging for Web Summit came from the conference organizers, in recognition of my moderating four panels there.)