1Password Takes Second Round of Venture Capital

I'm sad to see that the team keeps bloating without meaningful improvements of the product. More people -> More teams -> More cross-team integration problems. Just repeating the dropbox story.

Seems like an almost unavoidable path. Basically the new version of feature creep.

"They help spread the word that we are an enduring and successful company which attracts both customers and talent."

I don’t know about that. To me, as a customer, it doesn’t sound "enduring" at all. It smells like bleeding money in pursuit of growth.

I do like 1Password's nice integration into macOS and iOS, but my trust in them is rapidly eroding, and these days I'd much rather keep as much of my data to myself as I can, even if it is ostensibly encrypted in a way that no one else can access.

Who knows what the venture capitalists will force 1Password to do over the coming years? Past experience says it won't be good. At best the app will probably bloat, add pointless integrations, start including profit-driven dark patterns, and gradually suffer more and more UX degradations. At worst everyone's data becomes up for sale and compromised, perhaps even their passwords.

So, could anyone suggest a good alternative, particularly for those of us that want to keep password synced between Mac, Windows, and mobile devices? How about something open source like KeePass or Bitwarden?

Thank you for the blog post, Michael. I love your coverage of so many topics!

I wanted to answer to the comments posted earlier:

@Kentzo: We made quite a few changes and improvements in 1Password on the past 12 months. Most of them on the business and family side and and they may not be super-obvious if you are a single user on macOS. For example: Secrets Automation, Events API, command-line clients, Privacy.com integration, and more. We recently released the fully featured Linux app and started the Early Access for 1Password for Windows with the goal of bringning feature-parity to all platforms. A lot of work is done in the browser extensions.

@Peter: Dave and I spent over decade working on 1Password without weekends or much time off. It actually feels pretty good to know that if I get sick or go away on a long vacation (hopefully one day when the pandemic is over 🤞) there is a team that will make sure things do not fall apart and the product is getting better. Also, I love what I do but as I get closer to that scary retirement age it feels good to know that 1Password will endure.

@Bri: Feature bloat is certainly a concern and this is balancing act for us. We all love simple products. At the same time, Apple, Google, and Microsoft are actively covering all the basic needs for the average user and if we want to survive, we need the features that make 1Password appealing to advanced users and businesses. I am pretty excited about the new features coming to 1Password 8!

If there is anything else that I missed, please let me know.

Roustem
Founder of 1Password

@mjstai @Bri - My first thought was what possible interest or logic is there in having Ashton Kutcher’s Sound Ventures involved in a password manager? Then I kept reading and saw Slack and Google in the list, and suddenly Ashton didn’t seem so bad. If I was still using 1Password this would make me nervous as well, but I switched to using iCloud Keychain with Authy for 2FA, and other information stored in a secure note.

Bitwarden seems like a good choice if you need something cross platform as it has sync across devices, is open source, and has been audited in the past. If you’re all in on Apple devices, I’ve had great luck with iCloud Keychain and it’s *very* secure. I have a backup account in Bitwarden that I use to generate a password the once in a blue moon when a password field doesn’t get recognized by Keychain.

I’ve been using (paying) 1P for 3 years and it’s not any better now than it was back then. What was the money for? I’ve been having issues with it since early June on my Windows PC and after several exchanges with their support, it was recommended that I install the beta version. It did fix the issue, but telling customers to install beta versions doesn’t inspire confidence — especially since they are the ones who broke it in the first place.

@Ben G So you had an issue, they seem to have fixed it in an upcoming version that is now in beta, and they asked you to install the beta to see if that fixed the issue. Correct?

How is that in any way anything other than what one would expect? How are they supposed to know if the beta fixes the issue if it isn’t tested to be sure? It’s not like it’s possible for software developers have access to an endless supply of every single possible hardware and software combination to reproduce every bug. Maybe your issue is common enough they can reproduce it on their end, but they suggested the beta so you would stop having the issue sooner and wouldn’t have to wait until that version is released as stable. I don’t know which case it is, but either way, that is how software works. They broke it, they fixed it, and now you’re getting bent out of shape because they wanted you to update to get the fix.

It says absolutely nothing about them other than that they fix bugs in subsequent releases (which actually does say a lot considering e.g. the Apple Mail data loss bug that’s still around three years later).

I agree with you @Kevin. I have given multiple bug reports and feature requests to the developers of my financial software, and they have always offered me a beta version with the changes to test. It's great, I get to test and provide feedback *and* I get the fix or enhancement early.

@Roustem I appreciate you responding here. I should mention that my concerns largely come from the fact that, now that your company has taken two rounds of venture capital, it means you are committed to your investors to keep making their investment profitable. There's the possibility, and some including myself would say it's an inevitability, that the investors will start influencing decisions for the company in an attempt to maintain growing profits, and their agenda will not be in alignment with making good software. (Hence the predictions of bloat and dark patterns.)

We've seen this happen so many times now, and it seems like every time the company strays from its roots, becomes detached if not hostile towards its own users in cynical attempts to monetize everything (including them) to greater and greater degrees, and then it falls apart. Perhaps the service or software continues in some capacity, but it almost always is a husk of its former self.

What I would want to see from 1Password at this point is that it *not* change dramatically. Some new features and conveniences would certainly be welcome -- I'm not asking for total stagnation -- but it does what it does right now very well and doesn't need to change. But not changing means that its user base and revenues will eventually level out, and while that might be fine for a small independent company, it's not permissible from the perspective of investors.

I truly don't mean to be hostile or disparaging, especially because I've enjoyed how well designed and functional 1Password has been so far. But what assurances can you genuinely give us that 1Password won't repeat this same story?

What are they doing with almost 500 people? Incredible.

And they lost me as customer quite some while ago with the version that wanted to give me gracious 15% off the full price for updating.

1Password is a great product, still.
But it is mostly is moving in a direction for corporate setting, that's were the real money are for such apps and services. That is why on a personal level it's not that clear why they need so many developers and where all the investments go.

Because of that I hope that they'll make personal version to be simpler at some point, and maybe even restructure subscription model to be more like Sketch or even offer a simple purchase.

@Roustem Thanks for commenting. It’s really amazing how far you’ve taken this app.

@Dmitri Yes, I was sorry to see standalone licenses go. I like the app but don’t want the service. The two things I want—better iCloud support and 1PasswordAnywhere—don’t seem likely to happen.

@ Dmitri: I think you've summarized it rather well. It simply isn't easy for consumer software to be sustainable. Some solve this with ads, others with in-app purchases, etc. A "buy, then upgrade about once a year" model just hasn't proven very popular. In enterprise settings, it's much easier to do a subscription model, because that's a common expectation.

So I guess I can't fault 1Password for the direction they've taken, but I don't feel that I'm a use case they're prioritizing for any more. In some ways, yes (e.g., relatively recent features like Watchtower), but in others, no. I don't need a team or family, and I just don't see most of the changes in recent years being tailored for individual users. Plus, iCloud Keychain is increasingly good enough.

I find it puzzling that people would stop using a piece of software because of hypothetical concerns over what it _might_ become at some unknown point in the future. From my perspective, 1Password is still excellent and best in class, and I will keep using it as long as that continues to be the case. If the worst should happen and things go downhill, then at that point I can switch to something else. But I’m not going to stop using a great piece of software because of something that might never happen.

If you're opposed to any subscription service (or the 1Password one in particular), then that's a different story, and obviously you need to find something else. I was a longtime standalone licence user, and am generally wary of and avoid subscriptions, but last year started using the family 1P subscription at the suggestion of a family member. I have to say that it was a genuine upgrade and I love the features and how they're implemented. So in this case I'm very happy with the service and think it's actually less expensive than I would expect for the value of what I get. But not everyone wants a subscription for a password manager, I get that. However, if that's not the case, I don't understand why someone would stop using software they like because of some imagined set of events that haven't taken place.

(As a postscript, I am also wary of venture capital, but I do have a lot of faith in the 1P team and the company's leaders. They have proven to be very communicative and transparent in the past, and I like their priorities. I am hopeful this won't change. But as I say, I can always switch if they do.)

As a yearlong happy customer of 1Password standalone (bougth the first license in 2013), I truly hope that they won't drop/sacrifice the (W)LAN syncing feature in the next major release. I would gladly pay for a one time upgrade. But I'm really not a fan of subscriptions and I strongly prefer to store my passwords locally. (W)LAN has worked beautifully in the past and it's everything I need to keep a subset of my stored items (one of three vaults) in sync with my iDevices. No need to carry around more sensitive data on every device.

I have been dabbling with locally synced Bitwarden for some time. But the UI is quite basic and I really miss the customizablility and some categories software licenses or bank accounts. If 1Password stopped supporting WLAN sync I would probably switch to Bitwarden though.

Another happy 1Password Families user here. The second investment round bothers me more than the first. One round is an event; two is a trajectory. I agree now that the most likely path is decay and downfall. But it’s still great and the competitors are all horrible, and 1P’s security record is still spotless as far as I’m aware. So it’s definitely not time to switch yet or for a while, but the Good And Thoughtful Indie Software warm fuzzies are toast.

Roustem:

congrats. One feature I'm still waiting for: Password Sync to my own WebDAV server. Any points on that?

Thanks!

M

Mmm, not reassuring.

The way the transition to subscriptions was done was not in order, IMO, chiefly because of the feature parity between clients. It's probably cock-up rather than conspiracy, but it left a bad taste. And now this.

Like Michael I wish I could have the clients and not the service; it's no defence of subscriptions. Of course I recognise that iOS (a product of The Privacy Company *) makes it harder because there's no way to back a synchronised directory with an app, but surely iCloud support could have been improved to be more reliable, or some custom HTTP-based protocol (WebDAV?) could have been introduced, for the self-hosters.

Oh well. I'm a subscriber now. It works, and well. If there's opportunity, I may jump, but right now I'm happy to be a sheep. Baaa!