Wednesday, January 19, 2022

1Password Series C Funding Round

Jeff Shiner (tweet, Hacker News):

I’m delighted to announce that 1Password has raised $620 million in our latest investment round that values our company at $6.8 billion. This moment represents a lot of hard work by a lot of amazing people.

Most days, I find myself too busy to truly reflect on all we’ve accomplished over the past 17 years. I think back to our tiny Macworld booth, or the weeks we’d spend at the Cupertino Inn working on our latest iOS or Mac release. It feels like yesterday that I was excited to cross the 100-employee threshold, yet here we are just a few years later approaching 600.

[…]

Admittedly, it seems peculiar for a consistently-profitable company to accept outside funding. But just like last time, these partnerships make it possible for us to develop and scale human-centric security solutions for everyone.

David Pierce:

1Password has tripled in size in the last two years, up to 500 employees, and plans to double again this year — while also expanding the vision of what a password manager can do. 1Password has long been a consumer-first product, but the biggest opportunity lies in bringing the company’s knowhow, its user experience, and its security chops into the business world. 1Password already has more than 100,000 business customers, and it plans to expand fast.

[…]

“One is, continuing to invest in our team and double the size of our company, again, this year. Two is continuing to look at strategic acquisition. We made the acquisition last year with SecretHub for the secrets automation space. And then three, just have the courage capital to make the big bets that we need to enter new areas and really try and see how ambitiously we can hit those vision and mission goals.”

Previously:

Update (2022-01-20): John Gruber:

Doesn’t seem like a good investment to me, either. Better password management is getting built into operating systems and web browsers. They’re trying to go enterprise mass market with a niche product that was beloved by nerds who really care about their passwords. As a friend just quipped to me, “Unless they’re factoring the value of the individual passwords, $6B makes no fucking sense.”

As a consumer, I’m not happy about the focus on enterprise. But it makes sense from a business perspective because the basics are getting built in, as Gruber says. I do think there’s room for a solid long-term business offering organizations more, and so the valuation doesn’t seem crazy to me.

Update (2022-01-24): Collin Allen:

It’s bonkers to me that they have 600 people there for a password manager app and service. I could see 60, but 600? 😳

Roustem Karimov:

Well, how much experience with SOC 2 Type 2 do you have? What about running 5 production data centres? Also, how many people do you think it would take to support a few million active users?

We used to kill our entire team and work 70+ hour weeks, thankfully it is in the past.

Roustem Karimov:

Early days: it was about 50/50 between developers and customer support. A single Safari or macOS update could generate 10,000 tickets/day and it was all-hands-on-deck for weeks.

Mitchell Cohen:

Let’s narrow our focus further to one tiny part of the app: icons. Ever seen an icon pop in while scrolling through @1Password ? There’s a story behind that, and it’s related to how we enforce memory hygiene, protect your anonymity, and provide full encryption at rest.

John Gruber:

But, still, whether what 1Password is doing is smart business or not, there’s no question that the longtime 1Password users I know personally are unhappy. They’re not happy that the new 1Password 8 for Mac is built on Electron. They’re not happy that 1Password is going subscription-only. They’re not happy that 1Password vaults are now only hosted by 1Password. But these are all decisions that make perfect sense for the enterprise SaaS world. It might not be feasible to move to the new model without spoiling what many 1Password users liked best about their old one.

[…]

I’ve always thought it to be a great product from a great company, but, well, I had my own system for managing passwords from before 1Password existed (which admittedly is a long time ago: they started in 2005) and as the years have gone on, I’ve slowly moved from merely using Apple’s iCloud Keychain to depending upon it. For shared secrets, my family uses locked items in Apple Notes.

Previously:

Update (2022-02-11): Cabel Sasser:

If you’re wondering if 1P will ever live up to that $6.8 billion valuation, please note that they’ve officially reached the Schedule-a-Meeting Sales Spam level

Update (2022-03-23): Gruber has removed the line:

For shared secrets, my family uses locked items in Apple Notes.

Apple’s documentation currently states:

You also can’t password protect notes that you share with someone else.

28 Comments RSS · Twitter

Absurd.

Kevin Schumacher

Gross. They're addicted to it now. This is pathetic and gross and reveals the true nature of the people running the company, regardless of how many emojis Dave insists on using.

Go big or go home, I guess.

I don't see much of an alternative for 1Password.

They're getting pushed out of the market segment of "simple password manager" by Apple, Google et al, whose respective built-in password managers are good enough. Sherlocking, kind of, except Keychain dates back to the early 1990s (OTOH, perhaps it wouldn't have seen quite the revival without the competition from 1Password).

Then there's the premium segment, of course, but that's tricky to do. Recent years have added useful features, but 1Password has reached "good enough" status years ago, and users probably stopped buying upgrades (or only did so when OS support ran out).

And then there's the subscription segment: families and business teams. Always available, centrally managed, those kinds of features.

I'm not sure I would call anything VC-funded "sustainable", but looks like, for the time being, it works for them.

Apparently this is still not enough money or employees to maintain a Mac-native app…

I'm still a 1Password customer because I've tried all the competitors and they are still worse for my needs, but I'm more of a reluctant customer at this point.

Kevin Schumacher

@Gordon I am in the exact same boat. I actually set our family up on Enpass and switched to using it as my primary password manager for about a month, but there were enough rough edges and missing features that I couldn't see switching, unfortunately.

Old Unix Geek

@Gordon / @Kevin

I'm curious why you find 1Password to be better than the alternatives you mention.

I switched to Bitwarden — it’s free for personal use and doesn’t annoy me nearly as much as 1P started doing since 2019 or so. Bitwarden just works and stays out of my way when I don’t need it.

1P seems to be going down the path of Dropbox — used to be great, took a lot of money and lost focus, sucks now.

Sadly, the BitWarden Mac app is electron, and a much cruder and more alien-feeling electron app than 1Password 8.

True the Bitwarden client feels a bit out of place on Mac and iOS, but it’s been rock solid for me and totally worth the $10/year for the premium version.

They’re raising this money to be a company that exists in a post-password future. Passwords and password management as we know it are going away sooner rather than later.

Beatrix Willius

999 sales people and 1 developer?

WTH does "while also expanding the vision of what a password manager can do" even mean?

Long time 1Password paid user and evangelist here. My whole life is in that app.
I think they’ve added smart and useful features. But please oh please don’t turn my Mac app into an Electron monster. Why can’t they invest and grow their iOS / iPadOS codebase into Catalyst? iPad and Mac users will benefit from it! It’s not like that codebase is going away anyway.

My main worry isn't that 1Password is getting worse - 99% of the time, I use it through mobile clients or browser plugins, so I don't care how the app is built at all - but that it is absurd for a password management company to have a 7 billion evaluation, and probably hugely bloated expenses. As soon as the investors start to get antsy, this is going to implode, and I'm going to be left having to figure out how to switch to a different, probably much worse, product.

Look at it this way: If your indie app, that's made by a single developer, suddenly explodes in popularity and you make milllons with it, wouldn't you feel bad at hoarding it all for yourself? Sharing your wealth through a company that gives more people a job is also a social choice. So, in this way, going big is good thing. And, with a larger customer base you will need more people to handle support, at least, and then the infrastructure, and HR to manage the many employees, and so on. It's practically unavoidable.

Still, this doesn't excuse the degrading software quality, IMO.

Back of the envelope calculation: they claim 100,000 companies, say 100 employees each, 100$ a year, that's $1B revenue / year. Maybe it's less, maybe it's more, but I don't think the valuation is crazy.

And there is a lot of room for growth. Cybersecurity (in a very large sense) has become a major concern in corporations, and 1Password is an easy and cheap way ($7/month/employee is peanuts) to at least pretend you are doing something about it. Securely storing and sharing confidential / critical passwords/credentials between employees is a good start in any case.

It is their focus now, the boat has sailed a long time ago. It's sad it's not an indie app anymore, focused on delivering great native UX/UI to macOS and iOs (and Windows), but the direction they chose still makes sense, and I think they may even bring real value to businesses.

@Charles - it's definitely less. 96% of companies in the US are less than 50 employees; you can assume the distribution worldwide is similar. 61% of companies in the US are 5 employees or less.

@Old Unix Geek,

I never even made it past the UI for any of the alternatives. I could not find a single
one with a half-decent Mac app. They were all either electron, QT, or in one case, an extremely poor Catalyst port. I'm happy with the features of 1Password as they exist today, the new Mac app is just such a UI regression in so many ways, and combined with the very rapidly bloating finances and headcount of the company, I expect things to continue to get worse.

If you know of any password manager that actually has a good, native Mac app, I'd love to try it.

Personally, I gave up on 1Password when they switched to pushing subscriptions. I loved that app as a personal utility, not as an enterprise service.

But comparing this company -- 500 employees! -- to an open-source project is missing the point. It's not a password app. It's an enterprise services company which bootstrapped itself from a password app. You might as well complain that it's impossible to make a $100B company out of an online bookstore, or selling BASIC to hobbyists, or showing photos of Harvard freshmen to each other. Those are all stupid ideas, yet somehow Amazon and Microsoft and Facebook still seem to exist.

Literally every day I hear new stories about PII data leaks. AgileBits can go to any company/government in the world and say "Oh hey, we heard your latest vendor leaked a bunch of user data *again*. Guess who's been encrypting trillions of passwords for the past umpteen years and never once been hacked? BTW, several of your departments already use our services."

A company with a deep knowledge of data security and user interfaces and enterprise sales practically has a license to print money. They'd be stupid not to put it to use. Whether the current version of their Mac password app is written in Cocoa or Electron or Tcl/Tk isn't even on their radar at the moment, nor should it be. AgileBits probably cares about that almost as much as Thefacebook cared if their HTML validated, or if Micro-Soft's BASIC had proper spelling in their error messages.

$6B sounds low. In 10 years, these investors are going to be raking it in.

Old Unix Geek

Thanks Gordon. I'm afraid I don't have any recommendations either.

@Gordon - Have you tried Secrets? Native app on iOS and Mac. I used it for year or two and did have trouble with iCloud syncing which is why I eventually found another (non-native) app. Worth a look.

This is fantastic news!

Now the team can focus on growing the company and invest in securing the future of the enterprise.

The detractors in the comments are probably all internet trolls who have never started a successful or enduring company in their lives.

I’m going to make a very nuanced point here.

Part of the problem with why can’t keep all three apps native is per their blog post the difficulty of backend engineers being able to get client teams to update their APIs

We have the same issue at the very large tech company I work for. The backend and web engineers have continuous deployment pipelines but native apps require shipping software to the App Store. This means that code deploys take days for native apps compared to hours for web/backend. This means that a years old version of an app might be used for years, and the backend can’t deprecate an old endpoint.

This is really tough for modern tech companies with cloud backends. I’m not surprised that one password is finding it much more difficult to develop their native apps now that they no longer just use local Dropbox syncing.

What’s my conclusion here? I think if apple eased up their App Store review policy, and allowed for OTA native code deploys, they might significantly lower the cost of making native apps for mac and iOS.

Kevin Schumacher

> The detractors in the comments are probably all internet trolls who have never started a successful or enduring company in their lives.

The detractors in the comments are people, like myself, who have been supporting 1Password since they were a small company and are extremely disappointed to see that they've chosen to take a profitable company making great software, and accept outside investment repeatedly as their software quality simultaneously gets worse (or falls off a cliff, in the case of 1Password 8).

> The detractors in the comments are probably all internet trolls who have never started a successful or enduring company in their lives.

Nope. I haven't started even a failed company and fail to see what that has to do with 1Password at all. I've been using it since 2011. I don't like they direction they're moving. I understand it. I don't like it. It's yet another example of all good things come to an end. Unfortunately there isn't anywhere better to move to.

"$1B revenue / year"
"detractors in the comments are probably all internet trolls"

Some comments in this thread are suspiciously weird. I wonder how much of that investment goes into online reputation management :-)

What’s my conclusion here? I think if apple eased up their App Store review policy, and allowed for OTA native code deploys, they might significantly lower the cost of making native apps for mac and iOS.

My conclusion is the opposite. Continuous deployment for front-end code is quite convenient for engineers, but not user-friendly. In that model, the software keeps changing without their consent or knowledge.

Kevin Schumacher

As someone who hates software subscriptions with a passion, I actually have never minded 1Password's because I see an ongoing service being provided (as opposed to simply being forced to pay monthly/yearly for application upgrades I may not want or need, as is the case with most software subscriptions). I also don't have the vitriol for them managing my vaults as opposed to me doing it—so long as I have an export option. For a long time my family shared a vault managed through Dropbox, but as soon as 1Password introduced family subscriptions, we jumped on board.

My primary issue is the loss of the native Mac app after having such a fantastic one for many, many years.

I've only tried Enpass in-depth (a lot of the others didn't even get a download as I couldn't stomach the interface in screenshots) but, compared to 1Password, it was slow and didn't autofill well a lot of the time in the browser—and that was on my Mac, where it's even less acceptable than it would be on my phone, especially with a product that costs nearly the same as 1Password. It also was fairly bland-looking, which at the end of the day is not the most important thing, but it is *a* thing that matters to me.

@Kevin When I tried to use the Export feature, I found that the CSV export with “All Fields” selected did not actually export all of the fields (even the non-custom Notes field) and that the JSON-like 1PIF export format was undocumented. There were also releases where the CSV export feature was missing entirely.

Leave a Comment