Friday, November 15, 2019

1Password Takes Accel Investment

Dave Teare (tweet, TechCrunch, Hacker News):

Accel will be investing USD$200 million for a minority stake in 1Password. Along with the investment – their largest initial investment in their 35-year history – Accel brings the experience and expertise we need to grow further and faster.

[…]

Since then, 1Password has become more successful than we ever dreamed. It’s been humbling to watch as we’ve crossed one milestone after another. I still remember with fondness hiring our first employee, planning our first AGConf, recruiting my friend as CEO, opening our first office, and acquiring our first enterprise customer with over 300,000 employees.

[…]

We’ve been turning down Venture Capital firms for as long as they’ve been courting us. We were profitable and didn’t see the value in partnering with someone else. It was fun to grow the company ourselves from 2 to 176, but just like when we hired our CEO, we’ve reached a point where we need expertise and guidance from those who’ve made this journey before.

There’s been a lot of worrying that this is going to hurt the consumer product. This seems like the wrong time to be asking that question because they’ve already been growing rapidly and pivoting to the enterprise. As a consumer, I wish they hadn’t done that. But given that decision—and there are certainly benefits to having thoughtfully designed password software in big businesses—the funding and partnership are tools to help them execute that plan.

1Password has remained a good product, though the parts I care about seem to be on life support. New features are being added to the hosted service, which I don’t want to use. The app’s basic design and focus on browser extensions are not a good fit for the way I want to use it. But these seem to be differences in philosophy, not consequences of the growth strategy.

Accel:

1Password is trusted by millions of users globally, 50,000+ paying business customers, and 25% of the Fortune 100, including leading enterprises such as IBM, Slack, Pagerduty, Dropbox, GitLab and Roche. We’re excited to be investing alongside the Slack Fund, Atlassian co-founders Mike Cannon-Brookes & Scott Farquhar, Atlassian president Jay Simons, and several notable angels.

[…]

At the time of that meeting, they were scaling their consumer-focused product and in the process of releasing a business solution. Now, their Enterprise Password Manager (EPM) is used by tens of thousands of businesses (including 40+ in Accel’s portfolio). They’ve added numerous features broadening the scope of their product beyond password management, including SCIM Bridge and Advanced Protection.

Matthew Panzarino:

1Password was a nice business for a long time but it’s biggest competitor lastpass started pushing hard into enterprise, flooding out the “byot” channel. Makes sense they’d raise to build support and grow enterprise business. I don’t see the need to freak out for personal users.

Ryan Jones:

Ahhh this is important context missing from TechCrunch: Dashlane raised $110M. File this under “you have to plan the game on the field”.

So $200M for an enterprise sales team and enterprise features to avoid getting squashed by capital.

[…]

The @1Password :: Dropbox metaphors could not be more perfect.

Cabel Sasser:

I can’t help but feel there’s a wonderful and often unexplored middle ground between “die” and “grow and grow aggressively”, but that’s extremely easy for me to say without knowing any details, and nobody likes a backseat CEO!!!! I wish you and the team the best! ♥️

Dave Teare:

Fun fact, over the last 14 years we’ve grown log2(174) =~ 7.4, so we’ve been roughly doubling every two years. That to me is already pretty freaking fast but it hasn’t been fast enough to keep up. Hope that gives some context to “aggressively”.

Roustem Karimov:

Feature requests, bug fixes, BugCrowd bounties, SOC2 certification, GDPR requests, pentests, AWS and Google Cloud infrastructure upgrades/monitoring, ...

Customer support -- when your customers have to wait weeks to get a reply because there are 10,000 emails in the queue.

Cabel Sasser:

Yipes!! One (very simplistic) question then: if you have 10,000 e-mails in your queue, you have an incredible number of customers, which means you should have plenty of revenue to cover hiring the people needed to reduce that queue. Right? But maybe not, if you were near death?

Roustem Karimov:

Money was not the deciding factor, we do not need it. We need the people who did this before. Turns out growing is hard and painful -- I had no idea how many things I didn’t know. Sure, we could spend a few more years and figure it out on our own but this felt like an easier way.

Jamie Phelps:

“Doesn’t seem like a business that needs 174 employees to operate.” Let’s unpack that a little[…]

Daniel Jakut:

I’m as skeptical of VC as most people, but I think critics of @1Password’s funding round should be less sure of their predictions of doom. Some companies suffer after funding, and some companies don’t. Change is scary, but not necessarily harmful.

I agree in principle, but I would like to see a list of top-quality consumer apps developed by software companies that took lots of VC money. I don’t see any in my Dock.

Previously:

Update (2019-11-18): John Gruber:

The 1Password founders seem confident that they can expand rapidly into the enterprise world without losing the soul that has made their indie consumer app so beloved (and trusted). Most companies that have tried this, however, have failed. (Dropbox is the one that pops to mind first.)

Dave Teare (tweet):

We kept full control so we could uphold our values and ensure we’d never be forced to compromise on them. Our values are what made us successful over the last 14 years and we plan on building on them for the next 14 years and beyond. Our values really struck a chord in today’s world and I’m tickled pink that they resonated with so many people. 🙌

[…]

For the last 14 years we’ve gone from 2 to 174 people, so we’ve already been doubling every other year. For most businesses this is already “growing aggressively” but we’ve done this for 14 years already and it’s worked quite well. The thing is, even though we’re already growing fast, we need to accelerate the pace just to catch up to today’s tasks, let alone the multitude of other things that we’d like to add to our plate.

[…]

One of the things that gets me most excited is 99% of the time employees at businesses are using the exact same features in 1Password that everyone else is using. The difference in the enterprise is all the tooling that goes around these core features to provide businesses the tools they need. As we improve the user experience for individuals we automatically improve our business offering. It means that we get to continue focusing on what’s made us successful since the beginning. We can have our (gluten-free) cake and eat it, too. 🧁

See also Teare’s 2013 presentation at Çingleton.

Daniel Pasco:

I was also at this talk, which hugely tempered my reaction to the investment news.

Update (2019-11-20): Dave Teare:

Thankfully we’re gonna be fine. There are a lot of incorrect assumptions that those fears are based on and I’d love to clear them up.

Update (2019-11-25): Om Malik:

If you ask me, money won’t ruin 1Password. There are precedents for this sort of thing: Atlassian was a private, self-grown business that thrived for years before it took venture capital and then went public. The capital only helped expand its footprint. It continues to thrive.

Do people love Atlassian products the way they love 1Password?

David Heinemeier Hansson:

We once again proved that if Twitter is great for starting a beef, podcasting is so much better at digesting it. My conversation with @dteare about the $200m in VC for 1pw is going to be out on December 3rd.

Update (2019-11-27): 1Password did an Ask Me Anything.

Update (2020-01-10): Ilja A. Iwas:

Why isn’t @sourcetree 4 notarized?

Maybe don’t aspire to have it work out like Atlassian.

28 Comments RSS · Twitter


Sören Nils Kuklau

I, too, left a snarky remark on Twitter: I don't think this will help customer sat™, to use a Tim Cook-ism.

However, making consumer software work financially is hard, so I sympathize with the situation they were in. I personally would prefer a small indie shop that occasionally delivers paid upgrades, but let's be fair — that model rarely works.

(So far, I've avoided their cloud offering. In part for security concerns, and in part because the existing Wi-Fi sync stuff just seems good enough for me. Stuff like Watchtower is interesting but also kind of overkill. I don't need those upgrades. Which, again, is the the perpetual problem faced with non-subscription consumer software: there's only so many useful features you can add and potential users you can target until you run out of your revenue stream.)


Sören Nils Kuklau

(Oh, and further adding to the third-party consumer software quandary, Apple's iCloud Keychain / Safari AutoFill / etc. keeps getting better, despite also offering APIs for third parties to hook into.

One might say Apple sherlock'd 1Password. They have to differentiate by being cross-platform, premium, whatever. Everything else will already be taken up by the platform vendor.)


@Sören Yeah, it’s a hard business because on one side is Apple (and other platform vendors) and on the other you can imagine a business-focused company dumping a consumer version for free. So you could even see the enterprise push as a defensive move. And, as you say, most consumers don’t need that many features, yet they do need continued support and security vigilance.


[…] makes me really nervous that 1Password decided to take VC money after being a profitable indie company for many years. I really hope this doesn’t spell the […]


Chris Chowdhury

Introducing “Work Chat” from 1Password...


>you can imagine a business-focused company dumping a consumer version for free

LastPass's consumer version is free. It's extremely generous; there's a paid option, but the options it offers are effectively irrelevant for most people.


I use and like 1Password for the most part, but I’m actually surprised to find out that they’re such a huge company. I thought they were a small indie dev with maybe a dozen employees. Now the 1P bugs and UI problems that I put up with seem a lot less forgivable.


Slack is in my dock.


”One might say Apple sherlock'd 1Password.”

Did they though? I think LastPass, Dashlane and others are the real threat to 1P, not Apple, in this case. Not so sure there is a huge overlap between potential customers for 1P and users of Apple Keychain.

Active password management is a niche (I mean, most people still just reuse really bad password, despite all the good advises), and I think those willing to do that also use some third party software. Apple Keychain is just a way to bump up the password quality and management for those who do not wish to be bother with it. I think any descent operating system in 2019 should include som sort of password management.

”They have to differentiate by being cross-platform, premium, whatever.”

That would probably have been necessary anyway, even without Apple Keychain, if they wished to compete with LastPass et al. And they were doing just great with it, profitable since day one and really didn't need the money now either, as mentioned in Michaels quotes above. Maybe making consumer software work financially is hard, but they seemed to have worked it out.


Sören Nils Kuklau

Slack is in my dock.

Michael said “top-quality”. ;-)

Also, Slack is mostly an enterprise app, not a consumer app.

Not so sure there is a huge overlap between potential customers for 1P and users of Apple Keychain.

Almost every time iOS presents me with the choice of using 1Password or Keychain to look up credentials, I sigh a little and wonder why I need two systems at all. (A cynic might say Apple deliberately designed the UI this way; it always makes going Apple-exclusive just a tad more convenient. But Apple doesn’t really profit from that, so that seems like a stretch.)

I was fine with Keychain between 2002 (my return to the Mac) and… I wanna say 2013-ish. It then lagged behind a little, but in recent years it’s gotten a lot better again.

If I, a power user, can barely justify having 1Password, how can most people?

Active password management is a niche (I mean, most people still just reuse really bad password, despite all the good advises), and I think those willing to do that also use some third party software. Apple Keychain is just a way to bump up the password quality and management for those who do not wish to be bother with it. I think any descent operating system in 2019 should include som sort of password management.

Right!

But that’s a good thing. It’s a failing of the industry that we need to this at all. Everyone needs some level of vigilance, just like they lock their doors and bikes and all, but we’re currently asking too much of users.

And really, all that enterprise needs is Keychain but with added teams/centralization features. Enforce policies with good, auto-changing passwords (don’t just expire a password and make everyone’s life harder and paradoxically less secure; generate the new one and don’t bother the user about it). Let multiple people access the same credentials where it makes sense, like for root access to a server. Stuff like that.

Apple isn’t interested in building that sort of thing,

That would probably have been necessary anyway, even without Apple Keychain, if they wished to compete with LastPass et al. And they were doing just great with it, profitable since day one and really didn’t need the money now either, as mentioned in Michaels quotes above. Maybe making consumer software work financially is hard, but they seemed to have worked it out.

Not sure what you mean? LastPass, Dashlane and 1Password all took venture capital. Arguably, none any of them “worked it out”.


The tech industry regularly proves the adage that nothing good ever lasts.


Perhaps a problem with the current business models here is this:

Apple doesn't bear any costs when they break third party apps.

Apple have removed a public API (.safariextz Safari extensions / Safari Extensions Gallery) in Safari 13. This has broken the 1Password 6 web extension which I'm "still" using.

Should the cost of fixing this really fall on 1Password and their customers?

Radical proposal. Perhaps Apple should pay third party developers to fix the consequent breakage when Apple change their public API.

Then AgileBits could use that funding to fix up 1Password 6, I and other consumers could continue using it, and separately perhaps, AgileBits could seek VC funding to expand into the enterprise. But at the moment, this is all muddled together.


I am unhappy with their recent changes, and already actively looking for a replacement.
It's very hard to believe that they will use the investment money to make a better product for long time users.
And the way they decided to deal with Linux and older Macs is the strong indicator that once they get hold of few well paying enterprise customers regular users will only have an online-only option with expensive subscription as the only way to pay.
Basically it looks like it will be Adobe way, not the Sketch way in terms of cost structure.


”Not sure what you mean? LastPass, Dashlane and 1Password all took venture capital. Arguably, none any of them “worked it out”.”

1Password took venture capital now to compete in enterprise. But for the last 14 years the hade a consumer software product that was profitable, and they didn't need the VC money to continue with that part. That is what I mean when I said the had worked it out, the financials of consumer software.


You can’t compare Apple’s spaghetti keychain app to 1Password. It serves to be better than nothing for the masses who do not take password management seriously. 1Password’s ability to securely store, sync, and access my sensitive information has been indispensable to me for many years. 2FA is seamless. Watchtower is a nice value-add especially, when you see one of your physician’s medical portals turn up. Team access privileges, policy adherence, storing/using cloud provider keys, ssh integration just to name a few would be a welcome addition to an enterprise level app.


> Almost every time iOS presents me with the choice of using 1Password or Keychain to look up credentials, I sigh a little and wonder why I need two systems at all.

Me too, but then I remember 1P has OTP support, which makes signing it just awesome.

I've been a long time 1P user, and I found the cloud version very helpful with my Mac and iOS devices (and even Linux support). I use it at my day job too, and its nice!

I'm hopeful that the money won't hurt the consumer product, but still worried.


I didn't know the enterprise part of the business had already become so large.

Part of the investment means Accel gets a seat on the Board of Directors, which isn't unusual from what I understand. I sent Dave an email asking if he'd be willing to create a seat or two for people who would represent customers on the Board.


"Not so sure there is a huge overlap between potential customers for 1P and users of Apple Keychain."

Sadly, true. Keychain, Sys Prefs, Safari Passwords are sorely lacking in UI. Yes, Safari will show me which passwords are reused but editing them is death by a thousand cuts. Yes, Network Preferences will show me wireless networks I've joined but I can't expand the keyhole (no pun intended) window size to reorder them. Keychain has become a repository of cruft that's capable of wrecking the login of all your internet accounts (Gmail account password bug introduced in 10.14.4).

Apple's POV: don't tamper with these settings.

1Password's POV: here's an elegant, simple, and fast way to manage all of this private data.

Fingers crossed they don't Dropbox one of my favorite "indie" apps.

Stray thoughts:
Maybe 1P can use some of that 200MM to finally develop a Keychain importer (instead of relying on an extremely awesome expert user to write a script) to help onboard new users
Cannot overstate how much every... single... year... I have to deal with Apple breaking the apps I use. They truly put developers in a vicious (annual) cycle. Until Apple prioritizes supporting operability, third party developers (of every size) need revenue to sustain Apple's annual upgrade cycle (let alone adding new features).


"Not so sure there is a huge overlap between potential customers for 1P and users of Apple Keychain."

OK I'm not a dev but I like to think I'm not technology-naive but after years of convoluted ways of manually managing my passwords I gave up and plumped for Apple's Keychain (10 or so years ago) there's been very few problems (the worst being the dialogue asking you if you want to save a new password before you've actually logged in to some website - in which case you're in danger of saving a typo) but overall it's been all I need.

The main reason I would never consider a password manager is that it's a 3rd party to which you are handing over all your passwords. Years of experience taught me I could trust Apple and their data protection. It would take a lot for me to be as confident in a 3rd party. Same goes for VPNs. ¯\_(ツ)_/¯


This is a smart move for the company. Smart because I think they hit a wall doing what they were doing. I love 1Password, but I stopped with iPassword 6 for 2 reasons, cloud storage and the subscription model. I paid $20 for their iPhone app and I would do it again. I paid again for their desktop app and I would do it again($50? $60 I don't remember)! But they make buying the stand-alone (no subscription, no cloud) app so difficult that I just gave up and I continue to use the older app. Given that an investor wants to see a return on investment I assume that means more cash flow so more "services". Well no thanks, for all the security and support reasons stated above. And since we've turned this from an investment conversation to dumping on password management, I think 1Password is the absolute bomb. My issue with Keychain is, once my device is unlocked (mac or phone) you can access the passwords. 1Password has one more authorization hurdle which would keep a bad actor from accessing login credentials.


Password Wallet. Used it for years. Much less expensive and does all I need it to. https://www.selznick.com/products/passwordwallet/
I don't work for them.


I've been a 1Password customer for over a decade. I have sworn by it since the beginning. I'm on my first month of the subscription model now. I did it because you can't even edit items once the trial runs out and to buy time to find something new. Years ago they went down the cloud based storage route and rightfully backed off. Now the subscription model on top of it is just not okay anymore. Add an enterprise product without destroying what you built along the way and tossing aside loyal customers from the last decade of your growth. Not to mention the feature removals only available now in the Team products. Errr.


I'm not sure, but did they sell a minority, non-controlling interest? haha

That's a good article in the update, and allays a lot of my fears.


Sören Nils Kuklau

My issue with Keychain is, once my device is unlocked (mac or phone) you can access the passwords.

Keychain Access, Edit, Change Settings for Keychain “login”, “Lock after x minutes of inactivity”, maybe?


[…] Michael Tsaihas a great roundup of commentary regarding 1Password’s recent influx of investor capital […]


> Atlassian was a private, self-grown business that thrived for years before it took venture capital and then went public. The capital only helped expand its footprint. It continues to thrive.

Just out of curiosity, was JIRA in 2002 the massive piece of shit it is today from a UX point of view?


Blah, blah, blah. The money hires the PR firms,. The PR firms go to the outlets bankrolled by the money people. We have the new greatest slice of Wonder Bread based on something that has yet to happen. Before it happens the money cashes out. Investors, that’s us folks, get yet another tech stock that has been picked to the bones.


Hi,
Reviewing my passwords management options in recent days I still can’t convince myself (and force growing family members) to basically a lifetime subscription to manage passwords (I still hate subscriptions for software).

What are your thoughts about this since the 2019 post?

Leave a Comment