PasswordBox, a password manager startup that lets users generate, store and protect multiple strong passwords to skip the need to memorise them, has closed a $6 million Series A round, led by Omers Ventures.
The round also includes strategic Silicon Valley angel investors Mark Britto, CEO of m-payments company BOKU; Lee Linden, Head of Facebook eCommerce; Greg Wolfond, Chairman of biometric company, SecureKey Technologies, and others.
As well as password manager features you’d expect, such as auto logins and a secure password generator so users don’t have to come up with their own seriously strong passwords and/or remember that brutal 26-character string, PasswordBox has some less typical features. Namely: the ability to manage your digital legacy.
“That’s really unique to us,” says co-founder and CEO, Dan Robichaud, when asked how PasswordBox compares to the competition. “If you want to transfer your digital life to someone you like or someone you trust [after your death]… you actually need to manage the digital life assets on a day to day basis, to transfer accurate data.”
PasswordBox’s legacy feature sidesteps the hassle of needing to manually make sure that the data you’re bequeathing to loved ones or business partners is kept up to date. Users can nominate someone to receive access to their content after their death, with no digital keys released until a death certificate has been verified.
Robichaud also flags up the underlying machine learning technology powering PasswordBox as a differentiating features — being as it gives the system a high degree of compatibility with sign in/log in forms that users will encounter in the wild. He claims PasswordBox works with 92% of websites vs the competition working on 72% of the websites (his stats, both), with the machine learning tech specifically helping PasswordBox detect the log in form and fill in the right info at the right time.
“We’re not perfect yet but we’re more accurate than any other competitor,” he adds.
Other differentiating features he flags up include a launch page so you can add a PasswordBox plug-in to the sites you visit, and end-to-end encryption sharing so users can securely share passwords with others if they choose. “Even if we receive a subpoena or anything we don’t hold the encryption and decryption key,” he notes.
Passwords have never been perfect but their shortcomings are now being exploited to such an extent that their days as primary digital gatekeepers are surely drawing to a close. With its knack for timing, Apple provided a biometric alternative to the passcode feature on its latest flagship iPhone, the iPhone 5s. Biometrics aren’t 100% secure either but the attacks required to spoof them are different, resetting — to some degree — the arms race between hacker and device user.
The rise of biometrics as a replacement for passwords may sound like the death knell for password managers such as PasswordBox but Robichaud argues au contraire. Biometrics are something it’s factoring into its business plan, with a biometric-related product launch on the cards. He won’t detail exactly what it has in the works but does say it’s working on integrating PasswordBox with biometric systems.
His thesis here is that while biometrics will replace a user’s master password, i.e. the one used to protect access to all the other passwords, they are not going to replace every password in the short term – such as those still used for registering with websites. So the persistence of these relatively insecure passwords gives PasswordBox an ongoing ‘bridging’ role to play in the security space.
“The biometric will probably raise as a technology in the next year — people will start to use more and more biometrics… And it’s good that you have biometric but you still have the website that uses username and password so PasswordBox wants to be bridge between biometric and those sites who still use usernames and passwords,” he says.
What we see is the biometric will replace what we call the master password… it’s going to take years for websites to integrate with biometrics
Apple’s Touch ID is clearly acting as a catalyst here. Standards that Apple adopts tend to become industry standards so there’s little doubt fingerprint sensors will become more widespread on mobile devices, at least, as rivals follow the iPhone 5s’ lead.
“We have some discussions with Apple and we’re probably going to do something with Touch ID,” says Robichaud. “What we see is the biometric will replace what we call the master password. Because everything that you have in your PasswordBox is encrypted and decrypted by a master password that only you know, and we don’t have. And what we want to do is to use a biometric — so let’s say Touch ID… then it opens PasswordBox, then you can log in everywhere.
“As long as you put your Touch ID on your phone, [PasswordBox] is going to log you in without you having to type username or password. We’re actually thinking the biometric wave that is coming is a good thing for us.”
“The big vision is to be the biometric link between the old password world and the new biometric world. At the end of the day it’s going to take years for websites to integrate with biometrics, and Google will not integrate with Facebook and Apple will not so there is a need for a neutral party that authenticates,” he adds. “We think we have a chance there.”
For this reason Robichaud says PasswordBox views the likes of Google and Facebook Connect as its main competitors, rather than rival password manager offerings such as Lastpass.
“They don’t have the same goal. We’re really focusing with machine learning on making sure once you put your fingerprint biometric we’re going to be able to log you in everywhere,” he says. “The password manager component is a big part of it but we see the competition much more as Google, maybe Twitter with Twitter Connect, and different companies like that where they want to make it simple for people to log in.”
PasswordBox currently uses a Dropbox-style freemium model, with its service being free for up to 25 passwords and then users can either pay $1 per month or invite friends to use it to get unlimited passwords. The model is clearly helping it to ramp up its user base. PasswordBox passed the one million registered user mark in September, after about three months of being live.
It’s not breaking out how many are paying customers at this early point. Its registered users metric refers to people who store at least one password and have used it in the last 30 days.
“We were self-financed [to the tune of around $2 million before this Series A, which includes some money from private investors]… and now we have the metrics to prove that we can grow this business and be a really big business,” says Robichaud, who had a successful exit previously, selling his last company for circa $60 million — giving him enough of his own money to plough on with his next venture.
“We decided to raise capital because there are a lot of people who try to solve the password problem and we think we need to accelerate growth and scale the team,” he adds. “We’re now more than 30 people — we were 15 or 20 two months ago. We just move our office, we hire people in the Valley… It’s basically for scaling the business. Once you have good metrics, and a product that people love you need to put some money to scale the business.”
Specifically, PasswordBox is scaling its machine learning team, and putting a lot of “energy” into biometrics. “We’re integrating biometrics to our core and we have something that we don’t want to talk about today that we patented and we’re going to announce at CES in January,” he adds.
Its priorities going forward include signing more distribution partnerships, such as with antivirus companies, to help spread the word about the product, as well as improving the product and integrating with biometrics, says Robichaud.
Looking at PasswordBox’s roster of strategic investors there’s plenty of payments/ecommerce folk putting money in — doubtless because of the potential to accelerate digital payments via a “one-click check-out” process that doesn’t have to comprise the user’s security. “We chose our strategic angels because they’re providing value, more than because they’re putting money in the business,” adds Robichaud.
Omers Ventures was selected because of their long term focus, he adds. “They are an evergreen fund, so they don’t have an end date like the other funds. With the legacy [feature] and everything we expect to be there for a long time so we don’t want to be with VCs who have five or 10 year return goal and after eight years they want to get out.”
Commenting on the funding round in a statement, Damien Steel, Director at Omers Ventures, said: “PasswordBox clearly fits our investment strategy, which involves partnering with companies with significant growth potential and market opportunities. People have too many passwords to remember. Using more complex passwords just compounds the issue, while more simple or repetitive passwords can be vulnerable to security issues. PasswordBox fills an important need, providing a secure, easy-to-use solution users can access from any location, on any device.”