Dashlane, Google launch ‘OpenYOLO,’ an API-based password project for Android apps

Password management is one of the key defenses — or key weaknesses — when it comes to protecting your data and identity online, and today Dashlane — the digital wallet and password manager startup — announced that it has teamed up with Google to develop another route to trying to fix that. The two have unveiled OpenYOLO — not this YOLO, but short for “you only login once” — an open-source API project for app developers to access passwords stored in password managers, whichever one you happen to use.

OpenYOLO will first target apps built for Android, but the hope is to include other platforms over time, “universal implementation by various apps and password managers across all platforms and operating systems,” Dashlane said in a separate release. From what we understand, Google will be announcing its own involvement on its developer blog soon (but not at the time of our posting; we’ll update when we see the post).

It also noted that while Google and Dashlane are the founding contributors, it will also be working with other “leading password managers” on OpenYOLO, although it did not specify which ones.

Asked about this, a Dashlane spokesperson tells us that “The leading password managers are either already participating or have expressed strong interest: 1Password, LastPass, and Keeper, and Keepass. There will be many other partners, as the project is meant to be open, as soon as the technical documentation and code is made public.” It is for that reason that there isn’t even a dedicated web site yet for OpenYOLO, he added.

OpenYOLO speaks to a wider trend in the industry for more centralized password protection, particularly in light of the fact that so many breaches have been traced back to passwords being hacked. The move comes a day after another password manager startup, 1Password, announced a new subscription pricing tier and other upgrades to its services.

And there are others that have also tried to tackle this problem, including Google itself, which last year launched a password manager service called Smart Lock, also for signing into Android apps, and has also said that it is working to launch by the end of this year a password-free authenticator — currently named Project Abacus — that instead uses things like biometrics to identify you.

Smart Lock will integrate with OpenYOLO, Dashlane says, and make it easier for apps to tap whichever password manager you use.

“OpenYolo is not meant to replace Smart Lock,” Stanojko Markovikjm, Android Engineering Lead at Dashlane, said in an email to me. “Rather it complements it by providing a mechanism to query other password providers installed on the device.”

In an example he provided to me, take Smart Lock today on an app like Slack. “When a user reaches the login screen it would directly query Smart Lock for a credential. If the user is using an alternative password manager, they will have to enter the credentials manually,” he said. “With the Open YOLO API, the user will still see the Smartlock credential as before, but the app would be able to query other sources of credentials, such as Dashlane, another password manager, or even another browser, if it contains a credential for the app.”

The main idea with the API is to expose the password solution chosen by the end-user and its content to applications, which actually use the data stored, he added, “to make the password manager more proactive, and more transparent, which means it will be seamlessly available when you needed it, every time you need it.”

It’s also notable that the Google software engineer who worked on Smart Lock has also been involved with OpenYOLO.

“Google is excited to support the launch of this project with Dashlane and help create a new open standard for app authentication,” said Google’s Iain McGinniss in a statement. “This project is part of our longstanding support of open technology standards that provide great, secure user experience to end users.”

For Dashlane, this is also a progression on how the company — which originally started with a focus on password and digital wallet management for desktop — has been turning increasingly to figure out its position in the world of mobile apps.

“This is an important initiative for our industry and for the state of user security,” said Emmanuel Schalit, CEO of Dashlane, in a statement. “Collectively, we are committed to increasing user security and believe that the best way to do this is to champion open source security projects–which Dashlane has done earlier this year by becoming the first password manager to adopt the FIDO Alliance’s Universal Second Factor (U2F) authentication standard. We look forward to expanding this collaborative project that will benefit the entire security industry.”

Originally founded in Paris and now headquartered in New York, Dashlane has raised just over $50 million in funding.