Our reliance on internet-based services is at an all-time high these days, and that’s brought a new focus on how well we are protected when we go online. Today comes some news from one of the bigger companies working in the area of password security, which points out how business is shifting for the companies providing these tools.
Emmanuel Schalit, the co-founder of popular password manager Dashlane, is stepping down as CEO of the startup. He is being replaced by JD Sherman, the former COO of HubSpot, as Dashlane makes plans to move more aggressively to court more business users.
“This is about thinking about its next leg of our scaling strategy, more B2B monetization after being strong in B2C,” Sherman said in an interview, praising his predecessor’s growth of the consumer business and noting his realization that “B2B was not his forte.”
Sherman’s career focus, in contrast, has been all about B2B. Before his eight years at HubSpot, he was the CFO of Akamai (which, as a CDN, also had security as a focus, albeit in a completely different way), and before that IBM.
Since accepting the offer, Sherman (pictured right) has been quietly working with Schalit — who will no longer hold any operational role — to get up to speed and will be taking over formally at the start of February.
Sherman is based out of Boston and will eventually commute to Dashlane’s HQ in New York (“eventually” because everyone is remote-working at the moment, with Sherman himself getting hired in a virtual process).
The changing of the guard comes at an interesting time for the startup. Dashlane now has 15 million users, up from 10 million+ in 2019. That was the same year that Dashlane announced two significant rounds of funding just six weeks apart from each other: first a $30 million round (which appeared to have some debt as part of it), then a $110 million Series D that valued the company at just over $500 million. Its backers include the likes of Sequoia, Bessemer, FirstMark, Rho Ventures and consumer credit reporting giant TransUnion.
Sherman would not talk about current valuation, nor where the company is currently standing regarding its next financial steps, except to say that it’s in a good place and to provide the smallest of hints of an IPO on the horizon.
“The Series D was a healthy round for a subscription business,” he said. “Right now, cashflow is solid and we have the funding we need for our growth, so there is no urgent plan to raise money. When we do, we’ll see if it is an IPO round” — that is, the last round before an IPO — “or not. To me, it’s all about growing the business.”
My guess: that valuation has gone up, given the boost in user numbers, the growth of its enterprise business and the huge shifts in the market in the last year that have put a spotlight on companies that are making using the internet safer. (Also, note that LogMeIn, which owns competitor LastPass, was picked up by PE firms for about $4.3 billion in a deal that completed last year.)
Dashlane was founded focused primarily on providing password management tools for consumers. These still account for the majority of its users, but the Series D funding was in part to fuel a bigger push into the business market, and to generally get on the radar of more people.
The expansion into business users was a natural move in more ways than one. First, the consumer service is designed as a freemium offering, while businesses provide a more steady and guaranteed revenue stream. Second, there is a natural progression that comes from being a happy consumer user: you might want to have the same service for your online work life, too. That remains the strategy for Sherman.
“The plan is to have two sides to the business,” he said, using the well-worn consumer-to-business analogy of a flywheel to describe how it will work: “The more who use it, more businesses will start to adopt it and get comfortable with using a password manager.”
That strategy is lately getting a major fillip, in the form of the massive boost in online activity in the past year.
Activities like taking care of all your shopping, entertainment, social and work-related needs have all moved online in the last year, pushed into the virtual sphere by the emergence and persistent presence of the easily contagious and dangerous COVID-19 virus.
Some of that shift has worked out better than many thought it would, and now, some believe that even when the pandemic does get under control, a lot of us will still be using the internet to get all of those things done on a regular basis.
But while I’ve heard a lot of industry people describe that situation as “the genie is out of the bottle”, perhaps a more fitting expression might be that Pandora’s box has been opened. That is to say, the increased online usage has created an alarmingly large opportunity for malicious hacking, security breaches and misuse of our online identities.
This consequently has a pretty direct link back to Dashlane.
Password protection is one of the most important elements of keeping yourself and your information safe online, with weak, stolen and reused passwords some of the biggest causes of security breaches both for consumers and businesses (by some estimates, you can track 80-90% of all security breaches back to password issues).
Beyond that, not least because of all the breaches we’ve now seen, the current market has become much more concerned about privacy and security (a trend manifesting in all kinds of ways), and that has bred a lot more awareness and appetite for the kinds of tools that Dashlane, and other companies that enable better online security, provide.
There will likely continue to be developments in the technology to both suss out bad actors and block them in their tracks when they do try to enter networks, and the technology sold to organizations to keep their and their customers’ information in the cloud in more secure ways will also be improved. But above and beyond all that, password managers are likely to continue to play a role in the mix.
Password managers may not always be a perfect solution — there have been a few cases of breaches over the years, and while they have not been in recent times, security researchers at the University of York in May 2020 identified vulnerabilities that could potentially be exploited — but they remain a relatively easy option for end users themselves to be more proactive in protecting their identities specifically by building a better way to guard their passwords. (Among all that, it’s also worth pointing out that Dashlane has never had a breach in its 10+ years of operations.)
And there are a number of routes to providing password management, including efforts from platform players themselves and more direct Dashlane competitors like 1Password and LastPass. Notably, some of the efforts to bridge some of that together, such as the “OpenYolo” project spearheaded by Google and Dashlane, have stalled over the years, in part because of the complexity of implementing it with other existing managers.
But even within that fragmented, competitive and (still at times) vulnerable market, Dashlane still has a lot of opportunities for growth.
“The business is strong and growing,” Sherman said. “The craziness around COVID and remote networking have raised the profile of password management and security in general. It’s a more difficult environment, but there is a tailwind there.”