Growth Rate (y/y)
Revenue at 1Password grew from $60M ARR at the end of 2019 to $150M at the end of 2021, with paying business customers going from 50,000 to 95,000 over that same period. As of November, we estimate that 1Password is on track to hit $200M in 2022.
1Password is notable for being bootstrapped through its first 14 years, taking its first venture capital from Accel only in 2019—most of which went to enable founders and early employees to sell secondary.
They followed up that first round of VC with a $100M Series B in July 2021—led by Accel with participation from Sound Ventures and Skip Capital—and a larger $620M Series C via Iconiq, Tiger Global, and Lightspeed Ventures in 2022.
That last round valued 1Password at $6.8B, for about a 45x multiple on their ~$150M in ARR at the end of 2021.
1Password is a subscription SaaS company that has both a B2C product (for individuals and families) and a B2B product for teams. 1Password’s B2B and enterprise products charge monthly based on the number of users that a company has reading and writing to their corporate “vault”.
For individuals, 1Password costs $2.99 per month, billed annually—for families, it’s $4.99 per month for up to 5 family members.
1Password switched to a subscription-only model around 2018 after years of giving personal users the option to purchase a software license that allowed them to use their current iteration of 1Password indefinitely.
1Password’s business tier, launched in 2018, includes features like:
- Permissions: Admins can set fine-grained per-employee permissions for access
- Custom groups: Specific teams and departments can have access to specific passwords
- Device restrictions: Employees’ access to vaults can be limited based on where they are
For businesses, 1Password costs a flat $19.95 per month for up to 10 employees—for businesses with more than 10 employees, they charge $7.99 per user per month.
The core idea of 1Password is to make it easier to protect and share secrets—passwords for different websites and SaaS apps, credit card numbers, and other types of information—with members of your family and co-workers.
The first version of 1Password was a Mac app that launched May 19th, 2006 and was available for purchase for $40 per copy. Subsequent iterations of the software would add features like mobile support, so 1Password could transfer login information stored in-app into your iPhone or iPad, and convert 1Password from a license model to a subscription one.
On the business side, 1Password launched a dedicated enterprise tier in 2018 and hit 50,000 paying business customers by 2019.
1Password found product-market fit in businesses with both the proliferation of B2B SaaS cloud applications and the rise of hybrid/remote work, both of which necessitated ways for teammates to share login information with one another for the tools they use for work every day.
1Password competes directly with other password management systems that serve both businesses and consumers like LastPass, Dashlane and Bitwarden.
LastPass made $200M in 2021 and has roughly 30M users and has a similar business focus to 1Password. Dashlane, whose team is roughly half the size of 1Password’s, and Bitwarden similarly have both paid personal and business plans, but also offer a freemium tier for consumers that only allows for storing passwords on one personal device.
1Password also competes with companies like Apple and Google that bundle free password management services (iCloud Keychain and Google Password Manager respectively) into their OSes and web browsers.
Both offer password management services that allow users to generate new safe passwords and check their passwords for compromise (via integration with services that can determine whether a specific password has been identified in an existing data breach), though Apple’s is limited to Mac and iOS devices and Google’s functions only in their web browser, Chrome.
Across the password management space, what we’re seeing is the commoditization of the “solo” password vault experience as value shifts towards tools that can facilitate the “multi-player” experience of being able to share and collaborate over secrets as a team.
That’s putting 1Password indirectly into competition with companies like Brex and Ramp that handle “finance” secrets, Rippling and Okta that handle “HR/IT” secrets, and HashiCorp which handles “developer” secrets.
We’re still in the early days of the rise of cloud-based identity products: in 2021, spend on B2B identity management revenue saw a “flippening” as SaaS products (54%) eclipsed on-premise (46%) spending for the first-time, paralleling Salesforce’s flippening from on-premises cloud CRM spend to SaaS CRM spend circa 2015.
Salesforce’s revenue went from $1.3B per year in 2010 to $26.4B per year in 2022 post-flippening.
Today, 1Password is using part of its $920M raised over the last 3 years to expand horizontally and take on both Okta ($8B) on identity and HashiCorp ($5B) on secrets delivery at runtime.
Secrets delivery at runtime
Engineering teams are one of the places in the organization where the proper management and delivery of secrets is most powerful.
From passwords to services to SSH keys and infrastructure secrets, software teams deal with many types of secrets that can lead to catastrophic issues if leaked—but where friction can slow teams down significantly.
In 2021, 1Password launched Secrets Automation to compete with Vault by HashiCorp ($5B) on secret delivery at runtime ($21B TAM), helping teams pull 1Password values out of their vaults and into their cloud infrastructure.
Additionally, integrations with Splunk and Elastic allow security and IT teams to send 1Password events into their other systems to get better visibility over how employees are using different software systems.
With their new “Universal Sign On” product, 1Password is leveraging its install base of 15M+ users to go after Okta ($8B) with their own SSO-like product that aggregates other SSO providers and differentiates by supporting the long-tail of SaaS apps vs. Okta which is limited to its ~7,500 integration partners.
Where Okta’s key value proposition is that it simplifies and secures enterprise login by allowing employees to remember one set of credentials to sign into all apps supported by Okta, 1Password serves the long tail by aggregating users’ authentication across all of the apps they use.
In this first version of Universal Sign On, 1Password can be used to ‘remember’ what form of social or SSO login you’ve used to create an account with a website—in the future, this could be a stepping stone to 1Password itself owning the authentication, aggregating companies like Okta and making your choice of SSO provider arbitrary compared to your usage of 1Password.
The rise of passwordless authentication
Companies like Transmit Security ($2.2B), Stytch ($1B), Magic (raised $31M) and Veridium (raised $16M) help e.g. ecommerce companies get higher rates of conversion at checkout by replacing passwords with things like biometrics, authentication keys, social login, and one-time passcodes.
These companies tend to take a developer-first approach to making it easy for companies to implement non-password methods of account creation, authentication, and login.
Disruption from the browser
1Password found its initial traction and its first ten years or so of revenue in the personal/family use market: people needing somewhere to store the growing list of passwords for different apps and services they needed to take care of.
There, they now face growing competition from Google—via Chrome’s in-built password manager—and Apple, which offers unique password generation and management that works across Safari, iOS and Mac.
Chrome and Safari, like 1Password, now offer to generate unique, strong passwords for their users when they land on new sites and go to create accounts. They can also auto-fill these passwords across different devices as with Apple’s cross-platform Keychain UI.
These password managers, built into Apple and Google’s OSes, make their browsers and ecosystems stickier—and reduce their users’ need for external password managers like 1Password.
This report is for information purposes only and is not to be used or considered as an offer or the solicitation of an offer to sell or to buy or subscribe for securities or other financial instruments. Nothing in this report constitutes investment, legal, accounting or tax advice or a representation that any investment or strategy is suitable or appropriate to your individual circumstances or otherwise constitutes a personal trade recommendation to you.
Information and opinions presented in the sections of the report were obtained or derived from sources Sacra believes are reliable, but Sacra makes no representation as to their accuracy or completeness. Past performance should not be taken as an indication or guarantee of future performance, and no representation or warranty, express or implied, is made regarding future performance. Information, opinions and estimates contained in this report reflect a determination at its original date of publication by Sacra and are subject to change without notice.
Sacra accepts no liability for loss arising from the use of the material presented in this report, except that this exclusion of liability does not apply to the extent that liability arises under specific statutes or regulations applicable to Sacra. Sacra may have issued, and may in the future issue, other reports that are inconsistent with, and reach different conclusions from, the information presented in this report. Those reports reflect different assumptions, views and analytical methods of the analysts who prepared them and Sacra is under no obligation to ensure that such other reports are brought to the attention of any recipient of this report.
All rights reserved. All material presented in this report, unless specifically indicated otherwise is under copyright to Sacra. Sacra reserves any and all intellectual property rights in the report. All trademarks, service marks and logos used in this report are trademarks or service marks or registered trademarks or service marks of Sacra. Any modification, copying, displaying, distributing, transmitting, publishing, licensing, creating derivative works from, or selling any report is strictly prohibited. None of the material, nor its content, nor any copy of it, may be altered in any way, transmitted to, copied or distributed to any other party, without the prior express written permission of Sacra. Any unauthorized duplication, redistribution or disclosure of this report will result in prosecution.