TL;DR: 1Password turned their bootstrapped consumer tool into the “Dropbox for secrets”, making ~$200M per year. Now, on the brink of passwordless authentication becoming the default, they’re planning their next act as a workflow company. For more, check out our coverage of 1Password and our full model and dataset on 1Password and the password management market.
Check out our weekly email for more insights like this into private companies.
Something went wrong...
- Founded in Canada, 1Password went from $60M ARR in 2019 to $150M by the end of 2021—they’re expected to surpass $200M ARR by the end of 2022, growing 33% YoY. 1Password started out as a Mac app that was sold on a perpetual license model, but shifted to a SaaS model around 2017, charging $2.99 per month for individuals.
- 1Password found product-market fit doing for secrets (passwords, credit cards, etc) what Dropbox did for files—making it easy to quickly create, store, and share them with your friends, family, and colleagues. Browser plug-ins for Chrome and Safari automatically pull up the right password for the app you’re using, and generate new unique passwords (and store them) on your first visit.
- 1Password’s early growth and stickiness was driven by the proliferation of SaaS apps increasing the number of logins to maintain and an increased number of high-profile password breaches. The standard practice went from having “1 password for everything” to having an arbitrary number of passwords for all the apps/services you use, none of which you actually know and which you rely on a password manager to remember for you.
- As single-player password storage became commoditized—see LastPass ($200M revenue in 2021), Dashlane ($500M), and Bitwarden (raised $100M)—the fight became about integrating your passwords into different kinds of workflows and making sharing as easy as possible. Creating a new password every time you visit a new site is inconvenient and reduces usage compared to apps that can automatically ingest new secrets and deploy them when appropriate.
- In the consumer/prosumer workflow, 1Password faces growing competition from Google—and Chrome’s in-built password manager—and Apple, which offer unique password generation and management that works across Safari, iOS and Mac via iCloud Keychain. Chrome and Safari’s in-built password managers make their browsers stickier and reduce their users’ need for external password managers like 1Password.
- 1Password moved from single-seat subscription SaaS to multi-seat SaaS with wall-to-wall seat expansion by making it frictionless for teams to both auto-create/fill passwords and populate shared vaults of all their critical logins. As 1Password became the default vault for team secrets, it became necessary to get the whole organization a seat—between 2017 and 2019, 1Password would 3x expand their total amount of B2B revenue and grow ARR from ~$20M to $60M. (link)
- In a B2B context, 1Password is surrounded by companies that are both “frenemies” and integration partners: in HR, 1Password is going up against platforms like Rippling ($11.25B) that bundle password/secret manager into their onboarding, SSO, and app/device management workflow software. These platforms allow teams to keep track of their “employee secrets”—drivers licenses, SSNs, etc.—as well as automatically provision access for new employees to their business apps.
- In finance, you have companies like Ramp ($8.1B), Brex ($12.3B), Teampay (raised $68M) and Mercury ($1.6B) that layer workflow on top of corporate cards/bank accounts, combining card sharing with features for expense management and usage provisioning. You can put a credit card number into 1Password for your team to use, but you lose the audit trail that you get for free using a tool like Ramp. (link)
- For example, in 2021 1Password launched Secrets Automation to compete with Vault by HashiCorp ($5B) on secret delivery at runtime ($21B TAM), helping teams pull 1Password values out of their vaults and into their cloud infrastructure. Additionally, integrations with Splunk and Elastic allow security and IT teams to send 1Password events into their other systems to get better visibility over how employees are using different software systems.
- 1Password’s opportunity is to “colonize” the HR, IT, finance and engineering departments with workflow products they can mark up from $8 per seat to the $40 per seat of a DocuSign. From SSO and 2FA to secret delivery at runtime, 1Password can make itself much harder to tear out—and charge far more—by expanding into these kinds of specific, enterprise use cases.
- Today, 1Password’s biggest existential risk is the inevitable future of passwordless authentication, most prominently via Touch/Face ID on iPhones—passwords themselves could become obsolete like files did for Dropbox. With more than 1.2B iPhone users around the world and millions of Android phones with biometric capabilities, passwordless authentication is quickly becoming a standard.
- Startups like Transmit Security ($2.2B), Stytch ($1B), Magic (raised $31M) and Veridium (raised $16M) are helping e.g. ecommerce brands increase conversion by replacing password-based accounts with passwordless login. These companies take a developer-first approach to making it easy for companies to implement non-password methods of account creation, authentication, and login like magic links, OTPs, or biometrics.
- By focusing on seamless logins and leveraging their integrations into HR/finance/engineering workflows, and abstracting away the specific authentication method e.g. passwords, 1Password is positioned to be the critical identity infrastructure of the enterprise. A key differentiator of 1Password’s passwordless product (launching in 2023) is that logins are still sharable and linked to individual identities for HR observability, device management, and access provisioning.
- Hari Raghavan, CEO of AbstractOps, on the composable enterprise
- Andrew Hoag, CEO of Teampay on building expense management for the enterprise
- Bo Jiang, co-founder and CEO of Lithic, on the key primitives in card issuing
- Karim Atiyeh, co-founder and CTO of Ramp, on the future of the card issuing market