There are many good reasons why you should use a password manager, from helping you generate and store complex and unique passwords to not having to remember any of them. But for some people, starting with a password manager for the first time can be a pain.
To address that issue, the a16z-backed company One is launching a new password manager with design-focused thinking. The startup’s password manager is an app for iOS and Mac, and a Chrome extension, to make it easy for people to manage passwords and logins.
One includes a ton of features that aim to make logging in easy: one-click login, social password recovery through trusted contacts, easy personalized password sharing, and a secure vault for storing private keys, credit card details and addresses.
Uno’s debut password manager. Image Credits: One
The Chrome extension does most of the work for you when you sign in to sites on your desktop. If you have your login saved with Uno, the company handles all one-click login processes, including 2FA codes sent to emails. You have to sign in to Gmail and give permission to read your latest email in the app, but the company says that this entire process is handled on your device and no email data is sent to its servers.
The company says the extension can identify when to fill in address fields with data and when to fill in login information.
Both the iOS and Mac apps are in beta and have basic password autofill and secure storage capabilities. The startup said it’s already working on a version of Android, but didn’t give a specific timeline for the release.
Image Credits: One
If you lose your device, the app asks you to save a private passphrase to recover your data. There is another process, albeit a bit complicated, to recover your data. You can add trusted contacts to your Uno account and for recovery they can help you by checking who you are with votes. But the catch is, they all have to be Uno users. So unless you find people who also use the app, you’re better off sticking with traditional methods, like recovering from another device or entering your private keyphrase.
The company
One is founded by Parteek Saran, who has a background in design and has worked on projects with Lady Gaga, Facebook, and Postmates. Saran also co-created an interaction design and prototyping tool called Form, which was acquired by Google in 2014. After the acquisition, he worked at the search giant for five years working on products ranging from designing hardware to software design, most notably working on Google’s Material Design approach.
The company has raised $3 million in seed funding so far led by Andreeson Horowitz with participation from Lookout founder Kevin Mahaffey and Duo security’s Dug Song.
The Uno app for iOS. Image Credits: One
Saran said the inspiration for Uno came when hackers took control of his email, financial services, social accounts and even Spotify playlists.
“After being hacked, I was improving the security of my accounts and realized that the process was technical and cumbersome. There were a lot of steps and terminology that could be difficult for non-technical people to understand,” Saran told TechCrunch. “Getting people to use a password manager on a regular basis is a behavioral issue. The way to influence that is to design a solution by looking at how humans interact with this type of software.”
The founder said that with Uno, he wants to target a broader audience of people, including users who don’t care much about password security.
Safety
While password managers add to the convenience of storing a ton of credentials, they also have a responsibility to protect that data and user privacy.
One says that it collects minimal data from users and all data stored on its servers is encrypted with the private key stored locally on users’ devices, which the company cannot access. It notes that only account email, phone number, and public key are collected.
Saran said the app does not track any personal data using analytics tools. The company’s privacy policy states that “in no event will the private content of your secure vault be transmitted to Uno in a form that Uno can decrypt.”
“We really care about people’s privacy and security. I think people are a little tired of giving away their data and they like to do all these things. So our position has been: we don’t want that. Our app requires minimal permissions to work,” Saran said.
There is also a security issue as hackers, albeit highly skilled, gained access to LastPass data, including customer password vaults. A starting point for Uno would be to limit what customer data its employees can access. The startup says it wants to prevent such incidents by maintaining a local-first, customer-first approach by storing sensitive data on the user’s device and not in its cloud. Furthermore, Uno points out that since it encrypts all customer data, including passwords, hackers can’t figure it out, even if they get hold of a person’s device.
As for convincing customers to trust its product, Uno said it has reached out to larger vendors to conduct a formal security audit of their applications.
“One has had independent security engineers audit the code and do penetration testing and have started the process of contacting larger vendors for a formal audit. They are currently in open beta, so it wasn’t started sooner.” one said. One has not said what the results of the first code audits and penetration tests were, but said he plans to publish future findings from his audits.
The company’s target audience, non-technical people, might not be asking these questions. But Uno has a duty to its power users to provide sufficient security and data by being open and transparent about password manager security practices.
