After launching and selling five startups over the past decade, Montreal entrepreneur Daniel Robichaud wants to build a big company to solve a big problem for Internet users: how to manage all of their passwords.
Mr. Robichaud’s latest startup, PasswordBox Inc., said it has raised $6-million from OMERS Ventures and several Silicon Valley investors, including Facebook eCommerce head Lee Linden.
They are betting PasswordBox can end the frustration of millions of online users, who have to keep track of a multitude of increasingly long and complex passwords across numerous devices and locations to access their banking, shopping and social media accounts while warding off sophisticated “black hats” who are out to steal their data. PasswordBox also enables users to pass on the passwords to their “digital assets” to friends or loved ones after they pass away.
“There’s no way humans can remember all their passwords,” the 37-year-old Mr. Robichaud said. “Our goal is to make people’s lives easier and simpler.
The PasswordBox app enables users to keep track of all of their passwords through one encrypted location – a “virtual safety deposit box” – which only they can access with a master password. The app works through its users’ web browsers through a customized pull-down menu and automatically logs them onto sites. It even generates passwords at the user’s request. The service is free for up to 25 passwords, and $1 a month thereafter.
The company itself never gains access to the passwords, which are encrypted to the same standard used by the U.S. government. “If the service was taken over by aliens they wouldn’t have access to your passwords,” Mr. Linden said. The application can be used on desktop computers and Android and Apple devices. It has gained more than one million active users since March.
PasswordBox is one of many password managers seeking to become a welcome alternative to outdated yellow stickie notes: Several security breaches of major websites have prompted services to force users to create longer passwords including capital letters and numbers and to change them often.
Researchers from Carnegie Mellon University and the Massachusetts Institute of Technology recently suggested the most unbreakable passwords contained multiword phrases, bad grammar and alpha-numeric typos, such as“My passw0rd is $uper str0ng!” Instead, many bewildered users choose the path of least resistance by using simple passwords and repeating them from site to site.
“The weakest link in security is always the human being,” said Michael Shaulov, CEO of Lacoon Moibile Security, a U.S.-Israeli cybersecurity firm which specializes in protecting mobile devices from hackers. “People go for the useability and then compromise the security, which essentially enables hackers.”
Sure enough, the recent security breach of Adobe’s website revealed that millions of customers used such simple passwords as “123456,” “ abc123” or “password,” prompting Facebook to force millions of its users to change their login information when they were found to use identical keys to their Adobe accounts.
“We have too many passwords; we don’t know how to generate, remember or manage them, said Urs Hengartner, a cybersecurity expert and associate computer science professor with University of Waterloo.
PasswordBox’s competition includes startups Dashlane, Last Pass and Direct Pass, but OMERS Ventures director Damian Steel said his organization chose the Montreal company because its user interface is “easy enough for your mother to use,” and its proprietary computing engine enables the app to do one-click log-ins on more than 90 per cent of websites, compared to 70 per cent for competitors.
Unlike the competition, PasswordBox‘s “one-click” access also works directly through smartphone browsers rather than through the app icon. The company is also eager to move away from passwords and toward biometric logins using fingerprinting and retina scans as the technology becomes more widely available.
David Senf, vice-president of infrastructure solutions with research firm IDC, cautioned consumers have shown little interest in paying for password managers – although Mr. Steel said he expected PasswordBox to reach 10 million users within six months.
Meanwhile, Mr. Shaulov said that PasswordBox only “solves 50 per cent of the problem,” as devices could still be exposed to “malware” accidentally downloaded from the Net, which enables hackers to detect what keystrokes users enter, exposing their master passwords.
“If you can ensure the devices themselves aren’t compromised, and [also have PasswordBox] in place, you have quite a good solution,” he said.
Chief technology officer and co-founder Marc-Antoine Ross said the company is “still at quite an early stage.
“Through different partnerships we are working on, we are confident the numbers will be significant in a very short period of time.”