There are plenty of good reasons why you should use a password manager, from help generating and storing complex and unique passwords to not having to remember any of them. But for some people, getting started with a password manager for the first time can be daunting.
To solve that problem, 16z-backed company Uno is launching a new password manager with design thinking. The startup’s password manager is an iOS and Mac app and Chrome extension to make it easier for people to deal with passwords and logins.
Uno includes plenty of features that make logging in easier: one-click login, social password recovery via trusted contacts, custom and easy password sharing, and a secure vault to store private keys, credit card information, and addresses.
Uno’s debut password manager. Image Credits: Uno
The Chrome extension does most of the work for you when you log into sites on your desktop. If you’ve saved your signup to Uno, the company handles all signup processes with one click, including 2FA codes sent to emails. You have to log into Gmail and give permission to read your latest email to the app, but the company says all of this process is handled on your device and no email data is sent to their servers.
The company says the extension can identify when to fill in address fields with data and when to fill in the credentials.
Both iOS and Mac apps are in beta and have basic secure storage and password autofill features. The startup said it’s already working on an Android version, but didn’t give a specific launch timeline.
Image Credits: Uno
If you lose your device, the app will ask you to save a private key phrase to recover your data. There is another but somewhat complicated process to recover your data. You can add trusted contacts to your Uno account and for recovery they can help you by verifying who you are with votes. But the catch is that they all have to be Uno users. So unless you find people who also use the app, you’re better off sticking with traditional methods like restoring from another device or entering your private keyphrase.
Company
Uno was founded by Parteek Saran, who has a background in design and worked on projects with Lady Gaga, Facebook and Postmates. Saran also co-created an interaction design and prototyping tool called Form, which was acquired by Google in 2014. After the acquisition, he spent five years at the search giant, working on products ranging from hardware design to software design. Google’s Material Design approach.
The company has raised $3 million in seed funding, led so far by Andreesson Horowitz with the participation of Lookout founder Kevin Mahaffey and Duo security’s Dug Song.
Uno’s app for iOS. Image Credits: Uno
Saran said the inspiration for Uno came when hackers took control of his email, financial services, social accounts and even Spotify playlists.
“After being hacked, I was upgrading my account security and realized the process was technical and cumbersome. There were many steps and terminology that could be difficult for non-technical people to understand,” Saran told AapkaDost. “Getting people to use a password manager on a regular basis is a behavioral problem. The way to influence that is to design a solution by looking at how people interact with this kind of software.”
The founder said he wants to target a wider audience with Uno, including users who don’t care much about password security.
Security
While password managers increase convenience by storing a bunch of credentials, they also have a responsibility to protect that data and the user’s privacy.
Uno says it collects minimal data from users and all data stored on its servers is encrypted with the private key stored locally on users’ devices, which the company cannot access. It notes that only the email, phone number, and public key of the account are collected.
Saran said the app does not track any personal data using analytics tools. The company’s privacy policy states that “under no circumstances will the private contents of your secure vault ever be sent to Uno in a form that Uno can decipher.”
“We really care about people’s privacy and safety. I think people are a bit tired of giving their data away and enjoy doing all these things. So our position was: we don’t want that. Our app requires the bare minimum of permissions to work,” Saran said.
There’s also the issue of security, as hackers – albeit highly skilled ones – have gained access to LastPass’s data, including customers’ password vaults. A starting point for Uno would be to limit what customer data its employees can access. The startup says it wants to prevent these kinds of incidents by taking a local-first and client-first approach by storing sensitive data on the user’s device and not in the cloud. Uno also notes that since it encrypts all customer data, including passwords, hackers can’t make sense of it, even if they get their hands on a person’s device.
As for convincing customers to trust its product, Uno said it has reached out to larger vendors to conduct a formal security audit of its apps.
“Uno has had independent security engineers review the code and perform penetration tests and has begun the process of contacting major vendors for a formal audit. They are currently in open beta, which is why this has not started sooner. said Uno. Uno didn’t say what the results of early code audits and penetration testing were, but said it plans to publish future findings from its audits.
The company’s target audience – non-technical people – may not be asking these questions. But Uno has a duty to its advanced users to provide adequate assurance and data by being open and transparent about the password manager’s security practices.