Kyle Spearrin had never developed a mobile app or browser extension when he started building Bitwarden as a fun side project in 2015.
Nearly nine years later, Spearrin’s humble attempt at a free, open-source password manager has become one of the most popular ways to keep online accounts secure. Wirecutter, PCWorld, PCMag, and others say it’s the best free password manager, and CNet even calls it the best password manager overall. Bitwarden says it now has 8.5 million users, and it uses that audience to grow its enterprise subscription business. Bitwarden’s business side has tens of thousands of customers and helped fuel nearly 100% revenue growth last year, and the company now has roughly 200 employees.
“We really value that everyone should have access to a full-featured password management tool,” Spearrin says.
There’s just one problem: Getting a full-featured password manager no longer requires a third-party app such as Bitwarden. Apple, Google, and Microsoft have all piled more robust password management features into their web browsers and operating systems, and they’re also pushing passwordless systems that streamlines the traditional login process. Third-party password managers were indispensable for security, but one can imagine a future in which most folks find them redundant.
Still, Bitwarden has a few ideas on how to stay relevant, including a plan to move beyond just passwords, and into protecting all kinds of secrets.
“We’ve separated our need to survive and be healthy as a business organization from convincing people to use Bitwarden versus the Chrome password manager,” Spearrin says.
Origin story
Spearrin wasn’t thinking about tech giants at the outset. Instead, he was responding to backlash against LastPass, another popular password manager that at the time had its own robust free tier.
LastPass had just been acquired by LogMeIn, which had recently killed off a free version of its remote desktop software despite past promises not to do so. Users on Reddit and HackerNews feared a similar trajectory for LastPass and began recommending alternatives, such as KeePass and 1Password.
Spearrin, himself a LastPass user, recalls being unsatisfied with the options. He liked the idea of KeePass as a free, open-source solution, but found it less intuitive than LastPass and paid password managers. Soon his nights and weekends were consumed with building his own open-source alternative, as he figured it would at least help him learn about developing mobile apps and browser extensions.
“That’s what got the juices flowing a little bit, because I thought I could build a better version of what LastPass had,” he says.
By September 2016, Spearrin was ready to launch a crude version of Bitwarden, a name he chose partly because a .com website was available, and partly because it didn’t have the words “pass” or “password” in it. (Even back then, he hoped it might grow into something bigger.)
Spearrin announced Bitwarden in some Reddit communities that he thought would appreciate the open-sourcing and would jump at the chance to scrutinize or improve upon his code. Within a couple of months the app had 10,000 users.
At the time, Spearrin still had a day job doing back-end development at iMobile3, a mobile services company. After his first attempt to make money from Bitwarden failed—with a Kickstarter campaign for paid plans that didn’t meet its goals—he decided to take a risk: He would quit his day job and put all of his time into Bitwarden, allowing him to build out features that businesses might pay for. The first of those features arrived in mid-2017—including priority support and extra two-factor authentication options—and from then on Bitwarden’s business model was set. (Bitwarden declined to give revenue figures.)
“That’s when i really knew I had something,” Spearrin says. “I started getting phone calls from huge, big-name customers, and started doing phone calls with large fortune 500 companies.”
Spearrin still credits LastPass for several of Bitwarden’s subsequent growth spurts. A few years ago, LastPass stopped letting free users sync their passwords across computers and mobile devices—exactly the kind of restriction users feared after the LogMeIn acquisition—and in late 2022, it suffered a significant security breach that put users’ entire vaults at risk.
Elizabeth Bassler, a LastPass spokesperson, notes that it’s been the top-rated password manager on the software marketplace G2 for the past four quarters, and that it’s used at 100,000 businesses and has millions of customers. “Since 2008, LastPass has made logins easier, more secure, and accessible across virtually any device,” she says. (LogMeIn spun off LastPass as an independent company in 2021.)
Still, Spearrin says Bitwarden probably wouldn’t have been as successful without what he calls “LastPass refugees.”
“I can name a lot of episodes where, if you look at Bitwarden’s user growth on a line chart, you can probably pinpoint several of those episodes as being peaks,” he says.
Outside help
For the first few years, Spearrin was running Bitwarden almost entirely by himself. He’d hired a couple of customer support employees, but was still answering customer emails, responding to Reddit posts, and posting in Bitwarden’s forums on a regular basis. He had grown the company to more than one million users and 3,000 business customers, but was getting overwhelmed by the business side. While he’d previously written off venture capitalists looking to invest, he realized he could use the connections.
“I didn’t want them to just give me some money, because I didn’t really need it,” he says. “But I needed some help in the leadership department.”
He met with Headline Ventures (then BV Capital), which led Bitwarden’s Series A round for an undisclosed amount, and the firm introduced Spearrin to Michael Crandell, who was previously cofounder and CEO of cloud computing management company Rightscale. Crandell became Bitwarden’s CEO, while Spearrin became CTO, and the funding allowed Bitwarden to add more security certifications, audits, and other enterprise features.
“It was a small round, but we got a start and began to hire people, and really doubled down on the focus of the company being both business and consumer,” Crandell says. (Bitwarden now employs roughly 200 people.)
Catering to businesses without abandoning individual users is always a tricky balancing act, but Crandell says Bitwarden catering to the latter group helps grow the former. It’s continued to add consumer-friendly features such as emergency vault access for trusted family members, and last year the company hired a director of product design, who will lead a redesign of Bitwarden’s apps and browser extensions. Meanwhile, anyone who gets Bitwarden from their employer automatically gets free family licenses, which persist even after they’ve left the company.
“We realized from the start that thinking of business or consumer was a false dichotomy, Crandell says. “It makes no sense to protect yourself at home, but not at work, or vice versa, and business users expect ease-of-use and all of that. So really we realized it’s a virtuous circle between the business and consumer user.”
The big tech threat
There’s just one potential problem with Bitwarden’s approach: Third-party software is no longer necessary to get first-rate password management.
A few years ago, you could point to a bunch of important features that still required a proper password manager, like generating secure passwords automatically, managing two-factor authentication codes, creating secure notes, and sharing passwords with family members. Apple, Google, and Microsoft have been adding those features to their password managers for free.
They’re are also trying to kill the password outright. With an industry initiative called passkeys, you can log into a growing number of websites using only your device’s biometrics—face or fingerprint recognition—to prove your identity. While Bitwarden and other password managers are supporting passkeys as well, big tech platforms have made it extremely easy to create passkeys without getting a third-party password manager involved. What’s the role of a password manager in an increasingly passwordless world?
Gaidar Magdanurov, the president of cybersecurity firm Acronis, argues that some contingent of users will always prefer third-party alternatives, either because they want to work across platforms or because they don’t want to trust their full digital lives to a single company.
“If you are locked in with one vendor, you have a risk of being locked out of your account,” Magdanurov says. “Something can happen. Somebody can hack your account. Or their automated tools that block your account for violations can be triggered for some reason.”
Dedicated password managers may also do a better job integrating with third-party apps and tools. On the business side, for instance, Bitwarden ties into Splunk for event monitoring, and it lets consumers choose from an array of masked email services, which prevent their actual email addresses from being harvested by marketers or leaked in a security breach.
“You have to have multiple tools integrated,” Magdanurov says. “They have to be talking to each other, and that’s the only way for you to discover and prevent different threats.”
Crandell also argues that tech platforms’ password managers don’t offer enterprise-level features, like being able to share across an entire organization and view records of where or when employees accessed their logins.
“There’s really a huge difference between those basic platform-based solutions and Bitwarden,” he says.
Beyond the password
Even if all that holds true, the convenience of built-in password managers could lead to a narrower business funnel for Bitwarden. Perhaps that’s why Bitwarden is looking beyond passwords and passkeys and into broader protection of sensitive info.
One example is Bitwarden’s Secrets Manager, which helps developers store and manage things like API keys. It’s a bit like managing passwords, but with more ways to control access and integrate with developers’ workflows. René Bonvanie, an executive in residence at Battery Ventures (which owns 20% of Bitwarden), says that’s an early example of how Bitwarden may protect other things that are private in nature.
“I know there are at least a handful of ideas for things that we can do that have to do with confidentiality that are not the management of keys, or secrets, or passwords,” Bonvanie says.
The company is also placing a bet on being a behind-the-scenes player in keeping websites secure. Last year, the company acquired Passwordless.dev, which helps web and app developers integrate passwordless logins.
These types of features explain why Bitwarden raised $100 million in late 2022, both from Battery Ventures and PSG It’s the kind of news that makes Bitwarden’s grassroots Reddit and Hacker News fans a bit wary, but Spearrin says it mostly just provides insurance for some of those other bets.
“To this day, Bitwarden is a healthy business, and the money that we’ve raised has just given us the cushion to take chances and invest in new opportunities and growth,” he says.
None of
Chcete-li přidat komentář, přihlaste se
Ostatní příspěvky v této skupině
They appear like ghosts in the night, standing outside your house, one holding up an antenna while the other crouches next to the car parked on the driveway. Within seconds, your car is gone, yet
Generative AI (general artificial intelligence) has been the trendiest term in software for two years. Now it’s about to make its way to the consumer hardware market, too. By the la
This story originally appeared in The Technology Letter and is republished here with permission.
When an analyst leav
Perplexity CEO Aravind Srinivas doesn’t mince words when it comes to Google.
At the Exceptional Women Alliance (EWA), we enable high level women to mentor each other to enable each leader to achieve personal and professional happiness through sisterhood. As the nonprofit o
America’s newest military branch still has some maturing to do to earn the respect and support of the public and the nation’s adversaries, according to analysts.
The Center for a New Ame
