[VIC – 154] Do you use the same password for every website?

Have you heard the Slack story? Stuart Butterfield and his team were working to build a gaming company. The team needed a system to easily communicate and collaborate, but one that also integrated with all the other apps and services they were using. So they built Slack to address that need. Before long, they realized the gaming company wasn’t going anywhere, but that the team loved using Slack. So they pivoted to focus solely on that. The rest is history.

Similarly, my partner Jake and I have been working together for about a year and a half to build a software company focused on knowledge sharing. The company is called Vectr, and the idea is to better facilitate the flow of information across groups of people by empowering individuals to ask important questions. But this post isn’t about Vectr.

In building the company, we’ve run into a challenge that I imagine most (if not all) startup companies face. In building software, you end up using a whole host of different products and services as part of the development process. We use AWS for compute and storage, Heroku for app development, Stripe for payments, Chase for banking, and many others. So, the question we faced was, how do we effectively keep track of and share access to all of these accounts between the two of us?

This trend & challenge is equally present with regards to personal accounts. The other day I set a timer for 60 seconds and tried to make a list of all the different apps and websites I use. I came up with 65, and that only includes the ones I use regularly!

The early solution we came up with was simple. Use the same simple password across everything (I know 😂😂 two Einsteins over here)! I’ll refrain from elaborating on why this is a terrible approach given that you, dear reader, are smarter than we are.

Realizing we were being foolish and irresponsible, Jake and I sat down one evening and came up with a short list of ways we wanted to improve the way we manage our online identity as a company.

  1. Passwords must be unique across every service we use.
  2. Passwords must be virtually impossible to guess.
  3. We will rotate passwords for core services once per quarter.
  4. We’ll never write down passwords (on paper or digitally).

From there, we started to explore the existing solutions on offer.

At the low end of the market (with regard to complexity, capability, and cost), we came across password managers like LastPass and 1Password. We tested both, and to be honest, they work well. But they don’t fully integrate and enforce the principles we described above. If you log into a website and use the word “Password” as your password, these services will offer to save it. In fact, if your password is “Password” for every site and app you use, that’s perfectly acceptable to them. We wanted to find a solution wherein behavior like this is not an option.

Further, and perhaps this is the hippie iconoclast coming out in us, we didn’t love the idea of getting in bed with one company for something so important. What happens if their website goes down (Facebook, Slack, and Amazon Web Services have all experienced 12+ hour outages during the last year during which you could not use their services)? Then, of course, you have scarier things like hacks, data leaks, or companies storing passwords in plain text and unencrypted environments (cough, Facebook, cough, Google). So, we wondered if a more decentralized approach might make sense. (no blockchain talk today, I promise 😇).

At the high-end market, you have enterprise-grade identity management solutions. And while incredibly robust, the cost and complexity make these infeasible solutions for individuals and small teams.

After a few weeks of research, we couldn’t find what felt like the right solution. We just wanted to solve this challenge and be done with it. And what do you do when you can’t find what you want? Correction, what does Jake do when he can’t find what he wants? He builds it! And like the Slack story, we’ve absolutely fallen in love. At the start, we focused only on our most critical business apps. Then we added everything else. From there, because it was so easy to use and, to us, so valuable, we each started using it personally. I now manage 56 different accounts in one easy-to-use interface.

Naturally, we then told the women in our lives about it and they too fell in love. Now they both have their own accounts and are using it daily.

So, why am I telling you all this? Well, given how much value we take from the service, we thought other people might also find it valuable. So now we’re planning to roll out a limited beta to a small number of people to test the service and provide feedback. That’s where you come in! We’re hoping a small number of you (living in NYC) will join the beta! Anyone interested?

What’s in it for you? We’re planning to host a small “launch party” at my apartment in a few weeks and would love to have you there. We will, of course, give you food, drink, and a good time! We’ll spend about 20 minutes talking about the service, then I say we just kick back and get weird!

The total number of people will cap at 10, so don’t sleep!

What do you say??

  • can i join remotely??

    • Yes! We’ll have to get a live stream going or set up a Google Hangout!

  • Kent Parmington

    Do you still have space in the beta for one more?

    • We’re at capacity for the event, but would love to hear your feedback if you’d like to try out the service. Feel free to check out idenati.com and let us know what you think.