Using secure, complicated passwords is incredibly inconvenient, as the most secure passwords are the ones you can’t remember. As high-profile security breaches become commonplace, many people are looking for solutions to securely manage their passwords, such as LastPass.
LastPass was born from such a need, as Joe Siegrist and his co-founders needed a way to manage their own passwords out of necessity. They set out to create a platform for managing randomly generated, secure passwords, regardless of when and where you need to log in to your sites. The service has evolved over the years, becoming available on as many platforms as they LastPass team can manage, and continues to escalate security measures for the benefit of users. We spoke with Joe to learn more about how it all came together and how they manage their progress.
Where did the idea for the service come from? Were you trying to solve a problem you’d experienced, or did the inspiration come from somewhere else?
LastPass CEO Joe Siegrist: Four developers founded LastPass after we were having password problems ourselves. It was overly complex to do it in a way we considered safe. At the time we used an encrypted file, but it was painful to decrypt, come up with passwords, encrypt the file again if you added a new password, keep the file synchronised, look up data… It was a mess to do it right.
When we started asking people what they did, we heard two responses consistently:
- “I reuse variations of the same password everywhere.”
- “I have a ‘tiered’ password approach (a ‘throwaway’ password for some accounts, a slightly stronger password for more important accounts, and one ‘strong’ password for banking and financial accounts).”
Both of these are risky and unsustainable. We knew we were on to a problem that was only going to keep growing.
After you came up with the idea, what was the next step?
We set up the company and got to work! We previously ran a cloud services company for eight years at a start-up called eStara. We knew we wanted the convenience of a cloud-based application with local backup and local encryption, erasing the two typical downsides of using the cloud: not having local access, and the ability for the cloud vendor to access your data.
How did you choose which platforms to target and which to ignore or wait on?
Universal accessibility was a priority of ours from the start. We wanted everyone to be able to access their passwords and other stored information regardless of what they used when they were at work, at home, or on the go. We started with the major platforms (Mac, Windows, Linux) and browsers at the time (Internet Explorer and Firefox).
When we started, the landscape was a lot less complex. iOS version 1.0 didn’t even allow external developers to upload apps yet!
What was your biggest roadblock and how did you overcome it?
The first year we spent a ton of time educating. Everyone we talked to online and offline was sceptical of a cloud-based password manager and challenged our solution. Their instinct to distrust the service was due to the fact that, before LastPass came out, all data in the cloud was susceptible to hacking and rogue employees. Once people understood that we were encrypting data locally with a key that never touches our servers, there was an “aha!” moment, and we started building a community that accepted and used LastPass.
What was launch like for you?
Our beta launch was exciting and stressful: round-the-clock watching and responding to people trying our product. You can still see a fair amount from that period in our forums, if you look at posts in the late-August and early-September 2008 time frame. People loved the product, but were suspicious of who we were and if they could trust us. We made mistakes, but we were transparent and upfront about them, something that has also helped earn our community’s trust.
How do you handle user requests and criticisms effectively?
Our community has been an important feedback loop for us over the years, and we have always actively monitored email (and later our ticketing system), comments on the blog, Twitter, Facebook, the forums, and other online hubs. It’s a great temperature check for us to see how our users feel about the service and how they talk about LastPass in their circles.
In the beginning, I personally read all of the support emails coming in, though that became unsustainable a few years in. Relative to the size of our user base, we’ve maintained a small but dedicated support team that fields customer bug reports, feedback, and feature requests.
It’s tougher to evaluate what users think should be next or what features should be developed. We’ve often found that they’re great at telling us what’s currently working and not working, but for taking the service forward, it’s better to rely on our experience in the industry, how we see the space evolving, and what our gut says.
Now, how do you split time between developing new features and managing existing ones?
At any given time we have a dozen platforms to keep an eye on. Whenever there’s a major new release due to come out, like Mac OS X Yosemite or Android’s new Lollipop, we have to understand how it may impact our product, if any new functionality is possible, and how we can take advantage of the advancements in the platforms to improve the service for our users. We want to have our service ready for release day whenever possible. And if something isn’t working the way it should, we have a strong community that gives us valuable feedback immediately so we can make improvements.
Since we offer both a consumer product and LastPass Enterprise for teams, we also have to develop for two very different communities and understand how the product is used by each.
We also have to watch what’s going on in the big picture of authentication technology and cyber security. And as the landscape changes we have to steer our service to where we can provide maximum value for our users. It’s a hard balance to strike, but one that’s critical.
What advice would you give to others that want to take on a similar project?
Start small: Once you have something that any group of people would want to use, it’s time to launch. Focus on traction early: Get a core group of people using your product and communicating with you consistently. User feedback matters but be careful that it doesn’t distract you from your vision. Stay passionate, and remember that “overnight success” takes years.
Lifehacker’s Behind the App series gives an inside look at how some of our favourite apps came to be — from idea to launch (and beyond).