a16z-backed Uno launches a design-centric password manager

There are plenty of good reasons why you should use a password manager, from helping you generate and store complex and unique passwords to not needing to remember any of them. But for some folks, getting started with a password manager for the first time can be a hassle.

To cater to that problem, a16z-backed company Uno is launching a new password manager with design-centric thinking. The startup's password manager is an app for iOS and Mac, and a Chrome extension, to make it easier for people to handle passwords and logins.

Uno packs a ton of features that aim to make login easier: one-click login, social password recovery through trusted contacts, customized and easy password sharing and a secure vault to store private keys, credit card details and addresses.

Uno's password manager as a Chrome extension.
Uno's password manager as a Chrome extension.

Uno's debut password manager. Image Credits: Uno

The Chrome extension does most of the work for you when you log into sites on your desktop. If you have your login saved with Uno, the company handles all login processes with one click — including 2FA codes sent to emails. You have to sign in to Gmail and give permission to read your latest email to the app, but the company says all this process is handled on your device and no email data is sent to their servers.

The company says the extension can identify when to fill in address fields with data and when to fill in the login information.

Both iOS and Mac apps are in beta and have basic secure storage and password autofill capabilities. The startup said that it's already working on an Android version, but it didn't give a specific timeline for the launch.

a screenshot of Uno in action
a screenshot of Uno in action

Image Credits: Uno

If you lose your device, the app asks you to save a private key phrase for recovering your data. There is another — but slightly complicated — process for recovering your data. You can add trusted contacts to your Uno account, and for recovery, they can help you by verifying who you are with votes. But the catch is that all of them have to be Uno users. So unless you find folks who also use the app, you might be better sticking to traditional methods like recovering from another device or entering your private key phrase.

The company

Uno was founded by Parteek Saran, who has a background in design and worked on projects with Lady Gaga, Facebook and Postmates. Saran also co-created an interaction design and prototyping tool named Form, which was acquired by Google in 2014. Post-acquisition, he worked at the search giant for five years working on products ranging from hardware design to software design — most notably working on Google's Material Design approach.

The company has raised $3 million in seed funding, until now led by Andreesson Horowitz with participation from Lookout founder Kevin Mahaffey and Dug Song from Duo security.

a screenshot of the Uno app for iOS.
a screenshot of the Uno app for iOS.

Uno's app for iOS. Image Credits: Uno

Saran said that the inspiration for Uno came from when hackers took control of his email, financial services, social accounts and even Spotify playlists.

"After getting hacked, I was upgrading the security of my accounts, and I realized the process was technical and cumbersome. There were a lot of steps and terminology that could be difficult to understand for non-technical people," Saran told TechCrunch. "Getting people to use a password manager on a regular basis is a behavioral issue. The way to influence that is to design a solution by looking at how humans interact with this kind of software."

The founder said that with Uno, he wants to target a broader audience of folks — including users who don't care much about password security.

The security

While password managers increase convenience by storing a ton of credentials, they also have a responsibility to protect that data and the user's privacy.

Uno says that it collects minimal data from users and all the data stored on its servers is encrypted with the private key stored locally on users' devices, which the company cannot access. It notes that only the email, phone number and public key of the account are collected.

Saran said the app does not track any personal data using analytical tools. The company's privacy policy notes that "in no event will the private contents of your secure vault ever be transmitted to Uno in a form that Uno can decipher."

"We really care about people's privacy and their security. I think people are kind of tired of giving away their data and like doing all these things. So our stance has been — we don't want that. Our app requires bare minimum permissions to work," Saran said.

There is also a question of security given that hackers — albeit very skilled ones — got access to LastPass' data, including customers' password vaults. A starting point for Uno would be to limit what customer data its employees can access. The startup says it wants to avoid these kinds of incidents by keeping a local-first and client-first approach by storing sensitive data on the user's device and not in its cloud. Also, Uno notes that since it encrypts all customer data, including passwords, hackers can't make sense of it even if they get hold of a person's device.

As for convincing customers to trust its product, Uno said it has reached out to larger vendors to conduct a formal security audit of its apps.

"Uno has had independent security engineers audit code and conduct penetration testing and have kickstarted the process of reaching out to larger vendors for a formal audit. They’re currently in open beta, which is why this wasn’t kicked off sooner." Uno said. Uno hasn't said what the results were from early code audits and penetration testing, but said it plans to publish future findings from its audits.

The company's target audience — non-technical folks — might not be asking these questions. But Uno has a duty toward its advanced users to provide enough assurance and data by being open and transparent about the password manager's security practices.