ABAB News Logo
In-Depth

1Password Empire: How a Password Manager Evolved into a Global Identity Security Platform

·
25 min read

1Password did not begin as a top-down “enterprise security platform.” It began as a side project by Dave Teare and Roustem Karimov while they were doing website and e-commerce consulting and wanted to eliminate the repetitive work of filling test credentials and forms. According to 1Password’s own history, they started the project in 2005, and on May 19, 2006, uploaded the first version, “1Passwd,” to MacUpdate and VersionTracker.

In the company’s official telling, the founding team was not just two people but four co-founders: Dave Teare, Roustem Karimov, Sara Teare, and Natalia Karimov. That said, public accounts of the product’s original idea and earliest engineering work overwhelmingly center Dave and Roustem, while Sara and Natalia appear more often in the context of company formation, finance, administration, support, and early organizational coordination.

1Password’s long-term value is not simply that it “made a password manager.” Its importance comes from a series of category shifts: from a Mac utility to a cross-platform product, from perpetual-license software to a membership service, from personal and family usage to Teams and Business, and then from password management into Secrets, Passkeys, Device Trust, SaaS governance, Extended Access Management, and eventually Unified Access for AI agents. That is why it now looks much more like an identity security company than a single-purpose tool.

The capital inflection point came in 2019. Before that, 1Password highlighted 14 years of bootstrapping and profitability. In 2019, Accel invested $200 million for a minority stake; in 2021, the company raised another $100 million at a $2 billion valuation; and in 2022, it raised $620 million at a $6.8 billion valuation. By November 2025, 1Password said ARR had surpassed $400 million while remaining free-cash-flow positive.

Its public controversies have not mainly centered on fraud, scandal, or major legal trouble. They have centered on product direction and platform choices: the move from local vaults and perpetual licenses to subscriptions plus cloud sync, the disruption caused by 1Password 8 for legacy users, the switch to an Electron-based Mac app, and a sense among some advanced users that the product is less transparent than open-source alternatives. A separate incident worth noting is the 2023 Okta-related internal environment event, although 1Password said no user data was accessed.

As of 2026, 1Password’s real-world position is clear: it still has strong consumer brand recognition, but its revenue and strategic center of gravity are now heavily enterprise-oriented. The company says it serves more than 180,000 businesses, supports 1 million developers, and protects more than 1.3 billion credentials and secrets; media interviews also indicate that the vast majority of revenue, or roughly 75%, comes from B2B.

From the official material, 1Password looks more like a “founding couples” company than a stereotypical two-person Silicon Valley technical startup. Dave and Sara Teare, together with Roustem and Natalia Karimov, formed the official founding group behind AgileBits. That helps explain why the company long retained a family-run feel, a trust-heavy operating style, and a strong commitment to remote-friendly work.

Dave Teare’s official bio emphasizes not birthplace or parents but motivation: when he started 1Password in 2005, he cared deeply about escaping commuting and spending more time with family. That matters because it shows that 1Password was built from the start not only as a security product, but as a product philosophy centered on reducing friction and fitting into real life. Dave’s public profile also places him in Ontario, Canada, with family life still a visible part of his identity.

Public education information on Dave is limited, but a LinkedIn summary associates him with Western University. The more consequential career detail is that he worked at IBM, where he met Jeff Shiner, who would later become the executive responsible for scaling 1Password. Dave later wrote that he had become close friends with Jeff during their IBM years and that, once 1Password grew to about 20 people, he believed the company needed a full-time CEO and brought Jeff in.

Roustem Karimov’s public background is also framed much more in terms of technical experience than family biography. His personal site says he started programming in 1988, while 1Password’s official bio describes him as the co-founder who, with Dave, built 1Password to solve the annoyance of remembering and reusing too many passwords. Details such as his birth year, birthplace, parents, or early schooling remain publicly limited.

On Roustem’s pre-1Password work experience, better-publicized secondary sources describe him as a former Sony developer, and AWS’s startup interview with 1Password states that he and Dave were web consultants helping others build e-commerce sites in 2005. In that version of the story, 1Password began as a side project created to solve the founders’ own password-management pain.

Sara Teare’s role in the founding story is often underappreciated. Official company material says that in 1Password’s infancy, Sara handled legal paperwork, taxes, and bills so Dave and Roustem could focus on building the product. That makes her far more than a peripheral spouse; she was part of the founding operating structure.

Sara’s later public comments also help explain the company’s culture. In 1Password material on women in tech, she said the company was built around flexible hours to accommodate childcare, because she was at home with two small children and working whenever she could. That is closely connected to 1Password’s long-standing remote-first and distributed-work identity.

Natalia Karimov is likewise officially identified as a founder. Public material shows her speaking proudly about the company’s ability to grow and adapt, and about seeing Roustem present at an Apple-related conference. But, as with Sara, more detailed information about education, early background, and family of origin is very limited in public sources.

If one applies a strict biographical lens and asks for birth dates, birthplaces, parents, family class background, and growth resources, most of that can only be described as publicly limited or unconfirmed. The official materials focus on roles inside the company, values, and present-day life details rather than full biography.

What can be identified more confidently as formative influences are not childhood background but three adult-stage variables: the real workflow pain of website consulting, the early opportunity window in the Apple and Mac ecosystem, and a long-running obsession with customer support, usability, and remote flexibility. Together, those forces shaped 1Password into a product that feels simultaneously engineering-led, experience-led, and focused on making the secure path the easy path.

The founding logic of 1Password was simple: the founders did not begin by trying to build a cybersecurity unicorn. They began by asking whether they could stop repeatedly typing credentials and form data. Official company history states that Dave and Roustem were building websites and got tired of manually entering usernames, passwords, and contact information to test them, so they built an automation tool. That origin explains why 1Password has always linked productivity and security.

On the timeline, 2005 was the start year, and May 19, 2006 was the first public-release milestone. At that time the product was still called “1Passwd,” not the fully matured “1Password” brand. That sequence matters because it shows that the product came first and the fully unified brand identity came later.

In its early phase, 1Password was fundamentally a Mac-first product. Official material says the first version was a Mac app maintained by a small four-person team. When Apple announced the iPhone SDK, that same team moved onto iPhone. At that stage, syncing across devices largely relied on storing an encrypted 1Password file in Dropbox and having each client read and update it.

The company later expanded to Windows and Android, but not through a unified platform model. Instead, as 1Password has explained, separate developers were hired for those platforms and told to build against the file-format specification. Over time, that created siloed platform teams with inconsistent feature development, which later helped motivate a major architectural rebuild.

Around 2012 came the first major organizational turning point. Dave wrote that once the team reached about 20 people, the founders realized they could not keep scaling, preserving culture, and executing at the same time without help, so they brought in Jeff Shiner as full-time CEO. Under Jeff, the company’s size multiplied dramatically, and he is widely seen as the operator who scaled 1Password from a family-style software company into a global enterprise business.

2015 marked another critical milestone in commercialization. When announcing 1Password Business in 2018, Jeff wrote that more than 30,000 businesses had signed up for 1Password Teams since 2015. That means Teams was the real starting point for 1Password’s enterprise collaboration and admin-control business, while 1Password Business was the larger-enterprise upgrade with fine-grained permissions, roles, device restrictions, managed Travel Mode, Active Directory integration, Okta integration, and command-line tools.

In other words, 1Password’s enterprise shift did not begin after venture funding in 2019. The product direction had already been validated before outside capital arrived. The 2019 financing release explicitly framed the purpose of the money as global expansion of the Enterprise Password Manager footprint.

On the product-innovation side, several milestones stand out. In 2014, in the wake of Heartbleed, 1Password launched Watchtower to show whether a user’s websites were affected by major security issues. In 2017, it launched Travel Mode to let users temporarily remove non-travel-safe vaults from devices. In 2018, it integrated Have I Been Pwned’s Pwned Passwords into Watchtower so users could locally check whether passwords had appeared in known breaches.

These features are important because they show that 1Password was not content merely to “store passwords.” It increasingly positioned itself as an assistant that spots external risk, prompts action, and lowers the cost of safer behavior. Watchtower, especially, turned 1Password into something closer to a personal security operations dashboard.

Around 2021, 1Password completed a major platform rebuild. In “1Password 8: The Story So Far,” the company explained that it was building next-generation apps for iOS, Android, macOS, Windows, and Linux, and that it ultimately stopped work on the SwiftUI Mac app and chose Electron to cover all supported macOS versions in order to reduce frontend complexity and hit delivery timelines. Internally, that was framed as an engineering and coordination decision, but it also triggered substantial user backlash.

2021 was also the year 1Password pushed into developer infrastructure. It announced the acquisition of SecretHub and launched Secrets Automation, extending its scope from human password management into infrastructure secrets such as API tokens, certificates, and deployment credentials. That move placed 1Password in the worlds of developer security, DevOps, and non-human identities.

In 2022, 1Password acquired Passage and explicitly committed to passwordless and passkeys. The official announcement said the goal was to deliver safer and simpler passwordless experiences for enterprises. In 2023 and 2024, the company then rolled out passkey support across its browser extension, iOS, iPadOS, and Android products.

In 2024, 1Password formalized a new category story through Extended Access Management. The company argued that traditional IAM and MDM tools cover sanctioned apps and managed devices, while modern work is full of shadow IT, BYOD, remote access, and unmanaged endpoints, creating what it calls the “Access-Trust Gap.” 1Password positioned itself as the product meant to close that gap.

Supporting that story, 1Password acquired Kolide in 2024, bringing in device and endpoint trust capabilities, and then acquired Trelica in early 2025, bringing SaaS discovery, shadow IT visibility, license optimization, and access workflows. Kolide strengthened the device side of the platform; Trelica strengthened the application side.

By March 2026, 1Password moved another step forward with Unified Access, which directly addresses humans, machines, and AI agents in one access-governance model. The official launch says Unified Access can discover, secure, and audit credentials across human, machine, and AI agent identities, and that it launched with collaborations involving Anthropic, OpenAI, Cursor, GitHub, Perplexity, and Vercel. At that point, 1Password was clearly no longer operating inside the frame of “just a password manager company.”

In capital terms, 1Password’s first era is defined by one thing above all else: a long refusal to raise outside money. In 2019, Dave explicitly wrote that 1Password had been completely bootstrapped, had never taken external investment, and had remained profitable throughout its history. That long span is what made the 2019 Series A so notable.

The 2019 round was led by Accel and described by the company as a minority-stake investment, with participation from Slack Fund and Atlassian executives. Its importance was not just cash. It also brought in an external network capable of helping 1Password with global enterprise expansion, organizational scaling, and go-to-market acceleration. In other words, Accel provided strategic capital as much as financial capital.

In 2021, 1Password raised another $100 million at a $2 billion valuation. In 2022, it raised $620 million at a $6.8 billion valuation. In the 2022 announcement, the company named ICONIQ Growth, Accel, Tiger Global, Lightspeed Venture Partners, and Backbone Angels, and described the round as the largest ever raised by a Canadian company. By then, 1Password had clearly moved from being a strong Canadian software company to being priced as a globally important growth-stage security asset.

The board composition now reflects that transition. The company page shows Jeff Shiner, David Faugno, Accel’s Arun Mathew, ICONIQ’s Will Griffith, founder Sara Teare, and independent directors with senior backgrounds from Cloudflare and Zscaler. Founders still retain influence, but venture investors and large-scale cloud and security networks are now embedded directly into governance.

If one looks at 1Password’s brands, assets, organizations, and platforms, the core asset is no longer just one consumer app. Today’s product set explicitly includes Unified Access, Enterprise Password Manager, Device Trust, SaaS Manager, Personal Password Manager, MSP Edition, and developer/secrets capabilities.

In real asset terms, 1Password now owns at least five valuable layers. First, it owns the enterprise vault and cross-platform client system as a product asset. Second, it owns trust built around Secret Key, SRP, end-to-end encryption, audits, and its Trust Center. Third, it owns a business network of enterprise customers and developers. Fourth, it owns a partner and integration ecosystem across cloud, distribution, and AI tooling. Fifth, it owns the brand recognition that results from all of that.

Its business model evolution is equally clear. In the early years, 1Password was classic perpetual-license desktop software. Even in 2018, 1Password 7 was offered as both a subscription and a standalone license, and the company published license pricing publicly. But Jeff was already explaining in official blog posts why subscriptions made more sense for future upgrades and App Store continuity. That logic eventually led to the fully service-oriented, cloud-first direction of 1Password 8.

As a result, 1Password’s revenue today is not generated merely by “selling a good app.” It comes from ongoing service relationships: individual and family memberships, team and enterprise seats, admin controls, compliance and auditability, developer and secrets offerings, MSP and channel programs, and the broader value of an identity security platform. Fast Company wrote in 2024 that the vast majority of revenue now comes from B2B, and CRN wrote in 2025 that roughly 75% of its business is enterprise.

The company has also built a clever flywheel by allowing enterprise customers’ employees to receive free 1Password family accounts. Both Fast Company and 1Password’s own materials emphasize this as a way to improve personal security habits at home and reduce the risk of those bad habits re-entering the workplace. Strategically, that turns B2B distribution into B2C brand expansion.

Its brand strength is not just the result of marketing. It rests on a fairly complete public security narrative. 1Password says its model is built on end-to-end encryption, AES-GCM-256, PBKDF2-HMAC-SHA256, a 128-bit Secret Key, and SRP authentication; it also publishes security assessments and announced ISO 27001, 27017, 27018, and 27701 certifications in 2024. For enterprise buyers, these are sales assets. For consumers, they function as trust signals.

1Password has also turned “security transparency” into an organizational asset. It has run a bug bounty program for years, raised its top reward to $100,000 in 2017, and later attached a $1 million CTF narrative through HackerOne. Publishing audit reports, operating a Trust Center, maintaining developer spaces, and launching 1Password Academy are all ways of institutionalizing trust, which is the hardest resource for a security company to measure and the hardest one to rebuild if lost.

On partners and channels, 1Password is now unmistakably enterprise-grade. The company has publicly named Microsoft, AWS, CrowdStrike, Zscaler, and Drata among its ecosystem relationships, alongside distribution and service networks such as Ingram Micro, TD SYNNEX, Pax8, and Westcon. It has also launched a multi-tenant MSP edition of Enterprise Password Manager. This is the profile of a formal enterprise security supplier, not just a word-of-mouth productivity app.

If one had to pick the single most important entrepreneurial decision, it would be that Dave and Roustem did not leave 1Password as an internal efficiency hack. They productized it and kept investing in it. Many internal tools never move beyond “useful for us”; 1Password did, and that decision transformed a consulting-company pain point into the seed of a global category business.

The second key decision was hiring Jeff Shiner in 2012. Dave’s own retrospective is blunt: once the company reached roughly 20 people, the founders no longer believed they could keep scaling effectively on their own. Jeff had both operational credibility and personal trust. The later result is hard to overstate: he took 1Password from about 20 people to roughly 1,400 and led its B2B, fundraising, and global growth phases.

The third key decision was service-ification: moving from a local app into hosted services, Teams, Business, and enterprise admin tools. That shift changed the revenue model, product architecture, organizational skill set, and target customer base. Without Teams and Business, there would almost certainly have been no later platform story around Secrets, XAM, and Unified Access.

The fourth key decision was accepting outside capital in 2019. For a company that had already been profitable for 14 years, this was not survival capital but acceleration capital. It enabled faster hiring, more acquisitions, and larger go-to-market ambitions, while also pulling 1Password more firmly onto the path of board governance, venture expectations, and eventual IPO optionality.

The fifth key decision was repeatedly rewriting its category definition. 1Password did not cling to “password manager” as a fixed box. It moved into Secrets, then Passkeys, then device posture, then SaaS governance, then AI-agent access control. That willingness to keep redrawing the boundary of what it was selling is a major reason it has remained relevant into the AI era.

Its most representative achievements operate on at least three levels. First, it turned a beloved Mac password utility into a large cross-platform product. Second, it built distinctive features such as Watchtower, Travel Mode, and passkey support that users actively remember. Third, it repositioned itself as a distinctive identity and access security player that is not quite traditional IAM and not merely a consumer password vault.

The reason outsiders still remember 1Password is largely that it has long occupied the “usable and secure” position in people’s minds. Even in 2025 and 2026, major English-language media continued to treat 1Password as one of the leading password managers. Wired listed Bitwarden and 1Password among its favorites in 2025, while PCWorld’s 2026 review acknowledged 1Password’s polished experience even while criticizing its complexity for some users.

On the negative side, the biggest criticism is not “it is unsafe,” but “it changed.” In 2018, 1Password 7 still supported both subscriptions and standalone licenses, yet official company messaging already framed memberships as the long-term answer. By the 1Password 8 era, subscriptions and cloud sync had become the primary path, while local vaults and the old perpetual-license model were effectively pushed aside. For many long-time users, that felt like losing a more local, more controllable, more independent product.

Another major controversy came from the Mac client. In 2021, 1Password publicly explained that it had stopped work on the SwiftUI Mac app and would rely on Electron for macOS. Six Colors criticized the move sharply and argued that it symbolized a deeper strategic shift: 1Password no longer considered the Mac important enough to justify a truly native, platform-specific experience. That critique resonated strongly with long-time Mac users.

A more moderate but persistent criticism is that 1Password is not always the simplest option for ordinary users. PCWorld’s 2026 review noted that daily use is streamlined, but that the login model is more complicated, and that its more opaque, less detail-heavy presentation may not satisfy advanced users who want deeper transparency into how features work.

In terms of security incidents, public material does not show a major disclosed event in which user vaults were decrypted at scale, but the October 2023 Okta-related incident is important. 1Password said it detected suspicious activity in the Okta instance it used to manage employee-facing apps, later confirmed that the incident was connected to Okta’s support-system breach, and stated that no user data was accessed. The episode nevertheless reminded observers that even security vendors are deeply dependent on third-party identity infrastructure.

On current status, David Faugno was elevated to co-CEO alongside Jeff Shiner in November 2024, and in July 2025 Jeff moved to Executive Chair while David continued as sole CEO and joined the board. By 2026, the company website and leadership pages clearly show David Faugno as CEO and Jeff Shiner as Executive Chairman. That signals a move from the founder-plus-longtime-operator era into a more standardized next-stage governance model.

In terms of scale, 1Password announced in November 2025 that ARR had surpassed $400 million while remaining free-cash-flow positive. BetaKit reported at the same time that the firm had around 1,400 employees, served more than 180,000 businesses, protected more than 1.3 billion credentials, supported more than 1 million developers, and believed it was already large and profitable enough to be public if it wanted to be, though management preferred to make its AI-era product and predictability stronger first.

If I had to give a final positioning statement, it would be this: 1Password is no longer simply software that remembers passwords for you. It has become an identity security company that thinks about credentials, secrets, devices, applications, and AI-agent access inside one governance frame. That statement is partly an inference, but it is a well-grounded one based on the company’s public revenue mix, product roadmap, acquisition pattern, board structure, partner ecosystem, and current market narrative.