[dcow]

In your opinion, what would the ideal password management business model be? A non-profit like Signal? (Not rhetorical, actually curious what people want here.)

As a thought experiment, let's say there are 1000 people who get annoyed when a software product they use takes VC funding. For those 1000 people to sustain a software product with a team of 5 for 10 years at 150k average per head. you'd need 7.5MM dollars just to break even. That's $7,500 per user, or $750 per year. I doubt many people would be willing to pay that just to have a product that never takes VC funding.

And note that's just to cover labor costs. If you want it audited, that's a solid 25k per audit. Operating costs for website and infrastructure, etc. Now if the product was exceptional and beat out other products in the space and generally had a slice of the pie, the number of users would increase and per user cost would decrease. But also doing as much with a team of 5 is no small feat.

[aceazzameen]

I'm not sure if there is a good business model in password management. I can't answer that question. What I do know is, a good password manager is the type of software that should strive to be feature complete. And at that point resources should be used for maintenance, security, and software/OS compatibility updates. In other words, a low-if-any growth, but profitable business assuming the software is good.

But once you get into VC funding or acquisitions, businesses tend to want to grow and bloat their products by adding features no one asked for to increase their perceived value. I know I'm tired of seeing this happen to beloved software time and time again.

[dcow]

Perhaps then software utilities are better suited for a crowd funding model?

[vanilla_nut]

Non-profit like Signal that sells cloud hosting to pay the bills, standard protocol with self-hosting option for the server like email/browsers agreed upon decades ago, anyone can create an interoperable desktop/browser/mobile client. Fully encrypted such that even the non-profit doesn't have the decryption keys.

That being said: it's unclear if anyone really understands how to build an open source product with cloud hosting covering the bills. Almost everyone either makes a deal with the devil (VC funding) or upsells too aggressively anyway.

Cloud storage and CPU usage is basically negligible per-user for a password manager. I imagine you could service hundreds of millions of users on just a couple of capable machines, similar to HN's setup. Even with hundreds of passwords, most users total mere MB's of usage -- it's even simpler than email! I think this is one of the rare cases where corporate users can pay for big accounts with special sharing features and completely subsidize a free product for individual users. Or you could charge individual users $5 a year to cover cloud costs (more than enough), with self-hosting as an option for highly technical users to save a buck.

[franga2000]

> sells cloud hosting to pay the bills, standard protocol with self-hosting option for the server like email/browsers agreed upon decades ago, anyone can create an interoperable desktop/browser/mobile client. Fully encrypted such that even the non-profit doesn't have the decryption keys

All of those are true of Bitwarden, except for the non-profit part...

> Or you could charge individual users $5 a year to cover cloud costs

And who pays for the development?? Bitwarden already charges only 10€/year, so they're basically doing exactly what you're proposing, but paying for development with VC money.

Even if servers were literally free (they're far from it!), do you have any idea how many users they'd need to cover just the minimal amount of developers, one business person and either an in-house or external security auditor? And who would pay for all of that during the time it took them to build up that user base??

I hate the VC culture as much as the next guy, but unless the founder is already crazy rich, you need external capital to start up any large decently company - or even a non-profit.