Consumer security has been a historically hard category to monetize. I’d argue that desktop anti-virus software market in the 1990s and 2000s was really the heyday of consumer willingness to invest in security software. As the world moved to the cloud and as consumers got more savvy about clicking on unknown links and the typical virus propagation mechanisms, that market has kind of stagnated. I think most consumers today are far more worried about credit card or identity theft or having a cloud based service hacked than they are about a downloadable virus. And it feels like most of the criminal hacking has moved on as well, with many publicized breaches at big retailers. There are some pockets of consumer security that have found audiences, such as lightweight VPNs for wi-fi access, but none of those have built franchises like what we saw in anti-virus.
It’s very easy to be deeply skeptical of consumer security as a category. It’s a well worn trope that consumers are unwilling to trade convenience for security and pay for security solutions in general. I think the combination of the omnipresent smartphones and extensions in iOS8, which mirrors how Android extensions work, could lead to a re-emergence in the consumer security market. I think there have been a few key supporting developments in the broader ecosystem that could make this a good time to be in the consumer-facing security business.
Desktop and web-based password managers work well and make security relatively easy.
Products like LastPass, 1Password, PasswordBox, and Dashlane make managing strong, secure passwords relatively easy. While they have long worked well on the desktop and with browser-based applications, they haven’t really shined on mobile apps. I think extensions on both iOS8 and Android are already making it easier for these programs to interface with applications. When these services can interface with apps and other browsers (like Chrome on iOS), it will make having good passwords a more seamless experience for consumers. When you combine the TouchID API with a strong password manager, having good passwords that are easy to access on mobile could be a reality in the coming months.
More major services are pushing out two-factor authentication.
Two-factor authentication is a pretty straightforward way to improve security in a primary password world. This is where the mobile phone is a big deal. We finally have a ubiquitous, connected second factor to use. Companies such as Authy and Google (via the Google Authenticator) are making it easier to support two-factor authentication. And some of the most important applications that consumers use, including Dropbox and the suite of Google services (Gmail, Docs, etc) have rolled out two-factor authentication as an option for consumers who care about security.
For the first time in a long time, I think the opportunities in consumer security are interesting again.
As always, comments are open if you want to share your thoughts. You can also send me your thoughts on Twitter @chudson
In the past few weeks Twitter has released their Fabric platform, and with it, Digits, which makes phone-based two-factor auth much easier (although I’m still waiting for my invite so I can see what kind of overhead it imposes for developers). Facebook and Google can also reasonably execute this, given the reach they have for signons. Seems like a fast fix for the login issue, but bad for a company like Authy.
Thanks for sharing these thoughts charles. I feel the biggest opporunity on mobile to manage privacy across user sessions. Application such as whatsapp, facebook messenger and hangouts have made our lives open. it’s just so easy pick up one’s mobile read his private conversations.