Is Uno the first next-generation password manager?
Uno, a startup backed by a16z, has launched its first product. The password manager, also called Uno, promises to make security easier and simpler for everyone.
Password managers are an essential tool in an Internet user's arsenal. They reduce the number of passwords that a user needs to remember to one, and include all kinds of extra features, including secure password generation, leak checks, or automatic sign-ins to services and in apps.
Uno's mission, from the very start, was to create a password manager that is addressing shortcomings of current password managers. The startup's founder, Parteek Saran, revealed in 2022 that security tools and practices that everyone should follow "aren't designed for people to use easily".
Saran concluded that many of today's security issues could be solved through a "design-lead approach". Uno was created to "remove friction from repetitive parts of the Internet like authentication", and to "easily onboard people to better security".
Uno is now available, but only for Apple iOS devices and as a Chrome extension. It is a big limitation, but it seems that the startup is working on adding support for other platforms in the future, including for Android.
Tip: check out 1Password, if you are looking for a password manager with maximum security.
Design goals of the password manager
A design goal was to simplify password and security for users of all experience levels. Some of the noteworthy features of the solution includes one-click logins, support for two-factor authentication, social password recovery feature through trusted contacts, easy password sharing, and options to store additional data in the vault.
Not all of the features are unique, far from it. Uno's one-click login feature may indeed improve the login process, as it handles several different login types. From signing-in via a link sent to the user's inbox and filling out two-factor authentication codes, to signing users in using regular username/password forms and forms that support different Single Sign-On services. For some of this to work, it is necessary to give it access to certain services.
Uno requires an account, which users may create using an email address. To use one of the extension's or application's main features, it is necessary to link its Peekaboo feature to the email address. It gives Uno the ability to "show login codes, links, and password reset emails right in your browser tab".
Uno saves passwords and SSO choices automatically, and will remember the choice the next time a service is used. The application handles login processes with a single-click, and may import passwords from select password managers. The iOS apps are in beta currently.
Access to the service is granted using a private key. It is recommended to save the key to the local system, as it guarantees access to it the device itself is lost or stolen, or if something is reset. Another option that users have is to trust their friends, who also need to use Uno, with the recovery.
Uno collects minimal data, according to Techcrunch, which talked to the founder Parteek Saran. All user data is stored in encrypted format on its services, and the private key, required to gain access, is stored only on the user's devices. The app does not rack personal data using analytics tools, according to Saran.
Closing Words
Uno offers some interesting approaches regarding logins and ease of use. The service is available as a Chrome extension and as a beta app for iOS only at the time. While that may cover some use cases, it prevents others from giving it a try.
Uno is not open source, but it has not been audited yet. While it may offer more convenience when it comes to passwords and security on iOS and on the Web, it needs to mature and prove itself before it may become a viable solution for most users. It has to compete with established password managers, such as Bitwarden, 1Password, Dashlane or KeePass, on the feature level, and that includes platform support, to become an option.
Now You: have you tried Uno, or would you?
You know Uno (the card game) is a registered trademark don’t you?. That’s going to cause you all sorts of issues once they see you.
Wouldn’t this Uno be allowed since they’re in different industries and aren’t likely to be confused with each other?
Quote: “Uno collects minimal data”.
Minimal according to me or minimal according to the UNO accountants!
Password extensions in the browser are a bad idea.
Browsers have become bloated monsters crawling with bugs. They need to be constantly updated.
It is only a matter of time before a zero-day allows remote access to your password vault through the browser.
Pretty happy with Bitwarden since 5 years, but this sounds interesting. When it comes to Firefox I sure will test it.
I trusted LastPass for 5 years and look where that got me. I now really only trust Chrome Google’s password manager but I’ve exported my lastpass vault, deleted it, and also exported my chrome vault and imported both to BitWarden just for a backup.
NOONE recommends LastPass anymore and I wonder when they will just duck their tails and run.
I still do not trust any Password System but my own, but I’m always open to a new solution.
“but my own”
Because that works for everyone.
Translated: “It’s all about me.”
The current last sentence of the Uno privacy policy says “Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.”
You shouldn’t honestly recommend non-opensourced program to reader at all, or history will repeat itself like LassPass’s case.
Open Source
Trust is a two way street. Our software is open source so it can be audited by the security community and so you can verify every one of our statements. Check out our Rust reference implementation at: https://github.com/withuno/identity. If you are curious about more details, please explore our product design and engineering blog.
Thanks, I found the website difficult to navigate. I edited the article, so that it now states that it is open source.
https://uno.app/security – Scroll down?
for me, google is trusted ONLY for passwords. Otherwise, try keepass on windows, is very good database keeper.