With many thanks to Martin Kleinschrodt, Owner at Padloc, Aviva Zacks of Safety Detectives had the chance to find out about his company’s password manager services.
Safety Detective: What motivated you to start Padloc?
Martin Kleinschrodt: Well, first off, Padloc, as it exists today, is actually just the latest iteration of a product that I’ve been working on intermittently for almost two decades. I believe the first version was conceived not long after I first learned programming, which was around age 14. Of course, I had not the slightest clue about cybersecurity at that point, and current me shivers at the thought of what I considered “encryption” back then. But it was a good learning experience—trying to store something in such a way that only I can read it and nobody else, then finding ways to circumvent the protections I designed, and finally fixing the vulnerabilities I found before repeating the cycle again. For teenage me, it was a fun puzzle to play around with and my first foray into the field of cybersecurity.
One thing that is as true today as it was back then is that I built it for myself. The need to store digital secrets (not just usernames and passwords) in a secure way was instantly apparent to me when I started working with computers. And since none of the tools that were available back then were to my liking, I started building my own.
SD: Why do people need a password manager?
MK: There are many reasons to use a password manager, and others have already explained it much more eloquently than I ever could. But if I’d have to summarize the why in a word, I’d say it’s about control. Control over your own data, that is.
You see, it is important to understand that in the increasingly digitized world we live in data—and especially personal and sensitive data—has value and needs to be protected. In the physical world, security and privacy are straightforward concepts. You want to keep others from touching or looking at your things, you lock them away somewhere or hide them, or you just always keep them on your person. None of those methods are perfect, but at least we can intuitively understand the risks and act accordingly (everybody understands why a bank vault is better than a sock drawer).
But in the digital world, privacy is a much more subtle concept, and in many ways much harder to achieve. At any given time, there are literally hundreds of ways your data could be compromised—whether it’s stored in the cloud, on your computer, or on a USB stick—many of which are so obscure and complicated, even highly technical people won’t know about or understand them unless they spend years specializing in software security.
But you can’t expect people to get a degree in computer science just to be able to safely browse the web. So you need simple, secure, and independently audited tools like Padloc. Password managers not only allow you to store your data in a secure way, but they also help to keep an eye on all the apps and services that you have an account with and can even warn you if a service you’re using has been breached. No more password reset emails; no more guessing the answer to a security question you put in 10 years ago. In short, they’re an important tool to help you get back control over your own data.
SD: There are other password managers out there; how does your company try to stay ahead of the competition?
MK: Honestly, the need to “stay ahead” of the competition has never really been part of our mindset. There are a lot of great options on the market these days and Padloc is by no means the most “advanced” solution out there—and we’re not trying to be. Instead, we focus on the things that we think are the most essential for providing real value—things that are often being neglected by our competitors.
First, Padloc is open source which may not seem like a big deal to many, but it’s a very important detail if you care about transparency and trust. Most popular password managers are basically a black box—they claim to be secure and to treat your data with care and respect for your privacy, but ultimately you don’t have any way to validate this yourself.
We care a great deal about transparency which is why we’re developing Padloc completely out in the open. Anyone can audit our code, provide feedback, and even contribute at any time! Now, while the average user might not have the technical knowledge to actually review the source code themselves, it is good to know that the app is constantly being monitored by the countless eyes of the open-source community. This not only makes it impossible for us to build in “back doors,” but it also means that potential security flaws can be discovered and fixed much more quickly.
Padloc may not be the first open-source password manager, but we believe that it is the first one that is truly usable and accessible to the average user. We want Padloc to be for everyone, not only technically experienced users. So we made it as simple to use as possible without making compromises in terms of security or performance.
We often hear feedback along the lines of “finally found a password manager that my wife will actually use” or “Padloc is the first password manager that my team didn’t abandon after week.” A solid feature set is important, but in our experience, the most useful tools are the ones that people actually enjoy using. And I think with Padloc we built such a tool.
SD: What do you think are the worst cyberthreats that are out there today?
MK: There’s always been this struggle between very smart people who want to break or exploit the system (by which I mean the internet and our information infrastructure in general) and very smart people on the other side who want to protect the system from those bad actors. It’s been this way since the invention of the internet, and I don’t see any specific threats upsetting that balance in the near future.
What I’m worried about is how many companies (and sadly, especially the large ones) are treating data breaches and vulnerabilities simply as the cost of doing business, as externalities, or at worst an expense item in their balance sheet. Nobody seems to care about the very real harm and damage done to actual people.
These people, the “end users” who make up the majority of the users on the internet don’t have that deep knowledge of the system and don’t understand the threats that they face when they use certain services or when they browse the internet. They don’t really have a good grasp on what kind of information they inadvertently share with others and how it can potentially be used to harm them.
This is why, in addition to pushing for more accountability, we need to give people the means to stay in control of their own data, to educate them about the risks they’re facing, and to provide them with tools to protect their wealth, identity, and privacy from both malice and negligence on the web.
SD: How do you think the pandemic is changing the way we view cybersecurity?
MK: To me, it looks like the pandemic is simply accelerating a process that has been going on for a long time. Business and personal interactions are moving more and more towards the web, and there are very few businesses today that are not heavily dependent on software in one way or another.
Of course, the increased prevalence of working from home due to the pandemic has caused a significant surge in demand for things like video chat and virtual conferencing software. But again, these technologies are nothing new, and the challenges concerning security and privacy haven’t really changed.
One lasting effect that I hope the pandemic has had on people and businesses especially is the realization of how dependent we have become on software for even the most basic daily tasks, and how easily this dependence can be turned against us if we don’t take security seriously.