Colin Charles pfp
Colin Charles

@bytebot

Mitsukeru coded thought. What if, "1Password protects your vault. Mitsukeru protects how you use what's in it." Password managers secure storage, but real world risk comes from usage context: phishing, weak creation habits, unsafe endpoints, and credential reuse. Do you use a password manager? 1Password (valued at $6.8B) is popular, I use it, but it's clear there is some enshittification of this app after it took on a bunch of VC funding. Heck, we know they have hit the $400 million ARR goal in late November 2025. BitWarden seems to be a good alternative - do you use it? I'm sure you all read about the Louvre heist. The items are still missing, and since 2014 they had some weak password practices (think: LOUVRE). Software like 1Password has a WatchTower feature, to tell you when things have gone wrong. I suspect more people are moving to Apple's native Passwords utility. Chrome also handles sync for many (and if your machine is rooted by malware, you're clearly affected by sync too). Anyway, how does Mitsukeru help against weak passwords when you also have password management software? - password creation monitoring - context-aware warnings - breach intelligence integration - behavioural anomaly detection - an education layer :) Vaults miss the mark, imagine if we stored passwords with context binding? With more behavioural detection, real time site verification, watching for social engineering contexts, cross-application monitoring, and so on. Also, we are now taking into account the use of passkeys, not just having TOTP platoform authenticators. So if passwords and weak credentials are the dominant attack surfaces today, we extend naturally to passkeys and authenticators. Is the authenticator being invoked in an expected and safe context? Contexts... if you're coming from Linux land, you might think of SELinux. And SELinux did start life as an NSA project! One thing is clear: endpoint security, password safety, etc. are *huge* business opportunities. These could be exits, or it could just be the power of open, competing against them all? Either way, this should be a fun journey. https://x.com/RobertBMenke/status/2006009533580132603 https://edition.cnn.com/2025/11/06/europe/louvre-password-cctv-security-intl https://www.cnbc.com/2025/11/06/ryan-reynolds-backed-1password-tops-400-million-in-arr.html
0 reply
3 recasts
8 reactions