Securing the World
PassCamp is a password manager that is focused on team functionality and maintaining maximum control over shared sensitive data while providing security and privacy to its users. In this project, our task was to align PassCamp brand with its technological and business strategy, as well as to deliver a digital platform with seamless user experience.
Here at Adeo Web, we’ve always been involved in the giant digital world that is the web. As a company that deals with eCommerce, we are responsible for a lot of sensitive information, both externally and internally. This means we, as any other sensible company, needed a password manager. Safety and convenience in one place — well, in theory.
Although there are several options in the password manager market to choose from, they were either too expensive, too complicated for users or did not have the right features. No multi-tier sharing and lack of security (password copies and folders, no history of changes or edits) being the main problems for us as clients. An idea came was born — if you can’t find what you need, why not make it yourself?
What we thought would be a small 1 month inside project started growing, people kept expressing their interest in our idea. For around a year the team passively built up the program’s architecture until we felt it was finally ready to become a new branch of Adeo Web. And that is how PassCamp came to life.
The Process and Insight
First things first – to get a deeper insight on the market, we did a thorough research both on the competitors and users. Our industry research showed that the majority of competitors focused either on personal versions or security of teams as a single unit, giving too much power and/or information to all users altogether. We discovered that such an approach can be harmful regarding both security (from our test results, almost any single user is the weak part in whole team’s security) and work efficiency (user gets loads of information, part of which is not relevant, distracting him from the stuff that he actually needs).
User research results implied that our target audience value simplicity and prefer experience over products, sometimes to the extent of even sacrificing their own security. Along with this, they are sensitive to any kinds of errors and connect with products that give them feel of stability and control. This can only be achieved through constant user testing and strong understanding of user expectations.
For every feature, detail, we were asking ourselves: “Does it really need to be there?” And if so: “Why?”. We decided to strip PassCamp down to it’s very core, orienting the entire product around some of it’s most important features:
- Home – easy access to all of your items (passwords, secret notes, etc…)
- Item view – expanded information of a single item
- Contacts – other users you can share information with
- Sharing – multi-tier sharing with your contacts, always keeping item’s creator in the top of the hierarchy
- Admin console – team account management board
These experiences formed our base for building the information architecture and making sure the most important features were always obvious and emphasized.
PassCamp is a product developed with security in mind first. Of course, that does in no way mean the interface is uncomfortable or difficult to navigate. But, before adding any feature to the password manager, we want to prove the feature’s safety first. We are working hard to balance out both the technical and design parts of PassCamp so that our users get the best possible end product.
Through a series of workshops and design sprints we found a simple, yet brilliant approach. By focusing on an individual end user and providing him with the best possible user experience and guidance, we have maximized team security. This was achieved by strengthening team’s most variable and vulnerable part — the users.
This lead us to developing the number one feature we were missing in password managers, and that is multi-tier sharing. It allows users to be in full control of their items no matter how many times they would be shared along the line, giving a great boost to security and a feeling of comfort to people who use PassCamp.
The method of encryption we chose for PassCamp was zero-knowledge proof enabled end-to-end encryption. As one of the most secure technologies currently available, zero-knowledge proof protects the clients by keeping passwords secure and hidden from everyone, including PassCamp. We do not store any of your passwords in our database, which means in case of a security breach, the thief wouldn’t find anything to steal. The only one who can access the password is the client himself.
Through continuous testing we have also discovered that a great deal of security faults come from poor security culture, even if no one onboard was lacking knowledge in that field. Taking that into consideration, we added features such as a personal password generator, centralized blockchain-powered item history log, and two-factor authentication. This way, the client has many accessible tools to strengthen their security even further with the help of PassCamp.
The system can’t do all the work for the client, however. Based on our experience and research the best approach to that problem was along-the-way education. We distilled information into small chunks and integrated it seamlessly into our user journey, cultivating habits in every team member that lead to overall better performance and security within constantly changing/expanding teams.
As an independent project, PassCamp has taken us three years to build up from the ground to where it is now — a community-driven, security-over-comfort, multi-tier sharing password manager. In the last year we have launched two versions of the password manager: PassCamp for Teams and PassCamp Personal, both of which we continue to develop and improve every single day. We have received tons of positive feedback, so we hope the tool will meet everyone’s expectations and continue to grow and improve with everyone’s hard work and input.