K. HAAS, J. HUISMAN, P. KAPOOR, T. SZOCS Duke University, Fuqua School of Business | Innovations and Cryptoventures | February 2017 

I like this. It is a huge problem I like this. It is a huge problem. You do need a lot of partners to make this work. You mention the competitors use encryption – well so does your implementation, just in a different way. I like the competitive analysis. I would like more specifics on how this blockchain would work. 87/100

Current Cybersecurity Practices Leave Passwords Vulnerable Passwords hashed with MD5 (2013) and BCRYPT (2014) algorithms Attack not on Charles Schwab servers Affected customers had same passwords across multiple accounts Yahoo source: https://www.cnet.com/news/hackers-passwords-your-guide-to-data-breaches-yahoo-ashley-madison/ Charles Schwab source: http://siliconangle.com/blog/2016/05/06/charles-schwab-customers-learn-what-happens-when-you-repeat-a-password/ Dropbox source: http://www.theverge.com/2016/8/31/12727404/dropbox-breach-passwords-hacked-encrypted, https://motherboard.vice.com/en_us/article/hackers-stole-over-60-million-dropbox-accounts Passwords hashed and salted Full extent of breach discovered 4 years after 2012 hack Problem Solution Business Model Competition Future

Use Blockchain to Prove Ownership and Remove the Need for Passwords john@passlock.com Company Benefit User Benefit Increased security End of password dilemma Eliminate bad practice exposure Easily access from any device Reduced hacking fallout Securely share account Problem Solution Business Model Competition Future

Ethereum Blockchain Validates Ownership of Digital Accounts Account created with username and phone number Private key is assigned to user based on their phone number Account creation is broadcast to Ethereum blockchain using public key Community verifies nobody else owns this account User receives confirmation code via text User enters confirmation code to login User determines duration of login on current device Repeat process for all account logins/creation Problem Solution Business Model Competition Future

Similar Concepts Exist on Both the User Experience and Technical Side WHY THIS WORKS TECHNICAL FEASIBILITY Seamless to users: confirmation code is only interaction with technology Unlike password managers on the market today, PassLock does not store any passwords Users receive new confirmation codes each time they need to login to their account No data will be stored on the public Ethereum blockchain Long term, PassLock will transition to a private Ethereum blockchain Transaction with the Ethereum blockchain will simply verify that username is associated with device being used to login Each time a user attempts to login the website will check users login and send a request to PassLock for a unique code to login PassLock will check to see which phone number owns that account and will send that number a unique code Each website will store users’ login duration preference for each device Problem Solution Business Model Competition Future

Consumer Execution Begins with Confirmation Code Jane is a Facebook user who wants to login to her Facebook account Facebook is a PassLock customer Jane determines how long she would like to remain logged in to Facebook on her phone Jane enters her username on Facebook Jane receives a confirmation code to login to Facebook Jane repeats the process after her login expires on her device Jane wants to let Joe select potential homes for their vacation on her Airbnb account Airbnb is a PassLock customer Jane enters Joe’s phone number into Airbnb’s portal and how long she would like Joe to have access to her account Joe receives a username and confirmation code to login to Jane’s Airbnb account Joe selects potential homes for their vacation on Jane’s account Joe’s access to Jane’s account expires Problem Solution Business Model Competition Future

Network Effects Will Help PassLock Capture Value Users desire a one-stop solution for their online presence. Passlock’s first mover advantage will allow us to quickly build a network of key players Problem Solution Business Model Competition Future

Business Model Invites Customer Participation 100k 1¢ Free Companies with <100k users can access at no cost Larger companies pay 1¢ per monthly active user Free for the end user Problem Solution Business Model Competition Future

Potential Global Market is $2.8B $476M Annual Revenue 227M Users Domestic $2.8B Annual Revenue 18% US population (325M) is under the age of 15, so 82% of US population in sample (267M)  85% of Americans have access to the internet (http://www.pewinternet.org/2015/06/26/americans-internet-access-2000-2015/) (227M potential users)  average of 25 accounts per user (https://www.technologyreview.com/s/429264/more-passwords-more-problems/) (5.675B accounts)  charging 1 penny/month per active account (assume that 30% of these accounts are inactive or under 100k users), 40M potential monthly revenue, $476M annual revenue in the US 2.25B Users Global Problem Solution Business Model Competition Future

Price Point Leads to Fast Adoption and Profitability by Year 2 User growth beginning in Y2 will drive revenue and profitability metrics A conservative estimate of capturing 1% market share provides Passlock with $28.35M in annual revenue, while more aggressive estimates are as high as $700M With low fixed costs and high profit margins, Passlock is expected to be profitable in Y2 Low overhead operation (advertising and personnel - sales, developers - as main overhead) Problem Solution Business Model Competition Future

Commercialized Competition Does Not Leverage Blockchain Non-blockchain: “Techie” consumers have adopted password solutions Password manager, auto form filler, random password generator, secure digital wallet application Free versions do not have multi-device capabilities Enterprise solutions available LastPass: 7M customers; Dashlane: 2M customers (2014) LastPass hacked in 2015, Dashlane has no recorded hacks Blockchain: No clear path to commercialization for password technologies EMCSSL provides “passwordless logins and identity management” via the EMC currency blockchain No information on EMCSSL post-2015 LastPass Sources: https://lastpass.com/getlastpass1.php?n=1&mcomb=sa8Igu52I|139371277579|lastpass|e|i8rbbhb5l0|c&cvosrc=ppc.google.lastpass&cvo_campaign={campid}&cvo_crid=139371277579&Matchtype=e&gclid=Cj0KEQiA56_FBRDYpqGa2p_e1MgBEiQAVEZ6-xN6qxM8hJIeIHFK1giIVu1hazW-WoPAEwT9Ml5dYUQaAmPU8P8HAQ https://techcrunch.com/2015/10/09/logmein-acquires-password-management-software-lastpass-for-110-million/ Dashlane Sources: https://www.dashlane.com/ EMCSSL Source: https://www.cryptocoinsnews.com/long-passwords-cryptocurrency-emercoins-block-chain-supports-passwordless-authentication/ Blockchain ID Source: https://www.vice.com/en_us/article/blockhains-first-citizen-328 Blockchain ID is a digital form of ID…”designed to initially replace passwords” and then serve as a form of identity Problem Solution Business Model Competition Future

PassLock is Differentiated from the Competition through Consumer Ease Consumers do not need to make a conscious decision to opt-in to PassLock, making password security ubiquitous Unlike dominant industry players (LastPass, Dashlane) that charge consumers for multi-device protection, PassLock is device-agnostic Blockchain technology is more secure than LastPass and Dashlane that use encryption technologies Problem Solution Business Model Competition Future

Majority of Risks are Mitigatable Through Strong Push Marketing Strategy Target companies aren’t convinced of the need to change A well-resourced tech giant creates an internal solution Users don’t adopt Technology fails Risk: Convince large companies that this is a needed change Risk: Google, Facebook or some other big company could do this internally with more resources Mitigation: Our solution is across platforms, making it easy for the consumer Risk: User adoption is low Mitigation: x% of people feel that data is insecure, tap into this Risk: Technology fails Problem Solution Business Model Competition Future

Future Includes Complementary Product Introductions Target hacked companies Amplify proof of concept Free for any sites with <100K users Launch Strategy Full suite of password capabilities including auto-forms and credit card auto-fill Directly address current non-blockchain solutions Growth Strategy Dongle product extension aimed at super users Improved experience for users interested in paying more Corporate digital identities Builds on our current B2B customer base Problem Solution Business Model Competition Future

Two Financing Rounds are Required in the Next Year Seed Round Series A Amount: $500,000 Purpose: Bringing on five full time developers for the next year to develop the MVP Timeframe: Planning on closing round in the next 30 days Equity: Interested in giving an equity stake worth 10% of the pre-money valuation Amount: $2-4 million Purpose: Double development team as well as ramping up sales and marketing spend Timeframe: Summer 2018 Equity: Interested in giving an equity stake worth 15% of the pre-money valuation Problem Solution Business Model Competition Future