Why you need 1Password or LastPass, and MetaCert to keep you safe

The world doesn’t need another internet security company. People need to know what’s safe.

Paul Walsh
6 min readJun 12, 2019


Why aren’t we safe?

With billions of dollars being invested in cybersecurity technologies, and billions of dollars in M&A deals every year, we still read about a data breach, or innocent people falling for a phishing scam every day of the week. So I probably don’t need to convince you that we have a problem with internet security. And it’s getting worse.

Look at the image below — it’s the landscape of cybersecurity companies. Isn’t it insane? And many of them sell hundreds of products and services. 🤯 100% of them are focused on trying to detect and prevent new threats.

The landscape of cybersecurity 🤯

SMBs are the most vulnerable to attacks

99% of all businesses in the US, Canada and UK are Small to Midsized Businesses (SMBs) — employing over 77 million people between them. I’m talking specifically about companies that employ between 1 and 499 people.

And their biggest concern is;

Targeted attacks against employees with phishing campaigns,


Ransomware — SMBs are more inclined to pay ransoms because they can’t afford the downtime and lack of access to critical data.

When the Better Business Bureau asked small business owners in North America:

“How long could your business remain profitable if you permanently lost access to essential data?”

  • Only about one-third said that they could remain profitable for more than three months.
  • More than half reported that they would be unprofitable in under one month.


You can employ 100 different security solutions and still be open to an attack — because it’s technically impossible for any security company to detect every new threat.


Employees are left to guess if a link is safe to open, or a website is safe to use. Telling them not to open emails from people they don’t know, doesn’t work. And telling them not to open suspicious links doesn’t work either.

It’s clear that allowing people to rely on their intuition isn’t safe. These are not sophisticated attacks — they are simple, social engineering tactics on people. People are always the weakest link when it comes to internet security.

What happens when big companies are breached

Most major breaches start with the same social engineering tactic described above.

Whenever there’s a major breach, millions of records are stolen and then sold on the dark web. Threat actors can search for specific individuals exposed across all breaches, paying very little for their login credentials. Once they have your login details for one breached site/service, the threat actor will attempt to sign into other sites and services with those details. Unfortunately most people tend to change the password only for the site or service that was breached. And most people use the same password for multiple sites and services. So, failing to change your password for other sites exposes you to cyberattacks.

Why 1Password and LastPass are great

I absolutely love password managers like 1Password and LastPass.They do one thing brilliantly — they make it easy for you to create long, difficult-to-crack, unique passwords.

By using a password manager you don’t have to worry about people cracking your passwords. And when a site or service you use is compromised, you won’t end up being compromised across other sites and services — because they will all use a unique password.

Password managers also help reduce the risk of you signing into a counterfeit (phishing) website. When you select “AutoFill” the password manager checks the domain you’re about to sign into, and if it doesn’t match the domain for your account, it will prevent you from signing in — making it impossible for you to fall for a phishing scam.

Password managers won’t always protect you from phishing sites 🥺

Password managers aren’t perfect when it comes to anti-phishing protection. I studied how 50 people use their password manager. I discovered that users don’t always use the “AutoFill” feature. This means they’re exposed to phishing sites. Almost every user I studied, copied the password from the manager — not all the time, but some of the time. In these instances, the password manager doesn’t check the domain — so users can fall for phishing sites.

“Verified-as-Safe” by MetaCert

We’ve already discussed how it’s impossible to stay head of every new threat. And the world doesn’t need another security company that tells you what’s dangerous.

A new approach is needed…

Like 1Password and LastPass, MetaCert is a browser-based security service. It tells you which links are safe, and which websites you can trust. Full protection across every channel when using a Mac or PC.

The software takes 30 seconds to install and 1 minute to learn how to use it. It adds a new shield to your browser toolbar. Whether you open a link inside your cloud service, email, Slack or other channel, or visit a website using your favorite browser, the MetaCert shield will turn green to indicate that you are safe — the link you just opened is safe, and the website or social media account you are visiting can be trusted. We call this “Verified-as-Safe”. It’s the complete opposite to every other security company in the world.

MetaCert does protect you from known phishing and malware sites (including sites that hijack your computer for the purpose of mining crypto), but it’s technically impossible for any company to detect every new threat — no matter how much AI and ML we integrate into their security solutions. So rather than focus on telling you what’s dangerous, MetaCert tells you what’s safe.

“If it ain’t green it shouldn’t be seen.”

Why you should use 1Password or LastPass AND MetaCert 🔒❤️

Here’s what would happen. You will have a very strong unique password for every site and service that you use. And you will always know when you are opening safe link, or signing into a trusted/safe website. Perfect combination.

Imagine if 1Password and LastPass integrated MetaCert 💡

MetaCert has a “Verified-as-Safe” API service designed for companies that want to protect their users/customers. It would take their developers less than 2 hours to integrate MetaCert’s six lines of code. 💪

How would customers benefit?

The 1Password and LastPass icon would turn green, or add a shield every time you visit websites that are verified as safe.

Even though we’re focused on “Verified-as-Safe” our phishing database is bigger and better than Google’s Safe Browser API — especially where cryptocurrency websites are concerned. For what it’s worth.

Get MetaCert

🔒 Our websites are old, and missing 90% of what we do and how. But you can install the security service discussed in this post from metacertprotocol.com/cryptonite — ignore the name and page content. It was originally designed just for crypto people. But it has since been opened up with millions of URLs Verified-as-Safe. Since December 2017, not a single person has fallen for a dangerous link or dangerous website while using this MetaCert.

👉 Tell Paul what you think by emailing him paul@metacert.com or by engaging with him on Twitter or Telegram. 🤓



Paul Walsh

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.