By Paul Blinov
Jerry Wolverton was tired of juggling passwords.
Between himself, his wife and their three children, the family of five found themselves managing some 200 accounts, their login information all stored in a rapidly-filling little black book.
“We ran out of pages!” Wolverton recalls. “We had to start a new [book]. Our kids are all in school, and they come home with new passwords every semester, with new accounts.”
Of course, your computer can encrypt and remember your passwords for you. But even the largest companies have data breaches exposing those passwords and the information and access they protect. So for Wolverton, the inspiration for Stash was ultimately pretty simple: “there’s got to be a better way of doing this.”
Stash offers a unique system of password management: it’s a physical card that uses patent-pending technology to keep all your passwords safe, by storing them offline and thus far from any potential internet hacks. Powered by NFC technology — the same tech that powers tap payments for credit cards — in conjunction with a phone app, it allows your phone (and only your phone) to deliver passwords from the card when it’s activated by the press a button.
“We’re calling it our island technology: we put this physical island barrier that separates the online world with our password vault,” he says. “But on it, you have a physical button [on the card], creating an air-gap so you control that island. It’s not like someone can [create] a software solution and get around you. You physically control it.”
Wolverton notes that the Stash card never directly connects the stored password with the internet. Instead, the card acts as a one-part-at-a-time sort of go-between: it disconnects from the internet when it accesses its password storage, and disconnects from the password storage before it reconnects with the internet.
“So a would-be hacker could try and access that vault, or that island, but they’d just be stonewalled, ‘cause they can’t get past it,” he says. “But when you make a request, and you pass that information to the back end, we can then handle how to retrieve that information and then reconnect to the outside world, and automate signing in.”
Currently, Stash is only available to Android users, as there are some hurdles in applying it to Apple’s current software. You load the card up database through the app, and it can generate new passwords for your accounts, should you need them.
A mechanical engineer by trade, Wolverton had been mulling over the idea for a while, but it wasn’t until a few years ago that technology had advanced to make it seem feasible. And after connecting with entrepreneur Kevin Eliason — their kids were on the same soccer team, and turns out they went to the same small Saskatchewan high school, albeit almost a decade apart — Stash was on its way.
“He’s the operations guy — he really balances me out when I get bogged down in the engineering and the tech,” Wolverton says of Eliason. “He sets me straight: what do we need to do? what do we need to get done?”
They were also bolstered by being part of the Startup Edmonton community.
“Right at the very beginning, I reached out to them and walked through all their different programs there. I am an engineer, I’m not a sales/marketing person, all these things really stretch me,” Wolverton says. “I made a promise to myself to make sure I said yes as often as I could to a group like Startup Edmonton to be involved, to be able to put myself out there at every opportunity they would give me. And so I’ve been very grateful.”
Stash was one of Startup’s 2018 Launch Party companies, and now they’re one of nine Edmonton companies headed to Toronto to take part in Collision, a massive tech conference. Which is well-timed, as Stash’s development is entering its final pre-launch steps. They’re taking preorders for cards now.
“It’s amazing to be connected,” Wolverton says, of our online lives. “All the things that we can do, that makes a lot of sense. But we can’t make the internet safer. The only thing we do control is how we access the internet and those service providers, and that comes down to our passwords.”