1) Once I was logged into your app, it was unclear to me what my next step was... I saw "New App" under "Developers", but I wasn't sure what I was supposed to do there.
It is really there for developers to "Create an app". From a consumers point of view, if they did wish to login to the Byepass console, they can see/kill their live sessions (across all websites using Byepass), login stats, and delinking MFA credentials.
2) Is your app meant for the end user or website/app creators? Who benefits from using your service? I'm a website/app creator and I don't know why I would want to outsource the one thing that makes my users feel secure when coming to our app?
Byepass is designed to be a service incorporated by websites/apps, it isn't a consumer tool. Passwords are so broken, we register with an email address, then are alloed to login with some string of characters and not re-verify our email. We see password leak after leak, and then all the annoyances of forgotten passwords, which cause 30% of all online sales to be abandoned (actual Mastercard & Oxford uni study stat). Passwords are not secure, you are storing your keys in someone elses vault and you have no idea how secure it is, are they storing it in plain text? md5? etc???
Byepass adds a layer of security, and removes the old insecure passwords. Passwords are just what we are used to, thats why we think they are secure, because they are familiar. This can change.
3) While forgetting a password is massively annoying, there is a small sense of "security" I feel in that I had to type something in to access a website
a) did you type it? or was it saved by browser/password manager etc...
b) again this is just what we are accustomed to do, this can be retrained.
4) With the proliferation of services like LastPass and 1Password, how are you going to go about convincing users that are using those services? (these services do a pretty good job of removing much of the pain of having to remember a password)
The fact these services exist just proves how broken passwords are. Consumers are literally flocking to download apps or use services that avoid them having to use a password. By not using the password at all, they are cirvumventing the actual security check the password is there for; and this could be fixed for all by not having a password and replacing it with better tech.
5) Seems like SSO via FB, Google, GitHub and the like are pretty convenient to users already -- is there a benefit/upside that your service provides that these SSO services don't?
Yep, every one of those services require you to have a profile/account with them. It doesnt make sense to force people to use a 3rd-party service/company before they can access yours. Byepass doesn't require registration of users, it simply acts as an authentication layer to confirm the user is authorised against a given identifier/s.
