7 Startups That Want to Replace All Your Passwords
In a recent article, we talked 6 Digital Identity Verification Startups to Check Out and noted the importance of knowing who is on the other end of a transaction. Once you’re authenticated though, security then falls on your ability to provide a unique set of characters referred to as a password. If you think about it for a moment, what we’re being asked to do in order to secure our online personas involves some ridiculous expectations. For each online account we have, we’re supposed to use a different password, each of which needs to have capital letters, numbers, and special characters (but not too special) without using any personal information or words. Then think about how many online accounts the average person has across the globe:
So we’re somehow supposed to remember upwards of 90 different unique passwords without writing any of them down because we all know what a huge security risk it is to write down passwords. What ends up happening is that you stick with one password and then start incrementing it as time goes on when you’re asked to change your password. The majority of people are at risk because of this security problem, and there are a number of startups out there looking to solve this problem.
Founded in 2006, this Irvine California startup has taken in $238.7 million in funding though the lion’s share of that was in the form of a $200 million private equity investment which closed just a few weeks ago. This latest funding round coincides with the acquisition of another startup called Core Security (backed by Morgan Stanley with $11 million total funding). The end result is a company that takes a “multi-layer” approach to authentication by looking at all sorts of variables such as:
- Device – Is this login from a device you normally use?
- IP Address – Looks up IP addresses that are known to be “bad actors”
- Location – Pretty easy to determine that you can’t log-in in NYC, then login in from Nigeria 1 hour later
- Behavior – Keystrokes and mouse movements as we see with startups like BioCatch
Using a combined set of variables such as the above examples, the company has managed to remove the need for a password entirely with a level of security that they claim is 3000X more secure than traditional 2-factor authentication.
Founded in 2009, New York startup Dashlane has taken in $52.5 million in funding to develop the world’s leading password manager and secure digital wallet. Last year more than 2.5 billion online accounts were compromised, and with the Dashlane app, you can mitigate all that risk by using one app and one password. It will save you something like 50 hours a year and it’s free so download it.
They make their money from a premium version that supports more than one device and also a solution for businesses. Maybe the nicest feature is that they’ll generate extra-strength passwords for each of your accounts so you can replace all that easy-to-guess stuff you had before. It’s all controlled through a single dashboard so you can sleep easy.
Update 04/12/2019: Dashlane has raised another $30 million in funding to further expand its product to include new features like Dark Web monitoring, which alerts users if their information is being passed around by hackers on the far reaches of the internet; and has added a VPN and identify theft protection. This brings the company’s total funding to $100.9 million to date.
Update 05/30/2019: Dashlane has raised $110 million in fresh funding to increase their product leadership, grow the team and build the brand that will define the future of digital identity protection This brings the company’s total funding to $210.9 million to date.
Founded in 2011, our next startup based out of Toronto surfaced in our article titled Biometric Authentication Provides Body of Evidence. At some point in the future, we would assume that everyone uses a form of biometric authentication for everything and that’s what Nymi is hoping. They’ve taken in $32.3 million in funding to develop the “Nymi Band” which is a wearable authenticator that can be used with any application, device or service to provide always-on authentication based on the unique pattern of your heartbeat. Here’s the device:
Maybe it’s just us but we’re not interested in carrying around another device that needs to be charged. We’re also not interested in any sort of workplace tracking devices that make sure we’re being good slaves. It’s hard to see such a device becoming pervasive across all individuals in modern society for the purpose of replacing passwords. A similar option is being offered by a Swiss startup called Biowatch which has taken in $1.2 million to replace your watch clasp with a similar device. None of our MBAs felt that they wanted to muck up their Rolexes with such a contraption so we’re not convinced this is the answer.
Founded in 2015, Arizona based startup Trusona has taken in $18 million in funding so far with $10 million of that coming from Microsoft in June of this year. They’re hoping to kill the password like everyone else is, and they’ve demoed their technology by enabling Salesforce with authentication that doesn’t require a password or a username. That authentication act you just saw can never be duplicated because it’s given a unique identifier based on time, location, accelerometer settings, etc. Since 80% of breaches are caused by static passwords, this improves security dramatically. Since 30% of call center volumes involve password resets, John in Mumbai is happy too.
Update 01/14/2020: Trusona has raised $20 million in new funding to work on new products and expand its existing services to new businesses. This brings the company’s total funding to $38 million to date.
Secret Double Octopus
Founded in 2015, Israeli startup Secret Double Octopus has taken in $7.5 million in funding so far to offer security across mobile, cloud and IoT platforms with a keyless authentication technology that’s based off of secret sharing algorithms used to protect nuclear launch codes. From the user’s perspective, everything remains simple with just a hassle-free mobile app. Behind the scenes there are no one-time-passwords, SMSes, or authentication tokens, all of which are susceptible to sophisticated hacking methods. SDO acts as the authentication hub at the workplace, and has introduced the first solution to replace the Active Directory password, used to connect to the work network as well as the PC itself.
Update 04/28/2020: Secret Double Octopus has raised $15 million in Series B funding to help it capitalize on the current climate of heightened security awareness by authenticating employees without passwords. This brings the company’s total funding to $22.5 million to date.
Founded in 1998, California based startup Confident Technologies has taken in $7.09 million in funding so far to develop image-based authentication solutions that offer an intuitive and secure access to one’s favorite websites and mobile applications. The way it works is to present the person trying to logon with a series of images that contain categories that are pre-selected:
The idea is that beforehand you would have chosen “cats” and then every time the picture comes up you just select all the pictures of cats. Seems like it wouldn’t take a genius to guess that the lady with cat pictures all over her Facebook profile probably chose cats as her category but the company must not see that as much of an issue. It can also send that image challenge to your smartphone for two-factor authentication which makes our concern a non-issue.
Founded in 2016, Swiss startup Futurae offers IT security solutions and smart authentication software that uses the environment itself as an authentication token with their software called Sound Proof. It’s quite an interesting solution which uses machine learning to make sure that your phone is actually in near proximity to the device you’re trying to authenticate with:
As you can see in the above diagram, both devices “listen” to ambient noise for a short duration and make sure that the two sound samples match. That match provides a high degree of certainty that both devices are in the same location and therefore the person who is trying to log in is the same person who owns the second device.
While all these companies offer unique solutions to solving the password problem, there’s also the notion of biometric authentication which would mean that you always authenticate using some feature of your body such as a fingerprint or a smile. We’ve largely omitted biometric companies in this article (except for Nymi and Biowatch), but you can check out our past article titled Biometric Authentication Provides Body of Evidence which also covers Nymi and another company called Hypr which just closed an $8 million Series A funding round. We’ve also “missed” dozens of other companies out there who are trying to replace the traditional password so we look forward to your emails and comments.
In the corporate world, the first thing you’ll notice is how everyone sucks up to each other and nobody is their real self because of corporate politics. The second thing you’ll notice is how you can access 100s of applications on your work machine without having to log in to any of them. This is called “single sign-on” or SSO and it is ideally where we’d like to be. For personal use, the closest thing you’ll get to that right now is Dashlane’s app. There’s an old acronym investors use which is SWAN and it means “Sleep Well At Night”. This refers to not having to constantly second guess yourself after you’ve made an investment. This also holds true for those 90 plus accounts you have out there right now all using the same password.
Go download Dashlane's free product and sort yourself out.