Check out all the on-demand sessions from the Intelligent Security Summit here.
Password security isn’t practical. Expecting users to create unique 12-digit passwords with a mix of upper and lowercase letters and special characters for dozens of apps isn’t scalable. Yet many organizations are reliant on passwords to control user access, which leads to data breaches like those experienced by PayPal.
As a result, many providers are looking toward passwordless authentication to identify users in a way that is resistant to credential theft.
One such vendor is authentication and user management vendor Descope, which today emerged from stealth and announced a $53 million seed funding round led by Lightspeed Venture Partners and GGCV Capital. The company’s authentication platform enables developers to create no-code authentication flows via drag-and-drop.
More broadly, the seed funding highlights the demand for passwordless approaches to cybersecurity to defend against phishing and social engineering threats.
Event
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Watch Here
Why password security is shifting to passwordless
For years passwords have presented significant risk to enterprises. According to the Verizon 2022 Data Breach Investigations Report, almost 50% of data breaches involve the use of stolen credentials.
This widespread exploitation of credentials has led to more and more interest in passwordless authentication. Providers including Google, Microsoft and Apple have attempted to develop solutions under the FIDO alliance’s vision of a common passwordless sign-in standard.
“Passwords are bad for both security and usability,” said Slavik Markovich, cofounder and CEO of Descope. “They are the leading cause of security breaches and the most common entry point for cybercriminals to achieve their goals. Passwords also cause friction throughout the user journey, leading to churn and a negative user experience.”
He added that, “recent developments such as FIDO2, WebAuthn, and passkeys have set the stage for a passwordless future. But this future will truly be attainable only when application developers have the tools and resources to easily add passwordless authentication methods to their apps.”
Descope is looking to contribute to this “passwordless future” by making it easier for developers to implement passwordless authentication as part of their own apps or services. After all, it’s complex and time-consuming for development teams to build these components from scratch.
Instead, Descope enables users to develop authentication flows via a drag-and-drop workflow editor. These no-code workflows enable developers to implement user access controls and get apps to market faster, without compromising on security.
The passwordless authentication market
Researchers anticipate that the passwordless authentication market will grow from $6.6 billion in 2022 to $21.2 billion by 2027 as more organizations look to protect themselves against social engineering, phishing and other forms of credential theft.
One of Descope’s main competitors is Stytch, a tool enabling developers to build authentication flows via an API as well as JavaScript and Mobile SDKs. In November 2021, Stytch raised $90 million in series B funding and achieved a valuation of $1 billion.
Another significant vendor in the market is Auth0, a Customer Identity Access Management (CIAM) vendor that enables organizations to define access roles for application and API end-users to implement dynamic access controls. Okta acquired Auth0 for $6.5 billion in 2021.
According to Markovich, the key differentiator between Descope and other providers is its use of workflows. “These no-code workflows abstract away the complexity of building authentication while still giving app builders control over their UX and UI,” he said.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25415594/Squad_Busters_key_art.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25416727/643866700.jpg)
