Passwordless authentication company Descope Inc. today emerged from stealth and announced a giant $53 million seed funding round led by Lightspeed Venture Partners and GGV Capital for its platform that allows developers add user management and authorization to apps.
Descope provides a “developer-friendly” platform that makes it simple for developers to add passwordless authentication to any application with only a few lines of code using various manners of integration, such as no code/low code, its own software development kit and application programming interface.
All of this is designed to allow developers a way to maintain and deploy easier management of user authentication across any application they write without needing to spend the time and resources to build their own.
Passwords represent one of the worst parts of the user experience, argued Slavik Markovich, co-founder and chief executive of Descope. From his own experience starting companies, user authentication is a process that is never complete for any application and this became the driving principle for the company.
“We have built authentication and user management in-house for both business and consumer apps in our past lives. Every time, what started out as a sprint line item turned into a multi-year investment, taking our focus away from what we were meant to do,” said Markovich. “Our vision is to ‘de-scope’ authentication from every app developer’s daily work, so they can focus on business-critical initiatives without worrying about building, maintaining, or updating authentication.”
Part of this problem is that passwords are an easily targeted point of failure for users and a resource sink for developers. For users, complex passwords are difficult to come up with and easy to forget, scammers and hackers can trick users into giving them up using social engineering or what is known as phishing attacks. For developers, the resources needed for access controls, single sign-on, role management and compliance can take weeks if not months to build in-house.
To make matters worse, users get told that they have to use complex passwords to protect themselves so they turn to password managers in order to safely store and remember them. Then LastPass, one of the largest online free password managers, made headlines as recently as December for being hacked and having security issues going all the way back to 2015.
Fortunately, there are numerous open standards that provide passwordless authentication on the market now that are secure and user-friendly – these include FIDO2 and WebAuthn. Smartphones have also begun to lay the groundwork for a passwordless future using passkeys, which allow users to merely unlock their Google or Apple device to authenticate their login.
“Eighty percent of the attacks or compromises we see involve some form of identity or credential theft,” said George Kurtz, co-founder and chief executive of cybersecurity firm CrowdStrike. “With the rapidly changing nature of modern application development, builders need to care deeply about safeguarding identity and limiting authentication vulnerabilities.”
Using Descope’s platform developers can quickly and easily add passwordless authentication to their applications using any number of the methods described above including magic links, biometrics (using WebAuthn), authenticator apps and social logins. The platform allows for validation merging and management of identities for users as well as single sign-on and access control for enterprise users.
The platform is generally available today for developers and they can use it without charge in their applications for up to 7,500 monthly active users for customer-facing apps or 50 tenants for business apps.