Beyond Identity, a New York-based startup developing passwordless identity management solutions, raised $75 million in venture capital. The company says the funds will be used to fuel expansion of Beyond Identity’s product capabilities and to expand its global footprint, which will entail signing on new distribution channels, OEM partners, and international sales and support reps.
A Google survey found that at least 65% of people reuse passwords across multiple, if not all, sites. Another recent survey found that 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway. That’s perhaps why compromised passwords are responsible for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report.
Beyond Identity, which was cofounded in 2010 by Netscape veteran Jim Clark and former telecom engineer Tom Jermoluk, replaces passwords with signed certificates. It extends the so-called chain of trust to end users and their devices using X.509, the standard defining the format of public key certificates used in protocols including TLS/SSL, the basis for HTTPS — the secure protocol for browsing the web.
Beyond Identity’s certificate-based approach provides a signed record of a given endpoint’s security posture at the time of login for adaptive, risk-based authentication and authorization. Admins can view this record to see who’s entering a perimeter, with complementary comprehensive and contextual data for threat monitoring and incident investigations.
Using the Beyond Identity Authenticator for MacOS, Windows, iOS, and Android, users can add or migrate to a new device without IT, HR, or help desk intervention, the company says, ostensibly saving time and reducing costs. Beyond Identity integrates with single sign-on solutions like Ping, Okta, and ForgeRock, enabling enterprise users to leverage established user login and identity delegation patterns for a seamless experience.
Beyond Identity says it supports customers whose workforces range from less than a hundred to hundreds of thousands of employees. It also claims to be working with businesses that wish to deploy its platform to tens of millions of end-user customers.
“Passwords are so repeatedly exposed that they have become a commodity for criminals. The result has been an exponential rise in account takeover fraud that is costing companies billions annually,” Jermoluk told VentureBeat via email. “Fundamentally strong authentication requires that companies completely eliminate passwords. But that is just the first move, not the end game. Forward looking companies are adopting continuous authentication, a new model that provides fundamentally strong, secure, risk-based access to significantly reduce exposure to account takeovers and to protect user privacy.”
The authentication services market is expected to grow from $507 million in 2016 to $1.61 billion by 2022, according to Markets and Markets. Among Beyond Identity’s competitors is Secret Double Octopus, which helps companies bypass passwords by allowing employees to authenticate their logins to apps through a simple “touch and go” process. There’s also Trusona, which recently raised $20 million to bring its passwordless authentication technology to more businesses. and Auth0, whose platform supports single sign-on through a universal flow that directs users to a centralized authorization server.
Beyond Identity’s series B announced today brings the startup’s total raised to date to $105 million. New Enterprise Associates led the round, with participation from Koch Disruptive Technologies and Clark.