New York-based tech startup Beyond Identity launches with $30 million in funding to eliminate passwords and replace them with a chain of trust
Nickie Louise
Posted On April 14, 2020
The concept of a password has been around since the Roman military of 200 B.C. It is no wonder it has been used since the invention of computers. Passwords have also become a popular method to login to website, mobile apps and mobile devices. However, passwords are not as secure as most people think. They are fatally flawed and everyone knows it. That’s why Beyond Identity, a New York-based a network security startup, is on a mission to kill password once and for all and replace it with something more secure.
Beyond Identity is founded by Silicon Valley Icons Jim Clark and Tom Jermoluk. Having founded and led iconic companies including Netscape, Silicon Graphics, and @Home Network, today Beyond Identity announced its public launch with $30 million in Series A funding from co-leads Koch Disruptive Technologies, LLC (KDT) and New Enterprise Associates (NEA).
Along with the funding, the startup also announced the availability of its groundbreaking cloud-native passwordless identity management platform. Beyond Identity requires no central storage of passwords. This takes the target off your back and eliminates credential-stuffing attacks. The cloud-native platform provides a secure method of authenticating users and devices without passwords, by using the same secure and scalable approach – X.509 certificates and TLS protocol – that is already universally deployed and underpins billions of dollars in online transactions annually.
The solution creates a Chain of Trust™ that includes user and device identity and a real-time snapshot of a device’s security posture, all in an immutable package that is signed by a provably secure certificate. Initially targeted at businesses with an acute need to dramatically improve workforce and customer authentication and eliminate the risk of central password databases, Beyond Identity will also target individual consumers who hate passwords, struggle with password vault usability and security, and don’t trust the “login with” solutions offered by companies who monetize user data.
The Verizon 2019 Data Breach Investigations Report found that 80 percent of hacking-related breaches still involve compromised and weak credentials. Multiple analyst firms tracking the market to defend against these attacks size the identity and access management (IAM) market in excess of $20 billion, and growing furiously. Behind those numbers, however, are a range of markets for compensating controls that backstop the collapse of identity foundations – from password managers to multi-factor authentication (MFA) – that endeavor to reduce the massive and unstable attack surface represented by fundamentally flawed password-based authentication. Unfortunately, these additional layers don’t solve the core issue, but instead add complexity, and require extra steps for end users. The result is reduced employee productivity and revenue as consumers just give up when adding new accounts or abandon online transactions.
“Innovation should disrupt markets, not businesses. Disruptive innovation needs to advance security without introducing friction or complexity,” said Forest Baskett, General Partner at NEA. “Netscape ‘accidentally’ created markets in access and authentication for aspects of identity that weren’t addressed at the time. By going back to fundamentals and extending the Chain of Trust, Jim, TJ, and team have created a truly disruptive innovation that advances both security and usability equally.”
The successful and innovative history and continued collaboration in the present day between the two helped them revisit inherent identity weaknesses that existed from the early days of the Web, and drove them to go back to the core foundation to “reboot” primary authentication. The resulting effort – Beyond Identity – introduces the elegantly simple concept of the personal certificate authority and self-signed certificates. The solution leverages existing secure communications infrastructure and crypto standards to extend the trust boundary beyond server-to-server communications to include users and their devices. By doing so, it completely removes the need for “shared secret” password-based authentication approaches, and dependence on friction-laden compensating controls.
