Practical password security remains a challenging endeavor. Demanding users to generate unique 12-character passwords, incorporating a blend of uppercase and lowercase letters, as well as special characters, for numerous applications, presents scalability issues. Nevertheless, many organizations heavily rely on passwords as the primary means to regulate user access, a practice that has resulted in data breaches similar to those experienced by PayPal.
In response, numerous service providers are turning their attention toward passwordless authentication methods, which offer a robust defense against credential theft. One such notable player in this field is Descope, a company specializing in authentication and user management. Descope recently emerged from stealth mode, unveiling a remarkable achievement of securing a $53 million seed funding round, with prominent backing from Lightspeed Venture Partners and GGV Capital. The core of Descope’s offering is an authentication platform that empowers developers to construct authentication workflows without the need for coding skills, using an intuitive drag-and-drop interface.
This seed funding round underscores the growing demand for passwordless cybersecurity solutions, as organizations strive to fortify their defenses against phishing and social engineering threats.
Why password security is shifting to passwordless
Passwords have posed a significant risk to enterprises for years. According to the 2022 Verizon Data Breach Investigations Report, nearly half of all data breaches involve the illicit use of stolen login credentials.
The widespread abuse of these credentials has spurred growing interest in passwordless authentication. Key industry players such as Google, Microsoft, and Apple have undertaken initiatives to create solutions aligned with the FIDO alliance’s vision for a universal passwordless sign-in standard.
Slavik Markovich, co-founder and CEO of Descope, commented, “Passwords are detrimental to both security and user-friendliness. They stand as the primary catalyst for security breaches and serve as the most common entry point for cybercriminals pursuing their objectives. Moreover, passwords introduce friction into the user experience, leading to customer churn and negative feedback.”
He further noted that recent advancements like FIDO2, WebAuthn, and passkeys have laid the foundation for a passwordless future. However, realizing this future’s potential hinges on providing application developers with accessible tools and resources to seamlessly integrate passwordless authentication into their applications.
Descope aims to contribute to this envisioned “passwordless future” by simplifying the implementation of passwordless authentication within developers’ own applications or services. Recognizing the complexity and time constraints faced by development teams when building these components from scratch, Descope empowers users to construct authentication flows through an intuitive drag-and-drop workflow editor. These no-code workflows empower developers to establish robust user access controls and expedite their applications’ time-to-market, all while upholding stringent security standards.
The passwordless authentication market
Researchers project that the market for passwordless authentication will experience substantial growth, soaring from $6.6 billion in 2022 to an impressive $21.2 billion by 2027. This growth is fueled by the increasing number of organizations seeking enhanced security against threats like social engineering, phishing attacks, and credential theft.
Another noteworthy player in this market is Auth0, a vendor specializing in customer identity access management (CIAM). Auth0 equips organizations with the capability to define access roles for application and API end-users, facilitating the implementation of dynamic access controls. Notably, Auth0 was acquired by Okta for a substantial $6.5 billion in 2021.
What sets Descope apart from its competitors, according to Markovich, is its innovative use of workflows. He explains, “These no-code workflows simplify the complexities associated with building authentication systems while still granting app developers full control over the user experience and user interface.”