Passage raises $4M to bring biometric authentication to web browsers
Passage, an Austin, Texas-based company, has emerged from stealth with $4 million in funding to announce the public beta test of its passwordless log in that facilitates web application and browser access with biometric authentication methods already built into devices.
Cole Hecht, co-founder and CEO of Passage, says the idea was conceived as a solution to the lack of browser integration with biometrics, a technology he describes as “a kind of sci-fi,” despite strong biometrics already present in many devices. “This moment is unique to access those with web browsers but we’re not seeing it done,” Hecht told Biometric Update.
“A few lines of code”
Biometric login solutions such as Windows Hello and Apple’s Touch ID and Face ID have proliferated across the consumer electronics market. Passage aims to link those pre-existing biometric authentication methods to web browsers and web applications as a registration and log-in tool. Passage claims that with “a few lines of code” added to a website, developers can enable logins with built-in biometrics that negate the need for passwords.
Anna Pobletts, co-founder and CTO of Passage, says the platform anticipates situations when biometric authentication is not available on devices, and offers “magic links” as a solution. If a user is on a device with no biometric sensor, Passage will send an email or a text message with a link that will connect a device with a usable biometric sensor as a log in. Pobletts says one of the challenges with jumping from passwords to biometrics is juggling devices that do not share passwords, which they hope to rectify and create a “seamless experience” through magic links.
Beyond users, Passage is also a developer-focused operation. Hecht says developers are ultimately the ones building websites, which is why there is an emphasis on their needs. “Ultimately, developers are the ones building websites. Biometric authentication is safe and easy to use. Why isn’t it being used everywhere? Our conclusion is developers don’t have an easy way to use it,” answers Hecht.
As a result, Poblett says Passage seeks to be as easy as possible to use for developers. She says that Passage hands a login widget to developers which can be plugged in to a website to provide the whole experience. Hecht says they want developers to “have the ability to quickly use Passage and implement Passage in a matter of minutes.”
“Passage makes biometric passwordless authentication accessible to all developers and makes the open source standard WebAuthn easy to integrate in any environment,” comments Chris Aniszczyk, CTO, Linux Foundation. “Improving security practices should be top of mind for everyone and I highly encourage all developers to support passwordless authentication in their applications.”
Pobletts says that the closed private beta test gave the opportunity for the company to work with developers with different frameworks to use in side projects and receive feedback. Hecht describes the closed beta as a joy because of the opportunity to work with “smart developers from the best of the best companies.” One common theme learned from the closed beta was that developers have not seen biometrics used directly for web browsers. Hecht says the closed beta exposed developers to what is possible and gave them the “ah-ha” moment.
With potential customers, Poblett sees Passage working great on applications that focus on user conversions quickly, such as e-commerce. More broadly, she says Passage would match well with businesses that look to rapidly adopt users.
Poblett understands the nervousness around biometrics, the “I don’t know” with the technology. But she points out the risks of passwords based on the security gaps that allow for phishing attempts. On the other hand, Passage is tied to a specific domain on a specific website and device, which shields against phishing attacks, she says. To further assure users of Passage’s security, the company says that biometric data such as face and fingerprints will not leave the device and are not stored by the company.
As Passage exits the private beta phase for Passage into a public beta test, Hecht hopes that there will be more of what they company gained from the private test. “More developers using Passage, more opinions, more feedback, more feature requests. We want this to be a tool for developers to engage with us.”
“Passage is poised to change the fundamental way we interact with the Web,” says Creighton Hicks, partner at LiveOak Venture Partners, in a statement. LiveOak Venture Partners funded Passage with additional participation from Next Coast Ventures, Tau Ventures, Secure Octane, and various angel investors.
Hecht says the money will fund a new round of hiring to expand the team with more engineers and developers. “We’re developers developing for developers and there’s something virtuous about that. We can bring in more engineers to help build great things.” Passage says it intends to include support for additional authentication methods, extensibility features, mobile support, and additional guides to help developers get up and running in the coming months.
With the service that Passage offers, Poblett says it is “A message about a better way of authenticating on the internet.” She notes that passwords have been used for decades and have continued to become more unwieldly and complicated with security measures like two-factor authentication. She says it is possible to make it more secure and easy.
“There’s an assumption there’s trade-offs between security and user experience, but there’s not. It’s an exciting future to authenticate on the internet,” Poblett concludes.