Several years ago, Noah Stanford teamed up with Michael Melone to found 0pass, a startup that aims to make it easier for companies to replace usernames and passwords with biometrics, like Touch ID and Face ID.
Relatively quickly, 0pass gained the attention of investors, including Y Combinator, recently closing a $3.5 million seed round led by Brett Gibson at Initialized Capital with participation from Y Combinator, Box Group, 645 Ventures and angel investors.
Prior to starting 0pass, Stanford joined SpaceX as a security engineer, leading the identity and authentication team. After helping to roll out authentication across SpaceX, he sought to commercialize the tooling he’d built at his previous employer.
“The primary difference between 0pass and other passwordless solutions is that 0pass is able to address passwordless login for all systems under one umbrella rather than just a subset,” Stanford explained. “This means that 0pass is able to handle passwordless login for Windows, Linux, Mac, remote access and websites — fully within the cloud or completely air-gapped.”
0pass’ products, which are available in on-premise and fully managed flavors, enable companies to enroll their employees into hardware authentication devices and biometric authentication such as Windows Hello and Touch ID. The company’s tooling, which uses private keys stored in secure hardware modules, enforces biometrics for access to workstations, apps and web apps and servers — allowing admins to manage authentication methods and tie user identity to security keys.
“0pass can integrate with private infrastructure, operating systems, identity providers and any user directories or certificate authorities,” Stanford explained. “Keys are tied to certificates to connect employee identity for authorization.”
0pass competes with a growing number of startups in the passwordless authentication market, which Statista projects will be worth $53.6 billion in 2030. Descope, a “developer-first” authentication and user management platform, recently emerged from stealth with $53 million in funding. There’s also Stytch, an API-first passwordless startup, and Magic, which offers “plug and play,” enterprise-oriented passwordless tech.
Fortunately for 0pass, demand remains strong for passwordless technologies. In a recent survey by Axiad, 82% of respondents — developers and IT and cybersecurity professionals — say that moving to passwordless authentication is in their top five priorities. One motivation? The potential cost savings. According to one source, organizations can save millions by switching to passwordless authentication — thanks to fewer data breaches and password resets, to name a few possible plusses.
As of May 2020, 150 million people were using passwordless logins each month, per a Microsoft report.
“Senior leadership is having to rethink how to secure accounts as traditional methods are repeatedly compromised,” Stanford said. “Taking a completely different approach and changing how every individual at the company logs in is a C-suite directive. Instead of adding more steps and complexity to employee logins, passwordless represents a new paradigm and addresses one of the largest security risks an organization faces.”
0pass moved out of private beta recently, and plans to onboard its first batch of enterprise customers in the coming weeks. Stanford says the company, which has four employees (possibly eight by the end of the year), has at least “several years” of runway, and will spend the proceeds from the round on product development and customer acquisition.