Descope, a company touting a low-code, password-less authentication solution, has raised $53 million in a seed round, looking to tackle the issue of costly password fraud as well as the consumer friction that comes both at account creation and with tracking numerous user IDs and passwords.
The unusually large seed round was led by Lightspeed Venture Partners and GGV Capital, with participation from Unusual Ventures, Dell Technologies Capital, Cerca, Tech Aviv, J Ventures and Silicon Valley CISO Investments. Individual investors included George Kurtz, cofounder and CEO of CrowdStrike, Microsoft board chairman John W. Thompson, Bipul Sinha, co-founder and CEO of Rubrik and Assaf Rappaport, co-founder and CEO of Wiz.
“Eighty percent of the attacks or compromises we see involve some form of identity or credential theft,” said Kurtz in a release. “With the rapidly changing nature of modern application development, builders need to care deeply about safeguarding identity and limiting authentication vulnerabilities. Descope is taking a unique approach to identity and raising the bar for cyber adversaries with their solution.”
Descope co-founders Slavik Markovich and Rishi Bhargava sold their previous security platform firm Demisto to Palo Alto Networks in 2019. They worked there for a couple years before starting their current firm in April 2022. The company is now coming out of stealth mode with the seed funding.
Bhargava said he and his partners have had “lots of conversations” with retailers about the friction and fraud inherent in password-based shopper onboarding, including a sneaker brand and a company focused on the Chinese market.
“That first login is the first touch, and retailers are usually losing money on the transaction, after spending a lot on marketing to attract them,” Bhargava said. “If they don’t get them as a repeat user, they lost that money. You really want to enable a seamless experience the first time and every time when they come in.”
While it’s fairly simple to create a username and password on a first visit to an ecommerce website, Bhargava said, most shoppers are opting to enter as a guest. That’s because they don’t want to be bothered, perhaps due to security concerns or they’re already overburdened with too many passwords. Too much login friction and they head off for a competitor, the experience acting as a virtual bouncer instead of a welcome mat.
“Everyone checks out as a guest, and the retailer doesn’t have their information,” he said. “Password-less authentication automatically creates an account for the user, so when they come back next time, all the information to initiate a transaction is there, creating a seamless experience.”
Descope allows developers to build either a business or user application for a biometric-based login experience or secure one-time passwords (OTP) with 10 lines of code. This in essence creates a user ID across devices for an individual. The biometric marker could be a thumbprint or a facial scan, whatever the company wants to use.
Descope is a member of the FIDO Alliance, a group supporting creation and adoption of password-less authentication. Recently, both eBay and Shopify have announced support for biometric authentication for their merchants and users.
Password-less authentication uses biometrics, OTPs or passkeys, the latter supported by standards from the FIDO Alliance and the Worldwide Web Consortium as well as the big 3 of Apple, Google and Microsoft. It means hackers can’t initiate credential stuffing or other password-based intrusions to gain access to a user account to make fraudulent purchases.
“Fraud naturally goes down,” Bhargava said. “The only way for them to login to your account is to have access to your phone, but even then, the device has a biometric authentication.”