While Apple was busy fielding media inquiries about a hack into several celebrity iCloud accounts, two factor authentication service Authy was finalizing a $3 million funding round.
“When I talk to big online services, many of them are totally mortified of changing the user experience and educating the user base,” Authy president and COO Mark Boroditsky tells me by phone. He says most of the big companies are waiting for an authentication service to gain critical mass before adopting. Safe to say, Authy hopes to be that service.
So far, the company, which launched a year and a half ago, integrates with 1,000 sites including, Bitcoin wallet Coinbase, website optimizer CloudFlare, videogame watching platform Twitch, and Columbian online marketplace MercadoLibre. Authy also has plugins for many sites like WordPress and Google that super proactive users can download to add two-factor authentication to any of the services they already use. Authy has already seen some love on Reddit, but Boroditsky says individual user downloads aren’t what drive business, “I still think it’s a bit tech forward to add authentication on your own. I don’t think the broader market will adopt that way.”
However, he does think incidents, like the celebrity iCloud account password hacks, will help draw attention to that fact that password security is insufficient to safeguard digital belongings. Passwords, he says, were never meant to be a security solution. “Passwords were created 40 years ago on UNIX networks, not to authenticate but to say who’s on the network. The reality was, if you had made it to a terminal, you had already gotten past a security guard,” says Boroditsky.
Today hacking passwords is made easy by the amount of public information available on the web about any given individual, especially public personalities. Not only that, but there are automated processes for hacking password information and aggregating personal information online. Security assessment firm Immunity Inc highlighted this earlier this year with its Stalker tool, which created personal profiles with personal information found from the various corners of the web.
Boroditsky says that the way to make the user login experience with two-factor authentication less cumbersome is to have a single authenticator — meaning one authenticator for all your many accounts. Like using your Facebook account to log into other apps as opposed to having a different authenticator for every account. This round of funding will be used to help the company get integrated with more and bigger companies.
To date, Authy has $3.8 million in funding. Cryptocurrency Partners and Y Combinator invested in its seed round, though there is no additional investor information about Authy’s Series A.