We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Roughly 80% of data breaches are due to compromised passwords, according to reports, a figure made all the more sobering when you consider that cybercrime is estimated to cost the global economy $2.9 million each minute in 2020. Throw into the mix the $1 million the average large company reportedly spends on password resets annually, and it’s easy to understand the broad industry push toward alternative user authentication mechanisms.
In the past seven months alone, we’ve seen gargantuan sums of cash fly into companies tackling the “password problem.” Biometric authentication platform Transmit Security raised $543 million at a hefty $2.3 billion valuation; passwordless tech company Beyond Identity locked down $75 million in funding; Hypr secured $35 million; and Stytch nabbed $30 million. Elsewhere, two titans from the identity and access management (IAM) sphere joined forces when Okta acquired Auth0 for a whopping $6.5 billion.
Against this backdrop, Magic today announced it has raised $27 million in a series A round of funding to further commercialize its blockchain-powered identity authentication platform. The round, which was led by Northzone, featured a slew of high-profile VC and angel investors, including Tiger Global, Reddit cofounder Alexis Ohanian , and GitHub CTO Jason Warner.
The company launched in 2018 as Fortmatic, and its founders include CEO and former Docker product lead Sean Li; former Yelp software engineer Arthur Jen; and Jaemin Jin, a former software engineer at Apple, Amazon, and Uber. The San Francisco-based firm rebranded as Magic last May as it exited stealth with $4 million in seed funding. In the 14 months since, Magic claims it has grown its developer user base tenfold.
So what exactly is Magic, and how is it striving to differentiate itself?
In a nutshell, Magic aims to create the infrastructure to kill password-centric authentication using decentralized identity management. It’s ultimately about improving security, given that centralized identity management can spell disaster in the event of a breach. A plethora of recent examples highlight this, including some high-profile data breaches. A few months back, news emerged that an arsenal of private Facebook data was doing the rounds online, including email addresses, phone numbers, and Facebook ID numbers.
“When a few big companies house secrets — e.g. passwords — in a centralized way, one breached company puts billions of passwords on the internet at risk,” Li told VentureBeat. “Specifically, tech platforms like Google and Facebook act as centralized, single points of failure with ‘too big to fail’-level risks.”
With a decentralized approach, Magic “leverages key-based cryptography over passwords,” as Li puts it, with private keys secured and owned entirely by the users themselves.
“When users sign in with Magic authentication, no secrets are passed around, eliminating the chance for lost or stolen passwords,” Li said. “With a few lines of code, developers can leverage elliptic curve cryptography and public-private key pairs to authenticate users into applications.”
Any company or developer looking to embed secure passwordless identity management and login functionality into their applications while bypassing infrastructure belonging to big tech can use Magic’s plug-and-play software development kit (SDK) to unlock a range of authentication options. This includes email, with users offered a Slack-like experience that allows them to simply click on a “magic link” that is sent to their email address.
The SDK also supports the Web Authentication (WebAuthn) standard, which means Magic caters to biometrics or FIDO2 security keys, and the SDK also supports standard social logins. In the future, the company is planning to extend support to SMS, multi-factor authentication, and SAML single sign-on.
In terms of pricing, Magic adopts a metered billing approach that starts at around $0.0085 per login and is capped at $0.034 per monthly active user. If an application had 10,000 users, each logging in once per month, that would cost no more than $85. If each of those users logs in twice a month, that would be $170, and so on, through the first four logins per user each month. For more than four logins, Magic doesn’t charge anything extra.
Magic’s customers include product feedback platform UserVoice; AI-powered copywriting platform Copy.AI; and information markets platform Polymarket. But the problem Magic is ultimately trying to solve is not limited to any particular company type or size — every company is a software company these days, after all, and every company should be safeguarding its users’ private data. But doing so is often easier said than done, particularly in a world seemingly addicted to passwords.
“Authentication is complex,” Li said. “The beauty of Magic is that we abstract away all of the complexities. With Magic, enterprises get peace of mind with secure, extensible passwordless authentication that’s built to scale — all with a few lines of code.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.