Investing in a passwordless future: These biometrics companies are reinventing identity security with facial and gesture recognition

Facial recognition
An employee demonstrates the facial recognition system for the NEC SMART STORE in Tokyo, Japan. Tomohiro Ohsumi/Getty
  • While the first Thursday in May is known as "World Password Day," it should be renamed World Passwordless Day, argues Joy Chik, a Microsoft executive in its identity division. 
  • Passwords are security hazards and memory hassles, leading companies of all sizes to try to figure out different ways to verify users' identities. 
  • While fingerprint-security was once quite popular, COVID-19 has put a damper on that – but new research says investment in facial and gesture recognition is booming. 
  • Here are a handful of security companies — including Okta, Nuance, and iProov — that investors should know about to understand this space. 
  • Visit Business Insider's homepage for more stories.
Advertisement

Passwords are security hazards and memory hassles and no amount of tips and tricks on World Password Day can change that. In fact, the first Thursday in May should really be renamed World Passwordless Day, argues Joy Chik, a Microsoft executive in its identity division. 

"The security and user experience are so much better when you go passwordless that this is no longer something in the future," she said. "It's here." 

One of the main alternatives to a memorized password — fingerprint security — has been wiped off the touchscreen of the future by COVID-19, according to new research out Thursday from ABI Research. 

"All traditional fingerprint security will take a hit," says the author of the report, Dimitrios Pavlakis, a digital security analyst at ABI Research. "You have to touch it, and in a pandemic that's a problem. Those sensors have to be disinfected."

Advertisement

Pavlakis' research found that as a result of fingerprints' decline, adoption of sophisticated biometrics – such as facial and gesture recognition – are "undergoing a forced evolution rather than an organic one," with new investment opportunities. 

Other analysts agree that biometric passwords are the future: 

"Biometrics have now shifted from a convenience to a necessity and going forward," says principal analyst at Acuity Market Intelligence Maxine Most. "Smart investment will reflect the new reality."

Where do we turn now for the future of sign-in security? That is a multi-billion-dollar question.

Advertisement

Here are 10 companies to watch in a quickly evolving passwordless identity space, fertile with investment opportunity. They may change the world, and make a lot of money doing it.

Advertisement

Ping Identity: Protecting half of the Fortune 100 with identity-security innovation

Andre Durand Ping founder
Andre Durand, founder of Ping Identity. Ping Identity

Ping Identity, a Denver-based firm founded in 2002, provides enterprises with multiple authentication methods for devices, including facial recognition, as well as multi-device verification, where users tap or swipe one device to be signed into another.

Employers can use its products to let workers sign in to multiple apps, including remote-work favorite like Zoom, Microsoft Teams, or Cisco WebEx, and companies can also use it on their websites to give their customers passwordless ways to sign in.

Ping Identity says that it counts over half of the Fortune 100 among its customers, including the 12 largest US banks, and four of the five largest healthcare plans. The company went public in 2019, and stock is near an all-time high, despite missing earnings expectations this week.  

Advertisement

BioCatch: Raising $145 million during an economic downturn

Howard Edelstein, CEO BioCatch
Howard Edelstein, BioCatch's CEO. BioCatch

The 150-employee, Tel Aviv-based startup BioCatch is one of the rare beneficiaries of the global coronavirus pandemic: It sells banks biometric sign-in technology for smartphones at a time that no one wants to risk contamination by touching a public keypad.

BioCatch analyzes many aspects of a person's interaction with a device, including how fast you click with a mouse or your finger. The basic idea is that its behavioral analytics can tell whether it's really you clicking into your bank account or someone else entirely (for example, it would deny entry to a scammer hopped up on Red Bull trying to access an elderly person's bank account).

It's technology is more important now than ever, as a remote workforce signs into multiple devices from many different locations, instead of all sitting down in an office together to log in, says Dewey Awad, managing director at Bain Capital Tech Opportunities.

"If someone is potentially wiring transfers of hundreds of millions of dollars with their smartphone from the couch," he said, "You bet banks want every bit of data proving they are who they say they are."

Bain Capital Tech Opportunities just led a $145 million investment round in the biometrics company, along with 40 other institutions, including American Express Ventures (American Express is also a customer).

"We concentrate on fintech because the [return on investment] is so bloody compelling," says Howard Edelstein, BioCatch's CEO. He estimates that his firm saves big banks 10 to 15 times what they pay in fraud prevention.

Advertisement

Beyond Identity: Killing the password they helped to create

Clark and Jermoluk
Jim Clark and Tom Jermoluk of Beyond Identity Beyond Identity

Beyond Identity sells software that users download to a device: Once it's installed, users access their laptop or phone the way they ordinarily would – with facial recognition or a fingerprint, for instance – and from then on, everything they access on their device knows who they are, no password required. 

This newly launched startup's founders helped the world get into the whole password mess in the first place.

Jim Clark and Tom Jermoluk, executives at the pioneering web browser Netscape 25 years ago, just pulled in a $30 million Series A funding round from Koch Disruptive Technologies and New Enterprise Associates.

 

Advertisement

iProov: Identity startup trusted by governments gets into browser security

andrew bud iproov
Andrew Bud, CEO of iProov iProov

London-based iProov says it has helped 3 million people confirm their identity to banks and other high-security organizations with mobile facial recognition. The 60-employee iProov has now expanded into a web browsers identification product that allows users to securely "iProov" themselves on their laptop and desktop computers, tablets, kiosks, and other devices.

"You simply authenticate yourself with biometrics," CEO and founder Andrew Bud says. "It remembers you even when you haven't visited a site for months, providing exceptional usability and outstanding security to remove the frustration with passwords and make everyone's lives better."  

The nine-year-old startup is privately funded and has received support from UK government grants and customers include the US Department of Homeland Security, the UK Home Office, Standard Bank in South Africa, and ING in the Netherlands.

Advertisement

Yubico: The key to a passwordless future

Stina Ehrensvard  CEO Yubico
Stina Ehrensvard, CEO of Yubico Yubico

The privately held Swedish company, founded in 2007, became famous for securing all Googlers' computers with its little gold keys – a hardware solution in a software market.

Yubico has been expanding its offerings to enterprise subscription and delivery models for providing businesses with the Yubikeys – which are inserted in computers to verify identity – and smaller keys that are tapped on mobile devices to log in.

In a recent report, Yubico found that most people would prefer a method of protecting accounts that doesn't involve passwords.

Like Microsoft, Yubico is a leading contributor to the FIDO2 passwordless authentication standards.

"Standards, in general, are a good way to get industries to move forward at scale," Stina Ehrensvärd, CEO and Co-Founder of Yubico, told Business Insider. "That approach can help us get rid of the biggest security threat today – passwords." 

Advertisement

Okta: Cloud-based identity management firm growing fast

Okta Todd McKinnon
Okta CEO Todd McKinnon Okta

San Francisco-based Okta is a fast-growing Ping competitor that is cloud-based and primarily aimed at smaller enterprises. Okta lets IT managers easily control employees' access to applications and devices. Like Ping, it offers multi-device verification, where users tap or swipe one device to be signed into another, without having to remember many different passwords. 

"Okta connects any person with any application on any device," the firm says in a highly approachable introduction

In March Okta announced total 2019 revenue of $167.3 million, and its stock is also at an all-time high

Advertisement

Nuance: Shucking passwords by using voice identification

Mark Benjamin CEO of Nuance
Mark Benjamin CEO of Nuance Nuance

Voice-recognition pioneer Nuance, headquartered in Burlington, Massachusetts, dates back to the 1990s, when it was a spinoff from Silicon Valley's SRI International. (It's also part of Siri's family tree.)

That makes the 8,200-employee company ancient for the biometrics space. Its biometrics can identify and verify customers on the phone based on patterns of speech, vocabulary, and even how someone taps on a phone when they text.

"With online activity skyrocketing and organizations tasked with supporting remote workers without compromising security, the role of biometrics has become paramount," says Brett Beranek, vice president of security and biometrics for Nuance. "With uncertainty often comes innovation and that innovation could be what redefines how we are protected in the future."

Last quarter Nuance saw a 10% jump in its stock due to growth in its cloud-based products. 

Advertisement

SenseTime: The blacklisted, multi-billion-dollar startup behind China's digital currency

sensetime_match
SenseTime specializes in systems that analyze faces and images on a huge scale. SenseTime/YouTube

The Chinese start-up SenseTime went from one of the most valuable startups in the world two years ago to blacklisted by the White House in October 2019.

Founded in 2014, SenseTime specializes in systems that analyze faces and images on a huge scale, that allows China's companies to use facial recognition software instead of passwords. And the company has gone far beyond that, selling its facial recognition products to police forces, prisons, and retailers looking to understand who buys which products in stores. The firm has hundreds of clients and partners, including Huawei and Weibo, and the startup has signed a deal with China's central bank that is reportedly overseeing the development of the economic superpower's digital currency and accelerating the implementation of AI technology in China's financial industry. 

Alibaba led the startup's $600 million funding round in 2018, which at the time brought it an eye-popping $7.5 billion valuation. In December, Reuters reported the firm was expected to reach 2019 revenue of $750 million, a decline from expectations.

Advertisement

Megvii: The other controversial Chinese identity-security company

China FacialRecognition Megvii FacePlusPlus (20 of 27)
Harrison Jacobs/Business Insider

Megvii is another China-based facial recognition startup steeped in drama and black-listed by the White House in October that sells facial and gesture-recognition technology to replace traditional passwords.

Both companies have found themselves mired in ethical debates from abroad, as privacy and freedom advocates in the US and other countries caution against China's widespread use of facial recognition. 

Megvii raised $460 million in 2018, around the time the Chinese government unveiled a plan to develop an AI industry worth $150 billion by 2030. 

The SenseTime rival is considering going public on Shanghai's recently opened STAR Market, according to the South China Morning Post, the company. That doesn't mean investment is impossible, just more ungainly.

"Backers face longer lockups and capital controls, but they should get better valuations," Reuters advised.

Read what it's like inside the Beijing headquarters of Megvii.

Advertisement

Microsoft: Passionate proponent of passwordless industry standards.

Joy Chik, CVP, Microsoft Identity, Cloud & Enterprise
Joy Chik, CVP, Microsoft Identity, Cloud & Enterprise Microsoft

Microsoft wants to get rid of passwords entirely.

Joy Chik says that 90% of Microsoft employees are passwordless today using the company's alternative identification options, Windows Hello, the Microsoft Authenticator, and FIDO2 security keys.  

Chik is a passionate adherent to the passwordless guidance agreed upon by the The FIDO (Fast IDentity Online) Alliance, an open industry association launched in 2013. In December, Apple – seen as a last holdout – joined the alliance, which Chik says should allow faster adoption of passwordless security in an agreed-upon form.

"We all know that passwords are not secure, expensive to manage, and frustrating for users," she wrote in a blog post earlier this year. "The time to get ready for a world without passwords is now."

Tech Cybersecurity
Advertisement
Close icon Two crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.