Today, we are delighted to announce that Descope has raised $53M in seed financing, led by Lightspeed Venture Partners and GGV Capital and with participation from Dell Technologies Capital, Tech Aviv, J Ventures, Unusual Ventures, Cerca Partners, and Silicon Valley CISO Investments (SVCI). This round also includes notable angel investors such as George Kurtz, John W. Thompson, Bipul Sinha, Assaf Rappaport, Nir Polak, Eyal Manor, and many others.
We are grateful for the trust placed in us by our partners and are determined to achieve the mission in front of us: building a frictionless, secure authentication and user management service for every application developer. And we mean every application developer – whether you’re on team no-code, lean towards SDKs, or think API-first, Descope has an implementation flavor that suits your preferences. You can sign up and start using our service today – we would love any feedback you have to make it better.
In this blog, I’d like to walk through why my founding team and I decided to go down the entrepreneurial path once again, why we feel authentication is ripe for disruption, and why the right time is now.
Team
“In life, it’s not where you go, it’s who you travel with.” – Charles M. Schulz.
When stripped down, companies are simply a collection of people and the ideas they bring to the table. Time and again, the team we’ve assembled at Descope has brought ambitious ideas to the table, executed on them, and had barrels of fun in the process.
Whether it was helping create a new security orchestration market category with Demisto or shoring up database security with Sentrigo, this team has worked together over the decades on different problems and in different market conditions. We have learned not to be too flippant during good times and not to be too downhearted during down times.
We are now back at the starting line with Descope, doing our warm-up stretches with some trepidation and lots of excitement. The future will pan out how it must, but we know a few things will be true regardless: that we really enjoy working with each other, that we love creating useful solutions to solve practitioners’ problems, and that we pride ourselves on truly listening to and uncovering our customers’ needs.
And boy, are there customer needs.
TAM
In the multiple companies our team have created together, we always ran into the question of user authentication and whether we should build it ourselves. We always did. Every single time, what started out as a line item in a single sprint turned into a multi-year investment as our companies grew.
What we’ve learned from speaking to many application builders, and also from years of lived experience, is that authentication is never finished for any application.
If you’re building a consumer app, you may be tempted to quickly implement a username-password process in-house. But you will soon find yourself spending time on reset flows, password storage, adding fraud and bot prevention controls, fielding help desk tickets for forgotten passwords, adding OTPs and social logins as your user base expands… and the list goes on.
For business apps, the list is even longer. If you’re building authentication in-house for a B2B app, be prepared to spend resources setting up multi-tenancy, implementing per-tenant authorization, automating user provisioning, figuring out the SAML and SCIM standards, tackling access control, et al. What’s more, this list starts early on in your company’s journey if you plan to sell to enterprises. Simply adding single sign-on (SSO) functionality can take accomplished engineering teams months of effort.
The bottom line for any application team is: if authentication and user management are not core parts of the service you’re offering, why are you spending time and effort like they are? We have both the meeting notes and the battle scars to prove that authentication doesn’t need to be reinvented every time you build a new app.
As an app builder, the only things you should care about with respect to authentication are that it shouldn’t cause user friction and that it shouldn’t lead to security risks.
Speaking of something that causes both user friction and security risks…
Timing
…passwords. Bad for usability, bad for security, bad for app developers. While this has always been the case, there now seems to be a distinct and growing appetite for a passwordless future.
Users are now voting with their wallets, with a recent study finding that more than 18% of Amazon and ASOS users abandoned their cart due to forgotten passwords or clunky reset processes.
Identity-based attacks have never been more rampant, with 80% of basic web application attacks now attributed to the use of stolen credentials. Regrettable recent breaches at password managers continue to lend credence to our belief that the best password is no password.
Most encouragingly, there are now multiple alternatives to knowledge-based authentication that are more secure, user-friendly, and interoperable. Open standards like FIDO2 and WebAuthn have laid important groundwork for consumers to use their devices as an authentication factor. Companies like Apple and Google have already rolled out passkeys in a bid to phase out passwords in the coming decade. And with more than 66% of smartphone users projected to use device-native biometrics by 2024, the average Internet user is now well aware of passwordless authentication methods.
It will take all hands on deck to realize a passwordless future. At Descope, our aim is to make building passwordless authentication feel as intuitive for app developers as using passwordless authentication is for app users.
If what you’ve read here makes you curious to try our service, sign up here and become a Descoper. If you want to go one step further and help us build Descope, we are hiring. You can expect stimulating and impactful work, a high level of ownership and independence, and enterprise-grade coffee.
Unlike authentication, this blog is now finished. Thanks for reading!