There are far fewer annoying things than managing one’s passwords.
There are a bunch of companies out there to help you attempt to do that. And there’s also a number of companies that want to go a step further and eliminate the password completely.
One such company, Stytch, just raised $30 million in a Series A round of funding as it launches out of beta with its API-first passwordless authentication platform. The round caught our attention for a couple of reasons.
For one, this is the same startup that just months earlier announced it had raised a $6.25 million seed round led by Benchmark with participation from Index Ventures and a number of angels including Plaid co-founder William Hockey. That round was actually raised last summer around the time of Stytch’s founding, but only announced this year. Other angels that have backed the company include Figma co-founder and CEO Dylan Field, Very Good Security co-founder Mahmoud Abdelkader, startup advisor Elad Gil and early Stripe employee and Cocoon co-founder Amber Feng.
Thrive Capital led the Series A, which also included participation from Coatue Management and existing backers Benchmark and Index. The company declined to reveal its valuation, although sources say that it is “north of $200 million.”
Also notable about this round is that Stytch was founded by two former Plaid employees, Reed McGinley-Stempel (CEO) and Julianna Lamb (CTO), who built user authentication features that “millions” use to connect their bank accounts to apps like Venmo, Coinbase and Robinhood. The company was founded on the premise that passwords are no longer secure, and make companies easy targets for hackers and expose them to account takeover risk.
Lamb says that as she and McGinley-Stempel worked together at Plaid on user authentication, they realized how frustrating it is to build sign-up and login flows.
“In addition to it being complicated, it's resource intensive and error-prone to build in house,” she told TechCrunch. “The other thing that really frustrated us was that the core building blocks that all companies use for authentication had really significant security and conversion issues. It struck us that the web has improved in so many ways over the past few decades, but authentication is still stuck in the 1990s.”
Stytch claims that it simplifies the authentication process by giving developers and users the “tools and infrastructure to incorporate passwordless authentication methods into modern applications.”
Specifically, the team is creating “simple” APIs and SDKs (software development kits) that the founders say allow "any company to boost user onboarding and retention by removing passwords from their application, while improving security and saving significant engineering time in the process.”
Image Credits: Stytch
In its first year of operation, Stytch released its product in beta to more than 350 developers who have added passwordless features such as email magic links, SMS and WhatsApp passcodes and one-click user invitations into their user onboarding and authentication login flows. As mentioned above, Stytch launched out of beta this week to make all of the features publicly available in conjunction with the funding announcement.
"What we found is that it makes more sense to be more flexible with developers," Lamb told TechCrunch. "The thing that even surprised us about the API-first approach is that we now also have a handful of Fortune 500 companies using the product and the primary reasoning from their standpoint was one of the simplicity of getting set up on the platform. It took them an hour rather than the multiple months they sometimes spend with other providers. There is also the direct API piece where it's just a much more flexible way to think about workflows in onboarding or login."
Nearly 65% of users reuse passwords across accounts, which can pose major security threats and breach liabilities, according to a study conducted by Google. Also, many people struggle with remembering passwords and the password reset process can be so frustrating that many users just give up on the account.
This can negatively impact businesses that rely on e-commerce sites, who lose customers over that frustration.
Thrive’s Gaurav Ahuja, who is taking a seat on Stytch’s board with the funding round, believes that the startup’s product is specifically designed for improving sign-up conversion and user retention, and its customizable front end tools help companies get started “quickly.”
He said his firm talked to many developers who used it and saw “how impressed they were with the company’s best-in-class API docs and speed to go live.”
“Over the past several years we've seen that most authentication systems are both outdated and pose a security risk to users,” Ahuja told TechCrunch via email. “Stytch is addressing both of these issues head on.”
The new capital will be used to roll out more authentication options, including biometrics, WebAuthn, OAuth logins, QR codes and push notification login. The company also plans to launch additional user infrastructure features and to build out session management and advanced fraud detection solutions. Stytch also aims to hire 20 people by year’s end.
Stytch is not the only company out to kill the password. Boston-based Transmit Security in June raised a massive $543 million in Series A funding in what was believed to be the largest Series A investment in cybersecurity history and one of the highest valuations for a bootstrapped company. Microsoft has announced plans to make Windows 10 password-free, and Apple recently previewed Passkeys in iCloud Keychain, a method of passwordless authentication powered by WebAuth.