Access Control
Auto Added by WPeMatico
Auto Added by WPeMatico
“There is no doubt that over time, people are going to rely less and less on passwords… they just don’t meet the challenge for anything you really want to secure,” said Bill Gates.
That was 17 years ago. Although passwords have lost some of their charm, they have so far survived many attempts to kill them for good.
The perception of high cost and tricky implementations has stalled some smaller businesses from ditching passwords. But alternatives to passwords are affordable, easy to implement and safer, show industry insights gathered by Extra Crunch. The move to zero trust systems is acting as a catalyst.
First, a primer. Zero trust focuses on who you are, not where you are. Zero trust models require companies to never trust any attempt to access its network, and must verify every single time — even from logins from inside the network. Passwordless tech is a key part of zero trust models.
There are several alternatives for passwords, including:
Wolt, a Finnish food-delivery site, is just one example of going passwordless.
“The user registers by entering their email address or a phone number. Login to the app takes place by clicking the temporary link in the user’s inbox. The app on the user’s mobile phone places an authentication cookie, which enables the user to continue from that device without having to go through any further authentication,” said Erka Koivunen, CISO at F-Secure.
In this case, the service provider is in full control of the authentication, allowing it to set expiration time, revoke service and detect fraud. The service provider does not need to count on the user’s commitment to keep track of their passwords.
Passwordless tech is not inherently costly but may take some adjustment, explained Ryan Weeks, CISO at managed service provider Datto.
“It is not necessarily costly in terms of monetary investment, because there are a lot of easily accessible open-source alternatives for multi-factor authentication that don’t require any sort of investment,” said Weeks. But some companies believe passwordless tech may cause friction to their employees’ productivity.
Koivunen also dismissed that zero trust models are unaffordable for startups.
“Zero trust recognises the futility of forcing users to authenticate themselves by presenting something they should keep as secret. Instead, it prefers to establish the user’s identity using some context-aware method,” he said.
Zero trust goes further than authenticating users; it also includes the device and the user.
“From a zero trust perspective, there is an idea that there is a continuous authentication or revalidation of trust occurring. Therefore, passwordless in a zero trust model is potentially easier for the user and more secure as the combination of the ‘something you have’ and ‘something you are’ factors are more difficult to attack,” said Datto’s Weeks.
Larger companies, like Microsoft and Google, already offer zero trust technologies. But investors are also eyeing smaller companies that offer zero trust for growing companies.
Axis Security, a zero trust provider that allows remote employees to access their company’s network, raised $32 million last year. Beyond Identity raised $75 million in funding in December. And Israel identity validation startup Identiq raised $47 million in Series A funding in March.
Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, product-market fit, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20% off tickets right here.
Powered by WPeMatico
Google today announced a new autofill experience for Chrome on mobile that will use biometric authentication for credit card transactions, as well as an updated built-in password manager that will make signing in to a site a bit more straightforward.
Chrome already uses the W3C WebAuthn standard for biometric authentication on Windows and Mac. With this update, this feature is now also coming to Android .
If you’ve ever bought something through the browser on your Android phone, you know that Chrome always asks you to enter the CVC code from your credit card to ensure that it’s really you — even if you have the credit card number stored on your phone. That was always a bit of a hassle, especially when your credit card wasn’t close to you.
Now, you can use your phone’s biometric authentication to buy those new sneakers with just your fingerprint — no CVC needed. Or you can opt out, too, as you’re not required to enroll in this new system.
As for the password manager, the update here is the new touch-to-fill feature that shows you your saved accounts for a given site through a standard Android dialog. That’s something you’re probably used to from your desktop-based password manager already, but it’s definitely a major new built-in convenience feature for Chrome — and the more people opt to use password managers, the safer the web will be. This new feature is coming to Chrome on Android in the next few weeks, but Google says that “is only the start.”
Powered by WPeMatico
We need to go hands-off in the age of coronavirus. That means touching fewer doors, elevators, and sign-in iPads. But once a building is using phone-based identity for security, there’s opportunities to speed up access to WIFI networks and printers, or personalize conference rooms and video call set-ups. Keyless office entry startup Proxy wants to deliver all of this while keeping your phone in your pocket.
“The door is just a starting point” Proxy co-founder and CEO Denis Mars tells me. “We’re . . . empowering a movement to take back control of our privacy, our sense of self, our humanity, our individuality.”

With the contagion concerns and security risks of people rubbing dirty, cloneable, stealable key cards against their office doors, investors see big potential in Proxy. Today it’s announcing here a $42 million Series B led by Scale Venture Partners with participation from former funders Kleiner Perkins and Y Combinator plus new additions Silicon Valley Bank and West Ventures.
The raise brings Proxy to $58.8 million in funding so it can staff up at offices across the world and speed up deployments of its door sensor hardware and access control software. “We’re spread thin” says Mars. “Part of this funding is to try to grow up as quickly as possible and not grow for growth sake. We’re making sure we’re secure, meeting all the privacy requirements.”
How does Proxy work? Employers get their staff to install an app that knows their identity within the company, including when and where they’re allowed entry. Buildings install Proxy’s signal readers, which can either integrate with existing access control software or the startup’s own management dashboard.
Employees can then open doors, elevators, turnstiles, and garages with a Bluetooth low-energy signal without having to even take their phone out. Bosses can also opt to require a facial scan or fingerprint or a wave of the phone near the sensor. Existing keycards and fobs still work with Proxy’s Pro readers. Proxy costs about $300 to $350 per reader, plus installation and a $30 per month per reader subscription to its management software.

Now the company is expanding access to devices once you’re already in the building thanks to its SDK and APIs. Wifi router-makers are starting to pre-provision their hardware to automatically connect the phones of employees or temporarily allow registered guests with Proxy installed — no need for passwords written on whiteboards. Its new Nano sensors can also be hooked up to printers and vending machines to verify access or charge expense accounts. And food delivery companies can add the Proxy SDK so couriers can be granted the momentary ability to open doors when they arrive with lunch.
Rather than just indiscriminately beaming your identity out into the world, Proxy uses tokenized credentials so only its sensors know who you are. Users have to approve of new networks’ ability to read their tokens, Proxy has SOC-2 security audit certification, and complies with GDPR. “We feel very strongly about where the biometrics are stored . . . they should stay on your phone” says Mars.
Yet despite integrating with the technology for two-factor entry unlocks, Mars says “We’re not big fans of facial recognition. You don’t want every random company having your face in their database. The face becomes the password you were supposed to change every 30 days.”

Keeping your data and identity safe as we see an explosion of Internet Of Things devices was actually the impetus for starting Proxy. Mars had sold his teleconferencing startup Bitplay to Jive Software where he met his eventually co-founder Simon Ratner, who’d joined after his video annotation startup Omnisio was acquired by YouTube. Mars was frustrated about every IoT lightbulb and appliance wanting him to download an app, set up a profile, and give it his data.
The duo founded Proxy in 2016 as a universal identity signal. Today it has over 60 customers. While other apps want you to constantly open them, Proxy’s purpose is to work silently in the background and make people more productive. “We believe the most important technologies in the world don’t seek your attention. They work for you, they empower you, and they get out of the way so you can focus your attention on what matters most — living your life.”
Now Proxy could actually help save lives. “The nature of our product is contactless interactions in commercial buildings and workplaces so there’s a bit of an unintended benefit that helps prevent the spread of the virus” Mars explains. “We have seen an uptick in customers starting to set doors and other experiences in longer-range hands-free mode so that users can walk up to an automated door and not have to touch the handles or badge/reader every time.”

The big challenge facing Proxy is maintaining security and dependability since it’s a mission-critical business. A bug or outage could potentially lock employees out of their workplace (when they eventually return from quarantine). It will have to keep hackers out of employee files. Proxy needs to stay ahead of access control incumbents like ADT and HID as well as smaller direct competitors like $10 million-funded Nexkey and $28 million-funded Openpath.
Luckily, Proxy has found a powerful growth flywheel. First an office in a big building gets set up, then they convince the real estate manager to equip the lobby’s turnstiles and elevators with Proxy. Other tenants in the building start to use it, so they buy Proxy for their office. Then they get their offices in other cities on board…starting the flywheel again. That’s why Proxy is doubling down on sales to commercial real estate owners.
The question is when Proxy will start knocking on consumers’ doors. While leveling up into the enterprise access control software business might be tough for home smartlock companies like August, Proxy could go down market if it built more physical lock hardware. Perhaps we’ll start to get smart homes that know who’s home, and stop having to carry pointy metal sticks in our pockets.
Powered by WPeMatico
Fifty iPads were stolen from Verkada co-founder Hans Robertson’s old company. Only when they checked the security system did they realize the video cameras hadn’t been working for months. He was pissed. “The market lagged behind the progress seen in the consumer space, where someone could buy high-end cameras with cloud-based software to protect their home,” Verkada’s CEO and co-founder Filip Kaliszan tells me of his own attempt to buy enterprise-grade security hardware.
Usually, startups ascend on the backs of fresh technologies and developer platforms. But Kaliszan and Robertson realized that commercial security was so backward that just implementing the established principles of machine vision and the cloud could create a huge company. The plan was to keep data secure yet accessible and train its cameras to take clearer photos when AI detects suspicious situations instead of just grainy video.

At first, few could see the vision through the slow upgrade cycles and basement security rooms common with most potential clients. “The seed and the A were extremely difficult rounds to raise compared to the later rounds because people didn’t believe we could execute what were are proposing,” Kaliszan glumly recalls.
But today Verkada receives a huge vote of confidence. It just raised an $80 million Series C at a stunning $1.6 billion post-money valuation thanks to lead investor Felicis Ventures writing Verkada its biggest check to date. The cash brings Verkada to $139 million in funding to sell dome cameras, fisheye lenses, footage viewing stations and the software to monitor it all from anywhere.
Why sink in so much cash at a valuation triple that of Verkada’s $540 million price tag after its April 2019 Series B? Because Verkada wants to bring two-factor authentication to doors with its new access control system that it’s announcing is now in beta testing ahead of a Spring launch. Instead of just allowing a stealable key fob or badge to open your office entryway, it could ask you to look into a Verkada camera too so it can match your face to your permissions.

“Our mission is to be the essential physical security software layer for every building, and the foundation of a larger enterprise IoT infrastructure,” Kaliszan tells me. By uniting security cameras and door locks in one system, it could keep banks, schools, hospitals, government buildings and businesses safe while offering new insights on how their spaces are used.
The founders’ pedigrees don’t hurt its efforts to sell that future to investors like Next47, Sequoia Capital and Meritech Capital, which joined the round. Robertson co-founded IT startup Meraki and sold it to Cisco for $1.2 billion. Kaliszan and his other co-founders Benjamin Bercovitz and James Ren started CourseRank for education software while at Stanford before selling it to Chegg.

Making a better product than what’s out there isn’t rocket science, though. Many building security systems only let footage be accessed from a control room in the building… which doesn’t help much if everyone’s trying to escape due to emergency or if a manager elsewhere simply wants to take a look. Verkada’s cloud lets the right employees keep watch from mobile, and data is also stored locally on the cameras so they keep recording even if the internet cuts out. “Our competitors stream unencrypted video and it’s on you to protect it. We’re responsible for handling that data,” Kaliszan says.
Verkada’s machine vision software can make sense of all the footage its cameras collect. “We can immediately show them all the video containing a particular person of interest rather than manually searching through hours of footage,” Kaliszan insists. “Our platform can use AI/machine learning to recognize patterns and behaviors that are out of the norm in real time.”
For example, a hostage negotiator was able to use Verkada’s system to assess whether a SWAT team needed to invade a building. Verkada can group all spottings of an individual together for review, or scan all the footage for people wearing a certain color or with other search filters.

Indeed, 2,500 clients, including 25 Fortune 500 companies, are already using Verkada. In the last year it has tripled revenue, partnered with 1,100 resellers, launched nine new camera models, added people and vehicle analytics, opened its first London office and is on track to grow from 300 to 800 employees by the end of 2020.
“We call this reinvention,” says Felicis Ventures founder and managing director Aydin Senkut. “One thing people underestimate is how big this market is. Honeywell is valued at $110 billion-plus. There’s a Chinese company that’s over $50 billion. The opportunity to be the operating system for all buildings in the world? Sounds like that market couldn’t be better.” Senkut knows Verkada works because he had it installed in all his homes and offices.
Most enterprise software companies don’t have to worry about the complexities of hardware supply chains. There’s always a risk that its sales process stumbles, leaving it stuck with too many cameras. “We’re still burning money. We’re not there yet or we wouldn’t be raising venture. Because we’re going after a mature market, you can’t come at it with a model that doesn’t make sense. Investors come at it from a hard-nosed approach,” Robertson admits.

“People have a tendency to write off Verkada as a boring camera company. They don’t realize how access control as the second product is going to supercharge the company’s potential,” Senkut declares.
One bullet Verkada dodged is the one firmly lodged in Amazon’s chest. Ring security cameras have received stern criticism over Amazon’s cooperation with law enforcement that some see as a violation of privacy and expansion of a police state. “We don’t have any arrangements with law enforcement like Ring,” Kaliszan tells me. “We view ourselves as providing great physical security tools to the people that run schools, hospitals and businesses. The data that those organizations gather is their own.”
Powered by WPeMatico