Eliminating passwords could be key to better cybersecurity

In an era of rising incidents of hacking, cybersecurity start-up Transmit Security has raised $543 million to expand its business providing companies with biometric authentication systems instead of user passwords.

The cash injection brings the seven-year-old company’s valuation to $2.2 billion, Transmit Security announced Tuesday. Investment in its first funding round was led by New York-based firms Insight Partners and General Atlantic. Mickey Boodaei and Rakesh Loonkar founded Transmit Security in 2014 with the goal of easing the tensions between the logistical headaches of passwords and cybersecurity.

Transmit's BindID product uses fingerprint and face-scanning techniques to eliminate passwords from the login process. For devices without biometric scanners, users can simply use their phones to log in to platforms on other devices. Transmit's customers include retail, banking and telecommunications leaders such as UBS Group AG, Lowe's Cos. and HSBC Holdings Plc.

The funding comes amid a wave of recent cybersecurity attacks across the US and Europe, many of them a direct result of breached password security. The Colonial Pipeline Co ransomware attack, which took the largest fuel pipeline in the US offline in May, was the result of a single compromised password. The account's password has since been discovered inside a batch of leaked passwords on the dark web. JBS USA was the subject of a cyberattack recently that disrupted meat processing across North America and Australia, and the company paid hackers $11 million. Password-based security settings have become outdated and expensive, according to Transmit Security.

Significant advantage

Some 80 per cent of attacks are password related. Using passwords can also be frustrating for people and lead to lost business, according to Transmit Security. The company’s own research shows that 55 per cent of customers stopped using a website due to the complexities of the log-in process and 92 per cent of customers abandoned their purchase to avoid resetting their login details.

Transmit Security uses technology that stores biometric data on users’ devices. That gives it a significant advantage over passwords to defend against cyberattacks because, unlike passwords that can be hacked and used elsewhere, the biometric data isn’t able to leave the device doing the verification, according to the company. The so-called privacy gated technology also means there’s no biometric data collection.

In February, Transmit Security joined the Fido Alliance, an industry standards group founded by tech companies such as Lenovo Group and PayPal Holdings, and whose board includes Microsoft, Amazon and American Express.

“Relying on passwords as the primary means for authentication no longer provides the security or user experience that consumers demand,” said Andrew Shikiar, executive director and chief marketing officer at Fido.