NoPassword Featured on Forbes – Feb 1, 2018
Meet The CEO Working To Make Sure You Never Type A Password Again
In 2017, the global average cost of a data breach reached $3.2 million, representing a 10% decrease from the year prior. Additionally, the average cost associated to each lost or stolen record of sensitive or confidential information fell from $158 in 2016 to $141 in 2017.
Yet, while cyber security companies adopt more advanced technologies and the profit losses continue being cut, the scale of breaches has only expanded as the focus to targeting passwords and intercepting identity escalates. In 2017, the average scope of data breaches hit 24,000 records, increasing by 1.8% from the previous data breach report.
Founded by serial entrepreneur Yaser Masoudnia, NoPassword is an identity management and authentication solution that uses facial, fingerprint, iris and voice-recognition to allow employees to securely access their accounts without the use of traditional passwords.
NoPassword users download application or visit the website, where they are prompted to scan their fingerprint or provide alternative biometric information. Once verified, an encrypted signature is created that syncs exclusively to the user’s mobile phone. After the signature is established, the individual account opens automatically, allowing users to instantly click on and access any account linked to their phone. None of the biometric data provided is collected or stored by the company, as it is only locally stored and authenticated by your phone.
As a result, instead of being forced to type case-sensitive combinations, adding codes to keychains, or asking various sites to remember you – NoPassword leverages biometric data to create a secured storage system that authenticates your identity to unlock any account individuals need to access.
I spoke with CEO Yaser Masoudnia shares the vision behind his company, shifting the paradigm of identity management and the blueprint for building passwords of the future.
What was the specific void or opportunity you saw that inspired the idea behind NoPassword?
Yaser Masoudnia: My co-founder and I had our own share of struggles with passwords, similar to other consumers and employees at our previous workplaces. Passwords were always at the back of our heads, especially since they are a method that has been used dating back to ancient times by Roman military to pass through towns. The question remains — how are we still using the same method to access sensitive information and resources in today’s digital world? We live in a time where tech advancements, whether a new gadget or device, has changed our life for the better. Artificial Intelligence, autonomous cars, robots, and even our smartphones are just a few examples. Yet, we are still using passwords to access our bank accounts. This didn’t make sense to us and we wanted to change that.
How do you see the emergence of fingerprint and facial recognition on mobile devices shaping how you approach designing a new password for today’s generation?
Yaser Masoudnia: When we started looking deeper at the password problem, smartphone manufacturers such as Apple and Samsung started adding fingerprint readers on smartphones, which changed how we unlock our phone. At the same time, smartphones had improved in terms of security and offered several security features that made them potentially the best candidate for replacing passwords. We also noticed that we are all becoming more reliant on our phones to the point that if our phone wasn’t in sight, it felt as if something was missing. All of these made smartphones the best candidate to substitute passwords, especially at the enterprise level, where identity management based on passwords had significant challenges. When we looked at how we can truly eliminate the password and substitute it with a stronger solution, it was that point where we were inspired to develop NoPassword to tackle the problem from its root at the business, organizational, and service provider level.
What have been some of the challenges you’ve faced getting your business off the ground and establishing your space within the industry?
Yaser Masoudnia: Initially, the biggest challenge was overcoming people’s resistance to change. I think every new product that offers a new approach to solve a problem and requires people to change their behavior is often challenged. Luckily, this was a problem that we were able to overcome very quickly by simply having people try NoPassword. Once they tried it, they wouldn’t go back to passwords. This has been a consistent experience across a number of enterprises that use NoPassword for managing their workforce access to different resources. In many cases, enterprise workforces would ask if they can use NoPassword for their personal accounts as well. On average, each person has 150 accounts that need to be managed, including those we barely log into. It’s natural to forget our passwords. Therefore, those who use NoPassword realized what a significant positive change it has been, not only to their experience, but also their peace of mind for securing their accounts.
NoPassword is designed not to store any credentials, such as passwords or biometrics, on a centralized database. This means, even in the worst-case scenario that our databases or servers are compromised, there is no sensitive information that can be stolen and misused, like what has recently happened to Yahoo, LinkedIn, and Equifax. Further, customers and workforce of organizations who use NoPassword don’t manually enter any passwords or a second factor tokens, which means there is no place for phishing, social engineering, or key logger attacks that try to steal user’s credentials. These two elements alone eliminate the possibility of over 85% of cyber-attacks that target passwords.
What have been some of the biggest blind spots in the cyber security space and how does NoPassword aim to solve them?
Yaser Masoudnia: One of the biggest blind spots in the cyber security space is the human factor. Humans are the weakest link in security, and the cyber security industry has been ignoring it. For instance, humans are not very good at coming up with randomly generated and complex passwords. Most of us tend to reuse one or two passwords for all of our accounts. So, if a password that we used for our Yahoo account or LinkedIn account is compromised, the chances are that we have used that password in other places. Secondly, we don’t rotate our passwords regularly. Most of the time, we either ignore it or forget to rotate our passwords regularly. Even if we are forced to rotate them by our employer or service provider, we adopt unsafe behaviors, such as writing them down, creating a file to store them, or come up with a pattern such as rotating our password from ‘name’ summer123 to ‘name’ fall123, and then ‘name’ winter123. This is as sophisticated as the best of secure conscious users would get.
What are some of the biggest misconceptions surrounding cyber security?
Yaser Masoudnia: Let’s go back to the human factor and the misconception that all users adhere to password policies and use caution or follow the guidelines or practices enforced. The reality is, they don’t. We tend to get busy with our day-to-day tasks and forget to rotate our passwords or use a strong password. There are some businesses and organizations that feel more comfortable managing everything in-house and have a closed network to prevent threats. They are not adopting cloud services to achieve a higher level of security. It’s a misconception that if an organization uses cloud services, they would be at risk. In fact, there are a lot of service providers that offer very secure solutions and adopt best practices and advanced technologies to ensure they provide the most secure service to their customers. There are cloud services that have made significant investments in the security and scalability of their services and take advantage of technologies that most of the companies who prefer to run everything in house can’t afford to leverage. The misconception that in-house hosting is better than cloud services prevents them of taking advantage of a lot of cloud services that can often help them improve security of their in-house deployments and their network.
Another misconception that we still see often from some users is the threat of ‘big brother,’ especially when it comes to more sensitive information such as biometrics. There are also people who have privacy concerns, thinking that if they register their fingerprint or face information on their phone, the government or the smartphone manufacturer will store their biometrics and can take advantage. This has been conventionally the biggest challenge of any biometric solution. But, in today’s world, it is no longer a significant challenge. A lot of biometric solutions leverage user’s biometrics in the most private and secure method.
Describe your business model and what are the core components that drive what you do?
Yaser Masoudnia: Our business model is focused on servicing businesses, especially larger companies, that have a significant challenge with managing user identity and access. This doesn’t mean that small businesses or startups can’t take advantage of NoPassword. We designed the solution in a way that benefits any type of business across industries. To meet the requirements of our customers, NoPassword is offered both on cloud and on-prem. We also comply with regulations and compliances, and we enable our customers to not only meet their compliances, but surpass their security requirements while improving user experience. I would say that the core components of our business are the main three pillars — security, convenience, and privacy.
What are the keys to your company being both successful and sustainable?
Yaser Masoudnia: I strongly believe the key to our success is innovation. The cyber security space is an ever-evolving space. Technological advancements are going to bring us new opportunities and new threats. We need to always be ahead of the threats and cyber criminals, because we not only see more threats, but cyber criminals are getting smarter. We need to think about how we can offer the highest level of security and at the same time enhance convenience. I strongly believe if a security product is not easy to deploy, maintain, and use — it doesn’t have a chance to be effective because users tend to find the easiest way to circumvent it, ignore it, or simply not use it.
How do you see your company evolving in the next 3-5 years and what impact do you hope to make on the industry?
Yaser Masoudnia: Identity, trust, and access management will continue to be a critical issue for nearly every business, especially as the range of devices and number of applications we utilize grow. It is important to be able to trust users, authenticate them, and make sure they have the right level of access to their resources. With the emergence of the Internet of Things and smart devices, along with our changing interaction with such devices, the identity challenge is becoming more complex. Therefore, conventional methods of authentication and identity management do not satisfy the level of security and convenience demanded. NoPassword, representing the next generation of identity solution that does not rely on conventional identity management and authentication methods, can play a significant role in addressing the emerging needs of identity management and authentication. We are here to enable users to be in charge and give them peace of mind that they can own their sensitive information. With NoPassword, users can decide if they want to allow their employer or a business to leverage their information without having access to the information itself.