News

Decentralized identity authentication platform Magic raises $27M

All the sessions from Transform 2021 are available on-demand now. Watch now.

Roughly 80% of data breaches are due to compromised passwords, according to reports, a figure that is made all the more sobering when you consider that cybercrime reportedly cost the global economy $2.9 million each minute in 2020. Throw into the mix the $1 million that the average large company apparently spends on password resets annually, and it soon becomes apparent why there is a broad industry push toward alternative user authentication mechanisms.

In the past seven months alone, we’ve seen gargantuan sums of cash fly into companies tackling the so-called “password problem.” Biometric authentication platform Transmit Security raised $543 million at a hefty $2.3 billion valuation; passwordless tech company Beyond Identity locked down $75 million in funding; Hypr secured $35 million; and Stytch nabbed $30 million. Elsewhere, two colossals from the identity and access management (IAM) sphere joined forces when Okta acquired Auth0 for a whopping $6.5 billion.

And it’s against that backdrop that Magic today announced it has raised $27 million in a series A round of funding to further commercialize its blockchain-powered identity authentication platform. The round, which was led by Northzone, included a slew of high-profile VC and angel investors including Tiger Global, Reddit cofounder Alexis Ohanian , and GitHub CTO Jason Warner.

Decentralized

Founded in 2018 as Fortmatic, the company’s founders include CEO and former Docker product lead Sean Li; former Yelp software engineer Arthur Jen; and Jaemin Jin, a former software engineer at Apple, Amazon, and Uber. The San Francisco-based firm rebranded as Magic last May as it exited stealth with $4 million in seed funding, and in the 14 months since, Magic claims that it has grown its developer user-base tenfold.

So what exactly is Magic, and how is striving to differentiate from the crowd?

In a nutshell, Magic is setting out to create the infrastructure to kill password-centric authentication using decentralized identity management. It’s ultimately all about improving security, given that centralized identity management can spell disaster in the event of a breach. There is a plethora of recent examples that highlight this, including countless data breaches involving “big tech” — a few months back news emerged that an arsenal of private Facebook data was doing the rounds online, including email addresses, phone numbers, and Facebook ID numbers.

“When a few big companies house secrets — e.g. passwords — in a centralized way, one breached company puts billions of passwords on the internet at risk,” Li told VenturBeat. “Specifically, tech platforms like Google and Facebook act as centralized, single-points-of-failure with ‘too big to fail’ level risks.”

With a decentralized approach, Magic “leverages key-based cryptography over passwords,” as Li puts it, with users private keys secured and owned entirely by the users themselves.

“When users sign in with Magic authentication, no secrets are passed around, eliminating the chance for lost or stolen passwords,” Li said. “With a few lines of code, developers can leverage elliptic curve cryptography and public-private key pairs to authenticate users into applications.”

Any company or developer looking to embed secure passwordless identity management and login functionality in their applications, while bypassing infrastructure belonging to big tech, can use Magic’s plug-and-play software development kit (SDK) to unlock a range of authentication options. This includes email, with users offered a Slack-like experience whereby they simply click on a “magic link” that is sent to their email address.

Above: Magic link: Email

Elsewhere, Magic also supports the Web Authentication (WebAuthn) standard, which means biometrics or FIDO2 security keys are also catered to, while the SDK also supports standard social logins. In the future, the company is also planning to extend support to SMS, multi-factor authentication, and SAML single sign-on.

In terms of pricing, Magic adopts a metered billing approach that starts at around $0.0085 per login, and is capped at $0.034 per monthly active user. So let’s say an application has 10,000 users, each logging in once per month, that would cost no more than $85. If each of those users log in twice a month, that would be $170, and so on up until four logins per user each month. For more than four logins, Magic doesn’t charge anything extra.

Above: Magic: Metered billing

Magic’s customers include product feedback platform UserVoice; AI-powered copywriting platform Copy.AI; and information markets platform Polymarket. However, the problem that Magic is ultimately trying to solve is not limited to any particularly company type of size — every company is a software company these days, after all, and every company should be safeguarding their users’ private data. But doing so is often easier said than done, particularly in a world seemingly addicted to passwords.

“Authentication is complex,” Li said. “The beauty of Magic is that we abstract away all of the complexities. With Magic, enterprises get peace of mind with secure, extensible passwordless authentication that’s built to scale — all with a few lines of code.”

VentureBeat

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Source: Read Full Article