How does a computer know you are who you say you are?
There are plenty of complicated answers to that. But we all know that when it comes down to it, our usernames and passwords are vulnerable. Whether it’s a rookie error like Kanye’s “000000” password or a one- or two-click slip-up like we saw in the Democratic Party in 2016, identity management is tricky, in part, because we’re human.
But Groove.ID, a new Austin startup founded by two former Secureworks leaders, hopes to leap frog the current multi-factor authentication used to cross-check passwords with a new multi-tiered system that doesn’t require a password.
That, in essence, doesn’t give hackers the same simple entry points they would otherwise have.
Groove.ID was founded by Mike Bousquet and Ross Kinder. The two worked together at Secureworks, the global cybersecurity company acquired by Dell in 2011, where Kinder was chief technology officer for cloud solutions and Bousquet, who helped Dell acquire Secureworks, was director of product management.
They spoke to a ton of CIOs at big companies as part of their networking through the years, and many of them asked about how to secure software as a service applications. But CIOs felt constrained because they can only create so many roadblocks for employees who are trying to login from remote locations and need to get their work done.
“The more we dug into the identity space, the more fascinated we became by it,” Bousquet said. “There’s a frustration budget that every company has. A CIO has to secure the IT environment, and he or she can impose some frustration on users to reach that goal, but the budget for frustration is not unlimited.”
Many of today’s ID management systems use two-factor authentification, which has you log in with a password and have a second method of confirming that. But too often we make those passwords too simple — or get tricked into letting thieves in.
Groove.ID uses a variety of factors — without passwords. It takes into account your device, which it can authenticate, then it can determine your history with that machine and dive into detailed user behavior analytics (in short, we all type and move the mouse in distinguishable ways). The system also looks at the risk level associated with what you’re trying to access, as well as your location, and weaves that information and a few other factors in to decide how many hurdles to put between you and the app you’re trying to use.
If you’re working outside your normal work hours from a device you don’t usually use, the system might create several challenges to ensure you are who you claim to be. But, if you’re doing your day-to-day work, there’s virtually no friction, Bousquet said.
“We favor anything that has hardware based technologies,” he said. “We’re really trying to position ourselves as the most secure identify solution available.”
Groove.ID has raised about $600,000 in seed funding, which Bousquet says is all the tech-heavy team needs at this stage. Its funding has come from Counterview Capital, a New York-based venture capital firm, which they met at the Collision Conference in New Orleans, and several other high-level cybersecurity executives that Bousquet declined to disclose.
“We wanted to raise enough money to allow us to meet the next set of milestones for the company,” he said, noting they might raise another round next year as their sales pipeline grows.
Groove.ID has made its beta version available, and it plans to expand availability in coming months as it builds out its customer pipeline. They’re also hiring engineers in Ann Arbor, Mich., where Kinder is based.