Descope
emerged
from
stealth
on
Wednesday
with
a
frictionless,
secure,
and
developer-friendly
authentication
and
user
management
service.
There
is
always
a
point
in
application
development
when
a
decision
has
to
be
made,
to
either
build
user
authentication
in-house
or
use
someone
else’s.
It’s
not
a
one-time
decision,
either,
since
user
authentication
is
more
than
just
setting
up
a
username
and
password.
There
has
to
be
a
process
for
password
resets,
a
way
to
add
layers
of
authentication,
a
mechanism
to
securely
store
credentials,
and
controls
to
detect
and
prevent
fraud
and
bots.
All
that
comes
before
figuring
out
user
provisioning,
tackling
access
control,
or
even
incorporating
single
sign-on.
“Authentication
is
never
finished
for
any
application,”
wrote
Slavik
Markovich,
co-founder
and
CEO
of
Descope.
Descope’s
core
premise
is
based
on
a
simple
fact:
developers
should
not
be
spending
time
and
resources
on
authentication
and
user
management
if
that
is
not
the
core
part
of
the
service
they
are
building.
With
Descope’s
authentication
user
management
platform,
developers
can
create
authentication
flows,
add
passwordless
authentication
methods
to
their
applications,
manage
access
privileges
and
identities,
and
implement
security
controls
to
prevent
account
takeovers
and
other
types
of
fraud
–
and
they
don’t
need
to
be
security
experts
to
have
these
capabilities.
“Authentication
is
too
important
to
be
done
incorrectly,
but
it’s
also
too
complicated
and
time-consuming
to
be
done
in-house
by
engineering
teams,”
Guru
Chahal,
a
partner
at
Lightspeed
Venture
Partners,
said
in
a
statement.
Identity-based
attacks
are
on
the
rise,
which
has
renewed
interest
in
passwordless
technologies.
The
Verizon
Data
Breach
Investigations
Report
found
that
80%
of
basic
web
application
attacks
can
be
attributed
to
stolen
credentials.
Google
and
Apple
have
rolled
out
passkeys
to
phase
out
passwords
and
open
standards
like
FIDO2
and
WebAuthn
make
it
easier
for
users
to
rely
on
their
devices
as
an
authentication
factor.
Descope’s
passwordless
technology
stack
means
organizations
can
make
that
shift
to
deliver
a
passwordless
experience
to
users.
“Our
vision
is
to
“de-scope”
authentication
from
every
app
developer’s
daily
work,
so
they
can
focus
on
business-critical
initiatives
without
worrying
about
building,
maintaining,
or
updating
authentication,”
Markovich
said.
The
platform
supports
different
types
of
developers,
including
those
who
prefer
no-code/low-code
tools,
rely
on
software
development
kits
(SDKs),
or
prefer
working
with
APIs.
Developers
can
use
the
Descope
platform
without
charge
for
up
to
7,500
monthly
active
users
for
business-to-consumer
(b2c)
applications
and
up
to
50
tenants
for
business-to-business
(b2b)
applications.
Descope
has
raised
$53
million
in
seed
funding,
the
company
said.
The
founding
team
has
worked
together
for
years,
at
security
orchestration,
automation,
and
response
startup
Demisto,
which
was
acquired
by
Palo
Alto
Networks
in
2019,
and
database
security
company
Sentrigo,
which
was
acquired
by
McAfee
in
2011.
About Author
