Authy wants to kill the password with two-factor authentication that’s built for ease-of-use
A Q&A with Authy founder Daniel Palacio. The San Francisco-based startup, which offers a two-factor authentication platform built to be easy-to-use, announced in September that it has closed on $3 million in new Seed funding. Investors include Salesforce Ventures, Startcaps Ventures, Data Collective and Digital Garage. The company was founded in 2011 and raised $750,000 in initial Seed funding in 2012. It is a graduate of the Y Combinator accelerator (Winter 2012).
SUB: Please describe Authy and your primary innovation.
Palacio: Authy is a Strong Authentication Platform. The primary goal when I started Authy was to bring strong authentication to consumers worldwide. So, we started building a two-factor authentication API that was very easy for developers to use, as well as a set of mobile apps for the consumer. We’ve made sure that we cover all the edge cases that made two-factor authentication a hassle, and I think we are pretty close to making it easier to use than a regular password.
SUB: Who are your target markets and users?
Palacio: Our target market is developers. Most of our customers are technical people at companies who are security conscious and want to add two-factor authentication to their products. After that, it’s their customers who end up using Authy, and we also want to make sure they get a great experience.
We have a whole team of engineers and designers working on the mobile apps 24×7 to make them great. We put much more emphasis on our apps than on our API or sales process—it’s sort of backwards from the average enterprise company. But in the end it’s paid off. Most of our new customers come to us after they use the app or someone refers to us.
SUB: Who do you consider to be your competition, and what differentiates Authy from the competition?
Palacio: Our biggest competitor is Google Authenticator and SMS, which really means developers building two-FA themselves in-house.
But the difference by using Authy is staggering. We have stronger security and better user experience. What makes me sad is that two-factor authentication gets a bad reputation because of these crazy bad implementations that ultimately make the end-user have a bad experience.
Last year, we decided to add support for Google Authenticator protocol into Authy. It’s made me appreciate our service even more. Maintaining Google Authenticator has been a real nightmare. It’s a terribly designed protocol with little thought to very important parts like user lifecycle, key provision, key revocation, etc. The hacks that our engineers had had to build around Google Authenticator are incredible—I am grateful for all the pain they’ve had to go through.
SUB: You recently announced that you’ve raised $3 million in new Seed funding. Why was this a particularly good time to raise more outside funding?
Palacio: We had tremendous growth last August that I thought was transitory. It was something crazy like 70 percent month-over-month. Six months later and it wasn’t slowing. At that rate we really had to grow the team, servers, etc. We needed more money and we needed it urgently.
I though $1 million was enough, but there was so much demand that we decided to raise some more. I am glad I did, three months later we had more than doubled.
SUB: How do you plan to use the funds, and do you have plans to seek additional outside funding in the near future?
Palacio: We’re planning to grow in every area of the company—engineering, support, etc., but mostly sales and marketing. It’s been a month since we announced our funding, and growth has increased. It’s hard to say right now, but if things continue at this pace we’ll likely seek additional capital soon.
SUB: What was the inspiration behind the idea for Authy? Was there an ‘aha’ moment, or was the idea more gradual in developing?
Palacio: There wasn’t really an ‘aha’ moment. I was looking for a job at a security startup, but the idea of working on enterprise-only security products didn’t excite me. I had this itch for the past three years around consumer security. I knew we had better technology than passwords. In fact, you can’t almost call passwords a ‘technology.’
But the more I looked at the market and the players, the more disappointed I grew. I thought: “Why can’t they just hire a designer to make interfaces nice? Why can’t they just build a simple user experience?” It just seemed like none of them really cared about the product—no wonder everyone hated two-factor authentication. So I said: “I am going to build this company, and I am going to focus on making two-factor simple and easy to use and that’s it—nothing matters except that.”
SUB: What were the first steps you took in establishing the company?
Palacio: I started learning to develop for mobile. I had an Android back then, so I built a quick prototype to see how things worked. I was surprised of how easy it was. One or two months later we had a prototype that was much better than everything that was out there. That’s when I decided to go full-time.
SUB: How did you come up with the name? What is the story or meaning behind it?
Palacio: I wish I could say I though the name first and then built the company. The reality is that I didn’t have much money back then—maybe $5,000 or so in total—but I wanted a good domain name. So I just went to a domain auction site, because it’s impossible to find a non-registered domain these days, and typed ‘Auth.’ There were a bunch of domains being auctioned, but almost all above $5,000. That was more than my total budget for the whole company. Eventually I saw Authy.com for $650, so I just jumped at it.
SUB: What have the most significant challenges been so far to building the company?
Palacio: The first few months it was just keeping it alive with no budget. That was a really hard time.
Eventually we got into Y Combinator and it was a really nice time, but once we finished we went back to the real world. I’ve always been a good engineer, so the technical part has been fairly easy. Sales and marketing have been the most challenging so far, but we’ve now brought some really good people to handle those. Lately the biggest challenge has been dealing with people and maintaining everyone happy and motivated.
SUB: How do you generate revenue or plan to generate revenue?
Palacio: We’ve always charged for the usage of the API. We’ve been lucky because people never expect to get two-factor authentication free, so we’ve always been able to charge.
SUB: What are your goals for Authy over the next year or so?
Palacio: Our goal is to show that it’s possible to kill the password. I think we’ve never been so close. Today more than one million people use Authy as a second factor of authentication; but it’s really a strong factor, making passwords less relevant.
Next year, we’re going to really start showing that you don’t need passwords at all—we want to really start the process of killing it. We know it’s going to take many years, but if we can show that you can have a secure and easy experience on a large scale without passwords, that would be game changer. Once we prove that, I think there’s no way back.