Transmit Security Ltd., the newest entrant in the race to rid the world of passwords, early today said it has raised a record-setting $543 million funding round that values the company at $2.2 billion and marks what it says is the largest Series A funding of any cybersecurity company in history.

The company, which was founded by serial security entrepreneurs Mickey Boodaei (pictured, left) and Rakesh Loonkar (right), says it has developed a passwordless authentication technique that uses biometric authentication to verify identity across multiple devices.

Its BindID product requires no end-user software or dedicated hardware and can be used on any device. The embedded fingerprint or face scanner in a smartphone or fingerprint reader authenticates even devices and channels that don’t have embedded readers. Shared trust is provided at the user, device and network level to allow other biometric-enabled devices to be associated with accounts for rapid re-enrollment.

A companion cross-channel identity orchestration platform called FlexID integrates with fraud detection and access controls to update authorization procedures without changing application code. Policy management and integration with third-party identity tools enable centralized administration. In addition, user and device behavioral analytics can be combined with risk information to detect suspicious activity.

The company is tapping into the near-ubiquitous availability of biometric security on mobile phones. Juniper Research has forecast that by 2024, biometric facial recognition hardware will be deployed on more than 800 million mobile devices, or about 90% of smartphones. The research firm also expects that more than 4.6 billion smartphones will be equipped with fingerprint sensors by that time.

Based in Tel Aviv with U.S. headquarters in Boston, Transmit Security has operated quietly since its 2015 founding, with initial funding provided by the founders. The business is profitable, they said, and includes major financial services such as Citigroup Inc. and JPMorgan Chase & Co. as paying customers.

Serial entrepreneurs

Boodaei and Loonkar have a track record of success with security startups. Boodaei co-founded Imperva Inc., a network security platform that went public in 2011 and was acquired by Thoma Bravo LLC for $2.1 billion in 2018. Previously, Boodaei and Loonkar co-founded Trusteer Inc., a fraud protection software platform that they sold to IBM Corp. for an estimated $1 billion in 2013.

“Every time I see a login button on a website, I get anxious,” Loonkar said in a statement. “Whenever an app texts me a code that I have to enter, I become frustrated with the process. We’ve all learned to suffer and accept the terrible user experience and poor security that comes with passwords just because that’s the way it has always worked in the past.”

Despite years of warnings about the dangers of choosing weak passwords or storing them in easily accessible locations, poor password management is still rampant.  Nordpass, a unit of virtual private network provider NordVPN S.A., last year scoured more than 275 million compromised passwords and found that the most used were “123456,” “123456789,” “picture1,” “password” and “12345678.”

The recommended alternative to passwords, multifactor authentication, has its own shortcomings. A study Transmit Security published in March found that 55% of consumers stop using a website because the login process is too complex and 92% will abandon a website without completing a purchase instead of going through the steps to recover or reset login credentials.

The investment was led by Insight Venture Partners LP and General Atlantic LLC. The company said the funding be used to “increase the company’s reach and expand its primary business functions, investing in key global areas in order to grow the organization.”

Transmit Security isn’t the only company chipping away at passwords. Last year Identité Inc. introduced a password-less mobile app-based authentication system, and Okta Inc. said it is rolling a feature into its cloud platform that eliminates the need for passwords. Volterra Inc. has an approach to data encryption that takes passwords out of the equation and Microsoft Corp. has recently made it possible to use its authenticator app to sign into any Azure Active Directory Account without using a password.

Photo: Transmit Security