Something You Are Is Greater Than Something You Know, or Why We Invested in Passage

Passwords are the leading cause of data breaches and the most likely path to account takeovers. In addition to the security concerns, passwords are hard to manage and create user friction that has direct topline impact. By some accounts, over a third of online purchases are abandoned due to forgotten passwords. Despite these drawbacks, authentication hasn’t meaningfully changed since Web 1.0.

With all the known downsides, why are we still relying on passwords, a paradigm introduced in the earliest days of computing? 

Any authentication system relies on at least one of the following: “something you know,” like a password, “something you have,” like a key fob or access to an email account; and “something you are,” like a biometric. You can forget a password, and an email account can be compromised, but if implemented properly, a biometric based on your fingerprint or face is much harder to lose or have compromised.

To build a better system around biometrics, you need to simultaneously address three areas: client devices with a biometric input, the web servers, and the communication protocol between the two. Until recently, this was an insurmountable task for any single company, given the heterogeneity in the space and lack of widespread client devices with a biometric input.

Now two trends have come together to make this achievable. First, biometrics have proliferated into our everyday devices in forms such as Touch ID, Face ID, and Windows Hello. Second is the adoption of a new authentication specification by major browsers called WebAuthn. WebAuthn enables biometrics on a client device to provide authentication on the Web. Importantly, it does so without sharing the biometric data itself, preventing potential abuse of Personal Identifiable Information (PII).

However, the orchestration of such a system is significantly more complex than with password-based authentication. Users have multiple devices, each with their own unique biometric inputs and keys, that need to map to the same account. New devices need to be registered, old ones may be lost, and some devices may not have a biometric input at all. Navigating this complexity while presenting a seamless customer experience is a must. And on top of that, you need to provide a seamless implementation experience for developers.

We met two exceptional founders, Cole Hecht & Anna Pobletts, building precisely that. Their deep domain expertise and careful attention to making a seamless experience for the end user and developer position them well to build a winning solution in this space. This is why we invested in Passage.

Passage is a biometric passwordless user authentication platform built for developers. Their solution enables developers to easily provide passwordless authentication based on the open standard WebAuthn to their users, reducing friction and providing best-in-class security. Passage does not store any biometric data, making it ideal for security and privacy-focused companies and users.

The next generation of authentication is on the horizon, and it is passwordless. We’re excited to partner with Passage as they lead the way to build authentication based on “what you are,” not “what you know.”


Proud to partner with Cole Hecht & Anna Pobletts in building Passage. More on why we at LiveOak Venture Partners were excited to invest.