News, news analysis, and commentary on the latest trends in cybersecurity technology.

Descope Handles Authentication So Developers Don't Have To

Developers don't have to build authentication and user management from scratch, and can devote their energies to the core functions of the application, instead.

A figure holding a message showing a login error in front of a password screen.
Source: nasir1164 via Adobe Stock Photo

Descope emerged from stealth on Wednesday with a frictionless, secure, and developer-friendly authentication and user management service.

There is always a point in application development when a decision has to be made, to either build user authentication in-house or use someone else's. It's not a one-time decision, either, since user authentication is more than just setting up a username and password. There has to be a process for password resets, a way to add layers of authentication, a mechanism to securely store credentials, and controls to detect and prevent fraud and bots. All that comes before figuring out user provisioning, tackling access control, or even incorporating single sign-on.

"Authentication is never finished for any application," wrote Slavik Markovich, co-founder and CEO of Descope.

Descope's core premise is based on a simple fact: developers should not be spending time and resources on authentication and user management if that is not the core part of the service they are building. With Descope's authentication user management platform, developers can create authentication flows, add passwordless authentication methods to their applications, manage access privileges and identities, and implement security controls to prevent account takeovers and other types of fraud – and they don't need to be security experts to have these capabilities.

“Authentication is too important to be done incorrectly, but it’s also too complicated and time-consuming to be done in-house by engineering teams,” Guru Chahal, a partner at Lightspeed Venture Partners, said in a statement.

Identity-based attacks are on the rise, which has renewed interest in passwordless technologies. The Verizon Data Breach Investigations Report found that 80% of basic web application attacks can be attributed to stolen credentials. Google and Apple have rolled out passkeys to phase out passwords and open standards like FIDO2 and WebAuthn make it easier for users to rely on their devices as an authentication factor. Descope's passwordless technology stack means organizations can make that shift to deliver a passwordless experience to users.

"Our vision is to “de-scope” authentication from every app developer’s daily work, so they can focus on business-critical initiatives without worrying about building, maintaining, or updating authentication,” Markovich said.

The platform supports different types of developers, including those who prefer no-code/low-code tools, rely on software development kits (SDKs), or prefer working with APIs. Developers can use the Descope platform without charge for up to 7,500 monthly active users for business-to-consumer (b2c) applications and up to 50 tenants for business-to-business (b2b) applications.

Descope has raised $53 million in seed funding, the company said. The founding team has worked together for years, at security orchestration, automation, and response startup Demisto, which was acquired by Palo Alto Networks in 2019, and database security company Sentrigo, which was acquired by McAfee in 2011.

About the Author(s)

Fahmida Y. Rashid, Managing Editor, Features, Dark Reading

As Dark Reading’s managing editor for features, Fahmida Y Rashid focuses on stories that provide security professionals with the information they need to do their jobs. She has spent over a decade analyzing news events and demystifying security technology for IT professionals and business managers. Prior to specializing in information security, Fahmida wrote about enterprise IT, especially networking, open source, and core internet infrastructure. Before becoming a journalist, she spent over 10 years as an IT professional -- and has experience as a network administrator, software developer, management consultant, and product manager. Her work has appeared in various business and test trade publications, including VentureBeat, CSO Online, InfoWorld, eWEEK, CRN, PC Magazine, and Tom’s Guide.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights