informa

Tech News and Analysis

2 MIN READ
Quick Hits

Descope Handles Authentication So Developers Don't Have To

Developers don't have to build authentication and user management from scratch, and can devote their energies to the core functions of the application, instead.

Descope emerged from stealth on Wednesday with a frictionless, secure, and developer-friendly authentication and user management service.

There is always a point in application development when a decision has to be made, to either build user authentication in-house or use someone else's. It's not a one-time decision, either, since user authentication is more than just setting up a username and password. There has to be a process for password resets, a way to add layers of authentication, a mechanism to securely store credentials, and controls to detect and prevent fraud and bots. All that comes before figuring out user provisioning, tackling access control, or even incorporating single sign-on.

"Authentication is never finished for any application," wrote Slavik Markovich, co-founder and CEO of Descope.

Descope's core premise is based on a simple fact: developers should not be spending time and resources on authentication and user management if that is not the core part of the service they are building. With Descope's authentication user management platform, developers can create authentication flows, add passwordless authentication methods to their applications, manage access privileges and identities, and implement security controls to prevent account takeovers and other types of fraud – and they don't need to be security experts to have these capabilities.

“Authentication is too important to be done incorrectly, but it’s also too complicated and time-consuming to be done in-house by engineering teams,” Guru Chahal, a partner at Lightspeed Venture Partners, said in a statement.

Identity-based attacks are on the rise, which has renewed interest in passwordless technologies. The Verizon Data Breach Investigations Report found that 80% of basic web application attacks can be attributed to stolen credentials. Google and Apple have rolled out passkeys to phase out passwords and open standards like FIDO2 and WebAuthn make it easier for users to rely on their devices as an authentication factor. Descope's passwordless technology stack means organizations can make that shift to deliver a passwordless experience to users.

"Our vision is to “de-scope” authentication from every app developer’s daily work, so they can focus on business-critical initiatives without worrying about building, maintaining, or updating authentication,” Markovich said.

The platform supports different types of developers, including those who prefer no-code/low-code tools, rely on software development kits (SDKs), or prefer working with APIs. Developers can use the Descope platform without charge for up to 7,500 monthly active users for business-to-consumer (b2c) applications and up to 50 tenants for business-to-business (b2b) applications.

Descope has raised $53 million in seed funding, the company said. The founding team has worked together for years, at security orchestration, automation, and response startup Demisto, which was acquired by Palo Alto Networks in 2019, and database security company Sentrigo, which was acquired by McAfee in 2011.