Today Keyless, a privacy-enhancing biometric authentication and identity management startup, has announced closing a funding round of approximately €1.8 million. The funds will be used to accelerate its mission to end large-scale data breaches caused by compromised login credentials.
“We cannot underestimate the security risks of remote working – without a solution that combines a zero-trust framework with biometric multi-factor authentication, corporate systems and databases are at risk of being compromised in large-scale, sophisticated hacking and phishing attacks,” said Andrea Carmignani, Chief Executive Officer at Keyless.
The move to remote work earlier this year led to a 37% rise in mobile phishing attacks targeting enterprises, costing organizations up to $150 (€127) million per incident, depending on the number of mobile devices.
Keyless’ first product, the Keyless Authenticator app, eradicates reliance on weak authentication methods like usernames and passwords, which are a leading cause of hacks and breaches. Using the app, employees and users can securely access remote and contactless systems simply by looking into the camera of their trusted device.
By leveraging secure multiparty computation – a privacy-enhancing cryptographic technique – nodes in Keyless’ distributed cloud network authenticate users in milliseconds without ever exposing raw biometric data, guaranteeing privacy. The solution is device and cloud-agnostic, meaning it can be quickly integrated with current security systems and rolled out regardless of what devices employees own.
The latest funding round was led by Italian venture capital firm P101 SGR, (through its second investment vehicle P102 and ITALIA 500 – a fund created by Azimut Libera Impresa SGR, managed under mandate by P101). Maire Investments, LUISS Alumni 4 Growth, and Primomiglio SGR also participated in this round, joining international venture capital firms that secured early investment in the startup last October, including Ripples’ Xpring.
“The cybersecurity space is constantly playing catchup to bad actors, but Keyless’ offering is sophisticated enough to put a stop to all breaches caused by compromised or weak credentials. Enterprises can finally adopt zero-trust security, eliminate passwords, ensure privacy compliance and deliver a unified authentication experience across every digital touchpoint,” said Giuseppe Donvito, Partner at P101 SGR.
“The world desperately needs innovative authentication solutions that protect both consumers and businesses from hacking, phishing and data breaches. What drew us to Keyless’ passwordless solution was how it stores encrypted authentication data on a distributed-cloud network, instead of on the user’s device or on centralised servers. Storing it in this way greatly reduces the chance of biometric data being hacked if the device is compromised,” said Massimo Di Amato, Executive Director at Maire Investments.
Current market solutions store highly sensitive data directly on the user’s device. This poses major security risks if the device is compromised, lost or stolen. Keyless instead stores encrypted fragments of data on a distributed network. This guarantees that compromising any (or all) of these servers does not lead to a disclosure of private information.
Keyless is fully compliant with GDPR, as well as Stronger Customer Authentication regulations due to come into effect in Europe this year.
The startup plans to target enterprise clients in the financial services sector, however its passwordless solution can help all industries end cyberthreats caused by compromised or weak credentials.