George Avetisov wants to rid the world of passwords.
As the CEO and cofounder of HYPR, a New York City-based tech startup, Avetisov has found plenty of supporters for the mission. His company, which sells authentication software to Mastercard, Aetna, Rakuten, and T-Mobile, has just raised $18.3 million in new funding in a round led by the venture capital arm of Comcast, he tells Fortune exclusively.
Big corporations Mastercard and Samsung also participated as investors in the round. They were joined by VC firms .406 Ventures, RRE Ventures, Triphammer Ventures, and investment bank Allen & Co.
HYPR has raised more than $32 million total to date.
Diamond in the rough
Avetisov, 29, got the idea for HYPR after fraudsters targeted his last business, an e-commerce venture that sold jewelry online. Seeing scammers impersonate other people led him to believe that the process of digitally verifying one’s identity could be vastly improved.
“My passwords have passwords—that’s how many we have now,” Avetisov says. “Companies spent millions of dollars on authentication. They’ve built walls higher and higher and made passwords more complicated. They’ve done a lot of investing in cybersecurity, but we still log in with passwords every day.”
The problems with password-based security are well documented. People frequently reuse the same, weak passwords across many websites, using slight variations that too often can be stolen or cracked by hackers.
HYPR does things differently. The startup’s tech stores private cryptographic keys, secret strings of numbers and letters associated with a person’s identity, on mobile devices. In practice, logging on then becomes as simple as tapping a button on one’s phone.
Avetisov compares the technology to the public key encryption used in smart cards, except without the card. “We’ve taken that same concept and put it on your mobile phone to eliminate your password,” Avetisov says.
Ultimately, Avetisov aspires “to kill the shared secret,” including ATM PIN codes, Social Security numbers, and credit card numbers.
How it works
HYPR’s technology consists of software development kits, or SDKs, that developers can load into both consumer-facing and enterprise apps. HYPR solely takes care of authentication, the confirmation of people’s identities, while leaving the management of people’s identities up to companies such as ForgeRock and Okta, which are partners and resellers.
Avetisov points to a piece of European fintech legislation, PSD2, that in part regulates the way businesses authenticate customers, as an accelerant for HYPR. “It has been such a big driver of our business, man, I can’t even tell you,” Avetisov says. “That’s why we opened our [Europe] office.”
A growing area of interest—and revenue—for the firm involves securing employees’ workstations. When a worker sits down at a computer, they simply tap their mobile phone to gain access to the other machine, no password required.
The method raises an issue though: What happens if a device is lost or stolen? In this case, the recourse is similar to what one would do about a compromised credit card: revoke access, reset the account, and re-enroll a new one.
“We’ve replaced, ‘I’ve forgotten my password,’ with, ‘I’ve lost my phone,'” Avetisov says.
A better way
David Zilberman, managing director of Comcast Ventures, led HYPR’s new funding round and is joining the company’s board. He says the startup’s approach meshes with his own industry outlook.
“It’s not a Band-Aid,” Zilberman says. “Traditional multi-factor and two-factor, password managers—they’re all trying to improve legacy architecture rather than taking a step back and saying, We’re flooded with usernames and passwords and we need to re-architect the way it’s all done.”
Avetisov and David Zilberman were introduced through a mutual friend: Dimitri Sirota, CEO of BigID, another Comcast investment and New York-based data security firm.
Joe Kynion, information technology officer at First Citrus Bank, a HYPR customer based in Tampa, Fl., praised the startup’s technology. “They have truly helped us bring our security posture to the next level in the area of user access controls,” he said in a statement.
The name, HYPR, is an allusion to “hypercards,” virtual business cards featured in the fictional universe of Snow Crash, the 1992 sci-fi novel by Neal Stephenson. “Reading that at a young age, I remember thinking, Damn, that’d be cool,” Avetisov says.
“If you expect to kill the password, the thing you replace it with has to be easier than the password,” Avetisov says.
