HYPR: The Passwordless Company
HYPR
Bojan Simic
Co-Founder & CEO
Roman Kadinsky
Co-Founder & COO
“What differentiates us is that every single authentication flow that happens through our product is without the user typing anything in. So that means the person cannot be tricked into sharing their password with a hacker.”
The Password
Back in the 1960s when computers were still a fantasy for many, passwords were simply short codes meant to keep files private on a shared system. Ironically, the MIT researchers who are said to have pioneered the password, weren’t particularly concerned with security.
Fast forward 60+ years and the password still remains a subject of debate. Although the industry has evolved with new technologies, more compliance and regulations, and new forms of authentication, the password has remained firmly entrenched, despite daily proof that it hasn’t advanced as quickly as the attacks that have dominated headlines over the years.
Organizations understand the need to implement a robust authentication system, one that doesn’t rely purely on the standard password. Many have incorporated additional authentication processes and methods, such as multi-factor authentication (MFA), to bring in much needed layers of security. Yet this has led to its own set of challenges. Businesses find it difficult to maintain a consistent user experience. Complaints about password complexity, a sense of reduced productivity, and “MFA fatigue” abound. The everyday employee finds themselves in a situation where they’re using complex passwords that are hard to remember as well as multiple authentication apps that confuse them and interfere with getting their job done.
At this point, MFA has been commoditized and increasingly mandated. This is where HYPR—a passwordless authentication platform provider—is creating an impact. HYPR is bridging the gap between businesses and security with an ultimate mission to create a passwordless world. The company’s HYPR platform is a True Passwordless Multi-Factor Authentication solution. It is designed to protect workforce and customer identities with the highest level of assurance while enhancing the end users’ experience. HYPR’s unique approach shifts the economics of attack and risk in the enterprises’ favor by replacing password-based MFA with Passwordless MFA.
Maintain your Security with Ease
HYPR uses public-key cryptography with the private key securely stored with the user. This reduces the attack surface by eliminating the need to transmit or centrally store credentials, which can be compromised through phishing, fraud, and man-in-the-middle attacks. Technologies that rely on password rotation, password replay, one-time passcodes (OTP), time-based one-time passcodes (TOTP), SMS codes, and other shared secret-based credentials cannot provide truly passwordless multi-factor authentication.“What differentiates us is that every single authentication flow that happens through our product is without the user typing anything in. So that means the person cannot be tricked into sharing their password with a hacker. We also have a major focus on easily onboarding customers to become passwordless in a way that is seamless for their users while maintaining security best practices,” extols Bojan Simic, Co-Founder and CEO of HYPR.
HYPR’s True Passwordless MFA enables people to use a smartphone, security key, or platform authenticator for secure login into workstations, single sign-on providers, and other SAML/OIDC integrated applications, without ever entering a password. HYPR turns the smartphone into a smartcard (CAC/PIV) for user-initiated, passwordless multi-factor authentication into desktops and corporate resources.
Integrated Passwordless Multi-factor Authentication
Many organizations have multiple identity providers (IdPs) due to mergers and acquisitions, cloud projects and various security and compliance initiatives. HYPR integrates with all of these, unifying and securing authentication across the organization. This unified authentication applies whether or not an internet connection is available through a passwordless offline mode that uses a decentralized PIN that is generated and stored on the user device.
The platform also enables organizations to enforce step-up authentication policies based on a combination of factors such as face ID and a decentralized PIN. Moreover, HYPR supports standards-based authentication to drive ease of use and adoption across enterprises. “We do this by participating in the FIDO Alliance as a Board Member and have attained FIDO-certified certification across our product stack including the mobile app and cloud server,” explains Simic.
From the employee point of view, HYPR reduces friction and provides employees and customers with a seamless authentication flow across platforms and modalities. HYPR’s Desktop MFA capabilities provide fast access to workstations that makes it as easy to securely log into a computer as using a remote to turn on a TV. With HYPR, individual employees can use their own devices with secure authentication modes they are comfortable with. Additionally, the platform’s standards-based approach means that it can leverage new technologies and address evolving regulations as they emerge.
Enterprise-grade Security for All
At HYPR, the team believes that cutting-edge enterprise-grade security should not just be for the enterprise and sophisticated organizations, but all businesses. Since opening its doors in 2014, HYPR is driving its vision to enable True Passwordless MFA for organizations of all sizes. “We believe that even the smallest businesses deserve the frictionless and secure MFA capabilities that all of our major banking customers get from HYPR. By purely focusing on authentication and not providing other capabilities that are already provided by traditional identity providers, HYPR enables businesses to simplify, accelerate, strengthen, and future-proof their authentication strategy quickly,” Simic adds.
While explaining the value proposition of HYPR, Simic recalls an instance when the team assisted the First Citrus Bank in resolving their security challenges. First Citrus faced a sharp rise in costs and help desk volume after an attempt to strengthen its authentication protocols with complex passwords. In response, the bank’s IT and Infosec leadership established a directive to streamline the login experience and eliminate the use of passwords and shared secrets across their workforce. The team further mandated the deployment of the strongest FIDO-Certified authentication with user credentials securely decentralized on employees’ mobile devices. Specifically, that employees would be able to log in to workstation systems using a single mobile app without the need for a password. HYPR provided First Citrus a True Passwordless solution with the simplest, most secure user-initiated authentication experience. The HYPR passwordless authentication mechanism leveraged the company’s existing Active Directory and domain controller infrastructure for a non-intrusive integration that was quick for their team to deploy and easy to manage and maintain. With HYPR, First Citrus immediately saw improvements in its security posture and employees’ experience. Within an hour session, workstations across the institution were able to use HYPR for the authentication process. Moreover, with the elimination of passwords, employee satisfaction skyrocketed.
A Mission to Eliminate Passwords
HYPR is the brainchild of Bojan Simic, Roman Kadinsky, COO, and George Avetisov. The founders saw the opportunity in using the smartphone as the mechanism to decentralize authentication and securely eliminate passwords. Today, HYPR’s ongoing innovation efforts are driven by a dedicated team of cross-organization members encompassing executive sponsorship, engineering leadership, product management, and field engineering. “The approach enables the company to remain nimble and dynamic, allowing new product offerings to be prototyped and validated for market fit and HYPR’s long-term strategy. One of the key functions of the innovation process is an annual HACKathon which welcomes HYPR employees to participate and showcase new ideas and solutions to industry-related problems,” said Simic.
In terms of the future, “we will continue expanding our cloud-based capabilities to meet the needs of a broader group of customers, while remaining focused on developing our technical alliances, all of which play a key role in overall adoption, especially across key solutions which today’s workforce depend on such as VMware, Okta, and Microsoft,” concludes Simic.