Trusona – On a Mission to Eliminate Passwords From the Internet
As soon as I started speaking with Ori Eisen, the founder and CEO of Trusona, I felt a surge of energy in the room. I quickly discovered the reasons for that energy: (1) Ori is a naturally enthusiastic guy, (2) Ori is extremely passionate about eliminating the use of passwords, and (3) we were speaking on the day that Trusona was announced that it raised $10 million in a Series B funding round led by Microsoft Ventures (along with current investor Kleiner Perkins).
The other thing that I learned right away about Ori Eisen is that as much as he loves talking about Trusona and password elimination, he enjoys showing it much, much more. Before I could get in my first question, he had me downloading the Trusona app and using it to log into the TruClub demo site they built. I suggest you try that as well.
Please tell me a little bit about yourself and your background.
I have been in the security and fraud space for almost 20 years. I started at Verisign and then American Express, where I saw firsthand just how much money was being lost to fraud on a regular basis. That was back in the early days of electronic commerce – we learned and adapted quickly and were able to significantly reduce the amount of money lost to fraud.
After that, in 2004, I founded The 41st Parameter, in the fraud space. Experian later acquired that company and after building the company for over 10 years, I decided to take some time off. For better or for worse, that time off only lasted four months, before I founded Trusona in 2015.
On the Trusona web site, you talk about wanting to lead the #NoPasswords revolution. Tell me about that.
We want to eliminate the use of usernames and passwords as a form of identity authentication. We are not alone in this quest. People hate passwords. Organizations hate passwords. Let me throw some numbers at you:
- 80+% of breaches are due to static passwords.
- 40% of users cancel services after forgetting passwords.
- 30% of support calls are password resets.
Perhaps even more concerning than the cost to businesses, is the fact that the proceeds from stolen passwords often goes to “bad guys” to fund evil, such as:
- Human Trafficking
- Child Exploitation
Last year you conducted a survey among your customers, that you called the “#NoPasswords Survey.” What were some of the key findings in that survey? What did and did not surprise you?
Nothing in the survey really surprised me, but it was good to have some specific numbers.
Here are three of what I think are the most significant findings:
- Consumers have an average of more than 10 services with logins, but only use between 1-5 passwords across all of them.
- 40% of users have been locked out of an account.
- 51% of people would jump for joy if they had an option for logging in without a password.
Please give us an overview of your product. If I understand correctly, you have a single base technology, with different levels of one-time identity authentication. It reminds me of the different levels of SSL certificates. Am I correct?
Nobody has ever made that analogy before – I love it!
Yes, we have a single platform, with three levels of service. The higher the level of service, the higher the level of confidence and assurance of the identity of the user we can provide.
- Two factor authentication solution.
- Identity is proven through email verification.
- On every use, authentication is via PIN or Touch ID.
- Free version available
- Three factor authentication solution, replacing OTP (One Time Password) tokens.
- On every use, in addition to the PIN or Touch ID, the user now scans their driver’s license or passport as the “something they have” factor.
- Four factor authentication solution.
- Identities are proven through in-person identity proofing with multiple forms of identification, including ePassport and driver’s license.
- On every use, in addition to the PIN or Touch ID, the transaction is verified and approved by swiping a registered card.
- First and only authentication solution backed by an A+ rated insurance carrier. Each financial transaction protected by Trusona Elite is insured for $1M.
Each level of service also includes the relevant level of our patented anti-replay technology that protects against session replay attacks. For example, even at the free Trusona Essential level of service, when users interact with our app, our anti-replay uses the unique values of time, latitude, longitude, acceleration to create a cryptographic nonce that can never be repeated. If we see an exact match of this nonce, we know that it is fraud and we reject it.
How do you define your market? Who is your specific target audience within that market?
Every single business should use our identity platform – including employees and customers. This is true for both business-to-business and business-to-consumer businesses. Therefore, our target is every company in the world.
How many active customers do you have today? Where are they mainly located?
We currently have 2.2 million contracted users, where businesses pay for their licenses. These companies are mainly located in the US, but they may have customers all around the world.
How does pricing work?
Our pricing model is very simple and we display it clearly on our web site. It is an annual fee per user, based on which of the three levels of service you choose.
You also offer a WordPress plugin. I assume that implements the server side of your identity protocol.
Yes, we offer a free WordPress plugin, with support, in order to make it simple for developers to include no-password logins on their web sites.
We also offer Trusona for Salesforce, that can be implemented across the organization to increase the security and eliminate the need for usernames and passwords to login to Salesforce.
Whom do you see as your main competitors?
We have two categories of competitors:
- Vendors supplying password vaults, such as LastPass or Dashlane.
- Vendors providing 2-factor authentication support, such as Duo or Google Authenticator.
I see Trusona having a few noteworthy advantages over these existing methods:
- It is simple to implement and simple to use.
- Trusona can be implemented both internally for an organizations to access employee services and can scale to offer #NoPassword login for millions of customers.
- Rather than using a password which can be compromised in the case of password vaults or messages, which can be intercepted, it uses push notifications.
- Probably the most significant advantage is our anti-replay technology, which protects your identity even if there is malware present on your device.
What methods do you normally use to attract and engage with new customers?
We invest a lot in public relations (PR) and industry event. We make sure to attend important industry events and we are increasing our investment in social media efforts.
We are also happy to schedule a personal 1-on-1 demo for potential customers – just contact us.
What are your top three tips for preventing identity fraud?
Besides implementing Trusona… I would say the following are my top tips to prevent identity fraud:
- Until we achieve a world without passwords, change your passwords on a regular basis. Set yourself a reminder on your calendar to do so.
- If you are using a password vault, demand 2-factor authentication from the provider.
- Educate yourself on where stolen money and identities ultimately go. Understand who get the money/identities and what they are doing with it. Then reassess when to address and fix this problem.
How do you see identity technologies and the identity market evolving in the next three years?
The revolution has begun. An Internet without passwords is within our reach.
What are your future plans for Trusona?
I will not feel that we have completed our mission until password-less sites are available for free and are available all around the world.
How many employees do you have today? Where are they located?
We currently have 18 employees, but we plan to double that with our latest round of funding.
How many hours a day do you normally work? What do you like to do when you are not working?
I typically work from 8:00 AM until midnight, but I do not consider it work. I am a man on mission.
On the weekends, I am involved in charitable/volunteer organizations, primarily Ball To All, which is an organization that works to keep kids playing – to help them grow healthier and happier, while also keeping them out of trouble.