With new, increasingly dangerous computer and network security threats continuously emerging, it’s difficult to imagine life without that most basic, universal security measure—the password.
But that’s exactly what Ping Identity, a Denver-based network security company, is trying to create. In the process, it wants to capture a piece of the $40 billion IT security market as the industry evolves to confront new challenges.
Ping Identity’s specialty is cloud-based security software for identity and access management that allows users to access software-as-a-service applications like Salesforce, Dropbox, and Gmail with a single login. Other customers like banks and airlines use the software to let customers use their websites without multiple logins.
Investors, clients, and industry analysts think the company is on to something, and their support has made it one of Colorado’s leading tech companies.
Ping Identity today released PingID, a mobile app that lets clients use their smartphones to verify their identities when logging on to a program. The process is known as multi-factor identification.
PingID adds a second layer of security or, if users choose, does away with passwords entirely, senior director of marketing Jeff Nolan said. PingID also adds other layers of security, like challenge questions, and has a location feature that can block login attempts from certain areas.
The app should allow greater protection against password-related security breaches, which the company views as the main cybersecurity threat, Nolan said. It does so by approaching the problem in a different way.
“The problem isn’t just better password security. The problem is the passwords themselves. That mechanism is flawed,” Nolan said. “What PingID leads to is a vastly superior way of securing applications and services relative to the usernames and passwords that the industry has relied on for the past 30 years.”
That’s why Ping Identity is marketing the new app as a step into “the post-password era.” While the company doesn’t think passwords will disappear completely, it thinks new technologies—especially mobile devices—offer alternatives.
“We are entering a stage where we have the technology to provide a very reliable alternative to password-based authentication. It’s viable because it can be adopted at scale, and it sits in the hands of pretty much everyone today,” Nolan said.
PingID isn’t the only two-factor identification app that relies on mobile devices. Google has created its Authenticator app, which works for Google accounts and some third-party applications.
Google Authenticator and similar apps work by generating numeric passwords users have to type in when logging on, which can be cumbersome. So despite being recommended by security experts, multi-factor verification apps haven’t really caught on with the public.
“Our position is [others] have failed in the market at scale because they’re simply too hard to use,” Nolan said.
Ping Identity’s answer is to let PingID users authenticate with a single swipe of their device’s screen, which the company hopes will give it an edge.
The app is the result of Ping Identity’s acquisition of Accells Technologies, an Israeli company Ping Identity bought in March for an undisclosed price. Accells specialized in user authentication software for mobile devices.
Some of the technology behind the PingID app comes from what Accells already had developed, but the primary motive for the acquisition was bringing on engineers who could expand Ping Identity’s products into mobile, Nolan said. PingID is the first result of their work.
Ping Identity’s vision has appealed to investors, industry analysts like Gartner and Forrester, and more then 2,000 companies (including, according to Ping Identity, half of the Fortune 100.) Since its founding more than 12 years ago, the company has raised $90 million, including a $44 million Series F round last year. Investors include W Capital Partners, DFJ Growth, General Catalyst Partners, and SAP Ventures.
Co-founder and CEO Andre Durand hasn’t been shy about his company’s goal to go public. Last year he said an IPO might take place in 2014 or 2015.
But Ping Identity isn’t alone in the cloud-security market. Rival startups Okta and OneLogin offer similar products, have raised a lot of venture capital, and also have impressive client lists. Salesforce and Microsoft also are getting into the sector.
