Passkey Solutions: Startup Aims for Seamless Authentication

The Limitations of Passwords and the Rise of Passkeys

Despite their known vulnerabilities, passwords remain a widespread security measure, yet they are demonstrably insufficient for safeguarding online identities. Recent data indicates that stolen credentials have been responsible for approximately one-third of all data breaches reported in the last ten years, as highlighted by Verizon, including some of the most significant security incidents on record.

Consequently, the industry is increasingly adopting passkeys as a leading alternative to traditional passwords. Currently, over 15 billion online accounts are capable of utilizing passkeys, with major technology firms – including Amazon, Apple, Google, and Microsoft – collaborating to encourage broader implementation.

Challenges with Current Passkey Implementation

However, user adoption of passkeys has been slower than anticipated, largely due to concerns regarding their limited portability and perceived complexity.

Setting up passkeys across various accounts can be a cumbersome process for users, and logging in with passkeys on multiple devices presents challenges, as observed by Dan Goodin of Ars Technica. While passkeys offer enhanced security compared to passwords, account lockouts and recovery procedures can prove expensive for businesses relying on them at scale.

Hawcx: A New Approach to Passwordless Authentication

Cybersecurity startup Hawcx is developing a novel passwordless authentication technology designed to address the shortcomings of existing passkey systems. The company aims to leverage the security benefits of passkeys while mitigating their limitations.

Founded in 2023 by Riya Shanmugam, a veteran of Adobe, Google, and New Relic, alongside CTO Selva Kumaraswamy and Chief Scientist Ravi Ramaraju, Hawcx offers a platform-independent solution. Developers can integrate the technology into their applications with just five lines of code.

How Hawcx Differs from Traditional Passkeys

Unlike passkeys, Hawcx’s solution does not rely on storing or transmitting private keys from user devices. According to Shanmugam, Hawcx cryptographically generates a unique private key each time a user logs in.

This approach allows Hawcx to function on older devices lacking the specialized hardware required for standard passkey setups, as the generated private keys are not stored locally.

“We are not fundamentally reinventing established processes,” Shanmugam explained to TechCrunch.

For instance, when a user switches devices, Hawcx prompts them to register the new device and verifies their identity before granting access. Crucially, this process does not involve creating and storing another private key on the new device or in a cloud service – a common practice with traditional passkey implementations.

Challenging the Foundation of Digital Identity

“We aren’t simply building upon existing solutions,” Shanmugam stated. “We are questioning the underlying protocol itself. We recognize the inherent limitations of the current passkey protocol for users, enterprises, and developers, and believe we can deliver a superior experience.”

Hawcx has filed patent applications for its technology, but it has yet to be deployed by companies or independently validated, which could impact initial trust in the service.

Funding and Future Plans

Despite this, Hawcx has secured $3 million in pre-seed funding, led by Engineering Capital with participation from Boldcap, to accelerate product development and market entry.

The startup is currently in discussions with major banks and gaming companies to initiate pilot programs within the next few weeks, lasting three to six months with a limited user base. Hawcx also intends to seek validation from cryptography experts at Stanford University.

Industry Validation and Future Vision

Tushar Phondge, Director of Consumer Identity at ADP, acknowledges the low adoption rate of passkeys despite their security advantages. “The usability issues remain,” he told TechCrunch.

Phondge is optimistic about Hawcx’s technology and plans to deploy it at ADP for a pilot program to assess its ability to resolve the challenges associated with passkeys, including device dependencies and potential system lockups.

Shanmugam envisions Hawcx evolving into a comprehensive authentication platform for businesses, integrating services like document verification, live video verification, and background checks through partnerships with other providers.