Sift acquires passwordless authentication pioneer Keyless to provide secure, frictionless authentication

By Edlyn Cardoza

Sift, a leader in Digital Trust & Safety, recently announced that it has acquired Keyless, a pioneer in passwordless and multi-factor authentication. Keyless’ zero-knowledge cryptography and privacy-preserving biometric authentication technology eliminate account takeover (ATO) fraud due to weak or stolen passwords, phishing, and credential reuse while allowing users to log into websites and apps simply by looking into their device’s camera. Keyless’ technology meets the Strong Authentication Compliance requirements of PSD2, is FIDO Certified, and helps online businesses more easily meet the requirements of GDPR. Sift will offer Keyless products to regulated businesses and online merchants around the world.

With account takeover attacks reaching new and sustained heights during the COVID-19 pandemic, businesses have faced an ongoing, evolving threat from cybercriminals using large-scale automation to launch massive ATO attacks to steal stored account value, payment information and other personal data. Keyless’ biometric-based authentication eliminates a primary vector of ATO attacks by solving the root problem: passwords. Adding to the ATO prevention capabilities in Sift Account Defense, Keyless provides account security for any business ready to embrace a passwordless customer experience through multi-factor authentication that seamlessly allows users to log in to sites and apps from any device.

Keyless’ proprietary technology frees businesses from storing and managing passwords. Rather than tying a user’s biometric factor to a password, Keyless’ SDKs allow businesses to deploy biometric logins interoperably on their websites and apps as the primary authentication mechanism or integrate the Keyless authenticator app into the login experience. In either deployment, users can look into the camera on their smartphone or computer to authenticate, consistent experience across devices.

“Protecting businesses from fraud while reducing customer friction is the foundation of a Digital Trust & Safety strategy,” said Marc Olesen, President & CEO of Sift. “Keyless has created a truly innovative product that provides better account security with less friction for users, and meets the qualifications for regional regulations like PSD2. We’re so excited to bring the Keyless team to Sift and for our customers to benefit from their incredible technology and expertise.”

Importantly, Keyless puts privacy at the centre of the experience by authenticating users without storing their biometric or cryptographic information on their device or in any central location—and by leveraging advanced privacy-preserving, multi-party computation protocols. The Keyless network does not have access to biometrics, and therefore no one but the user has access to it.

“Our mission at Keyless is to provide people and organizations with a passwordless future, where the user is the key,” said Andrea Carmignani, CEO and Co-founder of Keyless. “Joining Sift will allow us to reach businesses around the world, stop account takeover attacks at scale, and ensure that users can authenticate seamlessly across devices with nothing more than a glance at their device’s camera.”

“Advances in biometric technology have signaled the beginning of the end for passwords,” said Andrew Shikiar, Executive Director and CMO of the FIDO Alliance, an open industry association focused on providing open and free authentication standards. “Keyless has developed a novel and secure approach that leverages FIDO’s protocols to make authentication easier for consumers. I look forward to seeing Sift and Keyless drive adoption of this standards-based technology that both businesses and consumers desperately need to thwart the growing number of account takeover attacks.”