Passwords are not innocent and cannot protect your online identity. Almost a third of data breaches reported in the past decade included some of the biggest violations in history, as they happened due to stolen credentials, according to Verizon.
Instead, the industry has largely discovered PassKeys, which it claims to be the most prominent solution for replacing passwords. Over 15 billion accounts online can use PassKeys, and leading tech companies (such as Amazon, Apple, Google, Microsoft) are working together to encourage Passkey adoption.
However, users are still moving away from PassKeys due to the general state of lack of portability and awkwardness.
Cybersecurity startup Hawcx aims to fix some of the headaches in PassKeys using passpasskey technology.
As Dan Goodin of ARS Technica points out, users can set up a tedious and challenging passkey in their account when logging in using PassKeys on multiple devices. PassKeys definitely offers better security than passwords, but account lockouts and recovery can be a costly problem for businesses using PassKeys of size.
Founded in 2023 by Riya Shanmugam, he spent nearly 20 years at Adobe, Google and New Relic. Along with Chief Technology Head Selva Kumaraswamy and Chief Scientist Ravi Ramaraj, Hawcx said it would provide a platform-independent solution that allows developers to add five lines of code to enable passwordless technology.
Hawcx said that its solution does not rely on sending or storing private keys from devices like PassKeys. Instead, Shanmugam told TechCrunch that Hawcx encrypts its private key every time a user signs in.
Hawcx co-founders Selva Kumaraswamy, Riya Shanmugam, and Ravi Ramaraju (left to right)
Because the generated private key is not stored on the user's device, Hawcx says that its technology works on older devices that do not have the latest chips to support typical Passkey setups.
“We're not fundamentally reinventing the wheel in most of the processes we've built,” Shanmugam told TechCrunch.
In one example, if a user switches from one device to another, HawCX's solution will register a new device with an account and ask if they want to check and verify the user's reliability.
However, in this case, the solution will not create another private key that will be stored on the new device or cloud service. This is different from a typical passkey setup where new private keys are generated and stored on new hardware, validated using old devices, or synchronized via cloud services.
“No one is challenging beyond the foundations,” Shanmugam said while referring to competition in the field of digital identity management. “What we're trying is the foundation itself. We're not building on the PassKeys that the protocol offers. We say there are insane restrictions on this protocol for users, businesses and developers, and we can improve that.”
Hawcx has filed a patent but has not seen it being deployed by a company or technology that has been verified by a third party that could hinder trust in its services.
Despite this, Hawcx raised $3 million with previous seed rounds and participation from BoldCap led by Engineering Capital, speeding up product development and reaching the market.
Shanmugam told TechCrunch that the startup will discuss with large banks and gaming companies to start pilots in the coming weeks and run for three to six months with limited users. The startup is also planning to validate the technology with Stanford University's “couple of cryptographic experts.”
“Adoptions are low when we deploy Passkeys. Tushar Phondge, director of consumer IDs at ADP, clearly Passkeys is solving security issues and usability issues still remain.
Phondge is bullish with Hawcx technology and will be deploying it to ADP and deploying pilots to test whether it will address issues raised by PassKeys, including device dependencies and lockups on core systems.
Ultimately, Shanmugam said Hawcx is a unified authentication platform for businesses over time, and aims to be a partner with a variety of players to integrate services such as document verification, live video verification and even background checks.