🗝 Forgot Password?

How many times have you tried to login to a website and had to shamelessly click those two almighty words: Forgot password?

Well, if you’re anything like me, the answer is plenty of times. I login to my email, reset my password, and whisper under my breath, “It is what is.”

Well what I’ve noticed is anytime I say “it is what it is”, odds are there is someone out there working on how that process can be better.

Queue Stytch -- The Friction Reduction Company.

The founders of this company both worked at Plaid on the authentication team. During their time there, they had what we call a light bulb moment.

1. The password is a central point of failure

2. A person’s email holds the “keys to the kingdom”

Let’s unpack these two, but first, check out this light bulb meme I found.

Alright let’s get to it --

The Central Point of Failure

With 10s, even 100s, of passwords it doesn’t take a genius to realize users are double dipping their passwords. That action itself is not the crime, but the product of an overarching trend - the fragmentation of the web.

A profound change in consumerism is the culprit. A company’s web page has transformed into a store front while their brick-and-mortar location is now simply a show room. This trend is incredibly beneficial to both the producer and consumer, but what went unnoticed was the creation of border control in the world wide web. What does this mean? Well, it means users now have more passwords than ever. Facebook, Google, Amazon, Macy's, Starbucks, Chick-fil-A, and the list goes on and on... and on.

The take away here isn’t that we have a gazillion passwords, but it’s the revelation that not all security measures are made the same.

The password becomes a critical point of failure the moment a person uses their Chase password at a mom-and-pop online front.

Just because Chase takes extensive security measures does not mean every other company does so as well. And if your password is the same across platforms, if there's a breach at one, there is a breach at all.

Honestly, the truth is, the password is an outdated concept.

The Keys to the Kingdom

With so many passwords to “remember”, what do you do? Well, you either wait for a security breach to happen or you reset your password.

Have you ever stopped to think about the common denominator every time you hit reset?

It’s your email.

Your email is where the true authentication occurs.

Your email holds the keys to the kingdom.

Every time a person resets their password (which is a lot), the company sends a reset link to their email. Take that a step further and you realize, the password to an account is effectively meaningless. The real authentication occurs via email notification.

Luckily, many have internalized this and ensure their email is more heavily guarded than even their bank accounts.

The password is an outdated concept that honestly creates unnecessary friction to purchase something as simple as protein powder. Due to the difficulty of accessing a previously created account, many potential customers end up churning - directly affecting a company's bottom line.

So, sounds like having a password is annoying and inadvertently driving customers away. Not good looks for the password.

Till Death Do Us Part

The team at Stytch re-imagined authentication from ground zero with the simple realization: two-factor authentication is really just putting in your password for show, then actually doing the part that’s secure.

Their product utilizes email links, an SMS text authentication code, authorization logins (i.e. Google, Apple, Microsoft logins), push notifications, or native mobile biometric support to allow users to access online portals.

Basically, a bunch of no-password forms of authentication.

If that isn’t the genius, let’s talk about some tailwinds.

Underestimated Market Size

Authentication is an immensely undervalued market. Let me explain why.

Authentication is incredibly important to a company, but it has literally nothing to do with what a company actually does.

Any time + resource spend on developing authentication features doesn’t do anything to aid a company’s mission. To that end, it makes a lot of sense for a company to outsource spend for authentication features.

Another very real reason has to do with the impact passwords have on the bottom-line. The friction caused by a login and the additional time spend and frustration trying to figure out your password drives many potential customers away before purchase.

If only you could bring harmony to the shopping experience..

Another cool feature the company has is user account creation at the point of checkout. Stytch is doing so well to the point where I can imagine it being the global entry of the web.

Aside from product creation, seems like they’ve got their finances in order.

Incredible Capital Allocators

Stytch had at a rapid funding cycle in 2021. The team completed three rounds of funding in one year.

1. Series A1 (February '21): $20MM

2. Series A2 (July '21): $30MM

3. Series B (November ‘21): $90MM

With such a quick capital influx cycle, it makes you wonder what is going on in the belly of the beast. All the red flags would indicate sloppy funding from VCs and money sloshing around amidst the pandemic, but it looks like Stytch used it incredibly well. They recruited great talent and have shown an ability to ship products at a rapid pace.

On top of that, it’s not like they received capital from your average investor. They raised rounds from all-star VCs including: Thrive Capital, Benchmark, Coatue, Index, and Not Boring Capital.

Double on top of that, many of the pre-existing investors decided to double down on their investment in the next funding round - a promising sign of a startups continued excellence. From the A2 to the B, Thrive, Benchmark, Coatue, and Index wanted another slice.

Moments after the Series B, Stytch announced the purchase of Cotter, a passwordless authentication platform for no-code websites. Signaling the funding round was directly used for M&A, this play was genius. Instead of building passwordless API for no-code sites, it made sense for Stytch to simply acquire the competitor.

Let’s See Where This Goes…

This is the definition of a company moving in silence through the plumbing of the internet. It is making tactical plays in the darkness, and will one day be as important, if not more than Stripe.

For now, we’ll call Sytch the Stripe for Authentication, but pretty soon we’ll hear companies pitching themselves as “the Stytch for…”

If you’ve made it this far, thanks for reading.

In my opinion, the company seems pretty cool. If you’re interested in working there, check out some of their openings here.

Will catch y’all soon.

Cheers,

SK

This post and the information presented are intended for informational purposes only and are not a reflection of my employer. The views expressed herein are the author’s alone and do not constitute an offer to sell, or a recommendation to purchase, or a solicitation of an offer to buy, any security, nor a recommendation for any investment product or service. While certain information contained herein has been obtained from sources believed to be reliable, neither the author nor any of his employers or their affiliates have independently verified this information, and its accuracy and completeness cannot be guaranteed. Accordingly, no representation or warranty, express or implied, is made as to, and no reliance should be placed on, the fairness, accuracy, timeliness or completeness of this information. The author and all employers and their affiliated persons assume no liability for this information and no obligation to update the information or analysis contained herein in the future.