OTPless Raises $3.5M To Revolutionize Mobile Authentication

OTPless, an innovative customer identity and access management startup, has raised $3.5 million in its pre-series A funding round. The investment was led by Sidbi, with participation from Venture Highway, FJ Labs, and Piper Serica. This funding marks a significant milestone for the Surat, Gujarat based startup, which aims to disrupt the traditional methods of user authentication and set new standards in the industry. The proceeds bring OTPless’ total raised to $6.5 million. OTPless says that they’ll be put toward expanding the presence globally and service beyond authentication and into authorization — that is, determining the permissions a user has versus simply identifying who they are.

Led by Bhavik Koladiya, Satyam Nathani and Tanmay Sagar, a founding team of fintech unicorn BharatPe, OTPless is transforming the authentication landscape with its unique approach that eliminates the need for One-Time Passwords (OTPs). Instead, OTPless enables users to sign up and sign in on websites and apps via WhatsApp and other methods, offering a seamless and secure authentication experience. This innovative approach not only simplifies the process for users but also provides enhanced security measures, addressing common concerns associated with OTP-based authentication.

Revolutionizing Authentication

In just one year, OTPless has emerged as a game-changer in the identity and access management (IAM) space. The startup offers a comprehensive platform that supports various social sign-in methods, including Google, iMessage, Microsoft, Github, Slack, UPI and modern protocols like Passkeys, Network Auth, Protected SMS and Device fingerprinting. Developers can easily integrate OTPless's SDKs and APIs, going live within minutes using pre-built UIs or customize from scratch. This flexibility and ease of integration have made OTPless a preferred choice for developers looking to implement robust authentication solutions quickly and efficiently.

OTPless’s platform also includes silent network authentication in partnership with telecom operators, further enhancing the security and user experience. Silent network authentication allows the system to verify a user's identity without requiring any input from the user, leveraging the mobile network to authenticate the user seamlessly.

More than 5,000 companies and 20,000 developers worldwide use OTPless to authenticate over 30 million users. These companies benefit from higher conversion rates of up to 98%, thanks to the streamlined rule-based smart authentication process that reduces friction for end-users. Additionally, OTPless provides robust security through device-bound and biometric auth, ensuring that users remain protected against unauthorized access, even in the case of phone being lost.

“In addition to it being complicated, it’s resource intensive and error-prone to build in house,” Co-founder, Satyam Nathani, who leads product vision at OTPless shared. “The other thing that really frustrated us was that the core building blocks that all companies use for authentication had really significant security and conversion issues. It struck us that the web has improved in so many ways over the past few decades, but authentication is still stuck in the 1990s.”

Global Expansion and Competitive Edge

"Our vision is to revolutionize user authentication by making it simpler, faster, and more secure. This funding will help us scale our operations and enhance our technology to meet the growing global demand," said Bhavik. "We are committed to providing the best possible experience for our users and partners, and this investment will enable us to continue innovating and expanding our capabilities."

Ultimately, however, the funding round will help the company to accelerate its mission to help the world go OTPless. Organizations lose millions of dollars every year due to “inherently unsafe” OTP-based authentication, according to the startup; not only do weak OTPs account for more than 80% of all account breaches, but the average help desk labor cost to reset a single password stands at more than $70. 

OTPless says its web-based authenticator is the first natively passwordless identity and risk management solution, which currently handles more than 9,000 authentication requests per second, can reduce account resets by 96%, the company says, and reduces customer authentication from 1 minute to 2 seconds. 

“OTPs are not only the leading cause of security breaches, but are also known to cause friction throughout a user journey — leading to churn and a negative experience for end customers,” Satyam said. “The proliferation of cybersecurity attacks due to poor identity and authentication practices such as man-in-middle attacks, bot attacks, session hijacking, brute force attacks and other types of social engineering compromise. Authentication and user management are critical parts of any digital application.”

Sidbi's Strategic Investment

Sidbi Ventures (The venture arm of Small Industries Development Bank of India), the lead investor, has major institutional shareholders such as Govt of India, SBI, LIC, PNB, Bank of Baroda, Bank of India and others. Sidbi's investment in OTPless underscores the growing importance of innovative authentication solutions in the Indian BFSI (Banking, Financial Services, and Insurance) sector, which is undergoing significant regulatory changes.

"Sidbi Venture Capital Ltd is proud to support OTPless in its mission to revolutionize authentication," said Debraj Banerjee, Senior Fund Manager at SVCL, "Their innovative approach aligns with our commitment to fostering technological advancements that enhance security and user experience. We believe OTPless has the potential to become a global leader in the IAM space, and we are excited to be part of their journey."

“By eliminating OTPs, businesses can immediately reduce signup/signin churn and checkout abandonment and provide superior security,” said Bhavik. “Our customers, whether they are in the retail, banking, financial, telecommunications or automotive sectors, understand that providing an optimized identity experience is a multimillion-dollar challenge. With this latest round of funding from our partners, we can significantly expand our reach to help rid the world of OTPs.”

Regulatory Support for Innovative Authentication

RBI Governor Shaktikanta Das recently emphasized the Reserve Bank's commitment to enhancing digital payment security, highlighting the need for additional authentication factors (AFA). While SMS-based OTPs have been the standard, new technologies offer more secure alternatives. The RBI's principle-based framework aims to support these innovations, facilitating their adoption for digital security.

"Over the years, the Reserve Bank has prioritized the security of digital payments, particularly the requirement for Additional Factor of Authentication (AFA). Though RBI has not prescribed any particular AFA, the payments ecosystem has largely adopted SMS-based OTPs. With innovations in technology, alternative authentication mechanisms have emerged in recent years. To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based Framework for the authentication of digital payment transactions," said Governor Shaktikanta Das in a recent announcement.

As per industry estimates, billions of OTPs are consumed daily in India alone, with OTP sharing being a major contributor to fraud through social engineering. Traditional OTP-based systems are vulnerable to various types of attacks, including phishing, SIM swapping, and man-in-the-middle attacks. These vulnerabilities have highlighted the need for more secure and user-friendly authentication methods, driving the demand for solutions like OTPless.

Market Potential and Future Outlook

With a dedicated team of 50 members, OTPless plans to use the new funds to expand its global presence and challenge established players such as Auth0, Clerk, Stytch, Descope and Transmit Security. The largest identity company Okta acquired Auth0 for $6.5B. 

The global customer identity and access management market is experiencing rapid growth, driven by increasing concerns over cyber security, regulatory compliance, and the need for seamless user experiences. According to industry estimates, the IAM market is valued at $25 billion and is expected to grow at a compound annual growth rate (CAGR) of 20% over the next few years.

OTPless is well-positioned to capitalize on this growing market with its cutting-edge technology and user-centric approach. By eliminating the need for OTPs and leveraging social sign-in methods, OTPless addresses the key pain points associated with traditional authentication systems. The startup's innovative solutions provide a frictionless user experience while ensuring robust security, making it an attractive option for businesses of all sizes.

Expanding Capabilities and Product Offerings

OTPless is continuously innovating to enhance its platform and expand its capabilities. The startup plans to introduce new features and integrations that will further simplify the authentication process for users and developers. These include additional social sign-in options, enhanced biometric authentication methods, passkeys, adaptive auth and advanced security features to protect against emerging threats.

"Our goal is to provide a comprehensive and flexible authentication solution that meets the needs of our diverse customer base," said Co-founder Tanmay Sagar of OTPless. "We are constantly exploring new technologies and partnerships to enhance our platform and deliver the best possible experience for our users. This funding will enable us to accelerate our product development efforts and bring new innovations to market more quickly."

Commitment to Security and User Privacy

Security and user privacy are at the core of OTPless's mission. The startup employs state-of-the-art encryption and security protocols to protect user identity and ensure that authentication processes are secure and reliable. OTPless's device-bound and biometric one-tap sign-ins provide an additional layer of security, making it difficult for unauthorized users to gain access.

"User trust is paramount to our success, and we take our responsibility to protect users very seriously," said Tanmay. "Our platform is designed with security in mind, and we continuously monitor and update our systems to address new threats and vulnerabilities. We are committed to maintaining the highest standards of security and privacy for our users."

Building a Strong Community of Developers

OTPless recognizes the importance of fostering a strong community of developers who can leverage its platform to build innovative solutions. The startup offers extensive documentation, tutorials, and support to help developers get started with its SDKs and APIs. Additionally, OTPless hosts regular webinars, workshops, and hackathons to engage with the developer community and gather feedback on its products.

"We believe that empowering developers is key to driving innovation and adoption of our platform," said Satyam. "Our goal is to make it as easy as possible for developers to integrate our authentication solutions into their applications and provide them with the tools and resources they need to succeed. We are committed to building a vibrant and supportive developer community around OTPless."

Strategic Partnerships and Collaborations

OTPless is actively seeking strategic partnerships and collaborations to expand its reach and enhance its offerings. The startup is exploring opportunities to integrate its platform with leading technology providers, payment processors, and telecom operators to provide a seamless and comprehensive authentication solution for its customers.

"Partnerships are a critical component of our growth strategy, and we are excited about the opportunities to collaborate with industry leaders to enhance our platform," Tanmay said. "By working together, we can leverage each other's strengths and provide our customers with the best possible solutions for their authentication needs."

The Future of Authentication

OTPless isn’t the only company that’s on a mission to kill off the password. Microsoft has announced plans to make Windows 10 password-free, and Apple recently previewed Passkeys in iCloud Keychain, a method of passwordless authentication powered by WebAuthn, Face ID and Touch ID.

As the digital landscape continues to evolve, the need for secure and user-friendly authentication solutions will only grow. OTPless is poised to lead the charge in this space, with its innovative technology and commitment to delivering exceptional user experiences. The startup's vision of a world without OTPs is becoming a reality, and its recent funding round is a testament to the potential and promise of its solutions.

"We are just getting started, and there is so much more we can achieve," said Bhavik. "The future of mobile identity and authentication is bright, and we are excited to be at the forefront of this transformation. With the support of our investors and partners, we are confident in our ability to make a significant impact on the industry and set new standards for authentication and identity management."