Ottawa firm’s ‘passwordless’ system lands $1M in funding

Kanata’s inBay Technologies believes it’s figured out the secret to thwarting cyber-thieves
shane young
inBay CEO Shane Young. Photo provided.

With the Equifax scandal and other high-profile corporate security breaches making headlines around the world, an Ottawa firm believes its “passwordless” digital authentication technology is an idea whose time has come.

Kanata’s inBay Technologies announced in late September it has landed $1 million in seed financing from Netherlands-based Ramphastos Investments and a local “super angel” represented by Ottawa’s Tongda One Partners.

The 16-person firm plans to use the equity infusion to ramp up marketing for its cloud-based software that bypasses servers where large numbers of user passwords are typically stored. Instead, inBay’s app turns a user’s smartphone into a “trusted device” that the company claims cannot be hacked.

Traditional security systems compare password data entered by a user with information stored on an external server, creating a “shared secret” that is inherently at risk of being leaked, said inBay CEO Shane Young.

More sophisticated “two-step authentication” systems are actually no more secure, he added, because they simply double the amount of data available for cyber-thieves to plunder.

“No matter how careful you are … they’re finding ways in,” he explained. “The internet was actually created for sharing, not for security. A secret is never kept secret for very long.”

By contrast, inBay’s system doesn’t require data to be transmitted beyond users’ smartphones, leaving hackers with no way to access sensitive information.

“Passwords have always been a problem,” said James Nguyen, a partner at Tongda One. “What they’ve done is they’ve eliminated the problem by eliminating passwords. There’s definitely a huge market for it.”

Co-founders Stan Xavier and Randy Kuang, both former Nortel employees, originally launched inBay in 2009. The firm went through a few pivots before hitting on its software-as-a-service model, and Mr. Young said the media attention surrounding cybersecurity crimes has put customers and investors on the hunt for better authentication technology.

“They have a product that’s going to serve a very hot market in cybersecurity. They have a technology that nobody else has.”

“Things are picking up in the market with all the news around (cybersecurity) breaches,” said the veteran entrepreneur, who took over as inBay’s chief executive earlier this year. “All of the things that have been happening the last six months around breaches and theft of information online, to a certain extent, it made our job a little bit easier.”

Mr. Young said inBay is targeting clients that deal in highly sensitive information, such as government agencies, e-health companies and fintech firms. In July, the company landed a $500,000 contract with Shared Services Canada through the federal government’s Build in Canada Innovation Program.

“We actually solved a problem there that couldn’t be solved any other way,” he said. “We need to get that credibility before we go out to the broader market and look to sell to the general enterprise market.”

Though the firm has only a handful of customers right now, Mr. Young said the company is “well on track” to hit its goal of $1 million in revenues by the end of the fiscal year in January. He said inBay plans to start aggressively pursuing clients south of the border.

“That’s where we see the largest opportunity to capitalize on what we’re doing,” he explained. “We want to get out there and start generating some awareness. That requires a little bit more gas in the tank.”

Mr. Nguyen, who worked in the banking industry and has followed inBay’s progress for years, is a believer.

“They have a product that’s going to serve a very hot market in cybersecurity. They have a technology that nobody else has.”