guest contribution by Frank Staut, Managing partner of InvestLink:
InvestLink invested in nextAuth in March 2019. Due to our background, we know the IT security space quite well. After reviewing the technology, we saw some important differences with existing technologies. With many existing mobile authentication solutions, it is important to know what makes nextAuth unique.
One thing is for sure, a good, secure authentication becomes more and more important. Everyone knows that a username and a password is not enough to have a secure solution. There are many ways to intercept passwords such as (advanced) phishing, shoulder surfing, sniffing and many more. Two-factor authentication (2FA), e.g., combining the password with something you have, is becoming standard. The industry is moving away from hardware tokens in favour of mobile authentication solutions.
Since multiple mobile authentication solutions exist, we need to make clear what makes nextAuth different. We discovered four main differences: security, flexibility, usability and branding options.
That a mobile authentication solution needs to be secure is quite obvious. However, not all existing solutions have the same level of security. nextAuth's patent pending technology, makes it highly secure and almost invulnerable to brute-force attacks. In the more technical blogs, you can discover the innovative techniques, going far beyond ‘One Time Password’ solutions. The nextAuth solution is not only usable for access but also for digital (transaction) signing. This makes nextAuth perfectly usable by a bank.
The flexibility of a solution is also very important. The nextAuth authentication server comes with a rich API and an integrated IdP. The API can be used within your own environment or integrated into your own IAM solution. With the integrated IdP, you can connect applications via standard mechanisms, such as SAML or OIDC. The nextAuth server can run either within your own environment on your own hardware or in the cloud. The technology can also be used by an MSSP to offer it as a service to customers.
Usability is key, from the point of the users it should be as convenient as possible to use. By providing an end-to-end solution, nextAuth can provide a smooth user experience. nextAuth does not rely on the browser to be able redirect and/or store any information, which is a big and important difference with many existing solutions! If you change devices, there is no need for typing in your username or another identifier in the browser.
The mobile app is fully customisable and the mobile SDK integrated into an existing app. This is very interesting for marketing as you can use your brand for the authentication part as well. You can perfectly build a company app where authentication is an integral part, not only for access but also for (transaction) signing.
These four unique selling points, in combination with the background and skills of the founders, made us decide that this company has big potential. Together with the other shareholders we will put our shoulders behind this company to make it a big success.
Also important to note is that InvestLink is not a traditional investment fund. We have a long term goal to support this company by taking the necessary steps to grow towards a stable independent company that can serve the biggest companies worldwide.
Managing partner InvestLink
Chairman of the board nextAuth