Last year Microsoft Research posted a great paper^[1] on passwords in an attempt to answer the question, “After 40 years of security research, why is the password still dominant?” Surprisingly, most security people haven’t read it. Not hard to guess why—it’s a dense 15-page academic paper titled “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes.” We’ve decided to post a summary of the paper, with some of our own thoughts, for the betterment of security for all.

The goal of the researchers was to provide a framework for evaluating alternative authentication methods like multi-factor, biometrics, and federated SSO. Some of the options they reviewed are wildly impractical for most customer facing web applications (i.e., paper-based one time passwords) but overall the framework is very useful. After 40 years of security research, passwords still doggedly persist as the de facto standard for application authentication. Why? Because while there are more secure alternatives, like multi-factor authentication, nothing comes close to passwords when you account for usability and ease of deployment.

Today we announced $8.2M in Series A financing.  It’s a big achievement for our team and a huge commitment to our vision and customers.  Most importantly, it’s fuel: fuel to recruit the best people, fuel to build a revolutionary security product, and fuel to empower thousands of developers with the Stormpath API.

What Is Stormpath?

Stormpath is the first easy and secure user management and authentication service for developers.  Our API handles authentication, password storage, user management, access control, and common security workflows like password reset.

In a nutshell, it’s all the user security an application needs, but developers really don’t want to build. 

The Storm Is Rising

We believe Stormpath is a revolutionary and disruptive product, but more importantly, we believe the rising tide of developer services is changing software development. Today, for the first time ever, an SMB operating in the cloud has access to more advanced technology than a Fortune 100 competitor stuck in a data center.

We Won!

Stormpath was selected to compete in the 2012 GigaOm Structure Launchpad Event, which highlights 11 of the hottest cloud startups. We won the People's Choice Award and were runner up for the Judges' Award (in a split decision after a tie).  

This is a great milestone for us, and a great way to launch our product. Not only did thought leaders in cloud computing select Stormpath as a top start-up, and those very thought leaders and, more importantly, their audience, selected us the #1 most exciting startup in Cloud.  Not a bad way to publicly launch our service.

We have been pretty quiet for the last few months, but things at Katasoft have been very busy under the hood. Today, we’re officially coming out of stealth, launching private beta of our Identity Infrastructure product, and announcing the renaming of the company from Katasoft to Stormpath. With a seed round led by Flybridge and NEA, we have been able to build out a team that we're very proud of.