Magic Raises $4M to End the Era of Passwords

Sean Li
Magic
Published in
5 min readMay 29, 2020

We are thrilled to announce that Magic is coming out of stealth with $4M in Seed funding secured last year to end the era of passwords with the easiest set of SDKs for developers to add passwordless authentication in their applications.

Our seed round was led by Placeholder. Joining them are Lightspeed Ventures, SV Angel, Social Capital, Cherubic Ventures, Volt Capital, Refactor Capital, Unusual Ventures, Naval Ravikant, Guillermo Rauch (Vercel), and Roham Gharegozlou (Dapper Labs).

Using Magic SDKs, developers can serve a magic link sign up or login experience, where users can authenticate by simply clicking on an email link. Companies like Slack, Medium, and Substack have been known for their easy user onboarding using magic links. With Magic, developers now have it ready in a box by simply adding a couple lines of code.

Since launching in February 2019, over 6,500 developers have signed up for our authentication services¹, which powers a diverse set of hundreds of applications in production.

With this announcement, we are also excited to share three major partnerships:

Vercel — The easiest way to develop and ship Jamstack applications with Vercel + Next.js and the easiest way to add authentication into applications with Magic form natural synergies. We’ll together make developing performant and powerful applications on top of Jamstack a mainstream phenomenon.

Max Planck Society — Magic will help to power identity and the bloxberg project, consisting of a consortium of over 50 leading scientific organizations such as Carnegie Mellon University, Georgia Tech, UCL, and ETH Zurich. They’ll be changing the way research data, results, and publications are managed and improve the collaboration between scientists.

Dapper Labs — The creator of blockchain gaming sensations such as Cryptokitties and NBA Top Shot. Magic will be making authentication a breeze for users and developers building on top of their new powerful Flow blockchain.

With this funding, Magic will accelerate the global adoption of passwordless authentication, introduce new hardware and authenticator app-based logins, and liberate identity from the control of centralized tech oligarchs.

🤔 Why Passwordless?

🛡 Upgrade Security

Properly managing user credentials such as passwords, requires a tremendous amount of resources. Weak passwords actually account for 81% of all security breaches, since over 59% of people reuse their passwords everywhere². This will cost companies up to $240 for every user compromised³ - increasing risk and liability for companies.

Visiting HaveIBeenPwned can be a frightening experience. By typing in our email, we realize that our sensitive data and passwords have likely been compromised. They were likely stolen in many high profile breaches impacting companies like Equifax, Dropbox, Adobe, Kickstarter, LinkedIn, Tumblr, and so many more — personal security for a majority of people has come to an end.

Once hashed passwords are stolen, hackers can direct immense distributed computing resources at them to attempt hundreds of billions of password combinations per second, in hopes of recovering plaintext passwords. In a matter of minutes, each recovered password can expose other passwords used by the same user in other applications, such as bank accounts.

As a result, about half a million passwords are leaked per year, worldwide spending on cybersecurity is projected to reach $133.7 billion in 2022⁴, and the average cost of a breach has skyrocketed to around $3.92 million as of 2019⁵. Even though Equifax was breached in 2017, the company is still paying off the $4 billion damages in total.

🌱 Reduce Overhead

Users tend to set passwords that are easy to crack, yet hard to remember, and account recovery support can be costly. 50% of all support tickets are related to lost and forgotten passwords. Handling even just 10 tickets on a daily basis will cost organizations around $128,000 annually⁶.

To manage identity without passwords, Magic leverages Public Key Infrastructure (PKI). When a new user signs up for an application, a public-private key pair is generated for them and secured by our patent-pending key management technology. Private keys are used to sign cryptographic proofs of a user’s identity, which means in order to authenticate requests, developers will no longer need to store and manage hashed+salted passwords.

🚀 Boost Conversion

Passwords are a significant source of onboarding and conversion funnel friction.

User sign up experience with passwords
User sign up experience without passwords

We can clearly see removing passwords reduces the number of steps for users to sign up for an application. This has the potential to increase conversion rates by 54% reported by e-commerce websites⁷.

🔮 The Future Is Magic

Passwordless is inevitable for online security. By delegating authentication to a user’s email, mobile, or hardware device, users no longer have to wrestle with remembering passwords for the ever-increasing number of services that they interact with.

By focusing on delivering amazing developer and user experiences, Magic aims to make passwordless the gold standard for online applications.

One of our core principles is to allow developers to completely own their user authentication experience — building relationships directly with their end-users. This way, they are no longer susceptible to the control and risks induced by centralized identity lock-in from Facebook, Apple, and Google.

Magic is the bridge to a more secure and authentic Internet, and authentication is just the beginning. By leveraging future-proof PKI and identity technology under-the-hood, Magic also lets developers tap into new infrastructures such as IPFS and blockchain — unlocking endless possibilities and innovative business models.

Learn More About Magic ✨

Website | Documentation | Security | GitHub | Twitter | Reddit

References

[1] Magic is developed by our team at Fortmatic Inc., now rebranded to Magic Labs Inc. 6,500 developers are a combination of both the Fortmatic authentication product, which is migrating to passwordless, and Magic.

[2] Amber Steel, “Passwords Are Still a Problem According to the 2019 Verizon Data Breach Investigations Report”, https://blog.lastpass.com/2019/05/passwords-still-problem-according-2019-verizon-data-breach-investigations-report.html/, May 2019

[3] Chris Brook, “What’s the Cost of a Data Breach in 2019?”, https://digitalguardian.com/blog/whats-cost-data-breach-2019, Jul 2019

[4] Susan Moore, Emma Keen, “Gartner Forecasts Worldwide Information Security Spending to Exceed $124 Billion in 2019”, https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019, Aug 2018

[5] Larry Ponemon, “What’s New in the 2019 Cost of a Data Breach Report”, https://securityintelligence.com/posts/whats-new-in-the-2019-cost-of-a-data-breach-report/, Jul 2019

[6] Daniel, Lu, “How Much Are Password Resets Costing Your Company?”, https://www.okta.com/blog/2019/08/how-much-are-password-resets-costing-your-company/, Aug 2019

[7] Andre Bourque, “Ditching passwords and increasing ecommerce conversion rates by 54%”, https://www.cio.com/article/3193206/ditching-passwords-and-increasing-ecommerce-conversion-rates-by-54.html, May 2017

--

--

Sean Li
Magic
Editor for

ceo @magic_labs @fortmatic | ex-@docker @kitematic | @uwaterloo alumni