Auth0 raises $15 million to let you know when you've been pwned

The authentication startup's software will inform users when their passwords have been compromised elsewhere.

screen-shot-2016-08-25-at-09-19-49.jpg
Auth0

Identity platform Auth0 has raised millions in investment to tap the security market with an enhanced identity and authentication platform for developers.

On Wednesday, the startup announced the results of a successful Series B funding round led by venture capital firm Trinity Ventures.

Auth0 has worked with developers to develop a universal platform which can add authentication and authorization systems to web, mobile, and back-end systems. Over 75,000 companies have signed up with the startup, which provides systems for simple usernames and passwords, single-sign-on features, multifactor authentication, and passwordless authentication, among other software.

The Bellevue, Wash.-based company caught the eye of investors, which includes Trinity Ventures, Bessemer Venture Partners, K9 Ventures, and Silicon Valley Bank. In a Series B funding round, Auth0 -- which has reported a fivefold revenue increase year over year -- managed to secure an additional $15 million to boost the growth of the identity-as-a-service platform and launch new, advanced security features for customers.

See also: LinkedIn user? Your data may be up for sale

As part of the financing deal, Trinity general partner Karan Mehandru has joined the startup's board of directors.

In total, Auth0 has raised $24 million through investment rounds.

"Identity is an asset. Unless it's not secure -- and then it can become a liability," said Jon Gelsey, CEO of Auth0. "Since Auth0 was founded four years ago we've provided subscribers with a frictionless way to implement strong identity security.

This new funding will help fuel product development focused on even stronger security for our subscribers, which include the features available within Auth0's Anomaly Detection suite."

Alongside the funding announcement, Auth0 also introduced a new breached password detection facility which gives businesses the opportunity to automatically detect and inform customers when the password they are using on their accounts has been compromised on other, third-party domains. Subscribers can then block access or require enhanced security -- such as two-factor authentication -- until password resets have been completed.