Buenos Aires, Argentina — “Auth0 was born as a remote company. When we started I was in Argentina and Eugenio (Pace) was in the United States, and we embraced a bit of that complexity that for many is still remote work,” recalls Matias Woloski, CTO and co-founder of the digital identity unicorn Auth0.
From those beginnings, in 2013 together with Pace, the CEO and co-founder of the company, not only water passed under the bridge, but a fearless river that in 2019 led them to be part of the club of Argentine unicorns by receiving an investment of US$103 million and reaching a market value of US$1.1 billion.
“We started taking people in any country from day zero, and today we have collaborators in 35 different countries. In fact, moving to remote model was not a change for us. Physically we are in Buenos Aires, in Seattle, in Bellevue (which is near Seattle), in London, in Sydney and in Tokyo. But they function more as meeting places. We are already more than 1,000 people in the company,” Woloski tells Bloomberg Línea.
In March this year, the company was bought by Okta, which also operates in the digital identity market, and is valued at US$55 billion. Despite this, the firm continues to operate independently as a product unit within Okta.
Its demand levels increased exponentially during the pandemic, given the sheer number of cyberattacks. This caused the volume of work across all industries to grow, because cybersecurity became much more relevant, making Auth0 a key partner.
The following conversation was edited for length and clarity.
Bloomberg Línea: Where do Auth0 and Okta stand after the merger?
Matias Woloski: We are still in the planning stage, but basically Auth0 was a big milestone for them and a lot of the plans have to do with how to move forward, how to take advantage of the synergy between the two and give priority to what we do, which is customer identity. There is a lot of market available there and we are the company that can attack that, since we are neutral, not like Microsoft, Amazon or Google.
Where does the relationship with them come from?
Since 2013 when we had the first call with Okta’s CEO, Todd (McKinnon), we started to have a continuous back and forth. We had a product MVP, we had no founding of any kind, we had no money raised and in October 2013 we had the first call from Todd saying, “Well, let’s chat and see if we can join forces.” In the jargon when they tell you that is: “We want to acquire your company”. At that time it was really early days for us and it wasn’t clear what the offer or the opportunity was. That is also the way things are handled: when you are interested in a company, you keep in touch and try to make your “enemy” your friend. That’s what we always respected about Okta, they didn’t play dirty and always kept an open channel with us to see what we could do together and in a very respectful way. That was positive for the later decision to sell the company.
What do you think they found in Auth0?
In 2017, they acquired another company called Stormpath, which is obviously no longer around, that was doing the same thing we were doing. But even though this was a company that had a product that competed against us, Auth0 had a better product: a better go to market, better marketing and sales. With that acquisition they tested if they could enter the customer identity market, and it didn’t go well, so three years later (or four already) they came back to us to test, and this time it worked.
Where are the main opportunities for synergy?
Auth0 remains separate because it has a lot of value and it is important to keep the strength of the two and not dilute the message. But, obviously there are a lot of synergy opportunities and just the interesting thing is that we sell to the programmers who are developing applications. They sell to the companies that want to use those applications with one log in for everybody. We have the opportunity to make that connection much more efficient, easier to use, with less friction, with more security. In simple terms, if you look at any corporate email or any corporate chat most of the IT problem messages are, “Do I get access to such and such?” or “I want access to such and such,” well, all of that happens because the systems are made by different people and with different authentication and authorization systems. By being in both places (in the one that creates the software and the one that consumes the software) we can make that very efficient. In Okta there is a protocol called single sign on, where you log in only once and you can log in to other places. But if you have Auth0 on the other side you can do even more than that. We are a product that is behind the scenes, like electricity.
In the last year and a half, how has business and demand been moving?
In general, it was a very good year and we grew by more than 60-odd percent, already with a large turnover base. And that was obviously due to the fact that everything was digitalized. The systems that were implemented by the companies to make this possible use us. If before it was used by 10 users per month, now it is used by 500 users per month. Our pricing is per active user per month, and there were more active users per month throughout the year.
By what percentage?
We had more than 550 million users in the system and more than 4.5 is the average number of authentications, log ins, per month during 2020, 4.5 million. So it was a big growth.
How did the increase in cyber-attacks impact the business?
More and more companies are being hacked. Today there are more than 3 billion users and passwords going around, but they are passwords that maybe someone used somewhere in 2017, 2016, 2015 from companies that have not had sufficient security measures to protect themselves. That database that is relatively easy to obtain on the dark web is very easy to generate an attack or botnets and it’s very difficult to identify those attacks. They are bots that are using those users and passwords to see if they work. And then what they do is sell them on the black market for half the price. This happens with a lot of services such as Netflix, Spotify, etc. It is very common for a person to suddenly have their Netflix language change and they don’t know why, that’s someone who got in and did it. This is becoming more and more common and it’s hard for the programmer to focus on it while they’re developing, because it’s a difficult attack to protect against. That’s where the value of Auth0 is.
And how do they anticipate that kind of thing?
We specialize in this and can monitor this activity. It’s a very interesting opportunity for startups that don’t have the resources to put in a team of specialists and build their own log in. It is an investment, but in the long run it is much cheaper than having to develop it internally.
Did the level of investment from companies already working with you increase?
Yes, we had positive expansion in many accounts. Either because the number of monthly active users grew or because they bought add-on protection (something you buy in addition to the subscription). It’s like buying an insurance or an alarm.
But the world is a password!
So the solution to that is more structural. Just moving from the password to something better, what happens is that there is a lot of password legacy. But the good news is that there are already systems that are being implemented in the industry such as touch ID, face ID. We are progressively replacing the password with that. So, somehow, instead of patching the problem and saying: “Use a password manager”, the idea is to remove the passwords. That takes time and more companies using this system is our opportunity.
And how is Argentina specifically compared to the region in terms of adoption of this type of technology?
This is still very green, especially because the devices still do not have, for the most part, biometrics functionality. So much so that we recently did a survey where 89% of consumers abandoned the purchase or registration of a site for having a bad experience in that flow.