San Jose-based OneID, which offers one-click sign-in and check-out for individuals, businesses and developers, has announced $7 million in new funding from Khosla Ventures and North Bridge Venture Partners. The company, which was founded in June 2011 and launched its developer version in March 2012, will use the funding to bring its service to market. In addition to the funding, the company also appointed Alex Doll, a former executive at PGP Corp., as CEO.
“Many experts consider online identity to be the most important problem to be solved on the Internet today. OneID is here to introduce a brand new service for managing user identity both online and offline,” OneID CEO Alex Doll said in an interview. The service is currently available on over 1,000 websites through a partnership with SalsaLabs, and they expect to reach close to one million sites by the end of the year. Doll said the company is in discussions and early trials with several large companies. “A number of companies have been waiting for more endorsements of the company’s viability. We want to show big companies that OneID is ready by letting them know about our recent developer release that just came out, funding from two of the world’s leading VCs, and how the OneID service is now being made available to tens of thousands of sites everyday.”
The company was founded in 2011 by Steve Kirsch, a serial entrepreneur who previously built five companies, including Infoseek, an early search engine acquired by the Walt Disney Company in 1999. OneID aims to eliminate a consumer’s need for multiple usernames and passwords, like services offered by 1Password and others, but also saves their payment information for easy and safe online checkouts. All of an individual’s information, including shipping address and payment information, is saved in their OneID account, or what the company calls their “digital identity.” Users sign up for an account, and enter their information once. After that, a user can sign into a OneID-enabled website with one click to speed up checkout. The account can only be accessed from devices that a user specifies.
Security is the main concern for users who store their credit card information with companies. Founder Kirsch said in comments on a TechCrunch article that OneID keeps a user’s information encrypted and only decrypts it on demand. He says this is what differentiates OneID from a solution like Facebook Connect – a user’s data is never stored anywhere in decrypted form. When a user adds a device to their OneID account, the device is given keys that unlock a user’s data and make it available. Devices are also locked with a user’s OneID password, and OneID Remote (used on a mobile phone) is locked with a PIN, and is required for certain remote approvals. So when a user pays for something using OneID on their mobile phone, they have to approve the transaction and provide their PIN to verify it.
OneID isn’t the first company to tackle the idea of a secure, centralized online identity for individuals and businesses. Twitter, Facebook and Google already provide one-click sign-in, and Amazon offers one-click check-out – on Amazon properties only. Founder Kirsch also admits that it’s similar to Microsoft’s U-Prove technology, with some differences, and obviously a broader focus on individuals rather than businesses. And LastPass is already attempting to be “the last password you’ll have to remember,” while online payments leader PayPal launched its PayPal Access platform in October 2011.
“There are companies who are just addressing the authentication problem, such as Facebook Connect and OpenID, and companies addressing the secure payments problem, such as PayPal Access,” Doll said about OneID’s competition. “OneID is unique in that it provides a convenient and secure digital identity solution that can be used for authentication, information sharing, secure credit card transactions, and authorization.” He said that OneID is not just a “second factor” for authentication, it’s a “complete digital identity federation” that is used to replace usernames and passwords, as well as to provide higher levels of security through multi-factor authorization. “Your OneID identity is portable; you can change your provider at any time,” he said. “You are in complete control over how your identity is used and it cannot be used without your express consent.”
With Twitter and Facebook already offering one-click sign-in, and Amazon’s technology offering something similar to OneID’s solution for its own ecommerce platform, the potential for one of these companies to launch a similar solution seems likely. And companies like Braintree are already offering card-on-file services for consumers’ credit card info, and that company alone processes almost $4 billion in ecommerce payments annually. OneID might cut down on friction for consumers and increase conversions for businesses, but it’s not the only company that has the capability to own this space.
And regardless of how many businesses adopt OneID technology, if a consumer is presented with multiple sign-in options, there’s no incentive to go with an unknown brand. The key to OneID’s success will be proving it really is safer than any other option, increasing conversions for businesses to prove its value on the enterprise/ecommerce side, and getting big names on board to back up its technology with brands consumers recognize.