In 2019, a group of young tech entrepreneurs came together in their mission to wave goodbye to passwords once and for all. They joined forces and utilized their shared experience in entrepreneurship (gained in the Y-Combinator program) to launch Cotter, a cutting-edge app for passwordless authentication. Cotter’s success has the faces of Kevin Chandra, Michelle Marcelline, Anthony Christian, Putri Karunia, and Albert Purnama - tech enthusiasts with a strong academic background in engineering, computer science, and financial mathematics gained at top universities in California.

We were in need of an authentication solution that is passwordless and cheap. At the time, there was no solution that fit our needs, so we decided to make our own passwordless authentication [system] ”, says Albert Purnama, Cotter’s software developer.

Cotter: the purpose for a change

Coming from Indonesia, the Cotter team was well aware that authentication in developing countries varies tremendously from that of developed countries. People are much more likely to access the internet through their phones instead of using computers. Therefore, since people in South Asia are mobile-first, they tend to use their phone numbers as their primary identifier instead of their email. Not surprisingly, this region has popularized the so-called “one-time password” (OTP) sent over SMS for logging into a given account. The major drawbacks of this method are its poor level of security, and the fact that it comes with high costs for companies who require verification. Every time users want to log into their bank account, pull up house insurance or view their medical records, the company has to pay a fee of approximately $0.1 for the SMS. Although the singular amount doesn’t seem worrisome, multiplied by hundreds of thousands of users, it increases dramatically and becomes far too pricey for frequent authentication. Cotter was created with a sheer desire to deliver authentication that is more secure, better, and backed with less costly infrastructure.

Cotter Team Cotter Team Photo: Cotter

How does it work?

Cotter’s passwordless authentication generates both a public and a private key pair when the user registers. The public key, stored in Cotter's server, identifies the user similarly to a username, whereas the private key, stored in the user's device, secures storage along with the biometric data and completes the verification process. The amazing thing is that all the work happens behind the scenes, and the user doesn’t have to worry about anything, as long as their device is connected to the Internet. The seamlessness and convenience of the process was a key value for Kevin and the team. The premium level of security, which is comparable to other 2-factor authorization methods currently available on the market (such as QR codes or hardware tokens) was also essential.

It was only in 2012 that public key infrastructure was introduced as an authentication protocol and, now, eight years later it is being adopted across websites and mobile apps across the world. Cotter is helping [to] speed up this passwordless change to have a more secure and convenient way to log into your favorite apps ” - Cotter founders explain.

Did somebody mention cybersecurity?

As we all know, the topic of cybersecurity is one of the hottest issues discussed in the public arena and one of the most pressing challenges the modern world has to face. Data breaches increase year after year, and companies worldwide are in urgent need of cybersecurity experts and solutions in order to meet the growing demand for fighting cybercrimes. However, the threat lurks in the dark, out of sight and difficult to grasp, which raises substantial concerns. Experts agree that the best method of combating cybercrimes is to apply preventive measures which efficiently block cyberhackers. According to the 2021 Data Breach Investigation Report, more than 81% of hacks happen because of passwords, which is why Cotter advocates strongly about passwordless authentication. Eliminating passwords and authenticating users based on a private key stored in their device brings us one step closer to solving the issue of cyberthreats, as passwordless protection prevents hackers from accessing users’ accounts remotely.

What is safe, what is convenient

Even though safety is a priority to most of us in theory, it is often something that we are willing to sacrifice or compromise on when it comes to convenience. This is illustrated by the example of two-factor authentication. Despite being recommended by experts, it is rarely executed by users, who prefer to access their favorite apps immediately without confirming the password in two different ways. The inconvenience of the two-factor authentication outweighs its functionality, leading to less than 10% of Gmail’s 3 billion users activating the feature.

The Cotter team has no doubt that in the face of more sophisticated cyberattacks and more complex technologies dominating our daily lives, people will eagerly turn to a solution that is seamlessly integrated, user-friendly and secure.

No-code technology will replace passwords in the near future because it is [emerging as] the standard of authentication in the industry. We are currently authenticating more than 3 million requests per month and we will reach over 100 million authentication requests per month in [just] 5 years. This big movement of going passwordless began because of the recommendation from trendsetting companies like Apple and Google. It is extremely exciting to see what the future holds for us! ” - they conclude