Identity & Access Management
,
Multi-factor & Risk-based Authentication
,
Security Operations
Keyless’s Biometric Tech to Improve Privacy, Account Recovery and User Experience
Ping Identity purchased a biometrics startup led by a former Accenture business strategy analyst to help strengthen authentication for frontline workers and shared terminal environments.
See Also: Identity and Access Management (IAM) Market Guide 2025
The Denver-based identity security titan said traditional device-based authentication is ineffective for workers who lack access to dedicated devices, making privacy-preserving authentication technologies like zero-knowledge biometrics even more important, said founder and CEO Andre Durand. He said Keyless can enable server-side biometric authentication while maintaining privacy and compliance.
“We were specifically looking for a solution,” Durand told Information Security Media Group. “We knew biometrics was the approach we wanted to take, because I feel it’s the best user experience. But we also knew that we didn’t want to endorse or back an approach that wasn’t inherently architecturally privacy preserving.”
London-based Keyless, founded in 2019, employs 71 people and has raised $18 million, having most recently completed a $2 million selective funding round led by Rialto Ventures and Experian Ventures. The company has been led since its inception by Andrea Carmignani, who previously spent two-and-a-half years with Accenture as a business strategy analyst focused on Saudi Arabia, Qatar, the UAE and Italy (see: Ping Identity CEO: Bots Disrupt Identity, Trust Is ‘On Fire’).
Authenticating Users Who Can’t Access a Mobile Device
Ping wanted to address its inability to strongly authenticate users who do not have access to mobile devices or work in environments where personal devices are restricted such as call centers or factory floors. These environments present unique challenges where push notifications and passkeys aren’t viable. Ping needed a privacy-preserving alternative, and biometric authentication emerged as the ideal solution.
“We wanted a solution for frontline workers, not just for white-collar employees,” Durand said. “How do we allow for authentication on shared terminals? It’s a bunch of users just walking up to a shift. It’s not a dedicated device.”
Up to 80% of enterprise employees are frontline workers who use shared terminals, are not permitted to carry mobile devices, or work in regulated environments where device-based apps are not allowed, Durand said. With Keyless, Ping can offer biometric-based account recovery for lost or stolen devices that is resistant to deepfakes and social engineering, enhancing both security and user experience.
“There’s a lot of scenarios where either device-based authentication is not allowed or can’t be used,” Durand said. “We need to strongly authenticate users in situations where the device is not present, and biometrics is one of the technologies. When you want to recover your account later, you can just do your biometric to get your account back and the techniques that we are using are deepfake aware.”
Traditional biometric solutions often involve storing a biometric template, which Durand said is a risky architectural choice since compromising a central database could lead to the theft of irreplaceable, sensitive data like face prints or fingerprints. Durand said Keyless’s innovation is in using a technique that allows biometric authentication to occur without ever storing the biometric data on a server.
“The technique is called zero-knowledge biometrics,” Durand said. “It’s a way for us to achieve the equivalent of server-side biometrics without ever storing your biometric template on the server. And if it’s never stored on the server, then it can’t be compromised.”
Bringing Rigorous Biometrics to Account Recovery
Durand said privacy preservation and deepfake resistance are essential components of any biometric solution since threat actors are increasingly targeting IT help desks and using deepfake tactics to socially engineer account access. Keyless offers deepfake detection mechanisms and enables organizations to confidently use biometrics not just for login but also for secure re-verification and account recovery.
“Deepfake protection is now the front line, and so having a partner that can recognize deepfakes in biometrics is super important,” Durand said. “If you could do biometrics and not be concerned that those biometrics could ever be compromised, that is what we are offering here. Creating self-service for the help center so the users can re-onboard themselves through self-service.”
Ping will first embed Keyless technology into scenarios in which device-less authentication is needed most and the company’s existing solutions have limited reach including shared desktops, factory terminals and call center interfaces. Once deployed in these high-need, high-impact use cases, Ping will integrate Keyless biometrics across its wider suite, including passwordless login and identity verification services.
“A complete identity solution is one in which you can authenticate everybody, whether or not they have a device,” Durand said. “Historically, they all logged in with a password. Now they can just look at the machine and it’ll recognize them… I can enable the same user experience without it with this new technology.”
Ping has been committed to passwordless authentication, with existing support for Face ID, passkeys and device-native biometrics, but all of these assume the user has a compatible, functioning device. Keyless extends the concept of passwordless access to all users regardless of device availability by leveraging server-side, privacy-preserving biometric authentication, making the solution more inclusive.
“This is a version of passwordless, and it’s the version that people are used to when they log into apps on their phone using their Face ID,” Durand said. “So everywhere that you don’t have a Face ID experience rather than a username and password, this really expands and almost democratizes that use case.”
