The last thing you want on your web app is to hear that sleazy people are crawling all over it, hacking your users either through brute force or using a stolen password to steal sensitive information. Despite the clamor from the technical crowd that developers should implement two-factor authentication everywhere your average user isn’t going to take the time, which means you should be more proactive with your login security. Enter Malmö-based Castle.io which offers an intelligent drop-in security tool, now available in Beta.
According to co-founder Johan Brissmyr the idea came from their last startup, which was a risk engine and a fraud engine. When looking for tools to fight fraud the team couldn’t find any simple or inexpensive solutions – you had to contact support person for a big quote and these companies would send over a support engineer to your site. Their idea with Castle.io was to make bank-level security easy for any developer to drop in, just like you would with Twillo or Stripe.
Their API works with both your home-grown login configuration or with outside tools like OAuth. “You just add it on top,” says Brissmyr. “You just call us and ask ‘is this user the real one?'”
With that information you can use Castle.io to flag users or block logins using any sort of logic on top of it.
The has now launched in Beta and will stay there until probably this summer. To fuel their growth, the team has raised about $300,000 from Sparklabs Global Ventures, Hampus Jakobsson (founder of TAT), Henrik Torstensson (CEO at Lifesum, former Spotify executive), Fredrik Nylander (CTO of Oscar), Tim Jackson (founded QXL) Erik Byrenius (founded OnlinePizza, sold to DeliveryHero), Anders Frankel (founded Apsis), and Johan Lorenzen (CEO at Holvi).
As far as developer tools coming out of the region, this seems like a good one. You can find tools like this specifically designed for ecommerce money flows, but apparently nothing good really exists for general logins like what Castle.io is building. With high-profile hacks dominating the news it’s valuable to keep your users locked down.