Inside HYPR: Building the future of passwordless security

In this International Security Journal exclusive, Assistant Editor, Eve Goode, speaks with Bojan Simic, Co-Founder and CEO of HYPR, an identity security and passwordless solution provider.

Can you tell me about your role as CEO and some of the achievements and challenges you’ve faced during your time at HYPR?

There are many different types of CEOs and I’d say I fall into the category of a more product-oriented CEO.

A significant portion of the product deliverables and vision originates directly from me. I’m also one of the Co-Founders of HYPR.

While I focus on the product side of the company, other team members manage aspects that aren’t my strengths, for example, financial operations.

As CEO, my role is to hire the best talent. I look for people who, when I sit across from them during an interview, I think, “Wow, this person is so much smarter than I am.”

That’s the kind of individual I look to bring into the team. Once they are hired, my job is to set the direction and remove any obstacles in their way to help them succeed.

HYPR has been in business for approximately 10 years now and during that time, we’ve achieved some remarkable accomplishments.

We currently have three of the top four banks in the United States as our customers and we’ve become the standard for passwordless authentication and identity assurance.

We’ve seen particular success within the financial sector, building a strong business supported by an exceptional team of employees and investors.

Of course, it hasn’t always been easy. I tell all new hires that if every decision you make feels easy, then we’re probably not making the right ones.

Even after a decade, we continue to put ourselves in uncomfortable situations that force us to make hard choices, because that’s where real growth happens.

I spend a significant part of my day thinking about how I can create these scenarios to ensure we’re constantly challenging and improving ourselves.

What sets HYPR apart from other passwordless or identity security providers?

From a technical perspective, what truly differentiates HYPR is that we don’t compromise on the security side of our technology.

When we talk about passwordless authentication, we mean true passwordless and in fact, we coined that term.

With HYPR, once it’s enabled for your users, there is no fallback to a password.

There’s no hidden password being copied, pasted, or stored anywhere in the background.

Many of our competitors don’t follow this principle, but we’ve chosen the more challenging, more secure route because it’s the right one.

We’ve even lost potential customers who wanted unsecure fallback options but supporting that would go against our core principles.

One of the biggest challenges of running a company is staying true to the values you set in the early days.

As a company grows and things become more complex, people often look for ways to bend the rules.

It’s critical to regularly step back and evaluate if you’re still on the path you set out on.

Beyond that, we’re very focused. We don’t aim to be everything to everyone in the identity security space.

Instead, we aim to deliver a core set of capabilities exceptionally well, so well that customers start seeing value in days or weeks, not months or years.

How does your product align with the growing threat landscape, especially with the rise in identity-based attacks and AI-driven phishing?

When it comes to identity threats, particularly with the rise of generative AI, hackers are the first individuals to capitalise on this technology.

We’ve seen an increase in phishing and social engineering attacks across our customer base and the industry as a whole.

As a result, HYPR has become more critical than ever for our clients. We deliver capabilities in a deterministic manner.

AI is remarkably adept at gathering personal information and using it to gain access to accounts.

However, with the use of HYPR, once passwordless authentication is in place, no credentials can be shared, whether intentionally or not.

This approach eliminates an entire category of phishing and social engineering attacks. For example, no one can trick your grandmother into giving away her password because she doesn’t have one to give.

By removing the human vulnerability from authentication, we allow security teams to redirect their efforts to more strategic areas.

Currently, many identity and security teams spend over 50% of their time putting out fires caused by password-related issues.

HYPR is integrated with major platforms like Microsoft, Okta and CrowdStrike. How do these partnerships enhance your product and customer experience?

Most of our enterprise customers manage multiple identity sources, often from providers like Microsoft and Okta.

At the same time, many of them struggle with inconsistent and frustrating authentication experiences for their employees, sometimes needing three, four or even five different login methods for various      services.

HYPR has always set out to unify the authentication experience. Integrating with Microsoft, Okta and other major identity providers is critical to that goal.

It allows us to offer a seamless, secure and most importantly, consistent user experience.

Inconsistency is a central pain point. Through our integrations, we eliminate that for companies like CrowdStrike and other cybersecurity platforms such as Zscaler and Palo Alto Networks, to name a few.

Security teams have invested millions in these tools over the past 20 years, but many of them only activate once an intruder is already inside the system.

We work with these partners to utilise the data, signals and insights they provide earlier in the identity process, which helps prevent attackers from gaining access.

Can you describe a time when HYPR significantly reduced risk or improved authentication efficiency for a client?

One notable example is a large US health insurance company that reduced account takeover fraud by more than 98% after deploying HYPR.

That’s an entire category of fraud virtually eliminated by using just one product.

We regularly hear from customers who say things like: “One of my employees just got a phishing text or call and if we weren’t using HYPR, they probably would have shared a credential.”

The absence of a password completely removes that threat.

On the efficiency side, we work with large multinational companies where issuing or resetting credentials can take weeks.

One large multinational company has technicians stationed worldwide.

Previously, to issue a password, the company’s workers needed access to a company network, often requiring travel to an office, which could mean flying to another city or country just to reset a password.

With HYPR, they’ve reduced onboarding and credential reset times from weeks to minutes, enabling greater business velocity and much happier employees. That’s led to major success.

Looking ahead, what are the key milestones or innovations HYPR is targeting in the near future?

One of our primary focuses is addressing the growing threat of worker impersonation.

We’ve seen cases where the FBI informed companies that North Korean operatives were working at US companies and sending their pay checks back to fund hostile activity.

This issue is growing at a massive scale.

Some estimates suggest there could be up to half a million fake workers in Fortune 500 companies, not all from North Korea but from various regions, exploiting remote work to earn US salaries.

From a compliance and security standpoint, this is a huge problem.

In response, we’re delivering identity verification capabilities that go far beyond scanning a government-issued document. HYPR’s multi-layered approach begins as early as the interview process, integrating phishing-resistant authentication and behavioural signals, and continues throughout employment with continuous verification and risk-based controls.

This ensures that identity integrity is preserved at every step of the workforce journey, protecting the enterprise from evolving threats.

This also ensures that the person a company hires is the same person who continues to do the job.