Answers to Ben’s Questions (6/13/23)
I see the example use case is on a mobile device but it looks like it's running in a browser. Can we assume this would also work on desktop devices too?
Yes, this would work on desktop devices too.
You mention "Athena's instance of Anon.com", I assume there are some options for branding?
Definitely. We are open to different branding options, including white-label. We do think there could be value to Athena in partnering with a 3rd party brand to offer “premium security”. This would add real security and privacy value, while potentially enabling Athena to upsell clients.
I assume that the client has to authorise each time the EA wants to login? Is there an option for "always allow"?
The client will need to authorise the first time he/she grants access to a service. In most cases, we can keep client sessions alive for weeks to months (or more, for some services). When a session expires, the client can easily re-authorize on his/her own time and isn’t hurried within a 60-second 2FA window.
Additionally, in a call with Chris, he mentioned that EAs sometimes change the phone number on record to their phone, instead of a clients, for 2FA purposes. While this does offer persistence and minimizes client work, it could also create security concerns and limit a client’s ability to use the app themselves (checking in at the airport in the United App).
Does this only work for certain websites / applications or will this work for any username / password login?
We can work with Athena to determine the most used websites / applications and commit to a list of sites that will be included in the pilot.
How does account management work? One of the big challenges we always have is ensuring we're able to provision / deprovision accounts since the volume of new / leaving users is high, so a manual process is laborious.
From Athena’s perspective, you can either transfer ‘access’ of client’s authorised websites from one EA to another, or ‘remove’ access when an EA or client departs, without the client needing to worry about changing passwords, etc.
We can also build automation into this process to integrate with whichever identity management service Athena uses today, but will need to understand more about your process to make any specific recommendations.
What's your business model / how is this priced?
Our future pricing model will likely mimic 1Password where we charge a fee per user/month; however, as a design partner, we can work with Athena to define other structures or grant preferential pricing for being an early adopter.
What problems can Anon.com solve for Athena?
📈 We can improve Athena’s sales funnel with compliance and security.
- To paraphrase Chris, Anon.com could help put, ”people’s hearts and minds at ease.”
- Many clients don’t care about security. But others do, and many are likely dropping out of the sales funnel before they ever get to try the product. Additionally, executives in industries that require HIPAA, SOC 2, or PCI compliance are difficult to address today and represent future revenue opportunities for Athena.
- In addition to providing practical security, Anon.com can also help Athena embed security into its core brand — “Athena keeps client data secure with the leading trustless access sharing platform, Anon.com”
🤝 We can reduce client churn at onboarding and during transitions.
- Critical moments of client interaction like (A) New client onboarding or (B) Transitioning a client to a new EA may introduce heightened friction and create frustration for clients. Anon.com can help Athena build a more frictionless and secure onboarding flow and create continuity of credential sharing such that switching EAs is as frictionless as possible.
🤖 We can accelerate Athena’s adoption of AI technology.
- Athena is already investing heavily in AI with a focus on AI training during the 6-week training course for onboarding new EAs.
- In the future, Athena will likely want to use AI for “actions” instead of only writing and editing, which introduces new security and identity challenges that will need to be solved by technology investment. Making that technology investment earlier enables Athena to transfer more seamlessly in the future.
How could the solution work?
Why using 1Password is not enough
There are two reasons why Anon’s solution is superior to using 1Password for credential sharing with Athena clients.
- Anon is more secure than 1Password.
- 1Password offers more security than texting or emailing a plaintext password; however, passwords are fully visible to the recipient and access cannot be “revoked” (i.e. to fully restrict access, a client would need to change his/her password and login again on all devices).
- The first time an EA accesses a client’s account, there is likely a 2FA back-and-forth that requires the client to respond to the EA with a 2FA code sent via text or email, often in less than 60 seconds.
- Anon enables Athena clients to complete 2FA on their own device, in their own time, then grants Athena’s EA with access to the account without exchanging passwords or switching the 2FA number on file.
Why work with Anon.com?
Reasons we can be a good partner for Athena
We are early-stage, which has upside and downside.
- Working with an early-stage company has downsides. Developing new software can take time and the earliest versions can have small bugs that need to be fixed.
- There is also huge upside, though. Anon.com has an experienced team willing to work for way below market comp to build bespoke software (within reason) to the needs of Athena.
- We will be hyper-responsive to your feedback and enable you to pursue a strategic initiative for a fraction of the internal distraction or external cost of a normal technology project.
We have the resources and expertise to build the right solution.
- The Anon.com team has 20+ months of runway (with more on the way) and a veteran team that has built cutting-edge software in the most compliant markets in the world (fintech, healthcare), for huge institutions like TransUnion, Medicaid, American Express, GM Financial and more.
Proposed next steps
2 Follow-up scoping conversations.
- Before we propose anything specific, we want to understand more about your process today and your business needs. We propose two follow-up meetings:
- A business discussion to learn more about your objectives (expanding sales into new markets, reducing client churn, etc.) so we can make sure we’re aligned on goals.
- A technical discussion to learn more about your security practices and the technologies you use today for client onboarding and credential sharing.
After that, we would love to discuss a pilot program.
- Based on the scoping conversations, we will come back with a more detailed proposal.