Shauli Zacks
Published on: April 23, 2025
SafetyDetectives recently had the opportunity to speak with Thierry St-Jacques-Gagnon, Founder and CTO of Kelvin Zero. In this insightful Q&A, Thierry shares the story behind the company’s founding, the real-world problems they’re solving in authentication and identity, and how Kelvin Zero is pioneering passwordless, zero-trust solutions that put users in control. From the rise of biometrics to the future of secure access, Thierry offers a compelling look at where cybersecurity is headed next.
As Co-Founder and CTO of Kelvin Zero, can you share the story behind the company’s creation?
The idea for the company started around 2017, and we officially created it in 2018. At the time, there was a huge surge in cryptocurrency prices—Bitcoin and other altcoins were getting a lot of attention. The idea was to create a cold storage wallet for cryptocurrencies that would allow organizations to follow traditional financial rules in a decentralized fashion.
Initially, the project had a few components. One was more of a back-end solution that could be deployed in various environments for people to manage their keys and assets through a cold storage wallet. Eventually, it struck us that the core issue we were addressing went beyond that—it was really about authentication and identification.
We live in a world where we need to know who we’re dealing with and verify that the person is who they claim to be. That’s how we transitioned into the broader authentication and identification space, which has a wider range of use cases than just cryptocurrency.
What challenges in cybersecurity inspired you to develop Kelvin Zero’s innovative solutions, and how do these solutions address those challenges?
Our solutions are really focused on authentication—that’s at the core of the cybersecurity problem. One major challenge is bridging the gap between digital identity and real-world identity. Is the person or entity we’re seeing online actually the one accessing a resource? That covers both authentication and authorization, but the core issue is with authentication, which often leads to unauthorized access.
Traditionally, we’ve used passwords. The problem is that a username is meant to be public, and a password, while secret, can easily be intercepted—whether through phishing, social engineering, or malware like keyloggers. Today, we have very little confidence that passwords provide a strong guarantee of identity like they might have in the past.
There are some powerful statistics here. For over three years now, more than 80% of global data breaches have been caused by compromised credentials and phishing. That’s huge. It’s the most common attack vector in data breaches today. And the average cost of a breach in 2024 is around $4.8 million. Multiply that by the number of incidents, and you’re looking at a massive market that desperately needs better protection.
Passwordless authentication is becoming a popular trend in cybersecurity. How does Kelvin Zero differentiate itself in this rapidly evolving space?
From the start, we built our solution with several components. The first is a biometric smart card that we developed with Thales. It’s a FIDO2 authenticator device—hardware-based and air-gapped, so it’s not connected to any network. But it’s portable and works across multiple devices.
This brings us into the passwordless space. No password is required to log in, making it much safer. It’s a non-phishable, all-in-one MFA solution. Just having the card is one factor, but you also need your biometric to use it. You can still add a knowledge factor like a PIN or password. In fact, FIDO2 standards require a PIN to be set on these devices.
Then there’s the backend—a full-fledged identity and access management system. We support everything from SSO to disconnected apps unified through our platform. Ideally, we want organizations to reach a point where passwords aren’t needed at all—or at least they don’t have to be managed or remembered.
As far as we know, Kelvin Zero is the only company today offering both the backend solution, the authenticator device, and a third option: a mobile authenticator app that can replace the card.
One thing that makes us unique is our use of the card form factor. People sometimes say, “But I don’t have a card reader.” NFC chips are becoming more common on devices—laptops, monitors, even phones. So it’s getting easier to use.
Even if you don’t have an NFC reader, you can use any mobile device. And when I say any, I mean even someone else’s phone. For example, if we’re together and my phone is dead, I can still authenticate using your phone—just for that session. You receive a pairing request, and my card does the authentication. It’s all zero trust. The signed challenge is non-replayable, and there’s nothing that can really be stolen.
For organizations considering a transition to passwordless authentication, what are the most significant benefits and potential challenges they should anticipate?
That’s a great question. Cybersecurity has always been seen as a cost item for executives and board members—something necessary, but not something that offers benefits beyond peace of mind. Passwordless authentication changes that.
It improves user experience for both employees and customers. Nobody likes passwords. I always start my pitches by asking, “Who here has passwords?” Everyone raises their hands. Then I ask, “Who loves them?”—and all the hands go down.
That’s the shift. Cybersecurity becomes convenient. We break the old paradigm that security and convenience are at odds. Now, they can go hand in hand—offering better user experience and better security.
Of course, there are challenges. One is adoption. When we say “passwordless,” we don’t mean just removing passwords—we mean replacing them with something else. That could be a biometric like facial recognition or a fingerprint. Some biometrics are stronger, like iris or fingerprint, while others like facial recognition or behavioral biometrics are considered weaker.
With Kelvin Zero, we make it user-centric. The user is in control of their biometric—it’s not shared, not extractable. Even in workforce deployments, the employer never has access to employees’ biometric data. Employees control their own biometrics, which unlock their private enclave where cryptographic keys are stored to sign challenges.
For broader adoption, a bit of social change readiness is needed. But once people understand that it’s safer than passwords—and that the card isn’t connected to any network, is self-enrolled, and under their control—adoption tends to go smoothly. People feel empowered by it.
Looking ahead, how do you see the role of biometrics and cryptography evolving in the next generation of secure authentication systems?
I think biometrics will become even more prevalent—especially for human-based identities and authentication.
Obviously, for machines or non-human actors, biometrics aren’t applicable. In those cases, we’ll need behavioral or adaptive authentication methods. That’s actually a feature we offer through our backend SaaS authentication and identity access management platform.
This is becoming especially important in the development lifecycle—DevOps or DevSecOps—where managing identity and access is critical for ensuring the integrity of who is doing what. It’s a way to prevent supply chain attacks, which have been a big concern in recent years.
In the future, I see authentication becoming continuous. Not just something that happens once when you log in, but something ongoing—authenticating the user across different factors as they move through systems. That continuous trust will strengthen everything else.
I also think it paves the way for more decentralized identity systems. Not necessarily fully self-sovereign, but something where authentication can be anchored to a device using biometrics, without needing to rely on centralized databases.
Ideally, we’ll move away from systems that use biometrics as the authentication proof itself—like comparing facial scans—toward systems where biometrics unlock a device that proves identity cryptographically. That’s real zero trust: trusting the technology without needing to trust every component of the system.
