Weak, poorly maintained, or shared passwords are responsible for many of the 50 million password attacks every day, and about 60% of data breaches are the direct result of compromised credentials, according to the 2022 Verizon Data Breach Report. That’s a big reason why so many companies are moving away from password-based access, toward passwordless security. So far, about half of organizations have deployed or plan to deploy passwordless security, a recent survey from Bitwarden finds. ChannelPro talked to Zane Conkle, co-founder and CEO of Cytracom, and John Tippett, the company’s COO, about the ControlOne platform’s new passwordless feature announced recently and why encouraging customers to go passwordless makes so much sense.
ChannelPro: Why is passwordless security becoming so popular?
Conkle: First, it improves the user experience because it reduces the friction associated with remembering and entering passwords. Users can more quickly connect or disconnect and access applications and services they need to do their job. Secondly, it enhances security by eliminating password reuse and sharing, along with the issues around social engineering and phishing. For MSPs, it reduces operational costs and the time spent managing clients’ networks, especially support costs around managing passwords. It also enables MSPs to put all customers under the same security policies.
ChannelPro: The newest version of your ControlOne network connectivity and security platform includes passwordless features for the first time. Why did you feel it was important to take this step?
Tippett: Our goal with ControlOne has always been to give MSPs ultimate flexibility in controlling the network, and this takes that mission to a new level. It essentially shifts authentication from person-based to identity- and device-based authentication. That way we know that this device is associated with this user, and we have ways of knowing whether that user is actually logged into the machine. Software can be pushed out without communicating with end users, who don’t have to worry about it. [MSPs] are essentially behind the security controls, which are associated with the logged-in user, all the time. It’s even smart enough to know that if the correct user of a device logs in, the device will react a certain way, whereas if a different person logs in, it would behave differently, based on policy.
ChannelPro: How can MSPs get the most value out of the passwordless approach?
Conkle: Our platform, for example, allows MSPs to standardize and deploy it to all customers. They can also upsell other capabilities for businesses that need them, like device and compliance posture checking. And then there is reduced cost, because password-related resets, recovery, and training consume a lot of resources.
ChannelPro: What is the future of passwordless security, in your opinion?
Conkle: We’re going to see more integration with biometrics including fingerprint scanning, facial recognition, and iris scanning, as well as factors like physical security keys. The future of passwordless is likely to involve more complex methods of verifying a user’s identity, with multiple factors of authentication (other than passwords) being used together. We’ll also see adaptive authentication, which essentially adjusts the security level based on the risk of a particular transaction or resource a user is trying to access.
KAREN D. SCHWARTZ has written hundreds of feature articles, hard news pieces, white papers, case studies, and book chapters on a variety of technology and business topics. She resides in Potomac, Md., and can be reached at karen@karendschwartz.com.