Heath Spencer, TraitWare: "some cyber threats are rampant, and the primary cause is a compromised password"
With the world riding the crest of digitization, it’s becoming almost impossible to manually protect all personal and work accounts with strong passwords. It only takes a single compromised password to hack into multiple accounts and even corporate networks.
Using a password manager to secure login details is the least one can do to avoid breaches. These tools are helpful in ensuring hard-to-crack passwords. But IT professionals are recognizing that Multi-Factor Authentication (MFA) is also a must-have today – especially Passwordless MFA. Yet, many are still fighting user pushback due to typically high-friction deployments.
So we’ve talked with Heath Spencer, CEO at TraitWare, about passwordless MFA solutions, why some businesses are still reluctant to implement them, and what the future may hold.
How did the idea of TraitWare come about? What has your journey been like?
TraitWare was born out of a personal desire to solve password-related frustration and risk. Our team, with backgrounds in technology, security, and entrepreneurship, has been on an exciting journey. As we continue to innovate and meet industry challenges head-on, we are thrilled to see increased adoption of our solution across a variety of sectors. With four patents issued and eight more pending, we know that what we have created is important for businesses everywhere. Like a lot of innovation, timing is everything, and we know the time for the Passwordless Multi-Factor Authentication (MFA) is right now.
Can you tell us a little bit about what you do? What challenges do you help navigate?
TraitWare is a simple, secure, and passwordless login solution. You can use it from anywhere you work, log in to any screen, and in just three touches. TraitWare has made having a passwordless MFA login as easy as opening your mobile phone. We address the #1 cyber risk people and businesses face today. Ransomware and data breaches are rampant, and the primary cause is a compromised password.
How do you manage to ensure secure authentication without compromising the user experience?
Unlike traditional methods, which typically layer additional security on top of legacy systems, we have developed a login that vastly simplifies and improves user experience by making the identifying factors invisible to the person. We can deliver 4+ factors authentication while the user only has to look at the phone and point it toward a screen. The user never has to create, remember, or enter a password, nor retrieve a code, USB key, or account information. TraitWare accomplishes this automatically and securely.
Have you noticed any new cyberthreats emerge as a result of the recent global events?
Yes, cyber threats are now affecting almost everyone. What we publicly know as ransomware could more accurately be described as extortionware. This means that the bad actors can extort you to pay the ransom regardless of your ability to recover your computer or data. They are now also targeting critical infrastructure to disrupt our economies and all aspects of our everyday life. The Colonial Pipeline incident is a recent and public example of this. Beyond this, bad actors are increasingly targeting service providers and the supply chain of a service provider to get to end customers.
Despite the significant security benefits of using this practice, certain companies still hesitate to implement Zero Trust solutions. Why do you think that is the case?
I think most companies are afraid that Zero Trust solutions are too difficult and too expensive to achieve. Also, a lot of companies are simply understaffed in this area because it is not the core competency of the business. They are focused on the core product or service they produce, and cybersecurity is an afterthought.
What many don’t yet understand is that employing the right kind of Zero Trust solution will improve business on all fronts – saving time, money, and, perhaps most importantly, headaches.
I believe that not understanding these things and not acting accordingly right now will leave companies of all sizes dangerously vulnerable.
What are the main issues associated with password-based authentication?
Human behavior that leads to error is the single biggest issue with passwords. Few people can remember multiple complex passwords, so most end up using the same one for multiple accounts and devices. All these realities make passwords easy for bad actors to obtain, and it only takes one to break into a business. and potentially cause irrevocable damage.
In your opinion, what are the worst cybersecurity habits that can not only lead to an individual’s data being compromised but also put their organization in danger?
I believe it's not implementing strong access controls. This is usually because people assume they are not at risk or that their information/data is not valuable. This leads to using weak passwords, no 2FA (much less MFA), as well as storing passwords in the browser.
I would say that these are the worst habits in order of severity:
- No MFA implementation.
- Using weak passwords.
- Storing passwords directly in the browser.
Which security measures do you think should be a must for companies with a predominantly remote workforce?
I would recommend the following security measures:
- Implementing MFA on all applications for all users.
- Deploying SSO with automation for finer grain access control and reduced attack surface.
- Deploying MFA to the workstation.
Tell us, what’s next for TraitWare?
TraitWare is currently in the growth stage of bringing our Real Passwordless MFA/SSO to market. We are expanding the types of customers we already have and, most recently, we are delivering our solution to a Federal Credit Union. With partnerships continually growing with companies like IBM, Citrix, Keeper Security, GitLab, Ampliphae, and others, we are bringing joint solutions to the market to provide the best Zero-Knowledge, Zero Trust solutions available today. What's next, in particular, is expanding the newest features of Active SSO™ and our Windows OS Passwordless MFA login.