Duo adds next-gen 'human' MFA identity access management offering to lineup
Duo is hoping to help resellers break ‘the circle of compromise’ after signing an exclusive distribution deal for NoPassword across Australia and New Zealand.
NoPassword, from Silicon Valley start-up WiActs, is an multi-factor authentication identity access management offering which removes passwords from the equation, instead using biometrics and other ‘frictionless hidden features’.
WiActs dubs NoPassword ‘a human multi-factor authentication solution’. The use of geo-fencing is a key differentiator for the product, with users able to set access policies down to a specific building.
Kendra Ross, Duo director and co-founder, says NoPasswords, which can be put into an MSSP offering, provides resellers with the chance to add a next-generation multi-factor and identity access solution to their solution set, with a low cost of entry and solid margins.
“It fills a gap in the market, the revenue streams look good and it sits comfortably alongside other security offerings and also mobile device management offerings and a number of other technology stacks they might have,” Ross says.
“They’re complementary to them and offer another bolt on to their solution which is very simple and easy to get up and running so there’s a low cost of entry for them into the market.”
She says ‘very good’ margins are available for NoPassword.
“It is a consumption based solution so it is an opportunity to build out an annuity model off the base of this.”
Ross says the offering creates public private key encryption and uses hidden information and device information a ‘secret’ password, or exchange, between the public and private key.
Users can chose which human aspects, such as facial recognition and biometrics, are used.
A 2015 Verizon Cyber Security Report showed 85% of data breaches are caused by stolen credentials.
“What we’ve seen is that the number of breaches happening has resulted because everybody is being told to use more complex passwords.
“But because they’re using more complex passwords, it becomes harder to remember them and the default standard these days seems to be one or two passwords across multiple applications.”
She cites the example of the Dropbox breach, a Dropbox employee’s reuse of the same password lead to more than 60 million passwords and user names being breached.
The employee’s LinkedIn account was breached and the password reused to access Dropbox’s corporate network – and the user credentials.
“It’s a cascading effect across all of these breaches,” Ross says. “The stock standard response from an enterprise will be make your password more complex, but that is just basically creating a circle of compromise.
“We need to approach this in a different way.”
While password managers were created to help the issue, they too require a master password.
“We’re trying to do away with that as a form of authentication.
“What we’re trying to do is make it simple for the user and less complex,” Ross says.
“By directly addresssing the reasons behind cyber-attacks, NoPassword significantly improves cyber-security through eliminating the risk of stolen credentials, phishing and social engineering,” WiActs says.
Ross says the offering is ‘a huge opportunity’.
“I don’t think this has been done easily, well or at a level that is affordable for most people. There are some very complex – and very good – identity management solutions out there, but they are extremely expensive and quite cumbersome.
“This makes it quite simple and the simpler it is the more users will sign on for it.”
The product is expected to appeal to the SMB market initially, with enterprises already well served. However, Ross says over time, she expects NoPassword to gain a foothold in enterprises as well.