Goal: To increase security of ConnectWise Control accounts used in integration scenarios, such as in the screenshot below where an administration account is used in a Automate/LabTech integration.
Possible Fixes: Enable MFA or OTP capabilities with integrations
Disable public login capabilities of specific accounts - for instance, our integration account has full access, however it has no multi-factor authentication like our actual user accounts do. This means that we have a high-level access account floating around that can be brute forced. If this account could be setup in a way in which it only communicates to a certain website or is not usable publicly, MFA/OTP would not be necessary.
Customer support service by UserEcho