Multi-use passwords as a risk factor

Awareness training for employees on password security is enough - or not?

Heise online presents in a recent article the results of a survey of > 3500 employees conducted by the password safe provider Last Pass. The results are alarming: Almost 2/3 of the respondents have a very weak password security, because they use their passwords multiple times across different applications. Brute-force attacks on weak passwords are one of the most common threats, so this kind of handling is virtually an open door for successful cyber attacks on them.

So how does this seemingly careless handling come about? One reason is certainly that more and more applications and processes are being mapped digitally in everyday business life, resulting in a high number of required logins. If, in the best case, multi-factor authentication is also required for each application, the effort involved is enormous. No wonder, then, that employees tend to use the same or similar passwords and do not set up multi-factor authentication.

Successfully fend off cyberattacks on login processes.

A step towards secure passwords can thus initially be taken over by a password manager to avoid passwords that are used more than once. Nevertheless, the typical weak points in the security of classic login processes still remain open:

• Manual login management by employees is vulnerable to phishing & social engineering tactics.
• Lack of transparency and control of password strength and access permissions for various applications
• Manual rights management for employee entry and exit is prone to errors

To safeguard against these vulnerabilities, a strong identity and access management strategy should be a fundamental part of any cybersecurity strategy. Core factors of a strong IAM strategy are the creation of transparency of all processes, the management of all digital identities as well as their access regulations via a central location, and the integration of secure multi-factor authentication. To avoid standalone operation and the enormously high effort associated with it, ready-made solutions can be called in. With Bare.ID, this is exactly where a secure cloud IAM solution was developed on the German market.

Why Bare.ID?

• Fend off social engineering & phishing in a targeted manner: Bare.ID offers a central, cross-application single sign-on as well as user-friendly multi-factor authentication procedures incl. "Passwordless Login".
• Significantly reduced effort with increased flexibility and security: Fast, uncomplicated integration of SaaS, simple setup and central management via a user-friendly admin interface
• Best prepared for reporting & audits: Role-based access control, audit logs and event alerts create transparency
• Guaranteed data security and digital sovereignty: Hosting, development and support exclusively in and from Germany

Need advice?

Want to learn more about Bare.ID? Our team of experts is on hand with experience and will be happy to advise you on how our solution can fit into your IT environment. Simply arrange a no-obligation consultation appointment via our contact form and our team will get back to you as soon as possible.