Repetitive passwords as a risk factor

Awareness training for employees on password security is enough — isn't it?

Heise online presents in a recent article presents the results of a survey of > 3500 employees by password-safe provider Last Pass, which brings alarming results: Almost 2/3 of the respondents have very weak password security because they use their passwords multiple times across different applications. Brute force attacks on weak passwords are one of the most common threats, meaning that such handling effectively provides an open door for successful cyber attacks on them.

So how does this seemingly frivolous handling come about? One reason is certainly that more and more applications and processes are being digitally mapped in everyday working life, resulting in a high number of logins required. If, in the best case, multi-factor authentication is also required per application, the effort is enormous. So it's no wonder that employees tend to use the same or similar passwords and not set up multi-factor authentication.

Successfully ward off cyber attacks on login processes

A step towards secure passwords can therefore be taken first by a password manager in order to avoid passwords being used multiple times. Nonetheless, the typical security vulnerabilities of classic login processes remain unresolved:

• Manual login management by employees is vulnerable to phishing & social engineering tactics
• Lack of transparency and control of password strength and access rights for the various applications
• Manual rights management when employees enter and leave is susceptible to errors

To protect these vulnerabilities, a strong identity and access management strategy should be a fundamental part of every cybersecurity strategy. The core factors of a strong IAM strategy include creating transparency of all processes, managing all digital identities and their access regulations via a central location, and integrating secure multi-factor authentication. In order to avoid independent operation and the associated enormous effort, ready-made solutions can be used. With Bare.ID, we started right here and developed a secure cloud IAM solution on the German market.

Why Bare.ID?

• Prevent social engineering & phishing in a targeted manner: Bare.ID offers a central, cross-application single sign-on and user-friendly multi-factor authentication procedures including “passwordless login”
• Significantly less effort combined with greater flexibility and security: Quick, easy integration of SaaS, simple setup and central administration via a user-friendly admin interface
• Perfectly prepared for reporting & audits: role-based access control, audit logs and event alerts create transparency
• Guaranteed data security and digital sovereignty: hosting, development and support exclusively in and from Germany

Need advice?

Want to know more about Bare.ID? Our team of experts has experience at your side and will be happy to advise you on how our solution can fit into your IT environment. Simply arrange a non-binding consultation via our contact form and our team will get back to you as soon as possible.

‍