Passwords as a Security Factor – MFA As Optimal Protection

Passwords are considered a fundamental security risk for companies – The top 5 reasons why you should say goodbye to your old password solution today.

Sep 9, 2021 - 3 min.
Picture of: Branka Miljanovic
Branka Miljanovic

Many companies consider passwords to be one of the most fundamental security risks, as a study conducted for the Nevis Security Barometer 2021 showed: while around half of the respondents use a different password for each user account, a full 44 per cent use the same password more than once. Added to this is the fact that a fifth of users has shared a password with friends and family. This kind of carelessness in dealing with IT security is alarming, especially against the background of increasing home office use during the coronavirus pandemic. What is needed is a heightened awareness of the grave damage this can cause. Security expert Nevis lists five reasons why it's time to say goodbye to your old password solution today. The future of IT security is multi-factor authentication or MFA for short.

In these times of home working during the coronavirus pandemic, the relevance of passwords is more topical than ever, and it is hard to imagine information security without them. Their purpose is clear: passwords should protect sensitive internal company data from unauthorised access and a user's digital identity. If a hacker gets hold of a password during authorisation, the data is freely accessible. This is precisely why login processes are increasingly becoming the focus of criminal activities. The following five reasons show why it is worth rethinking password security and how you can securely protect your data from hacker attacks in the future. 

"Sharing is caring" ends with your choice of password. 

Solidarity and communality are essential factors in the social context, but IT security is an exception. Sharing a password with a partner and a friend may be familiar, but that does not make it a good idea. This starts with the fact that the data is usually not passed on via secure channels. Rather, the information is shared in emails or text messages. In addition, the security of the password is drastically reduced as the number of people involved increases. As soon as two people know the password, the danger increases that the password will fall into the hands of hackers through malware or phishing. 

123456: my (un)safe password

Once again this year, the Hasso Plattner Institute has compiled a ranking of the passwords most frequently used by Germans. They evaluated 3.1 million logins from the HPI Identity Leak Checker database, which were registered to email addresses with .de domains and leaked in 2020. These results should really make you think and question your own approach to choosing a password: first place is occupied by "123456", followed by "123456789" and finally "password" in third place. However, popular German first names like Michael or Daniel also dominate the top spots. These weak and insecure numerical series lead the ranking and reinforce the impression of how low the Germans' awareness of password security is, both among consumers and in companies. 

Password recycling: too simple and too frequently used. 

Recycling is a term that we intuitively associate with climate protection. IT security has long since followed suit, but not in a positive sense. Specifically, password recycling is the reuse of a password across multiple accounts with sometimes only slight changes such as swapping upper and lower case letters. The problem is that a stolen password can act as a "master key" to several services. Whether and where it is possible to log in with the stolen or purchased login data is tested by the criminals in a process known as credential stuffing with the help of a rotating proxy that targets hundreds of thousands of logins across multiple services. In this way, a large-scale attack can crack up to tens of thousands of accounts in just a few minutes. 

Cursory password updates

Updating regularly is a popular tip when it comes to maximising password security. The new password should ideally be at least ten characters long, with numbers, special characters and upper and lower case letters, but without any pure sequences of numbers. But password changes are rarely accompanied by the creation of a completely new keyword. Instead, many users prefer to change only a single number or letter so that the core of the old password remains intact. This in no way increases the security of the user's digital identity; at most, it dulls their own sense of guilt until the system triggers the next reminder.

Identity theft: when control is lacking

Once passwords fall into the wrong hands, the serious consequences are as diverse as the password itself should be. They often start with identity theft, which involves a password change by the hacker and a complete loss of control on the user's part. The result is chaos. In the private context, it can mean dubious Facebook postings, changed passwords on online services such as Amazon and even the storage of private photos. But the consequences of hacked passwords and malware are not to be sneezed at for companies because the loss of control is immense: once attackers are in the system, new possibilities open up. In addition to accessing the sensitive corporate network, changing online banking processes is possible. Accounts have to be blocked, and work processes come to a standstill. 

The solution: maximum security and convenience thanks to MFA

To optimise password security and, simultaneously, the user-friendliness of the login processes, multi-factor authentication, or MFA for short, can be used. This security mechanism combines several validation procedures to identify the user beyond doubt during authentication. At the same time, the insecure password is dispensed with. Four methods can be deployed based on the factors of possession, knowledge, location and biometric features such as Face ID or fingerprints. MFA uses them to ensure that the person who wants to access the resource is actually the person he or she claims to be. The higher the number of factors used, the greater the security. At the same time, user-friendliness is high because the biometric procedures cost neither time nor effort and are always available. For added security, both in private life and in the professional environment.


Decisive Factor for More Security: Multi-Factor Authentication