Passwords and credentials – identifying the authentication security gap

Passwords and credentials – identifying the authentication security gap

Passwords and credentials - identifying the authentication security gapDavid Peters, Technical Director, ANSecurity

A big hole in many security frameworks is the user and specifically authentication. Weak passwords and broken credentials are a very real threat and as organisations adopt more cloud services the risk of exposure grows.

Although most people are loathed to admit it, many surveys show that users still keep insecure, or easy to guess passwords which they use across multiple platforms. This has been further validated by leaked passwords from recent hacks of popular online platforms that indicate the same. Even with well enforced strong password policies, some enterprise users still gravitate towards easy to remember, and often easy to guess passwords that are the quickest path for a password that meets the requirements, for example “Password123.”

Password theft is also commonplace which means using the same password on multiple platforms becomes a major vulnerability. If a 3rd party social media or online community platform is compromised for example via a phishing, social engineering, malware or hacking attack, this seemingly unrelated to work event can ultimately compromise workplace credentials. The best way to mitigate these risks is to use multiple factors of authentication, a technology presently evolving at a very fast pace with the proliferation of SaaS and cloud platforms to which protection needs to be extended.

Authentication protocols such as SAML offer standards based methods of extending enterprise authentication services, including strong and multi-factor authentication to SaaS platforms. Reducing complexity for the user, ensuring standardised authentication strength for all corporate assets whether on-premises cloud or hybrid and easing administrative burden when revoking credentials. It is often overlooked but enterprises should be considering options such as federated authentication, protocols used and integration with existing or future multi-factor authentication solutions when evaluating, amongst others, SaaS, Cloud or Remote Access solutions.

Careful consideration about the type of additional factors of authentication used should be taken, the options are wide and varied, each with their own security, complexity and cost considerations. SSL Certificates, Physical tokens, Software tokens, Mobile devices, One Time Passwords (OTP) and the chosen delivery mechanism to name just a few.

Additionally care should be taken around the hardening of authentication platforms, after all locking the castle keep, but leaving the keys lying around won’t do! The choice between on-premises or cloud based authentication services also raises many important points and there is generally no ‘best’ option – it depends on the use case.

Remember you’re not alone. Talk to a dedicated security expert who can help clarify the role of integration and well architected solutions that reuse the existing systems and build in new capabilities to deal with today’s authentication challenges. The best advice is to consider solutions with sufficient flexibility and scalability to stand the test of time with the fast evolving hybrid IT and cloud.

The author: David Peters has worked in the IT industry for over 20 years. Initially working on large global email solutions David began specialising in security following the unprecedented growth of email borne viruses that emerged in ’99 and 2000. David has been Technical Director at ANSecurity since 2003 David has been closely working with a multitude of security vendors and clients in many industries to help provide the best security possible.

[su_button url=”https://www.securitynewsdesk.com/newspaper/” target=”blank” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more stories like this click here for the Security News Desk Newspaper[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Product Spotlight - HID

Product Spotlight – HID

Access control is evolving into a smart, responsive platform—integrating embedded apps, IoT, and cybersecurity to deliver…
ICT

ICT announces Stewart Meyer as Chief Marketing Officer

Integrated Control Technology (ICT®), a leading provider of intelligent access control, intrusion detection, building automation and…
ASSA ABLOY Opening Solutions

Digitalising access and optimising workflows

Digitalization is high on the agenda, or well under-way, in all kinds of commercial environments. As part of this process…
TDSi

TDSi Launches UK GARDiS Installer Training

Integrated Access Control and Security manufacturer TDSi announces that it is offering a free Training Kit to individuals taking part…
OneLink

Product Spotlight – Gallagher’s OneLink

Gallagher Security presents, OneLink – the product that is elevating remote security through the power of the cloud 
Stephen Tickle

Comelit-PAC Appoints Stephen Tickle as Regional Sales Manager

Comelit-PAC has appointed Stephen Tickle as its new Regional Sales Manager.  Stephen will focus on supporting PAC’s access control…
Doorbird Carousel

Product Spotlight – Door Communication for the “Neue Wallufer”

 A customised solution case study for a residential complex is presented by DoorBird and CompuNet Systems GmbH 
suprema

Suprema Achieves EN 60839 Certification

Suprema, a global provider of AI-powered access control and security solutions, has achieved EN 60839-11-1:2013 Grade 3 certification
Gallagher

Gallagher Security cultivates key partnerships in Riyadh

Organised in partnership with the New Zealand Embassy, Gallagher Security hosted an event in Riyadh to explore business…
ASSA ABLOY

Electric locks are a vital component in digital access

To protect the important openings in their buildings, organizations need locks they can trust. This means more than just strength…
Scroll to Top