_Challenge

Weak password usage in a fragmented application landscape

When Peter joined housing association Samenwerking in 2022, the urgency of good information security immediately became clear. “Reports came out about hacked corporations. That was the time for me to take a critical look at our own vulnerabilities,” he says. It quickly became clear that password management was an important issue.

“The human factor is the biggest risk. We don't have a password manager, but we do have a lot of applications. Then you know that employees remember their passwords in insecure ways — and that's risky.”
- Peter van Dongen, Advisor I&A

‍

The theme also came back during a BIC 4.0 review by security partner VVA. One of the areas for improvement: the introduction of a password manager. “But first, we wanted to understand: how big is the risk really? That's why we had an Online Security Risk Assessment carried out by MindYourPass. It was important to us that this could be done anonymously, to ensure the privacy of employees. Fortunately, MindYourPass offered that opportunity.”

_Approach

A safe and anonymous baseline measurement as a basis

The MindYourPass assessment was used as a baseline measure. The installation of the software went smoothly: “It was arranged within an hour. After that, the scan continued automatically,” says Peter. For more than a month, it was securely registered how employees deal with passwords — without the passwords themselves being visible or stored.

“We've got a clear insight into how strong the passwords employees use to log into our applications,” says Peter. The assessment checks for reuse, leaked passwords and weak combinations, among other things. The results are presented in a clear, visual report.
- Peter van Dongen, Advisor I&A

An additional advantage was that the assessment automatically maps out the applications used. “That gave us the opportunity to verify our own inventory. Fortunately, there were no big surprises — it mainly confirmed that we were in good order. That gave me confidence.”

_Outcome

Clear insights shared with management

The final report provided Samenwerking with a concrete picture of the risks: where is the reuse of passwords, which applications are vulnerable and how safe is employee behavior?

“For the first time, we were able to show the risks objectively,” says Peter. “I shared the report with management, which made them even more aware of the importance of taking this seriously. Then you don't just have a gut feeling, but hard numbers.”
- Peter van Dongen, Advisor I&A

The insights gave direction to next steps. “The great thing is that it's linked to our application landscape. You can immediately see where action is needed. And that helps enormously when it comes to prioritizing.”

_Reflection

From insight to action — with the right tools

The baseline measurement turned out to be more than a snapshot: it was the start of a structural approach. “We've decided to also purchase the MindYourPass password manager,” says Peter. “The assessment was the baseline measure, and now we are starting the phased rollout.”

According to Peter, the strength lies in enforcing policies: “You can set what type of passwords to use and make sure everyone complies with them. Without it, a password manager is often ineffective — people simply don't use it.”

His advice to other corporations? “Take the risk of weak passwords seriously. With the MindYourPass Assessment, you can measure where you are and improve in a targeted manner. Measuring is knowing — and improvement only becomes possible when you have insight.”

‍