Published on: February 10, 2025 Updated 2 times since publishing
From free VPNs to popular messaging platforms, some of the most popular tools and habits you trust might actually be putting your data at risk.
In this interview series by Safety Detectives, I invite cybersecurity experts to reveal the most dangerous mistakes millions of people still make, and their top tips to avoid them.
My guest today is Giovanni Baruzzi, owner and CEO of Syntlogo GmbH, an IT security company specializing in Identity and Access Management. A veteran in the field of Identity and Access Management since 1998, he’s also a member of the GenericIAM Initiative and president of the Login Alliance3.
Are there any cybersecurity habits or apps that most people consider safe but should avoid at all costs, and why?
I can identify two habits that are easy to avoid:
1) The requirement to change your password regularly.
This rule is often imposed by the operator of a service or by the employer. This is very annoying for the user and does not increase security.
2) The user’s typical habit of using the same password for a long list of services. If one of these passwords is cracked, the user may be at great risk.
Can you share an example of how these mistakes caused significant damage, and what could have prevented it?
A long time ago I had a colleague who went on holiday. He gave me his password. We were both amazed to discover that his password was identical to mine: “08August”.
This proves that changing passwords regularly only leads to poor passwords.
It even happens that users create multiple accounts because they have forgotten their password. This is a major cyber risk. Superfluous ghost accounts are often an attack vector for hackers.
Why do people keep falling for these mistakes, and how can they spot the red flags?
The misconception here is that changing passwords increases security. And that an unused account poses no threat.
People also think that because the password has to be renewed, former employees’ accounts are inaccessible.
On the flip side, do you have any lesser-known or counterintuitive tips that everyone can implement today? How do they help where traditional solutions fail?
Never respond directly to an unexpected email without checking it by phone.
Most accounts are hijacked via phishing and the weak point is clearly the person and not the system or the technology.
If someone wants to strengthen their online security and privacy, what are five steps they should take today?
1. Reduce redundant accounts.
2. Use identity providers such as Google, LinkedIn & Co (social networks) or business logins such as Entra ID to log in to less used networks or applications.
3. Use a digital wallet to create and manage different passwords for all the services you need.
4. Don’t trust unexpected emails, unusual phone calls or websites and always check the domain in the URL to see if it is related to the sender.
5. Enable two-factor authentication, passkeys or other secure login methods.
Looking ahead, what opportunities and challenges should people prepare to face in 2025? What should they start doing today to get ready?
Download the latest updates for your devices, make backups and only trust the suppliers or business partners you know.
The opportunity in 2025, and at the same time the greatest threat, will be the use of KI. We know that KI’s answers are only as good as the input given to it, but a simple user may accept the answer as absolute truth.
Another major risk is the further professionalization of hacker gangs, particularly through the darknet.
We may need to teach users to distrust the unknown, as we do with children.
How can our readers connect with you?
Website: https://www.syntlogo.de/en/, https://login-master.com/en/
LinkedIn: https://www.linkedin.com/in/giovannibaruzzi/