Password-based security is not sufficient. Too many passwords have been compromised over the years and aggregated as part of massive rainbow tables which make password cracking much more effective. Othertimes, users simply share passwords with eachother and forget to change them. The best wat to mitigate the usefulness of a credential (e.g. devalue them) is to combine password-based authetnication with multi-factor authentication (MFA). With MFA, when a user goes to authenticate they are required to supply an alternative form of authnetication in addition to entering their passwords. We recommend using push-based MFA combined with geo-fencing as the best way to prevent unauthorized users from accessing corporate data.
This is a companion discussion topic for the original entry at https://docs.cloudposse.com/secrets-management/best-practices/