Organizations that rely solely on traditional usernames and passwords could be at a high risk of an attack. VDI admins should deploy VMware or Citrix multifactor authentication that requires users to input multiple factors to identify themselves.
Over 9.9 billion usernames and passwords are searchable on the internet, and an organization could have just one to thousands of records in those breaches. Many employees, for example, use their corporate email addresses to register for online services such as LinkedIn, which was breached in 2012. Password reuse bridges employees' personal account breaches to corporate systems.
Citrix and VMware both provide access to the two most common multifactor authentication (MFA) integration methods: SAML and RADIUS. Both vendors offer whitepapers to integrate with other methods as well, which makes MFA that much easier to deploy.