Credential Maturity Ladder

Level 9	Full Ecosystem Segmentation + IP/Device Restrictions + Governance + 2FA = Maximum Security Adds device and IP restrictions. Access only allowed from approved devices or locations. Maximum lockdown.
Level 8	Full Ecosystem Segmentation + Governance + 2FA for critical systems All critical systems require 2FA on top of access segmentation and encryption. Even stronger defence if someone tries to log in.
Level 7	Full Ecosystem Segmentation + Governance Adds governance layer. All access is logged and auditable. See who accessed what, when, and from where.
Level 6	Full Ecosystem Segmentation All credentials are encrypted for employees, third parties, and machines. Internal systems like servers and APIs are isolated too. Breach containment is enforced across the full ecosystem.
Level 5	Encrypted + Segmented + Third Party Protection Employees and third parties use encrypted, unphishable credentials. Third parties access systems securely via MyCena app or encrypted APIs. No one sees passwords.
Level 4	Encrypted + Segmented for Employees Credentials are encrypted, auto-filled and unphishable, and each app/system access is isolated for employees. A breach in one app doesn’t affect the others.
Level 3	Unphishable: Encrypted for Employees (No Segmentation) Employees can’t see the passwords anymore—they’re encrypted, auto-filled and unphishable—but all apps are grouped together behind SSO, IAM, PAM, so a breach in one can spread.
Level 2	Phishable, With MFA Passwords visible to everyone, but MFA is enabled on important systems. Still phishable; only slightly better.
Level 1	Phishable, No MFA All passwords are visible to employees and suppliers. No multi-factor authentication (MFA). Easy for attackers to steal, sell, reuse.