Tag

Multi-Factor Authentication

Posts tagged with multi-factor authentication explain how layered identity verification strengthens access security. Coverage includes MFA implementation strategies, authenticator app comparisons, hardware token options, and best practices for deploying MFA across enterprise environments.

posts

Password Manager

Why Use a Password Manager: A Security Pro's Take

In January 2022, the Red Cross disclosed a cyberattack that compromised personal data of over 515,000 vulnerable people. The attack exploited unpatched vulnerabilities — but the investigation also revealed compromised credentials as a contributing factor. It's a pattern I see constantly. And every time it happens, I get

Carl B. Johnson Feb 15, 2022 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 61% Problem Nobody Talks About The 2021 Verizon Data Breach Investigations Report found that 61% of all breaches involved credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. Stolen, reused, guessed, and phished passwords remain the single largest attack vector threat actors exploit today. I've spent years

Carl B. Johnson Feb 15, 2022 6 min read
Strong Passwords

Strong Password Examples That Actually Stop Hackers

In January 2022, a credential stuffing attack hit Norton LifeLock, compromising roughly 925,000 accounts. The common thread? Weak and reused passwords. I've spent years watching organizations hemorrhage data because employees — and everyday users — still think "Company2022!" is a strong password. It's not. This

Carl B. Johnson Feb 15, 2022 6 min read
Zero Trust Security Model

Zero Trust Security Model: A Practical Guide for 2022

In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the U.S. East Coast. The attackers used a legacy VPN account with no multi-factor authentication — a textbook example of what happens when an organization trusts its perimeter instead of verifying every access

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust

What Is Zero Trust? A Practical Guide for 2022

In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the eastern United States. The attackers used a legacy VPN account that had no multi-factor authentication. One credential. No additional verification. That's all it took to paralyze critical infrastructure. If you&

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2022

In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised VPN credential gave attackers the keys to the kingdom. One password. No multi-factor authentication. No segmentation between IT and operational technology networks. The attackers from the DarkSide group walked through a flat network like it

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2022

The Colonial Pipeline Made "Never Trust, Always Verify" a Boardroom Priority In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom — and the real costs ran far deeper. The attack exploited a legacy

Carl B. Johnson Jan 15, 2022 7 min read
Work From Home Cybersecurity

Work From Home Cybersecurity: A Practical Defense Guide

The Breach That Started on a Kitchen Table In December 2020, a SolarWinds contractor working from home reportedly used the password "solarwinds123" on a critical server. That single weak credential contributed to one of the most devastating supply chain attacks in history, compromising at least nine U.S.

Carl B. Johnson Jan 15, 2022 7 min read