Delivers practical guidance on creating, managing, and storing passwords securely. Topics include password manager recommendations, passphrase strategies, credential rotation policies, and techniques for eliminating password reuse across personal and enterprise environments.
posts
The Password That Cost One Company $4.4 Billion In 2017, Equifax suffered a breach that exposed 147 million records and eventually cost the company over $4 billion in total losses and settlements. One of the contributing factors? Weak internal credential management. The admin username and password for a critical
In January 2023, Norton LifeLock disclosed that attackers used credential stuffing to compromise roughly 6,450 customer accounts. The passwords didn't come from a Norton breach. They came from stolen credentials dark web marketplaces had been selling for months — maybe years. The attackers simply bought username-password combos from
23 Billion Stolen Credentials Are Already For Sale In January 2023, cybersecurity researchers at Digital Shadows reported over 24.6 billion stolen username-and-password pairs circulating on dark web marketplaces. That's roughly three credentials for every person on Earth. And every single one of them is a loaded weapon
In March 2023, the FBI and CISA issued a joint advisory warning that threat actors were actively using brute force techniques to compromise healthcare and public health sector organizations. These weren't sophisticated zero-day exploits. They were automated scripts guessing passwords — millions of combinations per minute — until one worked.
The 123456 Problem Is Worse Than You Think In December 2021, NordPass published its annual list of the most common passwords. Sitting at number one — for the third year running — was "123456." Number two? "123456789." These aren't passwords from 2005. They're passwords
In January 2022, a credential stuffing attack hit Norton LifeLock, compromising roughly 925,000 accounts. The common thread? Weak and reused passwords. I've spent years watching organizations hemorrhage data because employees — and everyday users — still think "Company2022!" is a strong password. It's not. This
23 Billion Stolen Credentials Are Circulating Right Now In 2020, Digital Shadows found more than 15 billion stolen credentials for sale on dark web markets — and that number has only climbed since. Every single one of those username-password pairs is ammunition for a credential stuffing attack. This isn't
In March 2021, Microsoft disclosed that the Hafnium threat actor group had exploited Exchange Server vulnerabilities — but what most people missed is that many of those compromised servers were initially discovered through brute force password spraying. The attackers didn't need a sophisticated zero-day for every target. They just
The Breach That Started With a Single Reused Password In December 2020, the SolarWinds breach dominated every security headline on the planet. But while the world fixated on nation-state threat actors and supply chain attacks, I kept thinking about a detail that emerged early: a SolarWinds intern had reportedly set
In the 2020 Verizon Data Breach Investigations Report, over 80% of hacking-related breaches involved stolen or brute-forced credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. The single thing most people treat as an afterthought is the single thing that gets most organizations compromised. Knowing how to create a strong
