Password & Authentication Security
category
Password and authentication security encompasses the practices of using unique, high-entropy passwords for every account (eliminating credential reuse that enables credential stuffing attacks), storing them in a reputable password manager (eliminating the memory-based pressure that drives reuse), enabling two-factor authentication (2FA) on all accounts with access to sensitive information or financial assets, and understanding the relative security of different 2FA methods (TOTP apps being significantly stronger than SMS codes).
Role
Password reuse is the single most prevalent and most preventable cause of account compromise — and it persists because the perceived effort of using a password manager exceeds the felt probability of being attacked, right up until the attack occurs. Studies estimate that over 60% of people reuse passwords across multiple accounts — meaning that a single data breach at any one service creates a credential that unlocks all their other accounts using the same password. The entire threat is neutralized by a password manager that requires approximately 20 minutes to set up and changes the behavior of every subsequent login. This is the highest-ROI security intervention available to any individual and the one most consistently not implemented.