Marcus White

Deployment

Security

Technical

Marcus is a Specops cybersecurity specialist based in the UK, with 8+ years experience in the tech and cyber sectors. He writes about authentication, password security, password management, and compliance.

Articles written by Marcus White

Jan

14

The future of passwords: Emerging technologies and trends

While some experts keep predicting their demise, the reality is that passwords aren’t going anywhere soon — they remain at the heart of how we secure our digital world. New security tools are emerging, but they're working alongside passwords, not replacing them.…
Read More
Jan

07

Credential-based attacks: Key types, how they work, and defense strategies

Credential-based attacks remain a significant threat to organizations of all sizes. According to the Verizon Data Breach Investigations Report (DBIR), lost or stolen credentials are the most common way for cybercriminals to gain initial access to systems. Google Cloud said…
Read More
Dec

06

How to build a PCI-compliant password policy

The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines designed to protect cardholder data and ensure that organizations handling payment card information maintain a secure environment. Among its many requirements, PCI DSS places significant emphasis…
Read More
Nov

12

[New research] How well does SHA256 protect against modern password cracking

The Specops research team have previously published data on how long it would take for hackers to brute force hashed user passwords. We set up hardware to test two different algorithms: MD5 hashed passwords and bcrypt hashed passwords. Now, we’ll…
Read More
Oct

28

TfL forced to manually reset 30K passwords after cyber-attack – is there an easier way?

In early September 2024, Transport for London (TfL) found itself at the epicenter of a sophisticated cyber-attack. As the news broke, the scale of the breach became apparent, leading to operational disruptions and the need for an immediate, robust response.…
Read More
Oct

22

How to communicate a new password policy to your end users

Rolling out a new password policy without a communication plan is a recipe for disaster. You want to avoid a situation where all end users are prompted to change their passwords without understanding what they’re doing or why – as…
Read More
Oct

21

NIST password guidelines: Full guide to NIST password compliance

Many look to the National Institute of Standards and Technology (NIST) guidelines as the gold standard when it comes to cybersecurity best practices. But as you’ve likely heard, NIST has updated its password guidelines in the latest draft of their…
Read More
Oct

16

Creating a custom password-exclusion dictionary with ChatGPT

When cybercriminals attempt to crack passwords, it makes sense to go for the lowest hanging fruit. They’re going to start by trying the most common, easy-to-guess passwords, as chances are some end users are bound to have chosen them. So…
Read More
Oct

07

How to set up the key components of a password policy in Active Directory

Once you’ve planned out a new password policy, it’s time to put it into practice by setting the right configurations within your Active Directory. If you’re still at the planning stage, we’d recommend checking out our strategy tips for planning…
Read More
Sep

24

Five strategy recommendations for planning a password policy

An Active Directory full of strong, non-compromised passwords should be an essential cybersecurity goal for every organization. A clearly articulated and enforceable password policy strategy is the best way to put this into practice. However, it's important to tailor your…
Read More