{"id":37929,"date":"2020-10-30T07:00:05","date_gmt":"2020-10-30T07:00:05","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/"},"modified":"2020-10-30T07:00:05","modified_gmt":"2020-10-30T07:00:05","slug":"how-to-plan-a-password-security-project","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/","title":{"rendered":"How to plan a password security project"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2017\/09\/19\/password_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><span class=\"reg_sticker secondary\">Sponsored<\/span> Weak password security is a torment that afflicts networks in so many ways. On the user side is the certainty of hopeless and reused passwords, while on the attacker\u2019s side are a gamut of techniques for targeting them such as phishing, credential stuffing, brute forcing, and spotting backdoors to hidden applications such as RDP, SSH, and shadow IT.<\/p>\n<p>Formulating a credible plan to cope with all this is a big job. Overhauling an organisation\u2019s password security design requires investment and that implies a properly thought out rationale to present to budget holders. How should security pros go about creating such a thing?<\/p>\n<p>The first job is to explain the threats and the risk of doing nothing. Fortunately, there\u2019s no shortage of evidence, starting with the effect weak password management is having on other organisations. The steady increase in the number and diversity of attacks is hard to miss. According to Verizon\u2019s industry-standard <a target=\"_blank\" href=\"https:\/\/go.theregister.com\/k\/2020-data-breach-investigations-report\" rel=\"noopener noreferrer\">2020 Data Breach Investigations Report<\/a> (DBIR), of the 3,950 confirmed data breaches it analysed from the previous year over 80 per cent involved stolen or brute-forced credentials.<\/p>\n<p>For cautionary tales, take your pick. In early 2020, <a target=\"_blank\" href=\"https:\/\/go.theregister.com\/k\/marriott-international-notifies-guests-of-property-system-incident\" rel=\"noopener noreferrer\">Marriot International confirmed<\/a> hackers had used the logins of two franchise employees to pilfer the account data of up to 5.2 million guests, an incident that shows how even small compromises can lead to outsize problems. Then there\u2019s the whole issue of the numerous companies caught out by the SamSam ransomware which specialises in brute-forcing Microsoft RDP passwords using simple tools such as nlbrute. <a target=\"_blank\" href=\"https:\/\/go.theregister.com\/k\/samsam-the-almost-6-million-ransomware\" rel=\"noopener noreferrer\">According to Sophos<\/a>, that netted the gang behind it at least $6 million in ransoms to the middle of 2018. Almost all ransomware campaigns use the same password hacking technique.<\/p>\n<h3 class=\"crosshead\"> <span>Tooled up<\/span><br \/>\n<\/h3>\n<p>Organisations must next take on the ugly job of finding their password failures. A security company wedded to the back to basics approach on this is password and authentication specialist Specops, which recommends starting with an audit using the company\u2019s <a target=\"_blank\" href=\"https:\/\/go.theregister.com\/k\/specops_password_auditor\" rel=\"noopener noreferrer\">Password Auditor<\/a>, a Windows Active Directory (AD) tool which can be downloaded free of charge to generate a risk score report.<\/p>\n<p>\u201cYou need to prove to the budget holder that you\u2019ve got a problem,\u201d says Darren James, Specops\u2019 product specialist. Without making any changes, the tool analyses the AD password policies it finds, checking a range of attributes such as length, password rules such as minimum length, lockout policy, password age, how many have expired, and how a policy compares to industry best practice. It can also document the Fine-Grained Password Policies (FGPP) feature introduced with Windows Server 2008 to allow admins to set different password policies within the same domain.<\/p>\n<p>Most usefully of all, it compares the user password hashes it finds to a Specops database containing 738 million password hashes drawn from an even larger collection the company has gathered from leaked passwords on the Internet.<\/p>\n<p>\u201cIt will tell you the names of all of your users with matching hashes. That tends to light a large fire. With that information you can show the person with the purse strings how big the problem is.\u201d In many cases, these passwords are simply predictable passwords everyone chooses, hence their appearance in the database. That\u2019s a simple upgrade from day one of any project that allows admins to quickly reach out to affected users and get them to change their easily guessed passwords to something stronger. There should be no escaping this. \u201cYou can run the report as many times you like,\u201d says James.<\/p>\n<p>The best customer scan he\u2019d ever seen for a Password Auditor first scan was a compromise rate of 25 per cent while the worst was 82 per cent. \u201cUsing Password Auditor, we find that zero users eventually show up.\u201d<\/p>\n<p>That said, sizing the problem is the easy bit. The next and more complex stage is to stop users from setting bad passwords in the first place, which requires devising new policies or overhauling obsolete rules. Here you hit two problems \u2013 inventing new policies that don\u2019t simply make life incredibly hard for users and struggling with the limitations of implementing new policies in Windows AD itself.<\/p>\n<p>\u201cWhat you have natively in Windows directory have never been good enough,\u201d Say James, lamenting the inadequacy of mandating passwords of only eight characters drawn from only three of four character types accessible on keyboards [upper case, lower case, digits, special characters]. \u201cPassword1 is a perfectly secure password according to those complexity rules. You can tell people what the password policy is but using standard AD tools there is zero way of enforcing it.\u201d<\/p>\n<p>Obviously, setting longer passwords is better &#8211; 15 characters of more ramps up complexity an order of magnitude and induces Windows AD to use more secure hashing &#8211; ideally with high entropy that uses as many character types as possible. But asking users to remember a password built from such involved rules is likely to be self-defeating. Instead, Specops recommends moving from passwords to passphrases made up of at least three random words. According to James, there will be easier for users to remember and far less likely to be written down.<\/p>\n<p>\u201cYou also need to get across to people that they shouldn\u2019t reuse those passphrases. If they start setting the same passphrase on their Facebook account, it only takes one of those other sites to get compromised and it\u2019s out there in the open. Users will also take as many shortcuts as they can. Maytheforcebewithyou is on our database of leaked passwords.\u201d<\/p>\n<p>Despite the UK\u2019s <a target=\"_blank\" href=\"https:\/\/go.theregister.com\/k\/ncsc_updating-your-approach\" rel=\"noopener noreferrer\">NCSC advising<\/a> against enforcing regular expiry, James recommends organisations still set a basic expiry on both passwords and passphrases to counter a slide into re-use. How long this period should be will depend on the privileges attached to that user balanced with the disruption likely to be caused by regular password changes. A trick James recommends here is to reward users for setting longer or more complex passphrases with expiries of up to a year.<\/p>\n<h3 class=\"crosshead\"> <span>Stuff and spray<\/span><br \/>\n<\/h3>\n<p>One pitfall is stopping users from simply resetting the same passphrase with only minor changes. This is where organisations need sophisticated tools that allow them to impose more complex rules. The Specops approach in its <a target=\"_blank\" href=\"https:\/\/go.theregister.com\/k\/specops_password-policy\" rel=\"noopener noreferrer\">Password Policy<\/a> product is to use regular expressions (regex) to create an infinite variety of rules. For example, a basic regex might demand that a password or phrase uses certain character sets, that the passphrases have spaces or dots between words, that words shouldn\u2019t be repeated, and shouldn\u2019t be predictable (so no one.two.three.four.five or mycompany.password1).<\/p>\n<p>\u201cCompanies need to come up with a definition of what a secure passphrase should be as long as they can exceed the 15-character minimum,\u201d argues James.<\/p>\n<p>The ultimate measure of any new password policy is how well it will cope with credential stuffing, spraying and brute forcing attacks. There are also blind spots to watch out for such as weak <a target=\"_blank\" href=\"https:\/\/go.theregister.com\/k\/specops_password_reset\" rel=\"noopener noreferrer\">password reset procedures<\/a> relying on parameters such as questions attackers can beat with a little social media research. The solution to guard against those is to implement at least dual factor authentication.<\/p>\n<p>\u201cWith everyone working from home these days, they are logging in with unusual devices. These will be running in an uncontrolled environment and network. You have a lot more risk and that makes multi-factor authentication a must.\u201d<\/p>\n<p>In this kind of external environment, it\u2019s clear that a password should never be a single factor. The destiny of even the best password policy is that a second factor will eventually be needed. Could organisations solve their problems by abandoning passwords altogether and turning to other factors?<\/p>\n<p>In a rosy future, that might lead to the passwordless network, but until then organisations must continue to use passwords or lots of perfectly good reasons, including their familiarity to end users, the need to integrate legacy systems, and the sheer cost of starting from scratch with something new.<\/p>\n<p>\u201cThe death of the password has been predicted for the last 20 years yet we\u2019re still having this conversation today. The password remains the simplest and cheapest way a programmer can identify a user.\u201d<\/p>\n<p>Moving to smartphone-based biometrics or Windows Hello for Business is desirable if organisations are willing to invest in the hardware but not an excuse for ignoring the fundamental role of the password itself. In theory, organisations could move to MFA-enabled web apps, but the reality of older applications built around passwords means that the day the last password is used could still be decades in the future.<\/p>\n<p>\u201cYou\u2019d need to migrate all of this legacy data from those platforms to MFA platforms,\u201d says James.<\/p>\n<p>With remote working increasingly the norm, 2020 could be the best moment to take on password reform. The risks have grown, making users and organisations more open to change.<\/p>\n<p>\u201cAt last, security projects designed to make these environments more secure are meeting a lot less resistance.\u201d<\/p>\n<p> <i>Sponsored by Specops<\/i>\n<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2020\/10\/30\/plan_a_password_security_project\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>First, you need to prove to the budget holder that you\u2019ve got a problem Sponsored\u00a0 Weak password security is a torment that afflicts networks in so many ways. On the user side is the certainty of hopeless and reused passwords, while on the attacker\u2019s side are a gamut of techniques for targeting them such as phishing, credential stuffing, brute forcing, and spotting backdoors to hidden applications such as RDP, SSH, and shadow IT.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":37930,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-37929","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to plan a password security project 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to plan a password security project 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-30T07:00:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/how-to-plan-a-password-security-project.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"648\" \/>\n\t<meta property=\"og:image:height\" content=\"432\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"How to plan a password security project\",\"datePublished\":\"2020-10-30T07:00:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/\"},\"wordCount\":1493,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/how-to-plan-a-password-security-project.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/\",\"name\":\"How to plan a password security project 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/how-to-plan-a-password-security-project.jpg\",\"datePublished\":\"2020-10-30T07:00:05+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/how-to-plan-a-password-security-project.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/how-to-plan-a-password-security-project.jpg\",\"width\":648,\"height\":432},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/how-to-plan-a-password-security-project\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to plan a password security project\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to plan a password security project 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/","og_locale":"en_US","og_type":"article","og_title":"How to plan a password security project 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-10-30T07:00:05+00:00","og_image":[{"width":648,"height":432,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/how-to-plan-a-password-security-project.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"How to plan a password security project","datePublished":"2020-10-30T07:00:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/"},"wordCount":1493,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/how-to-plan-a-password-security-project.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/","url":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/","name":"How to plan a password security project 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/how-to-plan-a-password-security-project.jpg","datePublished":"2020-10-30T07:00:05+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/how-to-plan-a-password-security-project.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/how-to-plan-a-password-security-project.jpg","width":648,"height":432},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/how-to-plan-a-password-security-project\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"How to plan a password security project"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=37929"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37929\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/37930"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=37929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=37929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=37929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}