Most passwords are guessable and reused across multiple accounts. We need to do better to protect ourselves and our companies, yet "interference of memory" (a cognitive phenomena) indicates that on average, we cannot remember more than five passwords.
Taking an "outside in" approach to safeguarding identities is a good solution.
As the technology is expanding its footprints, so are threats associated with it. The frequency and sophistication of cyber attacks are accelerating. According to Microsoft’s Identity Security and Protection team, there has been a 300 per cent increase in user accounts attacked over the past year. A large chunk of these compromises can be attributed to weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services. According to Microsoft’s Security Intelligence Report Vol22 (January-March, 2017), “An increasing number of sites are breached and passwords phished, attackers attempt to reuse the stolen credentials on multiple services. Therefore, one of the most critical things a user can do to protect him/her is to use a unique password for every site and never reuse passwords across multiple sites.”